Merge branch 'development' into development-restricted

* development: (87 commits)
  entropy: Adjust parameter type of internal function to avoid a cast
  entropy: Avoid arithmetic on void pointer
  add comment about potential future extension
  Adjust comments about SEED synchronisation
  entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper
  test_suite_x509parse.function improvement
  Pass "certificate policies" extension to callback
  Update iv and len context pointers manually when reallocating buffers
  Add Apache-2.0 headers to all source files
  Remove Dangerous Parameter Passing
  Add Apache-2.0 headers to all scripts
  Add missing copyright dates to scripts and sources
  Show failure in ssl-opts.sh  when key export fails
  Add changelog entry
  tests: Reformating due to rnd_* renaming
  tests: Add mbedtls_test_ prefix to rnd_* symbols
  tests: Reformating due to hexcmp() renaming
  tests: Add mbedtls_test_ prefix to hexcmp()
  tests: Reformating due to unhexify_alloc() renaming
  tests: Add mbedtls_test_ prefix to unhexify_alloc()
  ...

programs/aes/aescrypt2.c

@@ -22,7 +22,7 @@
 /* Enable definition of fileno() even when compiling with -std=c99. Must be
  * set before config.h, which pulls in glibc's features.h indirectly.
  * Harmless on other platforms. */
-#define _POSIX_C_SOURCE 1
+#define _POSIX_C_SOURCE 200112L
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"

programs/aes/crypt_and_hash.c

@@ -23,7 +23,7 @@
 /* Enable definition of fileno() even when compiling with -std=c99. Must be
  * set before config.h, which pulls in glibc's features.h indirectly.
  * Harmless on other platforms. */
-#define _POSIX_C_SOURCE 1
+#define _POSIX_C_SOURCE 200112L
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"

programs/psa/CMakeLists.txt

@@ -10,7 +10,7 @@ target_link_libraries(psa_constant_names mbedtls)
 
 add_custom_target(
     psa_constant_names_generated
-    COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR}
+    COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR}
     WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../
 )
 add_dependencies(psa_constant_names psa_constant_names_generated)

programs/psa/crypto_examples.c

@@ -1,3 +1,22 @@
+/*
+ *  Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
 #include "psa/crypto.h"
 #include <string.h>
 #include <stdio.h>

programs/psa/key_ladder_demo.c

@@ -30,7 +30,8 @@
  * `key_ladder_demo.sh` for an example run.
  */
 
-/*  Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may

programs/psa/key_ladder_demo.sh

@@ -1,4 +1,22 @@
 #!/bin/sh
+#
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
 set -e -u
 
 program="${0%/*}"/key_ladder_demo

programs/psa/psa_constant_names.c

@@ -1,3 +1,22 @@
+/*
+ *  Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
 #include <errno.h>
 #include <stdint.h>
 #include <stdio.h>

programs/ssl/ssl_mail_client.c

@@ -23,6 +23,7 @@
  * be set before config.h, which pulls in glibc's features.h indirectly.
  * Harmless on other platforms. */
 #define _POSIX_C_SOURCE 200112L
+#define _XOPEN_SOURCE 600
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"

programs/ssl/ssl_server2.c

@@ -3718,7 +3718,7 @@ handshake:
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
                             (unsigned int) -ret );
-            goto exit;
+            goto reset;
         }
 
         mbedtls_printf( "    EAP-TLS key material is:" );
@@ -3739,7 +3739,7 @@ handshake:
          {
              mbedtls_printf( " failed\n  ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
                              (unsigned int) -ret );
-             goto exit;
+             goto reset;
          }
 
         mbedtls_printf( "    EAP-TLS IV is:" );

programs/test/udp_proxy_wrapper.sh

@@ -1,6 +1,23 @@
 #!/bin/sh
 # -*-sh-basic-offset: 4-*-
 # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
+#
+# Copyright (C) 2017, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
 
 set -u
 

programs/test/zeroize.c

@@ -4,12 +4,10 @@
  * This is a simple test application used for debugger-driven testing to check
  * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
  * optimizations. This application is used by the GDB script at
- * tests/scripts/test_zeroize.gdb under the assumption that the code does not
- * change often (as opposed to the library code) because the script sets a
- * breakpoint at the last return statement in the main() function of this
- * program. The debugger facilities are then used to manually inspect the
- * memory and verify that the call to mbedtls_platform_zeroize() was not
- * eliminated.
+ * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last
+ * return statement in the main() function of this program. The debugger
+ * facilities are then used to manually inspect the memory and verify that the
+ * call to mbedtls_platform_zeroize() was not eliminated.
  *
  *  Copyright (C) 2018, Arm Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
@@ -98,5 +96,5 @@ int main( int argc, char** argv )
     fclose( fp );
     mbedtls_platform_zeroize( buf, sizeof( buf ) );
 
-    mbedtls_exit( exit_code );
+    mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment!
 }