commit 3602df84d7b357693bc95a05f32deb2516ab2985
author Jerome Forissier <jerome@forissier.org> Wed Jul 28 10:24:04 2021 +0200
committer Jérôme Forissier <jerome@forissier.org> Mon Aug 02 10:48:41 2021 +0200
tree 3ed2234f0feccb48ed60e950d30c5497f6041187
parent 475550224d568290bace2422cc02051b6bb84285

Import mbedtls-2.27.0

Imports Mbed TLS 2.27.0 from https://github.com/ARMmbed/mbedtls.git
commit f71e28780841 ("Merge pull request #843 from
paul-elliott-arm/mbedtls-2.27.0rc0-pr") (tag mbedtls-2.27.0, v2.27.0).

Files that are not needed are removed.

 cd lib/libmbedtls
 rm -rf mbedtls
 cp -R path/to/mbedtls-2.27.0/mbedtls .
 cd mbedtls
 rm CMakeLists.txt DartConfiguration.tcl Makefile
 rm .gitignore .travis.yml .pylintrc .globalrc .mypy.ini BRANCHES.md
 rm include/.gitignore include/CMakeLists.txt library/.gitignore
 rm library/CMakeLists.txt library/Makefile
 rm -rf .git .github doxygen configs programs scripts tests visualc yotta
 rm -rf 3rdparty ChangeLog.d docs
 rm -rf include/mbedtls/config_psa.h include/psa
 rm library/psa_* library/mps_*
 cd ..
 git add mbedtls

This is a complete overwrite of previous code so earlier changes in the
previous branch import/mbedtls-2.22.0 will be added on top of this commit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>

lib/libmbedtls/mbedtls/library/x509write_crt.c

diff --git a/lib/libmbedtls/mbedtls/library/x509write_crt.c b/lib/libmbedtls/mbedtls/library/x509write_crt.c
index 80eb23b..8f4a4f5 100644
--- a/lib/libmbedtls/mbedtls/library/x509write_crt.c
+++ b/lib/libmbedtls/mbedtls/library/x509write_crt.c
@@ -1,8 +1,8 @@
-// SPDX-License-Identifier: Apache-2.0
 /*
  *  X.509 certificate writing
  *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
  *  not use this file except in compliance with the License.
@@ -15,8 +15,6 @@
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 /*
  * References:
@@ -25,11 +23,7 @@
  * - attributes: PKCS#9 v2.0 aka RFC 2985
  */
 
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "common.h"
 
 #if defined(MBEDTLS_X509_CRT_WRITE_C)
 
@@ -169,7 +163,7 @@
     return(
         mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
                              MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
-                             0, buf + sizeof(buf) - len, len ) );
+                             is_ca, buf + sizeof(buf) - len, len ) );
 }
 
 #if defined(MBEDTLS_SHA1_C)
@@ -239,7 +233,7 @@
 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
                                          unsigned int key_usage )
 {
-    unsigned char buf[5], ku[2];
+    unsigned char buf[5] = {0}, ku[2] = {0};
     unsigned char *c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
@@ -278,7 +272,7 @@
 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
                                     unsigned char ns_cert_type )
 {
-    unsigned char buf[4];
+    unsigned char buf[4] = {0};
     unsigned char *c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;