aes.h   aes.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_AES_H #ifndef POLARSSL_AES_H
#define POLARSSL_AES_H #define POLARSSL_AES_H
#include <string.h> #include <string.h>
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define AES_ENCRYPT 1 #define AES_ENCRYPT 1
#define AES_DECRYPT 0 #define AES_DECRYPT 0
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In valid key length. */ #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In valid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< In valid data input length. */ #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< In valid data input length. */
/** /**
* \brief AES context structure * \brief AES context structure
*/ */
typedef struct typedef struct
{ {
int nr; /*!< number of rounds */ int nr; /*!< number of rounds */
unsigned long *rk; /*!< AES round keys */ uint32_t *rk; /*!< AES round keys */
unsigned long buf[68]; /*!< unaligned data */ uint32_t buf[68]; /*!< unaligned data */
} }
aes_context; aes_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief AES key schedule (encryption) * \brief AES key schedule (encryption)
* *
skipping to change at line 137 skipping to change at line 144
* \return 0 if successful * \return 0 if successful
*/ */
int aes_crypt_cfb128( aes_context *ctx, int aes_crypt_cfb128( aes_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /*
* \brief AES-CTR buffer encryption/decryption * \brief AES-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
* *
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
 End of changes. 3 change blocks. 
3 lines changed or deleted 10 lines changed or added


 arc4.h   arc4.h 
skipping to change at line 69 skipping to change at line 69
* \param ctx ARC4 context * \param ctx ARC4 context
* \param length length of the input data * \param length length of the input data
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer for the output data * \param output buffer for the output data
* *
* \return 0 if successful * \return 0 if successful
*/ */
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *inpu t, int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *inpu t,
unsigned char *output ); unsigned char *output );
/** /*
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int arc4_self_test( int verbose ); int arc4_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 asn1.h   asn1.h 
skipping to change at line 50 skipping to change at line 50
* \{ * \{
*/ */
/** /**
* \name ASN1 Error codes * \name ASN1 Error codes
* These error codes are OR'ed to X509 error codes for * These error codes are OR'ed to X509 error codes for
* higher error granularity. * higher error granularity.
* ASN1 is a standard to specify data structures. * ASN1 is a standard to specify data structures.
* \{ * \{
*/ */
#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014 /**< Ou #define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Ou
t of data when parsing an ASN1 data structure. */ t of data when parsing an ASN1 data structure. */
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 /**< AS #define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< AS
N1 tag was of an unexpected value. */ N1 tag was of an unexpected value. */
#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 /**< Er #define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Er
ror when trying to determine the length or invalid length. */ ror when trying to determine the length or invalid length. */
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A /**< Ac #define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Ac
tual length differs from expected length. */ tual length differs from expected length. */
#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C /**< Da #define POLARSSL_ERR_ASN1_INVALID_DATA -0x0068 /**< Da
ta is invalid. (not used) */ ta is invalid. (not used) */
#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x001E /**< Me #define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x006A /**< Me
mory allocation failed */ mory allocation failed */
#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Bu
ffer too small when writing ASN.1 data structure. */
/* \} name */ /* \} name */
/** /**
* \name DER constants * \name DER constants
* These constants comply with DER encoded the ANS1 type tags. * These constants comply with DER encoded the ANS1 type tags.
* DER encoding uses hexadecimal representation. * DER encoding uses hexadecimal representation.
* An example DER sequence is:\n * An example DER sequence is:\n
* - 0x02 -- tag indicating INTEGER * - 0x02 -- tag indicating INTEGER
* - 0x01 -- length in octets * - 0x01 -- length in octets
* - 0x05 -- value * - 0x05 -- value
 End of changes. 1 change blocks. 
12 lines changed or deleted 15 lines changed or added


 base64.h   base64.h 
skipping to change at line 66 skipping to change at line 66
/** /**
* \brief Decode a base64-formatted buffer * \brief Decode a base64-formatted buffer
* *
* \param dst destination buffer * \param dst destination buffer
* \param dlen size of the buffer * \param dlen size of the buffer
* \param src source buffer * \param src source buffer
* \param slen amount of data to be decoded * \param slen amount of data to be decoded
* *
* \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, o r * \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, o r
* POLARSSL_ERR_BASE64_INVALID_CHARACTER if the input data * POLARSSL_ERR_BASE64_INVALID_DATA if the input data is no
is t
* not correct. *dlen is always updated to reflect the amou * correct. *dlen is always updated to reflect the amount
nt
* of data that has (or would have) been written. * of data that has (or would have) been written.
* *
* \note Call this function with *dlen = 0 to obtain the * \note Call this function with *dlen = 0 to obtain the
* required buffer size in *dlen * required buffer size in *dlen
*/ */
int base64_decode( unsigned char *dst, size_t *dlen, int base64_decode( unsigned char *dst, size_t *dlen,
const unsigned char *src, size_t slen ); const unsigned char *src, size_t slen );
/** /**
* \brief Checkup routine * \brief Checkup routine
 End of changes. 1 change blocks. 
4 lines changed or deleted 3 lines changed or added


 bignum.h   bignum.h 
skipping to change at line 35 skipping to change at line 35
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_BIGNUM_H #ifndef POLARSSL_BIGNUM_H
#define POLARSSL_BIGNUM_H #define POLARSSL_BIGNUM_H
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "config.h" #include "config.h"
#ifdef _MSC_VER
#include <basetsd.h>
typedef INT16 int16_t;
typedef UINT16 uint16_t;
typedef INT32 int32_t;
typedef UINT32 uint32_t;
typedef UINT64 uint64_t;
#else
#include <inttypes.h>
#endif
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ #define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< Th ere is an invalid character in the digit string. */ #define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< Th ere is an invalid character in the digit string. */
#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< Th e buffer is too small to write to. */ #define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< Th e buffer is too small to write to. */
#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A /**< Th e input arguments are negative or result in illegal output. */ #define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A /**< Th e input arguments are negative or result in illegal output. */
#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< Th e input argument for division is zero, which is not allowed. */ #define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< Th e input argument for division is zero, which is not allowed. */
#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< Th e input arguments are not acceptable. */ #define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< Th e input arguments are not acceptable. */
#define POLARSSL_ERR_MPI_MALLOC_FAILED -0x0010 /**< Me mory allocation failed. */ #define POLARSSL_ERR_MPI_MALLOC_FAILED -0x0010 /**< Me mory allocation failed. */
#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup #define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
skipping to change at line 64 skipping to change at line 75
* *
* Result is an array of ( 2 << POLARSSL_MPI_WINDOW_SIZE ) MPIs used * Result is an array of ( 2 << POLARSSL_MPI_WINDOW_SIZE ) MPIs used
* for the sliding window calculation. (So 64 by default) * for the sliding window calculation. (So 64 by default)
* *
* Reduction in size, reduces speed. * Reduction in size, reduces speed.
*/ */
#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Ma ximum windows size used. */ #define POLARSSL_MPI_WINDOW_SIZE 6 /**< Ma ximum windows size used. */
/* /*
* Maximum size of MPIs allowed in bits and bytes for user-MPIs. * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
* ( Default: 512 bytes => 4096 bits ) * ( Default: 512 bytes => 4096 bits, Maximum: 1024 bytes => 8192 bits )
* *
* Note: Calculations can results temporarily in larger MPIs. So the number * Note: Calculations can results temporarily in larger MPIs. So the number
* of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher. * of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
*/ */
#define POLARSSL_MPI_MAX_SIZE 512 /**< Ma ximum number of bytes for usable MPIs. */ #define POLARSSL_MPI_MAX_SIZE 512 /**< Ma ximum number of bytes for usable MPIs. */
#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_M PI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ #define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_M PI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
/* /*
* When reading from files with mpi_read_file() the buffer should have spac * When reading from files with mpi_read_file() and writing to files with
e * mpi_write_file() the buffer should have space
* for a (short) label, the MPI (in the provided radix), the newline * for a (short) label, the MPI (in the provided radix), the newline
* characters and the '\0'. * characters and the '\0'.
* *
* By default we assume at least a 10 char label, a minimum radix of 10 * By default we assume at least a 10 char label, a minimum radix of 10
* (decimal) and a maximum of 4096 bit numbers (1234 decimal chars). * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
*/ * Autosized at compile time for at least a 10 char label, a minimum radix
#define POLARSSL_MPI_READ_BUFFER_SIZE 1250 * of 10 (decimal) for a number of POLARSSL_MPI_MAX_BITS size.
*
* This used to be statically sized to 1250 for a maximum of 4096 bit
* numbers (1234 decimal chars).
*
* Calculate using the formula:
* POLARSSL_MPI_RW_BUFFER_SIZE = ceil(POLARSSL_MPI_MAX_BITS / ln(10) * ln(
2)) +
* LabelSize + 6
*/
#define POLARSSL_MPI_MAX_BITS_SCALE100 ( 100 * POLARSSL_MPI_MAX_BI
TS )
#define LN_2_DIV_LN_10_SCALE100 332
#define POLARSSL_MPI_RW_BUFFER_SIZE ( ((POLARSSL_MPI_MAX_BITS_S
CALE100 + LN_2_DIV_LN_10_SCALE100 - 1) / LN_2_DIV_LN_10_SCALE100) + 10 + 6
)
/* /*
* Define the base integer type, architecture-wise * Define the base integer type, architecture-wise
*/ */
#if defined(POLARSSL_HAVE_INT8) #if defined(POLARSSL_HAVE_INT8)
typedef signed char t_sint; typedef signed char t_sint;
typedef unsigned char t_uint; typedef unsigned char t_uint;
typedef unsigned short t_udbl; typedef uint16_t t_udbl;
#define POLARSSL_HAVE_UDBL
#else #else
#if defined(POLARSSL_HAVE_INT16) #if defined(POLARSSL_HAVE_INT16)
typedef signed short t_sint; typedef int16_t t_sint;
typedef unsigned short t_uint; typedef uint16_t t_uint;
typedef unsigned long t_udbl; typedef uint32_t t_udbl;
#define POLARSSL_HAVE_UDBL
#else #else
typedef signed long t_sint; #if ( defined(__MSC_VER) && defined(_M_AMD64) )
typedef unsigned long t_uint; typedef int64_t t_sint;
#if defined(_MSC_VER) && defined(_M_IX86) typedef uint64_t t_uint;
typedef unsigned __int64 t_udbl;
#else #else
#if defined(__GNUC__) && ( \ #if ( defined(__GNUC__) && ( \
defined(__amd64__) || defined(__x86_64__) || \ defined(__amd64__) || defined(__x86_64__) || \
defined(__ppc64__) || defined(__powerpc64__) || \ defined(__ppc64__) || defined(__powerpc64__) || \
defined(__ia64__) || defined(__alpha__) || \ defined(__ia64__) || defined(__alpha__) || \
(defined(__sparc__) && defined(__arch64__)) || \ (defined(__sparc__) && defined(__arch64__)) || \
defined(__s390x__) ) defined(__s390x__) ) )
typedef unsigned int t_udbl __attribute__((mode(TI))); typedef int64_t t_sint;
#define POLARSSL_HAVE_LONGLONG typedef uint64_t t_uint;
typedef unsigned int t_udbl __attribute__((mode(TI)));
#define POLARSSL_HAVE_UDBL
#else #else
#if defined(POLARSSL_HAVE_LONGLONG) typedef int32_t t_sint;
typedef unsigned long long t_udbl; typedef uint32_t t_uint;
#endif #if ( defined(_MSC_VER) && defined(_M_IX86) )
typedef uint64_t t_udbl;
#define POLARSSL_HAVE_UDBL
#else
#if defined( POLARSSL_HAVE_LONGLONG )
typedef unsigned long long t_udbl;
#define POLARSSL_HAVE_UDBL
#endif
#endif
#endif #endif
#endif #endif
#endif #endif /* POLARSSL_HAVE_INT16 */
#endif #endif /* POLARSSL_HAVE_INT8 */
/** /**
* \brief MPI structure * \brief MPI structure
*/ */
typedef struct typedef struct
{ {
int s; /*!< integer sign */ int s; /*!< integer sign */
size_t n; /*!< total # of limbs */ size_t n; /*!< total # of limbs */
t_uint *p; /*!< pointer to limbs */ t_uint *p; /*!< pointer to limbs */
} }
skipping to change at line 187 skipping to change at line 221
* \brief Set value from integer * \brief Set value from integer
* *
* \param X MPI to set * \param X MPI to set
* \param z Value to use * \param z Value to use
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_lset( mpi *X, t_sint z ); int mpi_lset( mpi *X, t_sint z );
/** /*
* \brief Get a specific bit from X * \brief Get a specific bit from X
* *
* \param X MPI to use * \param X MPI to use
* \param pos Zero-based index of the bit in X * \param pos Zero-based index of the bit in X
* *
* \return Either a 0 or a 1 * \return Either a 0 or a 1
*/ */
int mpi_get_bit( mpi *X, size_t pos ); int mpi_get_bit( const mpi *X, size_t pos );
/** /*
* \brief Set a bit of X to a specific value of 0 or 1 * \brief Set a bit of X to a specific value of 0 or 1
* *
* \note Will grow X if necessary to set a bit to 1 in a not yet * \note Will grow X if necessary to set a bit to 1 in a not yet
* existing limb. Will not grow if bit should be set to 0 * existing limb. Will not grow if bit should be set to 0
* *
* \param X MPI to use * \param X MPI to use
* \param pos Zero-based index of the bit in X * \param pos Zero-based index of the bit in X
* \param val The value to set the bit to (0 or 1) * \param val The value to set the bit to (0 or 1)
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed, * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1 * POLARSSL_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
*/ */
int mpi_set_bit( mpi *X, size_t pos, unsigned char val ); int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
/** /**
* \brief Return the number of least significant bits * \brief Return the number of zero-bits before the least signific
ant
* '1' bit
*
* Note: Thus also the zero-based index of the least significant '1' bit
* *
* \param X MPI to use * \param X MPI to use
*/ */
size_t mpi_lsb( const mpi *X ); size_t mpi_lsb( const mpi *X );
/** /**
* \brief Return the number of most significant bits * \brief Return the number of bits up to and including the most
* significant '1' bit'
*
* Note: Thus also the one-based index of the most significant '1' bit
* *
* \param X MPI to use * \param X MPI to use
*/ */
size_t mpi_msb( const mpi *X ); size_t mpi_msb( const mpi *X );
/** /**
* \brief Return the total size in bytes * \brief Return the total size in bytes
* *
* \param X MPI to use * \param X MPI to use
*/ */
skipping to change at line 262 skipping to change at line 302
* *
* \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code. * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code.
* *slen is always updated to reflect the amount * *slen is always updated to reflect the amount
* of data that has (or would have) been written. * of data that has (or would have) been written.
* *
* \note Call this function with *slen = 0 to obtain the * \note Call this function with *slen = 0 to obtain the
* minimum required buffer size in *slen. * minimum required buffer size in *slen.
*/ */
int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen ); int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
#if defined(POLARSSL_FS_IO)
/** /**
* \brief Read X from an opened file * \brief Read X from an opened file
* *
* \param X Destination MPI * \param X Destination MPI
* \param radix Input numeric base * \param radix Input numeric base
* \param fin Input file handle * \param fin Input file handle
* *
* \return 0 if successful, POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if * \return 0 if successful, POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if
* the file read buffer is too small or a * the file read buffer is too small or a
* POLARSSL_ERR_MPI_XXX error code * POLARSSL_ERR_MPI_XXX error code
skipping to change at line 288 skipping to change at line 329
* \param p Prefix, can be NULL * \param p Prefix, can be NULL
* \param X Source MPI * \param X Source MPI
* \param radix Output numeric base * \param radix Output numeric base
* \param fout Output file handle (can be NULL) * \param fout Output file handle (can be NULL)
* *
* \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
* *
* \note Set fout == NULL to print X on the console. * \note Set fout == NULL to print X on the console.
