Squashed 'communication/lib/mbedtls/' changes from 0a0c22e..f7a4688

f7a4688 Mention new test script in Readme
8de8a32 Bump yotta version to 2.2.0-rc.1
6edd78b Merge branch 'misc' into development
2046062 Merge branch 'development' into misc
459a950 Fixed typo in comment
b48ace7 Merge branch 'iotssl-513-alerts' into development
62aab15 Merge branch 'development' into iotssl-513-alerts
c87747b Removed debug code accidentally left in test code
fa8094e Merge branch 'iotssl-521-keylen-check' into development
5f7c34b Merge branch iotssl-521-keylen-check
e0b2fea Mention performance fix in ChangeLog
e357a64 Merge pull request #328 from ARMmbed/iotssl-461-ecjpake-finalization
231a065 yotta Readme: edited by Irit
65eefc8 Fix missing check for RSA key length on EE certs
ac8673c Add quick script to estimate ROM footprint
de9f953 Optimize more common cases in ecp_muladd()
d21eb2a Fix attribution in ChangeLog
fbdf06c Fix handling of non-fatal alerts
503a5ef Add key-exchanges.pl to test list
50bd260 Add -Werror to reduced configs test scripts
5c2a7ca Fix warning in some reduced configs
e5f3072 Fix #ifdef inconsistency
5df9216 Add script to test configs with single key exchanges
7980096 Further update Redmes regarding the two editions
87173fa yotta Readme: mention all examples
ac12173 yotta Readme: expand configuration example
f13139a yotta readme: mention supported platforms
71956c9 Fix warnings about locations of header files
f45fd73 Remove TLS Client example, see mbed-tls-sockets
cdea97c Remove useless code
c8cd2c6 Small fix to 'make test' script
8a7a189 Fix curves.pl for ECJPAKE disabled by default
4b20c0e Fix potential stack buffer overflow in ecjpake
12ca6f5 Update ssl-opt.sh for EC J-PAKE disabled by default
1ef96c2 Update ChangeLog for the EC J-PAKE branch
fadacb9 Merge branch 'development' into iotssl-461-ecjpake-finalization
cf82893 Disable EC J-PAKE by default (experimental)
3e5b5f1 Tune up config-thread.h a bit more
ca700b2 Add config-thread.h to test-ref-configs.pl
eb47b87 Rework test-ref-configs.pl to also use ssl-opt.sh
b6fe70b Tune up the Thread mini config
b4d9d36 Bump yotta dependencies version
db90c82 Fix typo in documentation
e3132a9 Corrected misleading fn description in ssl_cache.h
5674a97 Fix compilers warnings in reduced configs
9f52cac Rename config-ecjpake to thread and minify it
024b6df Improve key export API and documentation
b7da194 ecjpake: fix uninitialize member
334a87b Corrected URL/reference to MPI library
d97f899 Merge pull request #313 from bogdanm/development
63666ef Fix yotta dependencies
4104864 ECHDE-PSK does not use a certificate
adeb7d8 Move all KEY_EXCHANGE__ definitions in one place
3eb8c34 Add example program for Curve25519
262c137 Merge pull request #311 from jcowgill/spelling-fix
07a92d7 Fix minor spelling mistake in programs/pkey/gen_key.c
dd0e9a8 Minimal config file for ECJPAKE
4d284d2 Added feature MBEDTLS_SSL_EXPORT_KEYS
4289c0d Typo in parameter name
ae8535d Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
c4e7d8a Bump version to 2.1.2
ca056c7 Fix CVE number in ChangeLog
c80a74f Merge branch 'development' into development-restricted
2ac9c60 Add 'inline' workaround where needed
a97ab2c Merge branch 'development' into development-restricted
9c67626 Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development
7776fc3 Fix for #279 macroisation of 'inline' keyword
2d70834 Fix references to non-standard SIZE_T_MAX
