Changes run-test-suites.pl to filter out directories, and select only files
as on OSX, test coverage tests create .dSYM directories which were being
accidentally selected to execute.
Changes the IP address to bind to for dtls_server.c to be "::" or optionally
"0.0.0.0" if the preprocessor symbol FORCE_IPV4 is defined.
Also changes the destinaton IP address for dtls_client.c to be "::1" or if
FORCE_IPV4 symbol is defined "127.0.0.1".
This change allows on compilation dtls_server.c and dtls_client.c to both be
compiled to use either IPv4 or IPv6 so out of the box they will work together
without problem, and to avoid dtls_server.c binding to IPv6 and dtls_client.c
binding to IPv4.
Generate the documentation from include and doxygen/input only. Don't
get snared by files containing Doxygen comments that lie in other
directories such as tests, yotta, crypto/include, ...
The only difference this makes in a fresh checkout is that the
documentation no longer lists target_config.h. This file is from
yotta, does not contain any Doxygen comment, and its inclusion in the
rendered documentation was clearly an oversight.
The run-test-suites.pl script was executing all files of the form 'test_suite*'
which were either executable or ended with a .exe extension.
On some filesystems, such as through network shares or VMs, which are
abstracting one set of file permissions to Unix permissions, may set the
executable permissions on all files, whether they're executable or not.
That was leading to the run-test-suites.pl script to attempt to execute the .c
intermediate files because they followed the form 'test_suite_*.c'. This change
now excludes them, just in case they accidentally have execute permissions.
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error. The old
function is not officially marked as deprecated in this branch because
this is a stable maintenance branch.
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error. The old
function is not officially marked as deprecated in this branch because
this is a stable maintenance branch.
When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written
as an ASN.1 INTEGER, which caused the size of the key to leak
about 1 bit of information on average, and could cause the value to be
1 byte too large for the output buffer.
Add pk_write test cases where the ASN.1 INTEGER encoding of the
private value does not have the mandatory size for the OCTET STRING
that contains the value.
ec_256_long_prv.pem is a random secp256r1 private key, selected so
that the private value is >= 2^255, i.e. the top bit of the first byte
is set (which would cause the INTEGER encoding to have an extra
leading 0 byte).
ec_521_short_prv.pem is a random secp521r1 private key, selected so
that the private value is < 2^518, i.e. the first byte is zero and the
top bit of the second byte is 0 (which would cause the INTEGER
encoding to have one less 0 byte at the start).