Merge 'mbedtls-2.1-iotssl-952-tfirmware-warnings'
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
diff --git a/ChangeLog b/ChangeLog
index bbe1329..6fa0b87 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
Bugfix
+ * Fix the redefinition of macro ssl_set_bio to an undefined symbol
+ mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.
+ Found by omlib-lin. #673
* Fix unused variable/function compilation warnings in pem.c and x509_csr.c
that are reported when building mbed TLS with a config.h that does not
define MBEDTLS_PEM_PARSE_C. #562
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 27abbd9..af51b5f 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -2453,7 +2453,6 @@
#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
#define ssl_set_authmode mbedtls_ssl_conf_authmode
#define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_bio mbedtls_ssl_set_bio_timeout
#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 9c8645d..a324b69 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -206,7 +206,7 @@
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
*
* \note This function does NOT take care of message
- * padding. Also, be sure to set input[0] = 0 or assure that
+ * padding. Also, be sure to set input[0] = 0 or ensure that
* input is smaller than N.
*
* \note The input and output buffers must be large
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 54dac16..f219bf1 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -157,7 +157,7 @@
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
/*
* Storage format identifiers
diff --git a/library/net.c b/library/net.c
index a77268c..b6b08ed 100644
--- a/library/net.c
+++ b/library/net.c
@@ -228,7 +228,7 @@
}
}
- /* I we ever get there, it's a success */
+ /* Bind was successful */
ret = 0;
break;
}
diff --git a/library/pkparse.c b/library/pkparse.c
index bddcf5d..f0a12f9 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1186,12 +1186,12 @@
#endif /* MBEDTLS_PEM_PARSE_C */
/*
- * At this point we only know it's not a PEM formatted key. Could be any
- * of the known DER encoded private key formats
- *
- * We try the different DER format parsers to see if one passes without
- * error
- */
+ * At this point we only know it's not a PEM formatted key. Could be any
+ * of the known DER encoded private key formats
+ *
+ * We try the different DER format parsers to see if one passes without
+ * error
+ */
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
pwd, pwdlen ) ) == 0 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d442642..c455625 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3413,7 +3413,7 @@
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
- /* Dont check write errors as we can't do anything here.
+ /* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
@@ -5914,8 +5914,9 @@
const char **p;
/*
- * "Empty strings MUST NOT be included and byte strings MUST NOT be
- * truncated". Check lengths now rather than later.
+ * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
+ * MUST NOT be truncated."
+ * We check lengths now rather than later.
*/
tot_len = 0;
for( p = protos; *p != NULL; p++ )
@@ -7472,7 +7473,7 @@
* and, for DTLS, to/from TLS equivalent.
*
* For TLS this is the identity.
- * For DTLS, use one complement (v -> 255 - v, and then map as follows:
+ * For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
*/
diff --git a/library/x509.c b/library/x509.c
index 33bcb9e..b063a19 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -656,7 +656,7 @@
/*
* X.509 Extensions (No parsing of extensions, pointer should
- * be either manually updated or extensions should be parsed!
+ * be either manually updated or extensions should be parsed!)
*/
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag )
diff --git a/scripts/config.pl b/scripts/config.pl
index d4c32fd..d8d6a20 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -5,9 +5,28 @@
use warnings;
use strict;
+my $config_file = "include/mbedtls/config.h";
my $usage = <<EOU;
-$0 [-f <file>] unset <name>
-$0 [-f <file>] set <name> [<value>]
+$0 [-f <file>] [set <symbol> <value> | unset <symbol> | full | realfull]
+
+Commands
+ set <symbol> [<value>] - Uncomments or adds a #define for the <symbol> to
+ the configuration file, and optionally making it
+ of <value>.
+ If the symbol isn't present in the file an error
+ is returned.
+ unset <symbol> - Comments out the #define for the given symbol if
+ present in the configuration file.
+ full - Uncomments all #define's in the configuration file
+ excluding some reserved symbols, until the
+ 'Module configuration options' section
+ realfull - Uncomments all #define's with no exclusions
+
+Options
+ -f <filename> - The file or file path for the configuration file
+ to edit. When omitted, the following default is
+ used:
+ $config_file
EOU
# for our eyes only:
# $0 [-f <file>] full|realfull
@@ -40,8 +59,6 @@
PLATFORM_[A-Z0-9]+_ALT
);
-my $config_file = "include/mbedtls/config.h";
-
# get -f option
if (@ARGV >= 2 && $ARGV[0] eq "-f") {
shift; # -f
diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt
index 397f6be..cb3381a 100644
--- a/scripts/data_files/rename-1.3-2.0.txt
+++ b/scripts/data_files/rename-1.3-2.0.txt
@@ -1996,7 +1996,6 @@
ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
ssl_set_authmode mbedtls_ssl_conf_authmode
ssl_set_bio mbedtls_ssl_set_bio
-ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout
ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites