Merge branch 'release_internal' into release_external

* release_internal:
  MBEDTLS_SSL_EXPORT_KEYS added to Nanostack's tls_sec_prot_lib
  Added missing optimizations based on mbedtls/baremetal.h config
  Added new global rng, needed for MbedTLS optimisations
  Prepare for upcoming MbedTLS changes
  Fixed error of function 'mac_fcf_lenght'
  Fixed  error of structure
  Fixed  spelling mistake of structure

Author: Arto Kinnunen

nanostack/ns_sha256.h

@@ -61,45 +61,45 @@ static inline void ns_sha256_clone(ns_sha256_context *dst,
 
 static inline void ns_sha256_starts(ns_sha256_context *ctx)
 {
-    mbedtls_sha256_starts(ctx, 0);
+    (void)mbedtls_sha256_starts_ret(ctx, 0);
 }
 
 static inline void ns_sha256_update(ns_sha256_context *ctx, const void *input,
                                     size_t ilen)
 {
-    mbedtls_sha256_update(ctx, input, ilen);
+    (void)mbedtls_sha256_update_ret(ctx, input, ilen);
 }
 
 static inline void ns_sha256_finish(ns_sha256_context *ctx, void *output)
 {
-    mbedtls_sha256_finish(ctx, output);
+    (void)mbedtls_sha256_finish_ret(ctx, output);
 }
 
 static inline void ns_sha256(const void *input, size_t ilen, void *output)
 {
-    mbedtls_sha256(input, ilen, output, 0);
+    (void)mbedtls_sha256_ret(input, ilen, output, 0);
 }
 
 /* Extensions to standard mbed TLS - output the first bits of a hash only */
 /* Number of bits must be a multiple of 32, and <=256 */
 static inline void ns_sha256_finish_nbits(ns_sha256_context *ctx, void *output, unsigned obits)
 {
     if (obits == 256) {
-        mbedtls_sha256_finish(ctx, output);
+        (void)mbedtls_sha256_finish_ret(ctx, output);
     } else {
         uint8_t sha256[32];
-        mbedtls_sha256_finish(ctx, sha256);
+        (void)mbedtls_sha256_finish_ret(ctx, sha256);
         memcpy(output, sha256, obits / 8);
     }
 }
 
 static inline void ns_sha256_nbits(const void *input, size_t ilen, void *output, unsigned obits)
 {
     if (obits == 256) {
-        mbedtls_sha256(input, ilen, output, 0);
+        (void)mbedtls_sha256_ret(input, ilen, output, 0);
     } else {
         uint8_t sha256[32];
-        mbedtls_sha256(input, ilen, sha256, 0);
+        (void)mbedtls_sha256_ret(input, ilen, sha256, 0);
         memcpy(output, sha256, obits / 8);
     }
 }

source/MAC/IEEE802_15_4/mac_header_helper_functions.c

@@ -32,7 +32,7 @@ static uint8_t *mcps_mac_security_aux_header_start_pointer_get(const mac_pre_par
 static uint8_t *mac_header_information_elements_write(const mac_pre_build_frame_t *buffer, uint8_t *ptr);
 
 
-static uint8_t mac_fcf_lenght(const mac_fcf_sequence_t *header)
+static uint8_t mac_fcf_length(const mac_fcf_sequence_t *header)
 {
     uint8_t length;
     if (header->frameVersion == MAC_FRAME_VERSION_2015) {
@@ -298,7 +298,7 @@ static uint8_t *mac_header_write_fcf_dsn(const mac_fcf_sequence_t *header, uint8
 uint16_t mac_header_off_set_to_aux_header(const mac_fcf_sequence_t *fcf)
 {
     //Skip first FCF & address field
-    uint16_t offset = mac_fcf_lenght(fcf);//Skip FCF + DSN
+    uint16_t offset = mac_fcf_length(fcf);//Skip FCF + DSN
     offset += mac_dst_address_length_with_panid(fcf);
     offset += mac_address_length(fcf->SrcAddrMode);
     if (fcf->SrcPanPresents) {
@@ -351,7 +351,7 @@ static bool mac_header_pan_full_compressed(const mac_fcf_sequence_t *header)
 
 static uint16_t mac_header_read_src_pan(const mac_fcf_sequence_t *header, const uint8_t *ptr)
 {
-    ptr += mac_fcf_lenght(header);//Skip FCF + DSN
+    ptr += mac_fcf_length(header);//Skip FCF + DSN
 
     ptr += mac_dst_address_length_with_panid(header); //Skip Dst panID & Address
 
@@ -360,7 +360,7 @@ static uint16_t mac_header_read_src_pan(const mac_fcf_sequence_t *header, const
 
 static uint16_t mac_header_read_dst_pan(const mac_fcf_sequence_t *header, const uint8_t *ptr)
 {
-    ptr += mac_fcf_lenght(header);//Skip FCF + DSN
+    ptr += mac_fcf_length(header);//Skip FCF + DSN
 
     return common_read_16_bit_inverse(ptr);
 }
@@ -403,7 +403,7 @@ void mac_header_get_src_address(const mac_fcf_sequence_t *header, const uint8_t
         return;
     }
 
-    ptr += mac_fcf_lenght(header);//Skip FCF + DSN
+    ptr += mac_fcf_length(header);//Skip FCF + DSN
 
     ptr += mac_dst_address_length_with_panid(header);
 
@@ -430,7 +430,7 @@ void mac_header_get_dst_address(const mac_fcf_sequence_t *header, const uint8_t
     }
     uint8_t address_len, address_index, i;
 
-    ptr += mac_fcf_lenght(header);//Skip FCF + DSN
+    ptr += mac_fcf_length(header);//Skip FCF + DSN
 
     address_len = mac_address_length(header->DstAddrMode);
 

source/MAC/IEEE802_15_4/mac_security_mib.c

@@ -90,7 +90,7 @@ static int mac_sec_mib_frame_counter_key_buffer_allocate(protocol_interface_rf_m
     mlme_key_descriptor_t *key_descriptor_list = rf_mac_setup->key_description_table;
     uint32_t *frame_counter_pointer = rf_mac_setup->key_device_frame_counter_list_buffer;
     for (uint8_t i = 0; i < rf_mac_setup->key_description_table_size; i++) {
-        key_descriptor_list->KeyDeviceFrameCouterList = frame_counter_pointer;
+        key_descriptor_list->KeyDeviceFrameCounterList = frame_counter_pointer;
         key_descriptor_list->KeyFrameCounterPerKey = true;
         key_descriptor_list->KeyFrameCounter = 0;
         //Update Pointers
@@ -105,7 +105,7 @@ static void mac_sec_mib_frame_counter_key_buffer_free(protocol_interface_rf_mac_
 {
     mlme_key_descriptor_t *key_descriptor_list = rf_mac_setup->key_description_table;
     for (uint8_t i = 0; i < rf_mac_setup->key_description_table_size; i++) {
-        key_descriptor_list->KeyDeviceFrameCouterList = NULL;
+        key_descriptor_list->KeyDeviceFrameCounterList = NULL;
         key_descriptor_list->KeyFrameCounterPerKey = false;
         //Update Pointers
         key_descriptor_list++;
@@ -368,7 +368,7 @@ int8_t mac_sec_mib_key_description_set(uint8_t atribute_index, mlme_key_descript
         key_ptr->KeyFrameCounter = 0;
         if (key_ptr->KeyDeviceListEntries == 0) {
             //Clear all frame counters from old possible user's
-            uint32_t *counter_ptr = key_ptr->KeyDeviceFrameCouterList;
+            uint32_t *counter_ptr = key_ptr->KeyDeviceFrameCounterList;
             for (int i = 0; i < rf_mac_setup->device_description_table_size; i++) {
                 *counter_ptr++ = 0;
             }
@@ -613,7 +613,7 @@ void mac_sec_mib_key_outgoing_frame_counter_decrement(struct protocol_interface_
 void mac_sec_mib_key_device_frame_counter_set(mlme_key_descriptor_t *key_descpription_table, mlme_device_descriptor_t *device_info, uint32_t frame_counter, uint8_t attribute_index)
 {
     if (key_descpription_table->KeyFrameCounterPerKey) {
-        uint32_t *counter_ptr = key_descpription_table->KeyDeviceFrameCouterList + attribute_index;
+        uint32_t *counter_ptr = key_descpription_table->KeyDeviceFrameCounterList + attribute_index;
         *counter_ptr = frame_counter;
     } else {
         device_info->FrameCounter = frame_counter;
@@ -623,7 +623,7 @@ void mac_sec_mib_key_device_frame_counter_set(mlme_key_descriptor_t *key_descpri
 uint32_t mac_mib_key_device_frame_counter_get(mlme_key_descriptor_t *key_descpription_table, mlme_device_descriptor_t *device_info, uint8_t attribute_index)
 {
     if (key_descpription_table->KeyFrameCounterPerKey) {
-        uint32_t *counter_ptr = key_descpription_table->KeyDeviceFrameCouterList + attribute_index;
+        uint32_t *counter_ptr = key_descpription_table->KeyDeviceFrameCounterList + attribute_index;
         return *counter_ptr;
     }
     return device_info->FrameCounter;

