From efc665f80f58e2a6a1328a8c7959e8db08952e71 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Wed, 22 Jun 2016 00:18:50 +0100
Subject: [PATCH 1/8] Fix mbedtls_ssl_set_hostname documentation

---
 include/mbedtls/ssl.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0c1365c5d..82c07607f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1781,10 +1781,11 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
- * \brief          Set hostname for ServerName TLS extension
+ * \brief          Set the hostname to check against the received server
+ *                 certificate. It sets the ServerName TLS extension too,
+ *                 if the extension is enabled.
  *                 (client-side only)
  *
- *
  * \param ssl      SSL context
  * \param hostname the server hostname
  *

From 4b541bec0fdaf5f5c0a605b43862db27b4e1f99d Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Wed, 22 Jun 2016 18:48:16 +0300
Subject: [PATCH 2/8] Fix unused variable in AES selftest when CBC and CFB
 disabled (#393)

This commit fixes following warning:

> CC:  aes.c
> aes.c: In function 'mbedtls_aes_self_test':
> aes.c:1225:19: error: unused variable 'iv' [-Werror=unused-variable]
>      unsigned char iv[16];
>                    ^
> cc1: all warnings being treated as errors
---
 library/aes.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/aes.c b/library/aes.c
index 36660306e..a186dee98 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1222,7 +1222,9 @@ int mbedtls_aes_self_test( int verbose )
     int ret = 0, i, j, u, v;
     unsigned char key[32];
     unsigned char buf[64];
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
     unsigned char iv[16];
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     unsigned char prv[16];
 #endif

From 02c4a380134243eebba273dd2b1931748dc668f6 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 23 Jun 2016 02:41:31 +0100
Subject: [PATCH 3/8] Corrects missing dependency for MBEDTLS_CIPHER_MODE_CBC
 in some tests

---
 tests/suites/test_suite_pkcs5.data    | 16 ++++++++--------
 tests/suites/test_suite_xtea.function |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index bf1624838..7c989d62c 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -19,7 +19,7 @@ depends_on:MBEDTLS_SHA1_C
 pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
 
 PBES2 Decrypt (OK)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
 
 PBES2 Decrypt (bad params tag)
@@ -47,7 +47,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
 
 PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
 
 PBES2 Decrypt (bad PBKDF2 params salt: overlong)
@@ -63,7 +63,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
 
 PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
 
 PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
@@ -71,7 +71,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
 
 PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
 
 PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
@@ -103,7 +103,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
 
 PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
 
 PBES2 Decrypt (bad enc_scheme_alg params: overlong)
@@ -111,13 +111,13 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
 
 PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
 
 PBES2 Decrypt (bad password)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
 
 PBES2 Decrypt (bad iter value)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index 68ab54332..e294a9bd2 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -59,7 +59,7 @@ void xtea_decrypt_ecb( char *hex_key_string, char *hex_src_string,
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
 void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
                        char *hex_src_string, char *hex_dst_string )
 {
@@ -90,7 +90,7 @@ void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
 void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
                        char *hex_src_string, char *hex_dst_string )
 {

From 6dc7c9c5e1a5eb29c63b492c5b9fec65dece06bc Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Sun, 19 Jun 2016 22:49:58 +0100
Subject: [PATCH 4/8] Adds checks to 1.3->2.0 API migration script

---
 scripts/rename.pl | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/scripts/rename.pl b/scripts/rename.pl
index c169078e3..c29519eef 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -1,12 +1,25 @@
 #!/usr/bin/perl
-
-# rename identifiers (functions, types, enum constant, etc)
-# on upgrades of major version according to a list
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# This script migrates application source code from the mbed TLS 1.3 API to the
+# mbed TLS 2.0 API.
+#
+# The script processes the given source code and renames identifiers - functions
+# types, enums etc, as
+#
+# Usage:  rename.pl [-f datafile] [-s] [--] [filenames...]
+#
 
 use warnings;
 use strict;
 
 use utf8;
+use Path::Class;
 use open qw(:std utf8);
 
 my $usage = "Usage: $0 [-f datafile] [-s] [--] [filenames...]\n";
@@ -45,15 +58,28 @@ my $space = qr/\s+/;
 my $idnum = qr/[a-zA-Z0-9_]+/;
 my $symbols = qr/[-!#\$%&'()*+,.\/:;<=>?@[\\\]^_`{|}~]+|"/;
 
+my $lib_include_dir = dir($0)->parent->parent->subdir('include', 'mbedtls');
+my $lib_source_dir = dir($0)->parent->parent->subdir('library');
+
 # if we replace inside strings, we don't consider them a token
 my $token = $do_strings ?         qr/$space|$idnum|$symbols/
                         : qr/$string|$space|$idnum|$symbols/;
 
 my %warnings;
 
+# If no files were passed, exit...
+if ( not defined($ARGV[0]) ){ die $usage; }
+
 while( my $filename = shift )
 {
     print STDERR "$filename... ";
+
+    if( dir($filename)->parent eq $lib_include_dir ||
+         dir($filename)->parent eq $lib_source_dir )
+    {
+        die "Script cannot be executed on the mbed TLS library itself.";
+    }
+
     if( -d $filename ) { print STDERR "skip (directory)\n"; next }
 
     open my $rfh, '<', $filename or die;

From b6a73c9b76d60798ca41a2c5371a12dda8802dfa Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Sat, 18 Jun 2016 22:45:37 +0100
Subject: [PATCH 5/8] Add provision to create the entropy seedfile for selftest
 sample

In the selftest sample application, if no seedfile is present, one will be
created so the test can execute.
---
 programs/test/selftest.c | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 7698b629f..16c469a56 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -26,6 +26,7 @@
 #endif
 
 #include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
 #include "mbedtls/hmac_drbg.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/dhm.h"
@@ -100,6 +101,40 @@ static int run_test_snprintf( void )
             test_snprintf( 5, "123",         3 ) != 0 );
 }
 
+/*
+ * Check if a seed file is present, and if not create one for the entropy
+ * self-test. If this fails, we attempt the test anyway, so no error is passed
+ * back.
+ */
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && \
+        !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+static void create_entropy_seed_file( void )
+{
+    int result;
+    size_t output_len = 0;
+    unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+    /* Attempt to read the entropy seed file. If this fails - attempt to write
+     * to the file to ensure one is present. */
+    result = mbedtls_platform_std_nv_seed_read( seed_value,
+                                                    MBEDTLS_ENTROPY_BLOCK_SIZE );
+    if( 0 == result )
+        return;
+
+    result = mbedtls_platform_entropy_poll( NULL,
+                                            seed_value,
+                                            MBEDTLS_ENTROPY_BLOCK_SIZE,
+                                            &output_len );
+    if( 0 != result )
+        return;
+
+    if( MBEDTLS_ENTROPY_BLOCK_SIZE != output_len )
+        return;
+
+    mbedtls_platform_std_nv_seed_write( seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE );
+}
+#endif
+
 int main( int argc, char *argv[] )
 {
     int v, suites_tested = 0, suites_failed = 0;
@@ -331,6 +366,11 @@ int main( int argc, char *argv[] )
 #endif
 
 #if defined(MBEDTLS_ENTROPY_C)
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+    create_entropy_seed_file();
+#endif
+
     if( mbedtls_entropy_self_test( v ) != 0 )
     {
         suites_failed++;

From b2c81b12bb2ed3de607e130b06abd77631316f7f Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 23 Jun 2016 13:56:06 +0100
Subject: [PATCH 6/8] Added target_config.h as a custom header for yotta use

---
 include/mbedtls/config.h    | 3 +++
 yotta/data/adjust-config.sh | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1aa86bf1b..3b7c85b39 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2566,6 +2566,9 @@
 
 /* \} name SECTION: Customisation configuration options */
 
+/* Target and application specific configurations */
+//#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h"
+
 /*
  * Allow user to override any previous default.
  *
diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh
index 170d3070a..6580c0900 100755
--- a/yotta/data/adjust-config.sh
+++ b/yotta/data/adjust-config.sh
@@ -14,6 +14,10 @@ conf() {
     $SCRIPT -f $FILE $@
 }
 
+
+# Set the target specific header
+conf set YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE \"target_config.h\"
+
 # not supported on mbed OS, nor used by mbed Client
 conf unset MBEDTLS_NET_C
 conf unset MBEDTLS_TIMING_C

From 71ebc58932b78e412f1ba8693da5a8bf7e506f9a Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 23 Jun 2016 20:02:07 +0100
Subject: [PATCH 7/8] Changes to check-names.sh script to accept yotta
 constants

---
 tests/scripts/check-names.sh | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 7e67cefa8..191594ce0 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -1,7 +1,23 @@
 #!/bin/sh
-
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# This script confirms that the naming of all symbols and identifiers in mbed
+# TLS are consistent with the house style and are also self-consistent.
+#
 set -eu
 
+if grep --version|head -n1|grep GNU >/dev/null; then :; else
+    echo "This script requires GNU grep."
+    exit 1
+fi
+
+printf "Analysing source code...\n"
+
 tests/scripts/list-macros.sh
 tests/scripts/list-enum-consts.pl
 tests/scripts/list-identifiers.sh
@@ -9,7 +25,7 @@ tests/scripts/list-symbols.sh
 
 FAIL=0
 
-printf "Exported symbols declared in header: "
+printf "\nExported symbols declared in header: "
 UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' )
 if [ "x$UNDECLARED" = "x" ]; then
     echo "PASS"
@@ -24,7 +40,7 @@ diff macros identifiers | sed -n -e 's/< //p' > actual-macros
 for THING in actual-macros enum-consts; do
     printf "Names of $THING: "
     test -r $THING
-    BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
+    BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
     if [ "x$BAD" = "x" ]; then
         echo "PASS"
     else
@@ -66,6 +82,7 @@ else
     FAIL=1
 fi
 
+printf "\nOverall: "
 if [ "$FAIL" -eq 0 ]; then
     rm macros actual-macros enum-consts identifiers exported-symbols
     echo "PASSED"

From e7be5bdb968c33322857034c78263065575f5eff Mon Sep 17 00:00:00 2001
From: Brian J Murray <bmurray7jhu@gmail.com>
Date: Thu, 23 Jun 2016 12:57:03 -0700
Subject: [PATCH 8/8] Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502)

* Fixed unchecked calls to mbedtls_md_setup in rsa.c:

* style fixes
---
 library/rsa.c | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index e26d0df7d..fd2f5418a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -558,7 +558,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
     memcpy( p, input, ilen );
 
     mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }
 
     // maskedDB: Apply dbMask to DB
     //
@@ -728,7 +732,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
     hlen = mbedtls_md_get_size( md_info );
 
     mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }
+
 
     /* Generate lHash */
     mbedtls_md( md_info, label, label_len, lhash );
@@ -972,7 +981,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
     p += slen;
 
     mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }
 
     // Generate H = Hash( M' )
     //
@@ -1245,7 +1258,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     mbedtls_md_init( &md_ctx );
-    mbedtls_md_setup( &md_ctx, md_info, 0 );
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( ret );
+    }
 
     mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );