mbed TLS upgraded to 2.6.0

Fork of mbedtls by Mark Radbourne

Committer:
Jasper Wallace
Date:
Fri Sep 29 18:41:59 2017 +0100
Revision:
1:9ebc941037d5
Child:
2:bbdeda018a3c
Update to mbedtls 2.4.2, security fixes

Changes to mbedtls sources made:

in include/mbedtls/config.h comment out:

#define MBEDTLS_FS_IO
#define MBEDTLS_NET_C
#define MBEDTLS_TIMING_C

uncomment:

#define MBEDTLS_NO_PLATFORM_ENTROPY

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Jasper Wallace 1:9ebc941037d5 1 #!/usr/bin/perl
Jasper Wallace 1:9ebc941037d5 2 #
Jasper Wallace 1:9ebc941037d5 3 # This file is part of mbed TLS (https://tls.mbed.org)
Jasper Wallace 1:9ebc941037d5 4 #
Jasper Wallace 1:9ebc941037d5 5 # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
Jasper Wallace 1:9ebc941037d5 6 #
Jasper Wallace 1:9ebc941037d5 7 # Purpose
Jasper Wallace 1:9ebc941037d5 8 #
Jasper Wallace 1:9ebc941037d5 9 # Comments and uncomments #define lines in the given header file and optionally
Jasper Wallace 1:9ebc941037d5 10 # sets their value or can get the value. This is to provide scripting control of
Jasper Wallace 1:9ebc941037d5 11 # what preprocessor symbols, and therefore what build time configuration flags
Jasper Wallace 1:9ebc941037d5 12 # are set in the 'config.h' file.
Jasper Wallace 1:9ebc941037d5 13 #
Jasper Wallace 1:9ebc941037d5 14 # Usage: config.pl [-f <file> | --file <file>] [-o | --force]
Jasper Wallace 1:9ebc941037d5 15 # [set <symbol> <value> | unset <symbol> | get <symbol> |
Jasper Wallace 1:9ebc941037d5 16 # full | realfull]
Jasper Wallace 1:9ebc941037d5 17 #
Jasper Wallace 1:9ebc941037d5 18 # Full usage description provided below.
Jasper Wallace 1:9ebc941037d5 19 #
Jasper Wallace 1:9ebc941037d5 20 # Things that shouldn't be enabled with "full".
Jasper Wallace 1:9ebc941037d5 21 #
Jasper Wallace 1:9ebc941037d5 22 # MBEDTLS_TEST_NULL_ENTROPY
Jasper Wallace 1:9ebc941037d5 23 # MBEDTLS_DEPRECATED_REMOVED
Jasper Wallace 1:9ebc941037d5 24 # MBEDTLS_HAVE_SSE2
Jasper Wallace 1:9ebc941037d5 25 # MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Jasper Wallace 1:9ebc941037d5 26 # MBEDTLS_ECP_DP_M221_ENABLED
Jasper Wallace 1:9ebc941037d5 27 # MBEDTLS_ECP_DP_M383_ENABLED
Jasper Wallace 1:9ebc941037d5 28 # MBEDTLS_ECP_DP_M511_ENABLED
Jasper Wallace 1:9ebc941037d5 29 # MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
Jasper Wallace 1:9ebc941037d5 30 # MBEDTLS_NO_PLATFORM_ENTROPY
Jasper Wallace 1:9ebc941037d5 31 # MBEDTLS_REMOVE_ARC4_CIPHERSUITES
Jasper Wallace 1:9ebc941037d5 32 # MBEDTLS_SSL_HW_RECORD_ACCEL
Jasper Wallace 1:9ebc941037d5 33 # MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
Jasper Wallace 1:9ebc941037d5 34 # MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Jasper Wallace 1:9ebc941037d5 35 # - this could be enabled if the respective tests were adapted
Jasper Wallace 1:9ebc941037d5 36 # MBEDTLS_ZLIB_SUPPORT
Jasper Wallace 1:9ebc941037d5 37 # MBEDTLS_PKCS11_C
Jasper Wallace 1:9ebc941037d5 38 # and any symbol beginning _ALT
Jasper Wallace 1:9ebc941037d5 39 #
Jasper Wallace 1:9ebc941037d5 40
Jasper Wallace 1:9ebc941037d5 41 use warnings;
Jasper Wallace 1:9ebc941037d5 42 use strict;
Jasper Wallace 1:9ebc941037d5 43
Jasper Wallace 1:9ebc941037d5 44 my $config_file = "include/mbedtls/config.h";
Jasper Wallace 1:9ebc941037d5 45 my $usage = <<EOU;
Jasper Wallace 1:9ebc941037d5 46 $0 [-f <file> | --file <file>] [-o | --force]
Jasper Wallace 1:9ebc941037d5 47 [set <symbol> <value> | unset <symbol> | get <symbol> |
Jasper Wallace 1:9ebc941037d5 48 full | realfull]
Jasper Wallace 1:9ebc941037d5 49
Jasper Wallace 1:9ebc941037d5 50 Commands
Jasper Wallace 1:9ebc941037d5 51 set <symbol> [<value>] - Uncomments or adds a #define for the <symbol> to
Jasper Wallace 1:9ebc941037d5 52 the configuration file, and optionally making it
Jasper Wallace 1:9ebc941037d5 53 of <value>.
Jasper Wallace 1:9ebc941037d5 54 If the symbol isn't present in the file an error
Jasper Wallace 1:9ebc941037d5 55 is returned.
Jasper Wallace 1:9ebc941037d5 56 unset <symbol> - Comments out the #define for the given symbol if
Jasper Wallace 1:9ebc941037d5 57 present in the configuration file.
Jasper Wallace 1:9ebc941037d5 58 get <symbol> - Finds the #define for the given symbol, returning
Jasper Wallace 1:9ebc941037d5 59 an exitcode of 0 if the symbol is found, and -1 if
Jasper Wallace 1:9ebc941037d5 60 not. The value of the symbol is output if one is
Jasper Wallace 1:9ebc941037d5 61 specified in the configuration file.
Jasper Wallace 1:9ebc941037d5 62 full - Uncomments all #define's in the configuration file
Jasper Wallace 1:9ebc941037d5 63 excluding some reserved symbols, until the
Jasper Wallace 1:9ebc941037d5 64 'Module configuration options' section
Jasper Wallace 1:9ebc941037d5 65 realfull - Uncomments all #define's with no exclusions
Jasper Wallace 1:9ebc941037d5 66
Jasper Wallace 1:9ebc941037d5 67 Options
Jasper Wallace 1:9ebc941037d5 68 -f | --file <filename> - The file or file path for the configuration file
Jasper Wallace 1:9ebc941037d5 69 to edit. When omitted, the following default is
Jasper Wallace 1:9ebc941037d5 70 used:
Jasper Wallace 1:9ebc941037d5 71 $config_file
Jasper Wallace 1:9ebc941037d5 72 -o | --force - If the symbol isn't present in the configuration
Jasper Wallace 1:9ebc941037d5 73 file when setting its value, a #define is
Jasper Wallace 1:9ebc941037d5 74 appended to the end of the file.
Jasper Wallace 1:9ebc941037d5 75
Jasper Wallace 1:9ebc941037d5 76 EOU
Jasper Wallace 1:9ebc941037d5 77
Jasper Wallace 1:9ebc941037d5 78 my @excluded = qw(
Jasper Wallace 1:9ebc941037d5 79 MBEDTLS_TEST_NULL_ENTROPY
Jasper Wallace 1:9ebc941037d5 80 MBEDTLS_DEPRECATED_REMOVED
Jasper Wallace 1:9ebc941037d5 81 MBEDTLS_HAVE_SSE2
Jasper Wallace 1:9ebc941037d5 82 MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Jasper Wallace 1:9ebc941037d5 83 MBEDTLS_ECP_DP_M221_ENABLED
Jasper Wallace 1:9ebc941037d5 84 MBEDTLS_ECP_DP_M383_ENABLED
Jasper Wallace 1:9ebc941037d5 85 MBEDTLS_ECP_DP_M511_ENABLED
Jasper Wallace 1:9ebc941037d5 86 MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
Jasper Wallace 1:9ebc941037d5 87 MBEDTLS_NO_PLATFORM_ENTROPY
Jasper Wallace 1:9ebc941037d5 88 MBEDTLS_REMOVE_ARC4_CIPHERSUITES
Jasper Wallace 1:9ebc941037d5 89 MBEDTLS_SSL_HW_RECORD_ACCEL
Jasper Wallace 1:9ebc941037d5 90 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
Jasper Wallace 1:9ebc941037d5 91 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Jasper Wallace 1:9ebc941037d5 92 MBEDTLS_ZLIB_SUPPORT
Jasper Wallace 1:9ebc941037d5 93 MBEDTLS_PKCS11_C
Jasper Wallace 1:9ebc941037d5 94 _ALT\s*$
Jasper Wallace 1:9ebc941037d5 95 );
Jasper Wallace 1:9ebc941037d5 96
Jasper Wallace 1:9ebc941037d5 97 # Things that should be enabled in "full" even if they match @excluded
Jasper Wallace 1:9ebc941037d5 98 my @non_excluded = qw(
Jasper Wallace 1:9ebc941037d5 99 PLATFORM_[A-Z0-9]+_ALT
Jasper Wallace 1:9ebc941037d5 100 );
Jasper Wallace 1:9ebc941037d5 101
Jasper Wallace 1:9ebc941037d5 102 # Process the command line arguments
Jasper Wallace 1:9ebc941037d5 103
Jasper Wallace 1:9ebc941037d5 104 my $force_option = 0;
Jasper Wallace 1:9ebc941037d5 105
Jasper Wallace 1:9ebc941037d5 106 my ($arg, $name, $value, $action);
Jasper Wallace 1:9ebc941037d5 107
Jasper Wallace 1:9ebc941037d5 108 while ($arg = shift) {
Jasper Wallace 1:9ebc941037d5 109
Jasper Wallace 1:9ebc941037d5 110 # Check if the argument is an option
Jasper Wallace 1:9ebc941037d5 111 if ($arg eq "-f" || $arg eq "--file") {
Jasper Wallace 1:9ebc941037d5 112 $config_file = shift;
Jasper Wallace 1:9ebc941037d5 113
Jasper Wallace 1:9ebc941037d5 114 -f $config_file or die "No such file: $config_file\n";
Jasper Wallace 1:9ebc941037d5 115
Jasper Wallace 1:9ebc941037d5 116 }
Jasper Wallace 1:9ebc941037d5 117 elsif ($arg eq "-o" || $arg eq "--force") {
Jasper Wallace 1:9ebc941037d5 118 $force_option = 1;
Jasper Wallace 1:9ebc941037d5 119
Jasper Wallace 1:9ebc941037d5 120 }
Jasper Wallace 1:9ebc941037d5 121 else
Jasper Wallace 1:9ebc941037d5 122 {
Jasper Wallace 1:9ebc941037d5 123 # ...else assume it's a command
Jasper Wallace 1:9ebc941037d5 124 $action = $arg;
Jasper Wallace 1:9ebc941037d5 125
Jasper Wallace 1:9ebc941037d5 126 if ($action eq "full" || $action eq "realfull") {
Jasper Wallace 1:9ebc941037d5 127 # No additional parameters
Jasper Wallace 1:9ebc941037d5 128 die $usage if @ARGV;
Jasper Wallace 1:9ebc941037d5 129
Jasper Wallace 1:9ebc941037d5 130 }
Jasper Wallace 1:9ebc941037d5 131 elsif ($action eq "unset" || $action eq "get") {
Jasper Wallace 1:9ebc941037d5 132 die $usage unless @ARGV;
Jasper Wallace 1:9ebc941037d5 133 $name = shift;
Jasper Wallace 1:9ebc941037d5 134
Jasper Wallace 1:9ebc941037d5 135 }
Jasper Wallace 1:9ebc941037d5 136 elsif ($action eq "set") {
Jasper Wallace 1:9ebc941037d5 137 die $usage unless @ARGV;
Jasper Wallace 1:9ebc941037d5 138 $name = shift;
Jasper Wallace 1:9ebc941037d5 139 $value = shift if @ARGV;
Jasper Wallace 1:9ebc941037d5 140
Jasper Wallace 1:9ebc941037d5 141 }
Jasper Wallace 1:9ebc941037d5 142 else {
Jasper Wallace 1:9ebc941037d5 143 die "Command '$action' not recognised.\n\n".$usage;
Jasper Wallace 1:9ebc941037d5 144 }
Jasper Wallace 1:9ebc941037d5 145 }
Jasper Wallace 1:9ebc941037d5 146 }
Jasper Wallace 1:9ebc941037d5 147
Jasper Wallace 1:9ebc941037d5 148 # If no command was specified, exit...
Jasper Wallace 1:9ebc941037d5 149 if ( not defined($action) ){ die $usage; }
Jasper Wallace 1:9ebc941037d5 150
Jasper Wallace 1:9ebc941037d5 151 # Check the config file is present
Jasper Wallace 1:9ebc941037d5 152 if (! -f $config_file) {
Jasper Wallace 1:9ebc941037d5 153
Jasper Wallace 1:9ebc941037d5 154 chdir '..' or die;
Jasper Wallace 1:9ebc941037d5 155
Jasper Wallace 1:9ebc941037d5 156 # Confirm this is the project root directory and try again
Jasper Wallace 1:9ebc941037d5 157 if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) {
Jasper Wallace 1:9ebc941037d5 158 die "If no file specified, must be run from the project root or scripts directory.\n";
Jasper Wallace 1:9ebc941037d5 159 }
Jasper Wallace 1:9ebc941037d5 160 }
Jasper Wallace 1:9ebc941037d5 161
Jasper Wallace 1:9ebc941037d5 162
Jasper Wallace 1:9ebc941037d5 163 # Now read the file and process the contents
Jasper Wallace 1:9ebc941037d5 164
Jasper Wallace 1:9ebc941037d5 165 open my $config_read, '<', $config_file or die "read $config_file: $!\n";
Jasper Wallace 1:9ebc941037d5 166 my @config_lines = <$config_read>;
Jasper Wallace 1:9ebc941037d5 167 close $config_read;
Jasper Wallace 1:9ebc941037d5 168
Jasper Wallace 1:9ebc941037d5 169 my ($exclude_re, $no_exclude_re);
Jasper Wallace 1:9ebc941037d5 170 if ($action eq "realfull") {
Jasper Wallace 1:9ebc941037d5 171 $exclude_re = qr/^$/;
Jasper Wallace 1:9ebc941037d5 172 $no_exclude_re = qr/./;
Jasper Wallace 1:9ebc941037d5 173 } else {
Jasper Wallace 1:9ebc941037d5 174 $exclude_re = join '|', @excluded;
Jasper Wallace 1:9ebc941037d5 175 $no_exclude_re = join '|', @non_excluded;
Jasper Wallace 1:9ebc941037d5 176 }
Jasper Wallace 1:9ebc941037d5 177
Jasper Wallace 1:9ebc941037d5 178 open my $config_write, '>', $config_file or die "write $config_file: $!\n";
Jasper Wallace 1:9ebc941037d5 179
Jasper Wallace 1:9ebc941037d5 180 my $done;
Jasper Wallace 1:9ebc941037d5 181 for my $line (@config_lines) {
Jasper Wallace 1:9ebc941037d5 182 if ($action eq "full" || $action eq "realfull") {
Jasper Wallace 1:9ebc941037d5 183 if ($line =~ /name SECTION: Module configuration options/) {
Jasper Wallace 1:9ebc941037d5 184 $done = 1;
Jasper Wallace 1:9ebc941037d5 185 }
Jasper Wallace 1:9ebc941037d5 186
Jasper Wallace 1:9ebc941037d5 187 if (!$done && $line =~ m!^//\s?#define! &&
Jasper Wallace 1:9ebc941037d5 188 ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) {
Jasper Wallace 1:9ebc941037d5 189 $line =~ s!^//\s?!!;
Jasper Wallace 1:9ebc941037d5 190 }
Jasper Wallace 1:9ebc941037d5 191 if (!$done && $line =~ m!^\s?#define! &&
Jasper Wallace 1:9ebc941037d5 192 ! ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) {
Jasper Wallace 1:9ebc941037d5 193 $line =~ s!^!//!;
Jasper Wallace 1:9ebc941037d5 194 }
Jasper Wallace 1:9ebc941037d5 195 } elsif ($action eq "unset") {
Jasper Wallace 1:9ebc941037d5 196 if (!$done && $line =~ /^\s*#define\s*$name\b/) {
Jasper Wallace 1:9ebc941037d5 197 $line = '//' . $line;
Jasper Wallace 1:9ebc941037d5 198 $done = 1;
Jasper Wallace 1:9ebc941037d5 199 }
Jasper Wallace 1:9ebc941037d5 200 } elsif (!$done && $action eq "set") {
Jasper Wallace 1:9ebc941037d5 201 if ($line =~ m!^(?://)?\s*#define\s*$name\b!) {
Jasper Wallace 1:9ebc941037d5 202 $line = "#define $name";
Jasper Wallace 1:9ebc941037d5 203 $line .= " $value" if defined $value && $value ne "";
Jasper Wallace 1:9ebc941037d5 204 $line .= "\n";
Jasper Wallace 1:9ebc941037d5 205 $done = 1;
Jasper Wallace 1:9ebc941037d5 206 }
Jasper Wallace 1:9ebc941037d5 207 } elsif (!$done && $action eq "get") {
Jasper Wallace 1:9ebc941037d5 208 if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) {
Jasper Wallace 1:9ebc941037d5 209 $value = $1;
Jasper Wallace 1:9ebc941037d5 210 $done = 1;
Jasper Wallace 1:9ebc941037d5 211 }
Jasper Wallace 1:9ebc941037d5 212 }
Jasper Wallace 1:9ebc941037d5 213
Jasper Wallace 1:9ebc941037d5 214 print $config_write $line;
Jasper Wallace 1:9ebc941037d5 215 }
Jasper Wallace 1:9ebc941037d5 216
Jasper Wallace 1:9ebc941037d5 217 # Did the set command work?
Jasper Wallace 1:9ebc941037d5 218 if ($action eq "set"&& $force_option && !$done) {
Jasper Wallace 1:9ebc941037d5 219
Jasper Wallace 1:9ebc941037d5 220 # If the force option was set, append the symbol to the end of the file
Jasper Wallace 1:9ebc941037d5 221 my $line = "#define $name";
Jasper Wallace 1:9ebc941037d5 222 $line .= " $value" if defined $value && $value ne "";
Jasper Wallace 1:9ebc941037d5 223 $line .= "\n";
Jasper Wallace 1:9ebc941037d5 224 $done = 1;
Jasper Wallace 1:9ebc941037d5 225
Jasper Wallace 1:9ebc941037d5 226 print $config_write $line;
Jasper Wallace 1:9ebc941037d5 227 }
Jasper Wallace 1:9ebc941037d5 228
Jasper Wallace 1:9ebc941037d5 229 close $config_write;
Jasper Wallace 1:9ebc941037d5 230
Jasper Wallace 1:9ebc941037d5 231 if ($action eq "get") {
Jasper Wallace 1:9ebc941037d5 232 if($done) {
Jasper Wallace 1:9ebc941037d5 233 if ($value ne '') {
Jasper Wallace 1:9ebc941037d5 234 print $value;
Jasper Wallace 1:9ebc941037d5 235 }
Jasper Wallace 1:9ebc941037d5 236 exit 0;
Jasper Wallace 1:9ebc941037d5 237 } else {
Jasper Wallace 1:9ebc941037d5 238 # If the symbol was not found, return an error
Jasper Wallace 1:9ebc941037d5 239 exit -1;
Jasper Wallace 1:9ebc941037d5 240 }
Jasper Wallace 1:9ebc941037d5 241 }
Jasper Wallace 1:9ebc941037d5 242
Jasper Wallace 1:9ebc941037d5 243 if ($action eq "full" && !$done) {
Jasper Wallace 1:9ebc941037d5 244 die "Configuration section was not found in $config_file\n";
Jasper Wallace 1:9ebc941037d5 245
Jasper Wallace 1:9ebc941037d5 246 }
Jasper Wallace 1:9ebc941037d5 247
Jasper Wallace 1:9ebc941037d5 248 if ($action ne "full" && $action ne "unset" && !$done) {
Jasper Wallace 1:9ebc941037d5 249 die "A #define for the symbol $name was not found in $config_file\n";
Jasper Wallace 1:9ebc941037d5 250 }
Jasper Wallace 1:9ebc941037d5 251
Jasper Wallace 1:9ebc941037d5 252 __END__