86ff487 Merge remote-tracking branch 'origin/development' into development-restricted
0ccd453 Fix yotta version dependencies again
899ac84 Merge branch 'development' into development-restricted
2347bdd Upgrade yotta dependency versions
5ae7984 Merge pull request #306 from ARMmbed/gh-288-missing-warning
281bd6d Merge pull request #307 from ARMmbed/gh-278-musl-socklen
0431735 Fix compile error in net.c with musl libc
cb6af00 Add missing warning in doc
475cf0a Merge fix of IOTSSL-496 - Potential heap overflow
5a2e389 Remove inline workaround when not useful
0223ab9 Fix macroization of inline in C++
fec73a8 Merge of fix for IOTSSL-481 - Double free
c48b66b Changed attribution for Guido Vranken
6418ffa Merge fix for IOTSSL-480 - base64 overflow issue
a45aa13 Merge of IOTSSL-476 - Random malloc in pem_read()
e7f96f2 Merge fix IOTSSL-475 Potential buffer overflow
d5ba467 Merge fix for IOTSSL-474 PKCS12 Overflow
5b8d1d6 Fix for IOTSSL-473 Double free error
39a60de Correct overwritten fixes
136884c Use MBEDTLS_ECJPAKE_C def. for correct conditional compilation
4feb7ae Added key export API
e8377d6 Clean up compilation warnings
7cdad77 Add point format handling
ef388f1 Merge branch 'development' into development-restricted
bc1babb Fix potential overflow in CertificateRequest
54eec9d Merge pull request #301 from Tilka/typo
e56384c Merge branch 'bachp-configs' into development
a12e3c0 Updated ChangeLog with credit
13d8762 Merge branch 'configs' of bachp configs
0aa45c2 Fix potential overflow in base64_encode
50a739f Add test for base64 output length
5624ec8 Reordered TLS extension fields in client
04799a4 Fixed copy and paste error
0fc94e9 Revised bounds checking on TLS extensions
9f81231 Revised hostname length check from review
d02a1da Fix stack buffer overflow in pkcs12
24417f0 Fix potential double-free in mbedtls_ssl_conf_psk()
58fb495 Fix potential buffer overflow in mpi_read_string()
ed99766 Added bounds checking for TLS extensions
89f7762 Added max length checking of hostname
588ad50 Fix a fairly common typo in comments
faee44d Avoid false positives in bounds check
f592e8e Update yotta dependency version
8f98842 Refined credits in ChangeLog for fuzzing issue
2f056a0 Try to run yotta update for yotta build test
ca4fb71 Fix mbed examples after minar upgrade
d0d8cb3 Cache ClientHello extension
77c0646 Add cache for EC J-PAKE client extension
6657b8d Fix curve-dependency test
8cea8ad Bump version to 2.1.1
22b2941 Merge pull request #294 from ARMmbed/development-restricted
ac58c53 Merge remote-tracking branch 'origin/development'
75df902 Add warning on config options
921f2d0 Add test cases with DTLS and/or password mismatch
0f1660a Implement key exchange messages and PMS derivation
25dbeb0 Skip certificate-related messages with ECJPAKE
0a1324a Add client-side extension parsing
55c7f99 Add server writing of the extension
bf57be6 Add server extension parsing
e511b4e Ignore ECJPAKE suite if not configured on server
c1b46d0 Fix bug in server parsing point formats extension
60884a1 Improve debug formatting of ciphersuites
70905a7 Add ecjpake_pw option to ssl_client2/server2
eef142d Depend on ECJPAKE key exchange, not module
ddf97a6 Skip ECJPAKE suite in ClientHello if no pw set up
538cb7b Add the ECJPAKE ciphersuite
557535d Add ECJPAKE key exchange
7dd82f8 Merge branch 'development' with bugfix branch
9aa7218 Merge branch 'bugfix' into development
ea4b76d Merge pull request #273 from ARMmbed/iotssl-411-port-reuse
5793e7e Merge 'development' into iotssl-411-port-reuse
294139b Add client extension writing
b813acc Add mbedtls_ecjpake_check(), tells if set up
7002f4a Add mbedtls_ssl_set_hs_ecjpake_password()
f7022d1 Fix bug in server parsing point formats extension
5e4c206 Make config check include for configs examples more consistent
76cfd3f Add EC J-PAKE context in handshake structure
f472179 Adjust dependencies for EC extensions
ea5370d Don't allow reconnect during handshake
6ad23b9 Make failing test more robust
a1a1128 Updated ChangeLog for fix #275
520d3b8 Merge pull request #289 from quartzjer/development
49641ad Merge pull request #275 from embedthis/fix-1
c57556e tiny spelling fixes
d69f14b Updated Changelog for new version
8a52a74 Added PR to Changelog for NWilson
835faec Merge branch 'NWilson-const_profile'
d0bf6a3 Update ssl_tls.c
74ca8d0 Update ssl_tls.c
0789aed Update ssl_tls.c
1a57af1 Update ssl.h
4f6882a Update config.h
a25cab8 FIX: compiler warning with recvfrom on 64-bit
a6b95f0 Print I/O buffer size in memory.sh
ddfe5d2 Tune dependencies
c2ed802 Fix ChangeLog - misplaced entries
2ed05a0 Fix typos
ab05d23 Update generated file
259db91 Add test without cookies
22311ae Improve help message of ssl_*2.c
62c74bb Stop wasting resources
2088e2e fix const-ness of argument to mbedtls_ssl_conf_cert_profile
222cb8d Tune related documentation while at it
3a2a448 Update documentation
14c2574 Update Changelog
e5a21b4 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
5f50104 Add counter-measure against RSA-CRT attack
d745a1a Add tests for hard reconnect
3f09b6d Fix API
be619c1 Clean up error codes
11331fc First working dirty version
9650205 Start detecting epoch 0 ClientHellos
26d227d Add config flag for support of client port reuse
dbd2307 Add option reconnect_hard to ssl_client2
cd34589 Fix #ifdef in test suite
d9802af Add tests for round 2
3059095 Complete tests for reading round one
bbe4e52 Start adding tests for EC J-PAKE round one
d0d8a93 Blind operations on the secret
55f3d84 fixup-include
c907081 Polish the source
f7368c9 Polish API and documentation
e192710 Unify round two
d8204a7 Provide symmetric API for the first round
e2d3a4e Unify loading of test vectors in tests
ce45676 Rename variable to prepare for cli/srv unification
6b798b9 Tune up some comments
e0ad57b Replace explicit IDs with table look-ups
5f18829 Add derive_pms, completing first working version
6449391 Store our role in the context
614bd5e Add write_client_params
ec0eece Add read_client_params
bed9e41 Add writing of server params
8d31e80 Improve testing strategy
1a7c5ef Optimize some case of mbedtls_ecp_muladd()
cb7cd03 Add first draft or read_server_params
23dcbe3 Add support for passphrase in the context
4e8bc78 Add context-using functions for Hello extensions
7af8bc1 Start introducing mbedtls_ecjpake_context
3aed185 Re-order functions.
9028c5a Improve const correctness of read() functions
082767f Add ecjpake_kkpp_read/write
4f2cd95 Fix potential memory leaks
b1b250b Add ecjpake_kkp_read/write()
967cd71 Add test vector for ZKP verification
6029a85 Add ecjpake_zpk_read()
c618195 Fix base point in ecjpake_write_zkp()
d9a3f47 Add mbedtls_ecp_gen_keypair_base()
8489f17 First draft of ecjpake_write_zkp()
3dbf2fb Implement hashing function for ZKP
4d8685b Add skeleton for EC J-PAKE module
7f2f062 Fix possible client crash on API misuse
14d8005 Remove "private" setting from module.json

git-subtree-dir: communication/lib/mbedtls
git-subtree-split: f7a46882574804d1939d48341ecc8b87e3efd651

.travis.yml

@@ -17,6 +17,7 @@ script:
 - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
 - tests/scripts/test-ref-configs.pl
 - tests/scripts/curves.pl
+- tests/scripts/key-exchanges.pl
 env:
   global:
     secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="

ChangeLog

@@ -1,5 +1,100 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.2.0 released 2015-10-xx
+
+Features
+   * Experimental support for EC J-PAKE as defined in Thread 1.0.0.
+     Disabled by default as the specification might still change.
+   * Added a key extraction callback to accees the master secret and key
+     block. (Potential uses include EAP-TLS and Thread.)
+
+Bugfix
+   * Fix build error with configurations where ECDHE-PSK is the only key
+     exchange. Found and fix provided by Chris Hammond. #270
+   * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
+     ECHD-ECDSA if the only key exchange. Multiple reports. #310
+   * Fixed a bug causing some handshakes to fail due to some non-fatal alerts
+     not being properly ignored. Found by mancha and Kasom Koht-arsa, #308
+   * mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and
+     size/curve against the profile. Before that, there was no way to set a
+     minimum key size for end-entity certificates with RSA keys. Found by
+     Matthew Page of Scannex Electronics Ltd.
+
+Changes
+   * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1
+     or -1.
+
+= mbed TLS 2.1.2 released 2015-10-06
+
+Security
+   * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer
+     overflow of the hostname or session ticket. Found by Guido Vranken,
+     Intelworks.
+   * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
+     once in the same handhake and mbedtls_ssl_conf_psk() was used.
+     Found and patch provided by Guido Vranken, Intelworks. Cannot be forced
+     remotely.
+   * Fix stack buffer overflow in pkcs12 decryption (used by
+     mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
+     Found by Guido Vranken, Intelworks. Not triggerable remotely.
+   * Fix potential buffer overflow in mbedtls_mpi_read_string().
+     Found by Guido Vranken, Intelworks. Not exploitable remotely in the context
+     of TLS, but might be in other uses. On 32 bit machines, requires reading a
+     string of close to or larger than 1GB to exploit; on 64 bit machines, would
+     require reading a string of close to or larger than 2^62 bytes.
+   * Fix potential random memory allocation in mbedtls_pem_read_buffer()
+     on crafted PEM input data. Found and fix provided by Guido Vranken,
+     Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you
+     accept PEM data from an untrusted source.
+   * Fix possible heap buffer overflow in base64_encoded() when the input
+     buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
+     Intelworks. Not trigerrable remotely in TLS.
+   * Fix potential double-free if mbedtls_conf_psk() is called repeatedly on
+     the same mbedtls_ssl_config object and memory allocation fails. Found by
+     Guido Vranken, Intelworks. Cannot be forced remotely.
+   * Fix potential heap buffer overflow in servers that perform client
+     authentication against a crafted CA cert. Cannot be triggered remotely
+     unless you allow third parties to pick trust CAs for client auth.
+     Found by Guido Vranken, Intelworks.
+
+Bugfix
+   * Fix compile error in net.c with musl libc. Found and patch provided by
+     zhasha (#278).
+   * Fix macroization of 'inline' keyword when building as C++. (#279)
+
+Changes
+   * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure
+     domain names are compliant with RFC 1035.
+   * Fixed paths for check_config.h in example config files. (Found by bachp)
+     (#291)
+
+= mbed TLS 2.1.1 released 2015-09-17
+
+Security
+   * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5
+     signatures. (Found by Florian Weimer, Red Hat.)
+     https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
+   * Fix possible client-side NULL pointer dereference (read) when the client
+     tries to continue the handshake after it failed (a misuse of the API).
+     (Found and patch provided by Fabian Foerg, Gotham Digital Science using
+     afl-fuzz.)
+
+Bugfix
+   * Fix warning when using a 64bit platform. (found by embedthis) (#275)
+   * Fix off-by-one error in parsing Supported Point Format extension that
+     caused some handshakes to fail.
+
+Changes
+   * Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow
+     use of mbedtls_x509_crt_profile_next. (found by NWilson)
+   * When a client initiates a reconnect from the same port as a live
+     connection, if cookie verification is available
+     (MBEDTLS_SSL_DTLS_HELLO_VERIFY defined in config.h, and usable cookie
+     callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be
+     detected and mbedtls_ssl_read() will return
+     MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new
+     handshake with the same context. (See RFC 6347 section 4.2.8.)
+
 = mbed TLS 2.1.0 released 2015-09-04
 
 Features
@@ -87,7 +182,7 @@ API Changes
      mbedtls_gcm_init() -> mbedtls_gcm_setkey()
      mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)()
      mbedtls_ctr_drbg_init()  -> mbedtls_ctr_drbg_seed()
-     Note that for mbetls_ssl_setup(), you need to be done setting up the
+     Note that for mbedtls_ssl_setup(), you need to be done setting up the
      ssl_config structure before calling it.
    * Most ssl_set_xxx() functions (all except ssl_set_bio(), ssl_set_hostname(),
      ssl_set_session() and ssl_set_client_transport_id(), plus

README.md

@@ -29,7 +29,7 @@ The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx
 
 ### Yotta
 
-[yotta](http://yottabuild.org) is a package manager and build system developped by mbed; it is the build system of mbed OS. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
+[yotta](http://yottabuild.org) is a package manager and build system developed by mbed; it is the build system of mbed OS. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
 
 Once yotta is installed, you can use it to download the latest version of mbed TLS form the yotta registry with:
 
@@ -39,7 +39,7 @@ and build it with:
 
     yotta build
 
-If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our github repository, or from downloading a tarball of the standalone edition, then you'll need first need to generate the yotta module by running:
+If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll need first need to generate the yotta module by running:
 
     yotta/create-module.sh
 
@@ -50,7 +50,7 @@ from the mbed TLS root directory. This will create the yotta module in the `yott
 
 In any case, you'll probably want to set the yotta target before building unless it's already set globally; for more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
 
-The yotta edition of mbed TLS includes a few example programs, some of which demonstrate integration with mbed OS; for more details, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
+For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
 
 ### Make
 
@@ -64,7 +64,7 @@ In order to run the tests, enter:
 
     make check
 
-The tests need Perl to be built and run. If you don't have Perl installed, you can skip buiding the tests with:
+The tests need Perl to be built and run. If you don't have Perl installed, you can skip building the tests with:
 
     make no_test
 
@@ -122,7 +122,7 @@ To list other available CMake options, use:
 
     cmake -LH
 
-Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find):
+Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find):
 
     find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
     CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
@@ -148,6 +148,7 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad
 -   `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
 -   `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
 -   `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
+-   `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
 -   `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc).
 
 Configurations

configs/config-ccm-psk-tls1_2.h

@@ -80,6 +80,6 @@
  */
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             512
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */

configs/config-picocoin.h

@@ -66,6 +66,6 @@
 #define MBEDTLS_SHA1_C
 #define MBEDTLS_SHA256_C
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */

configs/config-thread.h

@@ -0,0 +1,94 @@
+/*
+ *  Minimal configuration for using TLS as part of Thread
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * Minimal configuration for using TLS a part of Thread
+ * http://threadgroup.org/
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - no X.509
+ * - support for experimental EC J-PAKE key exchange
+ *
+ * See README.txt for usage instructions.
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+
+/* mbed TLS feature support */
+#define MBEDTLS_AES_ROM_TABLES
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_COOKIE_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+
+/* For tests using ssl-opt.sh */
+#define MBEDTLS_NET_C
+#define MBEDTLS_TIMING_C
+
+/* Save RAM at the expense of ROM */
+#define MBEDTLS_AES_ROM_TABLES
+
+/* Save RAM by adjusting to our exact needs */
+#define MBEDTLS_ECP_MAX_BITS             256
+#define MBEDTLS_MPI_MAX_SIZE              32 // 256 bits is 32 bytes
+
+/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
+#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+
+#if defined(TARGET_LIKE_MBED)
+#include "mbedtls/target_config.h"
+#endif
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

doxygen/input/doc_mainpage.h

@@ -21,7 +21,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.1.0 source code documentation
+ * @mainpage mbed TLS v2.1.2 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in

doxygen/mbedtls.doxyfile

@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.1.0"
+PROJECT_NAME           = "mbed TLS v2.1.2"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or

include/mbedtls/base64.h

@@ -44,6 +44,9 @@ extern "C" {
  * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
  *                 *olen is always updated to reflect the amount
  *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *olen is set to the maximum
+ *                 length representable as a size_t.
  *
  * \note           Call this function with dlen = 0 to obtain the
  *                 required buffer size in *olen

include/mbedtls/check_config.h

@@ -88,6 +88,11 @@
 #error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_ECJPAKE_C) &&           \
+    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
 #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
 #endif
@@ -187,6 +192,12 @@
 #error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
+    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
+      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
     ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
 #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
@@ -421,6 +432,11 @@
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
     ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
 #error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"

include/mbedtls/cipher.h

@@ -46,7 +46,8 @@
 #define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif