Commit 3492d24c authored by Patrick Bellot's avatar Patrick Bellot
Browse files

Merge branch 'windows_ingopcs2' into linux64_ingopcs2

parents 14c9836b e8345404
This is the opc-rosa implementation submitted
to the following license.
This is the opc-rosa implementation submitted to the following license :
- If distributed, the license of mbedtls library is "Apache 2.0 license"
as can be found in mbedtls/apache-2.0.txt. mbedtls library can be
downloaded from https://tls.mbed.org
- roxml library is under licence LGPL v2.1 slightly modified as can
be found in opcua/lib/libroxml/License.txt. It is provided by
Tristan Lelong (tristan.lelong@libroxml.net).
- The rest of the code is distributed with the following licence :
----------------------------------------------------------------------
This file is part of OPC-ROSA.
......
Note: This is just a template, so feel free to use/remove the unnecessary things
### Description
- Type: Bug | Enhancement\Feature Request | Question
- Priority: Blocker | Major | Minor
---------------------------------------------------------------
## Bug
**OS**
Mbed OS|linux|windows|
**mbed TLS build:**
Version: x.x.x or git commit id
OS version: x.x.x
Configuration: please attach config.h file where possible
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:
**Peer device TLS stack and version**
OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other
Version:
**Expected behavior**
**Actual behavior**
**Steps to reproduce**
----------------------------------------------------------------
## Enhancement\Feature Request
**Justification - why does the library need this feature?**
**Suggested enhancement**
-----------------------------------------------------------------
## Question
**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**
Notes:
* Pull requests cannot be accepted until:
- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/)
or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/)
- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards)
* This is just a template, so feel free to use/remove the unnecessary things
## Description
A few sentences describing the overall goals of the pull request's commits.
## Status
**READY/IN DEVELOPMENT/HOLD**
## Requires Backporting
When there is a bug fix, it should be backported to all maintained and supported branches.
Changes do not have to be backported if:
- This PR is a new feature\enhancement
- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch
Yes | NO
Which branch?
## Migrations
If there is any API change, what's the incentive and logic for it.
YES | NO
## Additional comments
Any additional information that could be of interest
## Todos
- [ ] Tests
- [ ] Documentation
- [ ] Changelog updated
- [ ] Backported
## Steps to test or reproduce
Outline the steps to test or reproduce the PR here.
CMakeCache.txt
CMakeFiles
CTestTestfile.cmake
cmake_install.cmake
Testing
Coverage
*.gcno
*.gcda
# generated by scripts/memory.sh
massif-*
# MSVC files generated by CMake:
/*.sln
/*.vcxproj
/*.filters
# MSVC build artifacts:
*.exe
*.pdb
*.ilk
*.lib
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
/Debug/
......@@ -4,11 +4,14 @@ environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/INCLUDE/operation=
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/INCLUDE/value=C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.10.25017\\include;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0\\ucrt;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0\\um;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0\\shared;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0;C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.12.25827\\include
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/PATH/delimiter=;
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/PATH/operation=append
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/PATH/value=C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.12.25827\\bin\\Hostx64\\x64
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/PATH/value=C\:/Program Files/Java/jre1.8.0_171/bin/server;C\:/Program Files/Java/jre1.8.0_171/bin;C\:/Program Files/Java/jre1.8.0_171/lib/amd64;C\:\\ProgramData\\Oracle\\Java\\javapath;C\:\\Program Files (x86)\\Intel\\iCLS Client\\;C\:\\Program Files\\Intel\\iCLS Client\\;C\:\\Windows\\system32;C\:\\Windows;C\:\\Windows\\System32\\Wbem;C\:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C\:\\Program Files (x86)\\NVIDIA Corporation\\PhysX\\Common;C\:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL;C\:\\Program Files\\Intel\\Intel(R) Management Engine Components\\DAL;C\:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\IPT;C\:\\Program Files\\Intel\\Intel(R) Management Engine Components\\IPT;C\:\\Program Files\\Intel\\WiFi\\bin\\;C\:\\Program Files\\Common Files\\Intel\\WirelessCommon\\;C\:\\WINDOWS\\system32;C\:\\WINDOWS;C\:\\WINDOWS\\System32\\Wbem;C\:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C\:\\Program Files (x86)\\Windows Kits\\10\\Windows Performance Toolkit\\;C\:\\Program Files (x86)\\Windows Kits\\8.1\\Windows Performance Toolkit\\;C\:\\Program Files\\PuTTY\\;C\:\\Program Files (x86)\\GNU\\GnuPG\\pub;D\:\\MiKTeX 2.9\\miktex\\bin\\x64\\;C\:\\Program Files\\Microsoft SQL Server\\110\\Tools\\Binn\\;C\:\\Program Files\\dotnet\\;C\:\\Program Files\\OpenVPN\\bin;C\:\\WINDOWS\\System32\\OpenSSH\\;C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.10.25017\\bin\\HostX64\\x64;C\:\\Users\\Patrick Bellot\\AppData\\Local\\Microsoft\\WindowsApps;C\:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\x64\\;D\:\\eclipse-oxygen-C++;C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.12.25827\\bin\\Hostx64\\x64
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/append=true
environment/project/org.eclipse.cdt.msvc.dll.debug.1278512980/appendContributed=true
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/INCLUDE/delimiter=;
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/INCLUDE/operation=append
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/INCLUDE/value=C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.10.25017\\include;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0\\ucrt;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0\\um;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0\\shared;C\:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.15063.0;C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.12.25827\\include
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/PATH/delimiter=;
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/PATH/operation=append
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/PATH/value=C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.12.25827\\bin\\Hostx64\\x64
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/PATH/value=C\:/Program Files/Java/jre1.8.0_171/bin/server;C\:/Program Files/Java/jre1.8.0_171/bin;C\:/Program Files/Java/jre1.8.0_171/lib/amd64;C\:\\ProgramData\\Oracle\\Java\\javapath;C\:\\Program Files (x86)\\Intel\\iCLS Client\\;C\:\\Program Files\\Intel\\iCLS Client\\;C\:\\Windows\\system32;C\:\\Windows;C\:\\Windows\\System32\\Wbem;C\:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C\:\\Program Files (x86)\\NVIDIA Corporation\\PhysX\\Common;C\:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL;C\:\\Program Files\\Intel\\Intel(R) Management Engine Components\\DAL;C\:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\IPT;C\:\\Program Files\\Intel\\Intel(R) Management Engine Components\\IPT;C\:\\Program Files\\Intel\\WiFi\\bin\\;C\:\\Program Files\\Common Files\\Intel\\WirelessCommon\\;C\:\\WINDOWS\\system32;C\:\\WINDOWS;C\:\\WINDOWS\\System32\\Wbem;C\:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C\:\\Program Files (x86)\\Windows Kits\\10\\Windows Performance Toolkit\\;C\:\\Program Files (x86)\\Windows Kits\\8.1\\Windows Performance Toolkit\\;C\:\\Program Files\\PuTTY\\;C\:\\Program Files (x86)\\GNU\\GnuPG\\pub;D\:\\MiKTeX 2.9\\miktex\\bin\\x64\\;C\:\\Program Files\\Microsoft SQL Server\\110\\Tools\\Binn\\;C\:\\Program Files\\dotnet\\;C\:\\Program Files\\OpenVPN\\bin;C\:\\WINDOWS\\System32\\OpenSSH\\;C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.10.25017\\bin\\HostX64\\x64;C\:\\Users\\Patrick Bellot\\AppData\\Local\\Microsoft\\WindowsApps;C\:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\x64\\;D\:\\eclipse-oxygen-C++;C\:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Professional\\VC\\Tools\\MSVC\\14.12.25827\\bin\\Hostx64\\x64
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/append=true
environment/project/org.eclipse.cdt.msvc.dll.release.630018085/appendContributed=true
language: c
compiler:
- clang
- gcc
sudo: false
cache: ccache
script:
- tests/scripts/recursion.pl library/*.c
- tests/scripts/check-generated-files.sh
- tests/scripts/check-doxy-blocks.pl
- tests/scripts/check-names.sh
- tests/scripts/doxygen.sh
- cmake -D CMAKE_BUILD_TYPE:String="Check" .
- make
- make test
- programs/test/selftest
- OSSL_NO_DTLS=1 tests/compat.sh
- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
- tests/scripts/test-ref-configs.pl
- tests/scripts/curves.pl
- tests/scripts/key-exchanges.pl
after_failure:
- tests/scripts/travis-log-failure.sh
env:
global:
secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons:
apt:
packages:
- doxygen
- graphviz
coverity_scan:
project:
name: "ARMmbed/mbedtls"
notification_email: p.j.bakker@polarssl.org
build_command_prepend:
build_command: make
branch_pattern: coverity_scan
cmake_minimum_required(VERSION 2.6)
project("mbed TLS" C)
option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
# the test suites currently have compile errors with MSVC
if(MSVC)
option(ENABLE_TESTING "Build mbed TLS tests." OFF)
else()
option(ENABLE_TESTING "Build mbed TLS tests." ON)
endif()
# Warning string - created as a list for compatibility with CMake 2.8
set(WARNING_BORDER "*******************************************************\n")
set(NULL_ENTROPY_WARN_L1 "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined!\n")
set(NULL_ENTROPY_WARN_L2 "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES\n")
set(NULL_ENTROPY_WARN_L3 "**** AND IS *NOT* SUITABLE FOR PRODUCTION USE\n")
set(NULL_ENTROPY_WARNING "${WARNING_BORDER}"
"${NULL_ENTROPY_WARN_L1}"
"${NULL_ENTROPY_WARN_L2}"
"${NULL_ENTROPY_WARN_L3}"
"${WARNING_BORDER}")
find_package(Perl)
if(PERL_FOUND)
# If NULL Entropy is configured, display an appropriate warning
execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result)
if(${result} EQUAL 0)
message(WARNING ${NULL_ENTROPY_WARNING})
if(NOT UNSAFE_BUILD)
message(FATAL_ERROR "\
\n\
Warning! You have enabled MBEDTLS_TEST_NULL_ENTROPY. \
This option is not safe for production use and negates all security \
It is intended for development use only. \
\n\
To confirm you want to build with this option, re-run cmake with the \
option: \n\
cmake -DUNSAFE_BUILD=ON ")
return()
endif()
endif()
endif()
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
FORCE)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
if(CMAKE_COMPILER_IS_GNUCC)
# some warnings we want are not available with old GCC versions
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings")
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
endif()
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3")
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
endif(CMAKE_COMPILER_IS_CLANG)
if(MSVC)
# Strictest warnings, and treat as errors
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
endif(MSVC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(LIB_INSTALL_DIR)
else()
set(LIB_INSTALL_DIR lib)
endif()
include_directories(include/)
if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
if(ZLIB_FOUND)
include_directories(${ZLIB_INCLUDE_DIR})
endif(ZLIB_FOUND)
endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library)
add_subdirectory(include)
if(ENABLE_PROGRAMS)
add_subdirectory(programs)
endif()
ADD_CUSTOM_TARGET(apidoc
COMMAND doxygen mbedtls.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
if(ENABLE_TESTING)
enable_testing()
add_subdirectory(tests)
# additional convenience targets for Unix only
if(UNIX)
ADD_CUSTOM_TARGET(covtest
COMMAND make test
COMMAND programs/test/selftest
COMMAND tests/compat.sh
COMMAND tests/ssl-opt.sh
)
ADD_CUSTOM_TARGET(lcov
COMMAND rm -rf Coverage
COMMAND lcov --capture --initial --directory library/CMakeFiles/mbedtls.dir -o files.info
COMMAND lcov --capture --directory library/CMakeFiles/mbedtls.dir -o tests.info
COMMAND lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
COMMAND lcov --remove all.info -o final.info '*.h'
COMMAND gendesc tests/Descriptions.txt -o descriptions
COMMAND genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
COMMAND rm -f files.info tests.info all.info final.info descriptions
)
ADD_CUSTOM_TARGET(memcheck
COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
COMMAND rm -f memcheck.log
COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
)
endif(UNIX)
endif()
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.11.0 branch released 2018-06-18
Features
* Add additional block mode, OFB (Output Feedback), to the AES module and
cipher abstraction module.
* Implement the HMAC-based extract-and-expand key derivation function
(HKDF) per RFC 5869. Contributed by Thomas Fossati.
* Add support for the CCM* block cipher mode as defined in IEEE Std. 802.15.4.
* Add support for the XTS block cipher mode with AES (AES-XTS).
Contributed by Aorimn in pull request #414.
* In TLS servers, support offloading private key operations to an external
cryptoprocessor. Private key operations can be asynchronous to allow
non-blocking operation of the TLS server stack.
Bugfix
* Fix the cert_write example to handle certificates signed with elliptic
curves as well as RSA. Fixes #777 found by dbedev.
* Fix for redefinition of _WIN32_WINNT to avoid overriding a definition
used by user applications. Found and fixed by Fabio Alessandrelli.
* Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683
* Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
Changes
* Changed CMake defaults for IAR to treat all compiler warnings as errors.
* Changed the Clang parameters used in the CMake build files to work for
versions later than 3.6. Versions of Clang earlier than this may no longer
work. Fixes #1072
= mbed TLS 2.10.0 branch released 2018-06-06
Features
* Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites
(RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h
API Changes
* Extend the platform module with a util component that contains
functionality shared by multiple Mbed TLS modules. At this stage
platform_util.h (and its associated platform_util.c) only contain
mbedtls_platform_zeroize(), which is a critical function from a security
point of view. mbedtls_platform_zeroize() needs to be regularly tested
against compilers to ensure that calls to it are not removed from the
output binary as part of redundant code elimination optimizations.
Therefore, mbedtls_platform_zeroize() is moved to the platform module to
facilitate testing and maintenance.
Bugfix
* Fix an issue with MicroBlaze support in bn_mul.h which was causing the
build to fail. Found by zv-io. Fixes #1651.
Changes
* Support TLS testing in out-of-source builds using cmake. Fixes #1193.
* Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by
TrinityTonic. #1359.
= mbed TLS 2.9.0 branch released 2018-04-30
Security
......@@ -1717,7 +1772,7 @@ Features
issuer_key_identifier, etc)
* Optional blinding for RSA, DHM and EC
* Support for multiple active certificate / key pairs in SSL servers for
the same host (Not to be confused with SNI!)
the same host (Not to be confused with SNI!)
Changes
* Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
......@@ -1948,7 +2003,7 @@ Changes
PKCS#8 private key formats
* Added mechanism to provide alternative implementations for all
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
config.h)
config.h)
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module
......@@ -1960,7 +2015,7 @@ Bugfix
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
certificates
certificates
* x509parse_crtpath() is now reentrant and uses more portable stat()
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
* Fixed values for 2-key Triple DES in cipher layer
......@@ -2118,7 +2173,7 @@ Bugfix
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
#52)
* Handle encryption with private key and decryption with public key as per
RFC 2313
RFC 2313
* Handle empty certificate subject names
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers
......@@ -2149,7 +2204,7 @@ Bugfix
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
certificates
certificates
* Fixed values for 2-key Triple DES in cipher layer
* ssl_write_certificate_request() can handle empty ca_chain
......@@ -2230,16 +2285,16 @@ Bugfix
Features
* Added ssl_session_reset() to allow better multi-connection pools of
SSL contexts without needing to set all non-connection-specific
data and pointers again. Adapted ssl_server to use this functionality.
data and pointers again. Adapted ssl_server to use this functionality.
* Added ssl_set_max_version() to allow clients to offer a lower maximum
supported version to a server to help buggy server implementations.
(Closes ticket #36)
(Closes ticket #36)
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
introspection functions (Closes ticket #40)
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
* Added a generic entropy accumulator that provides support for adding
custom entropy sources and added some generic and platform dependent
entropy sources
entropy sources
Changes
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
......@@ -2372,7 +2427,7 @@ Bugfixes
* Corrected parsing of UTCTime dates before 1990 and
after 1950
* Support more exotic OID's when parsing certificates
(found by Mads Kiilerich)
(found by Mads Kiilerich)
* Support more exotic name representations when parsing
certificates (found by Mads Kiilerich)
* Replaced the expired test certificates
......@@ -2402,7 +2457,7 @@ Note: Most of these features have been donated by Fox-IT
status, objects and configuration
+ Added verification callback on certificate chain
verification to allow external blacklisting
+ Additional example programs to show usage
+ Additional example programs to show usage
* Added support for PKCS#11 through the use of the
libpkcs11-helper library
......
Site: localhost
BuildName: mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
This package of mbed TLS is specifically licensed under the GPL 2.0,
as can be found in: gpl-2.0.txt
Unless specifically indicated otherwise in a file, files are licensed
under the Apache 2.0 license, as can be found in: apache-2.0.txt
DESTDIR=/usr/local
PREFIX=mbedtls_
.SILENT:
.PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean
all: programs tests
$(MAKE) post_build
no_test: programs
programs: lib
$(MAKE) -C programs
lib:
$(MAKE) -C library
tests: lib
$(MAKE) -C tests
ifndef WINDOWS
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -r include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib
cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
cp $$p $(DESTDIR)/bin/$$f ; \
fi \
done
uninstall:
rm -rf $(DESTDIR)/include/mbedtls
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
then \
f=$(PREFIX)`basename $$p` ; \
rm -f $(DESTDIR)/bin/$$f ; \
fi \
done
endif
WARNING_BORDER =*******************************************************\n
NULL_ENTROPY_WARN_L1=**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****\n
NULL_ENTROPY_WARN_L2=**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****\n
NULL_ENTROPY_WARN_L3=**** AND IS *NOT* SUITABLE FOR PRODUCTION USE ****\n
NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
# Post build steps
post_build:
ifndef WINDOWS
# If NULL Entropy is configured, display an appropriate warning
-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
endif
clean:
$(MAKE) -C library clean
$(MAKE) -C programs clean
$(MAKE) -C tests clean
ifndef WINDOWS
find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
endif
check: lib tests
$(MAKE) -C tests check
test: check
ifndef WINDOWS
# note: for coverage testing, build with:
# make CFLAGS='--coverage -g3 -O0'
covtest:
$(MAKE) check
programs/test/selftest
tests/compat.sh
tests/ssl-opt.sh
lcov:
rm -rf Coverage
lcov --capture --initial --directory library -o files.info
lcov --capture --directory library -o tests.info
lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
lcov --remove all.info -o final.info '*.h'
gendesc tests/Descriptions.txt -o descriptions
genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
rm -f files.info tests.info all.info final.info descriptions
apidoc:
mkdir -p apidoc
cd doxygen && doxygen mbedtls.doxyfile
apidoc_clean:
rm -rf apidoc
endif
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,