source/MAC/IEEE802_15_4/mac_security_mib.h

@@ -27,7 +27,7 @@ typedef struct mlme_key_descriptor_s {
     mlme_key_id_lookup_descriptor_t *KeyIdLookupList;
     mlme_key_device_descriptor_t *KeyDeviceList;
     mlme_key_usage_descriptor_t *KeyUsageList;
-    uint32_t *KeyDeviceFrameCouterList;
+    uint32_t *KeyDeviceFrameCounterList;
     uint32_t KeyFrameCounter;
     uint8_t Key[16];
     uint8_t KeyDeviceListSize;

source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c

@@ -24,7 +24,7 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_SSL_EXPORT_KEYS) /* EXPORT_KEYS not supported by mbedtls baremetal yet */
 #define WS_MBEDTLS_SECURITY_ENABLED
 #endif
 
@@ -40,7 +40,9 @@
 #include "Security/protocols/sec_prot_certs.h"
 #include "Security/protocols/tls_sec_prot/tls_sec_prot_lib.h"
 
+#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_SSL_EXPORT_KEYS) /* EXPORT_KEYS not supported by mbedtls baremetal yet */
 #ifdef WS_MBEDTLS_SECURITY_ENABLED
+#endif
 
 #include "mbedtls/sha256.h"
 #include "mbedtls/error.h"
@@ -327,8 +329,10 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p
         return -1;
     }
 
+#if !defined(MBEDTLS_SSL_CONF_RNG)
     // Configure random number generator
     mbedtls_ssl_conf_rng(&sec->conf, mbedtls_ctr_drbg_random, &sec->ctr_drbg);
+#endif
 
 #ifdef MBEDTLS_ECP_RESTARTABLE
     // Set ECC calculation maximum operations (affects only client)
@@ -340,16 +344,30 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p
         return -1;
     }
 
+    // Defines MBEDTLS_SSL_CONF_RECV/SEND/RECV_TIMEOUT define global functions which should be the same for all
+    // callers of mbedtls_ssl_set_bio_ctx and there should be only one ssl context. If these rules don't apply,
+    // these defines can't be used.
+#if !defined(MBEDTLS_SSL_CONF_RECV) && !defined(MBEDTLS_SSL_CONF_SEND) && !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
     // Set calbacks
     mbedtls_ssl_set_bio(&sec->ssl, sec, tls_sec_prot_lib_ssl_send, tls_sec_prot_lib_ssl_recv, NULL);
+#else
+    mbedtls_ssl_set_bio_ctx(&sec->ssl, sec);
+#endif /* !defined(MBEDTLS_SSL_CONF_RECV) && !defined(MBEDTLS_SSL_CONF_SEND) && !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT) */
+
+// Defines MBEDTLS_SSL_CONF_SET_TIMER/GET_TIMER define global functions which should be the same for all
+// callers of mbedtls_ssl_set_timer_cb and there should be only one ssl context. If these rules don't apply,
+// these defines can't be used.
+#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && !defined(MBEDTLS_SSL_CONF_GET_TIMER)
     mbedtls_ssl_set_timer_cb(&sec->ssl, sec, tls_sec_prot_lib_ssl_set_timer, tls_sec_prot_lib_ssl_get_timer);
+#endif /* !defined(MBEDTLS_SSL_CONF_SET_TIMER) && !defined(MBEDTLS_SSL_CONF_GET_TIMER) */
 
     // Configure certificates, keys and certificate revocation list
     if (tls_sec_prot_lib_configure_certificates(sec, certs) != 0) {
         tr_error("cert conf fail");
         return -1;
     }
 
+#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
     // Configure ciphersuites
     static const int sec_suites[] = {
         MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
@@ -358,6 +376,7 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p
         0
     };
     mbedtls_ssl_conf_ciphersuites(&sec->conf, sec_suites);
+#endif /* !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) */
 
 #ifdef TLS_SEC_PROT_LIB_TLS_DEBUG
     mbedtls_ssl_conf_dbg(&sec->conf, tls_sec_prot_lib_debug, sec);
@@ -367,8 +386,13 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p
     // Export keys callback
     mbedtls_ssl_conf_export_keys_ext_cb(&sec->conf, tls_sec_prot_lib_ssl_export_keys, sec);
 
+#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) || !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
     mbedtls_ssl_conf_min_version(&sec->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3);
+#endif /* !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) || !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) */
+
+#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
     mbedtls_ssl_conf_max_version(&sec->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3);
+#endif /* !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) */
 
     // Set certificate verify callback
     mbedtls_ssl_set_verify(&sec->ssl, tls_sec_prot_lib_x509_crt_verify, sec);