Merge branch 'development' into development-restricted

2024-11-22 12:35:40 +01:00 · 2016-06-23 21:42:26 +01:00 · 2016-06-23 21:42:26 +01:00 · ab069c6b46
commit ab069c6b46
parent c8dd1148f0 e7be5bdb96
10 changed files with 132 additions and 22 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -2566,6 +2566,9 @@

 /* \} name SECTION: Customisation configuration options */

+/* Target and application specific configurations */
+//#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h"
+
 /*
 * Allow user to override any previous default.
 *
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1781,10 +1781,11 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
- * \brief          Set hostname for ServerName TLS extension
+ * \brief          Set the hostname to check against the received server
+ *                 certificate. It sets the ServerName TLS extension too,
+ *                 if the extension is enabled.
 *                 (client-side only)
 *
- *
 * \param ssl      SSL context
 * \param hostname the server hostname
 *
--- a/library/aes.c
+++ b/library/aes.c
@ -1222,7 +1222,9 @@ int mbedtls_aes_self_test( int verbose )
    int ret = 0, i, j, u, v;
    unsigned char key[32];
    unsigned char buf[64];
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
    unsigned char iv[16];
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
    unsigned char prv[16];
 #endif
--- a/library/rsa.c
+++ b/library/rsa.c
@ -556,7 +556,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
    memcpy( p, input, ilen );

    mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }

    /* maskedDB: Apply dbMask to DB */
    mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
@ -728,7 +732,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
     * Unmask data and generate lHash
     */
    mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }
+

    /* Generate lHash */
    mbedtls_md( md_info, label, label_len, lhash );
@ -971,7 +980,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
    p += slen;

    mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }

    /* Generate H = Hash( M' ) */
    mbedtls_md_starts( &md_ctx );
@ -1240,7 +1253,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );

    mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }

    mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );

--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@ -26,6 +26,7 @@
 #endif

 #include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
 #include "mbedtls/hmac_drbg.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/dhm.h"
@ -100,6 +101,40 @@ static int run_test_snprintf( void )
            test_snprintf( 5, "123",         3 ) != 0 );
 }

+/*
+ * Check if a seed file is present, and if not create one for the entropy
+ * self-test. If this fails, we attempt the test anyway, so no error is passed
+ * back.
+ */
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && \
+        !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+static void create_entropy_seed_file( void )
+{
+    int result;
+    size_t output_len = 0;
+    unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+    /* Attempt to read the entropy seed file. If this fails - attempt to write
+     * to the file to ensure one is present. */
+    result = mbedtls_platform_std_nv_seed_read( seed_value,
+                                                    MBEDTLS_ENTROPY_BLOCK_SIZE );
+    if( 0 == result )
+        return;
+
+    result = mbedtls_platform_entropy_poll( NULL,
+                                            seed_value,
+                                            MBEDTLS_ENTROPY_BLOCK_SIZE,
+                                            &output_len );
+    if( 0 != result )
+        return;
+
+    if( MBEDTLS_ENTROPY_BLOCK_SIZE != output_len )
+        return;
+
+    mbedtls_platform_std_nv_seed_write( seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
    int v, suites_tested = 0, suites_failed = 0;
@ -331,6 +366,11 @@ int main( int argc, char *argv[] )
 #endif

 #if defined(MBEDTLS_ENTROPY_C)
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+    create_entropy_seed_file();
+#endif
+
    if( mbedtls_entropy_self_test( v ) != 0 )
    {
        suites_failed++;
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@ -1,12 +1,25 @@
 #!/usr/bin/perl
-
-# rename identifiers (functions, types, enum constant, etc)
-# on upgrades of major version according to a list
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# This script migrates application source code from the mbed TLS 1.3 API to the
+# mbed TLS 2.0 API.
+#
+# The script processes the given source code and renames identifiers - functions
+# types, enums etc, as
+#
+# Usage:  rename.pl [-f datafile] [-s] [--] [filenames...]
+#

 use warnings;
 use strict;

 use utf8;
+use Path::Class;
 use open qw(:std utf8);

 my $usage = "Usage: $0 [-f datafile] [-s] [--] [filenames...]\n";
@ -45,15 +58,28 @@ my $space = qr/\s+/;
 my $idnum = qr/[a-zA-Z0-9_]+/;
 my $symbols = qr/[-!#\$%&'()*+,.\/:;<=>?@[\\\]^_`{|}~]+|"/;

+my $lib_include_dir = dir($0)->parent->parent->subdir('include', 'mbedtls');
+my $lib_source_dir = dir($0)->parent->parent->subdir('library');
+
 # if we replace inside strings, we don't consider them a token
 my $token = $do_strings ?         qr/$space|$idnum|$symbols/
                        : qr/$string|$space|$idnum|$symbols/;

 my %warnings;

+# If no files were passed, exit...
+if ( not defined($ARGV[0]) ){ die $usage; }
+
 while( my $filename = shift )
 {
    print STDERR "$filename... ";
+
+    if( dir($filename)->parent eq $lib_include_dir ||
+         dir($filename)->parent eq $lib_source_dir )
+    {
+        die "Script cannot be executed on the mbed TLS library itself.";
+    }
+
    if( -d $filename ) { print STDERR "skip (directory)\n"; next }

    open my $rfh, '<', $filename or die;
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@ -1,7 +1,23 @@
 #!/bin/sh
-
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# This script confirms that the naming of all symbols and identifiers in mbed
+# TLS are consistent with the house style and are also self-consistent.
+#
 set -eu

+if grep --version|head -n1|grep GNU >/dev/null; then :; else
+    echo "This script requires GNU grep."
+    exit 1
+fi
+
+printf "Analysing source code...\n"
+
 tests/scripts/list-macros.sh
 tests/scripts/list-enum-consts.pl
 tests/scripts/list-identifiers.sh
@ -9,7 +25,7 @@ tests/scripts/list-symbols.sh

 FAIL=0

-printf "Exported symbols declared in header: "
+printf "\nExported symbols declared in header: "
 UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' )
 if [ "x$UNDECLARED" = "x" ]; then
    echo "PASS"
@ -24,7 +40,7 @@ diff macros identifiers | sed -n -e 's/< //p' > actual-macros
 for THING in actual-macros enum-consts; do
    printf "Names of $THING: "
    test -r $THING
-    BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
+    BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
    if [ "x$BAD" = "x" ]; then
        echo "PASS"
    else
@ -66,6 +82,7 @@ else
    FAIL=1
 fi

+printf "\nOverall: "
 if [ "$FAIL" -eq 0 ]; then
    rm macros actual-macros enum-consts identifiers exported-symbols
    echo "PASSED"
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@ -19,7 +19,7 @@ depends_on:MBEDTLS_SHA1_C
 pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"

 PBES2 Decrypt (OK)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"

 PBES2 Decrypt (bad params tag)
@ -47,7 +47,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""

 PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""

 PBES2 Decrypt (bad PBKDF2 params salt: overlong)
@ -63,7 +63,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""

 PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"

 PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
@ -71,7 +71,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""

 PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"

 PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
@ -103,7 +103,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""

 PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""

 PBES2 Decrypt (bad enc_scheme_alg params: overlong)
@ -111,13 +111,13 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""

 PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""

 PBES2 Decrypt (bad password)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"

 PBES2 Decrypt (bad iter value)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@ -59,7 +59,7 @@ void xtea_decrypt_ecb( char *hex_key_string, char *hex_src_string,
 }
 /* END_CASE */

-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
 void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
                       char *hex_src_string, char *hex_dst_string )
 {
@ -90,7 +90,7 @@ void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
 }
 /* END_CASE */

-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
 void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
                       char *hex_src_string, char *hex_dst_string )
 {
--- a/yotta/data/adjust-config.sh
+++ b/yotta/data/adjust-config.sh
@ -14,6 +14,10 @@ conf() {
    $SCRIPT -f $FILE $@
 }

+
+# Set the target specific header
+conf set YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE \"target_config.h\"
+
 # not supported on mbed OS, nor used by mbed Client
 conf unset MBEDTLS_NET_C
 conf unset MBEDTLS_TIMING_C