*/ */
int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout ); int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
#endif /* POLARSSL_FS_IO */
/** /**
* \brief Import X from unsigned binary data, big endian * \brief Import X from unsigned binary data, big endian
* *
* \param X Destination MPI * \param X Destination MPI
* \param buf Input buffer * \param buf Input buffer
* \param buflen Input buffer size * \param buflen Input buffer size
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
 End of changes. 17 change blocks. 
31 lines changed or deleted 77 lines changed or added


 bn_mul.h   bn_mul.h 
skipping to change at line 551 skipping to change at line 551
#define MULADDC_STOP \ #define MULADDC_STOP \
asm( "st.w %0, %%d4 " : "=m" (c)); \ asm( "st.w %0, %%d4 " : "=m" (c)); \
asm( "st.a %0, %%a3 " : "=m" (d)); \ asm( "st.a %0, %%a3 " : "=m" (d)); \
asm( "st.a %0, %%a2 " : "=m" (s) :: \ asm( "st.a %0, %%a2 " : "=m" (s) :: \
"d0", "d1", "e2", "d4", "a2", "a3" ); "d0", "d1", "e2", "d4", "a2", "a3" );
#endif /* TriCore */ #endif /* TriCore */
#if defined(__arm__) #if defined(__arm__)
#if !defined(__thumb__) #if defined(__thumb__)
#define MULADDC_INIT \
asm( "ldr r0, %0 " :: "m" (s)); \
asm( "ldr r1, %0 " :: "m" (d)); \
asm( "ldr r2, %0 " :: "m" (c)); \
asm( "ldr r3, %0 " :: "m" (b)); \
asm( "lsr r7, r3, #16 " ); \
asm( "mov r9, r7 " ); \
asm( "lsl r7, r3, #16 " ); \
asm( "lsr r7, r7, #16 " ); \
asm( "mov r8, r7 " );
#define MULADDC_CORE \
asm( "ldmia r0!, {r6} " ); \
asm( "lsr r7, r6, #16 " ); \
asm( "lsl r6, r6, #16 " ); \
asm( "lsr r6, r6, #16 " ); \
asm( "mov r4, r8 " ); \
asm( "mul r4, r6 " ); \
asm( "mov r3, r9 " ); \
asm( "mul r6, r3 " ); \
asm( "mov r5, r9 " ); \
asm( "mul r5, r7 " ); \
asm( "mov r3, r8 " ); \
asm( "mul r7, r3 " ); \
asm( "lsr r3, r6, #16 " ); \
asm( "add r5, r5, r3 " ); \
asm( "lsr r3, r7, #16 " ); \
asm( "add r5, r5, r3 " ); \
asm( "add r4, r4, r2 " ); \
asm( "mov r2, #0 " ); \
asm( "adc r5, r2 " ); \
asm( "lsl r3, r6, #16 " ); \
asm( "add r4, r4, r3 " ); \
asm( "adc r5, r2 " ); \
asm( "lsl r3, r7, #16 " ); \
asm( "add r4, r4, r3 " ); \
asm( "adc r5, r2 " ); \
asm( "ldr r3, [r1] " ); \
asm( "add r4, r4, r3 " ); \
asm( "adc r2, r5 " ); \
asm( "stmia r1!, {r4} " );
#define MULADDC_STOP \
asm( "str r2, %0 " : "=m" (c)); \
asm( "str r1, %0 " : "=m" (d)); \
asm( "str r0, %0 " : "=m" (s) :: \
"r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" );
#else
#define MULADDC_INIT \ #define MULADDC_INIT \
asm( "ldr r0, %0 " :: "m" (s)); \ asm( "ldr r0, %0 " :: "m" (s)); \
asm( "ldr r1, %0 " :: "m" (d)); \ asm( "ldr r1, %0 " :: "m" (d)); \
asm( "ldr r2, %0 " :: "m" (c)); \ asm( "ldr r2, %0 " :: "m" (c)); \
asm( "ldr r3, %0 " :: "m" (b)); asm( "ldr r3, %0 " :: "m" (b));
#define MULADDC_CORE \ #define MULADDC_CORE \
asm( "ldr r4, [r0], #4 " ); \ asm( "ldr r4, [r0], #4 " ); \
asm( "mov r5, #0 " ); \ asm( "mov r5, #0 " ); \
skipping to change at line 746 skipping to change at line 796
__asm mov c, ecx \ __asm mov c, ecx \
__asm mov d, edi \ __asm mov d, edi \
__asm mov s, esi \ __asm mov s, esi \
#endif /* SSE2 */ #endif /* SSE2 */
#endif /* MSVC */ #endif /* MSVC */
#endif /* POLARSSL_HAVE_ASM */ #endif /* POLARSSL_HAVE_ASM */
#if !defined(MULADDC_CORE) #if !defined(MULADDC_CORE)
#if defined(POLARSSL_HAVE_LONGLONG) #if defined(POLARSSL_HAVE_UDBL)
#define MULADDC_INIT \ #define MULADDC_INIT \
{ \ { \
t_udbl r; \ t_udbl r; \
t_uint r0, r1; t_uint r0, r1;
#define MULADDC_CORE \ #define MULADDC_CORE \
r = *(s++) * (t_udbl) b; \ r = *(s++) * (t_udbl) b; \
r0 = r; \ r0 = r; \
r1 = r >> biL; \ r1 = r >> biL; \
r0 += c; r1 += (r0 < c); \ r0 += c; r1 += (r0 < c); \
r0 += *d; r1 += (r0 < *d); \ r0 += *d; r1 += (r0 < *d); \
c = r1; *(d++) = r0; c = r1; *(d++) = r0;
#define MULADDC_STOP \ #define MULADDC_STOP \
} }
#else #else
 End of changes. 3 change blocks. 
3 lines changed or deleted 53 lines changed or added


 camellia.h   camellia.h 
skipping to change at line 142 skipping to change at line 142
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH
*/ */
int camellia_crypt_cfb128( camellia_context *ctx, int camellia_crypt_cfb128( camellia_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /*
* \brief CAMELLIA-CTR buffer encryption/decryption * \brief CAMELLIA-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT. * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
* *
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 cipher.h   cipher.h 
/** /**
* \file cipher.h * \file cipher.h
* *
* \brief Generic cipher wrapper. * \brief Generic cipher wrapper.
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2012, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 51 skipping to change at line 51
#endif /*_MSC_VER */ #endif /*_MSC_VER */
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< Th e selected feature is not available. */ #define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< Th e selected feature is not available. */
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Fa iled to allocate memory. */ #define POLARSSL_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Fa iled to allocate memory. */
#define POLARSSL_ERR_CIPHER_INVALID_PADDING -0x6200 /**< In put data contains invalid padding and is rejected. */ #define POLARSSL_ERR_CIPHER_INVALID_PADDING -0x6200 /**< In put data contains invalid padding and is rejected. */
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< De cryption of block requires a full block. */ #define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< De cryption of block requires a full block. */
typedef enum { typedef enum {
POLARSSL_CIPHER_ID_NONE = 0, POLARSSL_CIPHER_ID_NONE = 0,
POLARSSL_CIPHER_ID_NULL,
POLARSSL_CIPHER_ID_AES, POLARSSL_CIPHER_ID_AES,
POLARSSL_CIPHER_ID_DES, POLARSSL_CIPHER_ID_DES,
POLARSSL_CIPHER_ID_3DES, POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA, POLARSSL_CIPHER_ID_CAMELLIA,
POLARSSL_CIPHER_ID_BLOWFISH,
} cipher_id_t; } cipher_id_t;
typedef enum { typedef enum {
POLARSSL_CIPHER_NONE = 0, POLARSSL_CIPHER_NONE = 0,
POLARSSL_CIPHER_NULL,
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_CIPHER_AES_192_CBC, POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_CIPHER_AES_256_CBC,
POLARSSL_CIPHER_AES_128_CFB128, POLARSSL_CIPHER_AES_128_CFB128,
POLARSSL_CIPHER_AES_192_CFB128, POLARSSL_CIPHER_AES_192_CFB128,
POLARSSL_CIPHER_AES_256_CFB128, POLARSSL_CIPHER_AES_256_CFB128,
POLARSSL_CIPHER_AES_128_CTR, POLARSSL_CIPHER_AES_128_CTR,
POLARSSL_CIPHER_AES_192_CTR, POLARSSL_CIPHER_AES_192_CTR,
POLARSSL_CIPHER_AES_256_CTR, POLARSSL_CIPHER_AES_256_CTR,
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC, POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_CIPHER_CAMELLIA_256_CBC,
POLARSSL_CIPHER_CAMELLIA_128_CFB128, POLARSSL_CIPHER_CAMELLIA_128_CFB128,
POLARSSL_CIPHER_CAMELLIA_192_CFB128, POLARSSL_CIPHER_CAMELLIA_192_CFB128,
POLARSSL_CIPHER_CAMELLIA_256_CFB128, POLARSSL_CIPHER_CAMELLIA_256_CFB128,
POLARSSL_CIPHER_CAMELLIA_128_CTR, POLARSSL_CIPHER_CAMELLIA_128_CTR,
POLARSSL_CIPHER_CAMELLIA_192_CTR, POLARSSL_CIPHER_CAMELLIA_192_CTR,
POLARSSL_CIPHER_CAMELLIA_256_CTR, POLARSSL_CIPHER_CAMELLIA_256_CTR,
POLARSSL_CIPHER_DES_CBC, POLARSSL_CIPHER_DES_CBC,
POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_CIPHER_DES_EDE_CBC,
POLARSSL_CIPHER_DES_EDE3_CBC POLARSSL_CIPHER_DES_EDE3_CBC,
POLARSSL_CIPHER_BLOWFISH_CBC,
POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR,
} cipher_type_t; } cipher_type_t;
typedef enum { typedef enum {
POLARSSL_MODE_NONE = 0, POLARSSL_MODE_NONE = 0,
POLARSSL_MODE_NULL,
POLARSSL_MODE_CBC, POLARSSL_MODE_CBC,
POLARSSL_MODE_CFB128, POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB, POLARSSL_MODE_OFB,
POLARSSL_MODE_CTR, POLARSSL_MODE_CTR,
} cipher_mode_t; } cipher_mode_t;
typedef enum { typedef enum {
POLARSSL_OPERATION_NONE = -1, POLARSSL_OPERATION_NONE = -1,
POLARSSL_DECRYPT = 0, POLARSSL_DECRYPT = 0,
POLARSSL_ENCRYPT, POLARSSL_ENCRYPT,
} operation_t; } operation_t;
skipping to change at line 121 skipping to change at line 128
*/ */
typedef struct { typedef struct {
/** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */ /** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */
cipher_id_t cipher; cipher_id_t cipher;
/** Encrypt using CBC */ /** Encrypt using CBC */
int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned c har *iv, int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned c har *iv,
const unsigned char *input, unsigned char *output ); const unsigned char *input, unsigned char *output );
/** Encrypt using CFB128 */ /** Encrypt using CFB (Full length) */
int (*cfb128_func)( void *ctx, operation_t mode, size_t length, size_t int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv
*iv_off, _off,
unsigned char *iv, const unsigned char *input, unsigned char *o utput ); unsigned char *iv, const unsigned char *input, unsigned char *o utput );
/** Encrypt using CTR */ /** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned cha r *nonce_counter, int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned cha r *nonce_counter,
unsigned char *stream_block, const unsigned char *input, unsign ed char *output ); unsigned char *stream_block, const unsigned char *input, unsign ed char *output );
/** Set key for encryption purposes */ /** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned i nt key_length); int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned i nt key_length);
/** Set key for decryption purposes */ /** Set key for decryption purposes */
skipping to change at line 316 skipping to change at line 323
* \brief Returns the type of the given cipher. * \brief Returns the type of the given cipher.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return type of the cipher, or POLARSSL_CIPHER_NONE if ctx has * \return type of the cipher, or POLARSSL_CIPHER_NONE if ctx has
* not been initialised. * not been initialised.
*/ */
static inline cipher_type_t cipher_get_type( const cipher_context_t *ctx ) static inline cipher_type_t cipher_get_type( const cipher_context_t *ctx )
{ {
if( NULL == ctx || NULL == ctx->cipher_info ) if( NULL == ctx || NULL == ctx->cipher_info )
return 0; return POLARSSL_CIPHER_NONE;
return ctx->cipher_info->type; return ctx->cipher_info->type;
} }
/** /**
* \brief Returns the name of the given cipher, as a string. * \brief Returns the name of the given cipher, as a string.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return name of the cipher, or NULL if ctx was not initiali sed. * \return name of the cipher, or NULL if ctx was not initiali sed.
 End of changes. 9 change blocks. 
7 lines changed or deleted 14 lines changed or added


 cipher_wrap.h   cipher_wrap.h 
/** /**
* \file cipher_wrap.h * \file cipher_wrap.h
* *
* \brief Cipher wrappers. * \brief Cipher wrappers.
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2012, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 87 skipping to change at line 87
#endif /* defined(POLARSSL_CAMELLIA_C) */ #endif /* defined(POLARSSL_CAMELLIA_C) */
#if defined(POLARSSL_DES_C) #if defined(POLARSSL_DES_C)
extern const cipher_info_t des_cbc_info; extern const cipher_info_t des_cbc_info;
extern const cipher_info_t des_ede_cbc_info; extern const cipher_info_t des_ede_cbc_info;
extern const cipher_info_t des_ede3_cbc_info; extern const cipher_info_t des_ede3_cbc_info;
#endif /* defined(POLARSSL_DES_C) */ #endif /* defined(POLARSSL_DES_C) */
#if defined(POLARSSL_BLOWFISH_C)
extern const cipher_info_t blowfish_cbc_info;
#if defined(POLARSSL_CIPHER_MODE_CFB)
extern const cipher_info_t blowfish_cfb64_info;
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
extern const cipher_info_t blowfish_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* defined(POLARSSL_BLOWFISH_C) */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
extern const cipher_info_t null_cipher_info;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* POLARSSL_CIPHER_WRAP_H */ #endif /* POLARSSL_CIPHER_WRAP_H */
 End of changes. 2 change blocks. 
1 lines changed or deleted 17 lines changed or added


 config.h   config.h 
/** /**
* \file config.h * \file config.h
* *
* \brief Configuration options (set of defines) * \brief Configuration options (set of defines)
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2012, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 66 skipping to change at line 66
* *
* The system uses 16-bit wide native integers. * The system uses 16-bit wide native integers.
* *
* Uncomment if native integers are 16-bit wide. * Uncomment if native integers are 16-bit wide.
#define POLARSSL_HAVE_INT16 #define POLARSSL_HAVE_INT16
*/ */
/** /**
* \def POLARSSL_HAVE_LONGLONG * \def POLARSSL_HAVE_LONGLONG
* *
* The compiler supports the use of long long. * The compiler supports the 'long long' type.
* * (Only used on 32-bit platforms)
* Uncomment if the compiler supports long long.
#define POLARSSL_HAVE_LONGLONG
*/ */
#define POLARSSL_HAVE_LONGLONG
/** /**
* \def POLARSSL_HAVE_ASM * \def POLARSSL_HAVE_ASM
* *
* The compiler has support for asm() * The compiler has support for asm()
* *
* Uncomment to enable the use of assembly code. * Uncomment to enable the use of assembly code.
* *
* Requires support for asm() in compiler. * Requires support for asm() in compiler.
* *
skipping to change at line 92 skipping to change at line 91
* library/timing.c * library/timing.c
* library/padlock.c * library/padlock.c
* include/polarssl/bn_mul.h * include/polarssl/bn_mul.h
* *
*/ */
#define POLARSSL_HAVE_ASM #define POLARSSL_HAVE_ASM
/** /**
* \def POLARSSL_HAVE_SSE2 * \def POLARSSL_HAVE_SSE2
* *
* CPI supports SSE2 instruction set. * CPU supports SSE2 instruction set.
* *
* Uncomment if the CPU supports SSE2 (IA-32 specific). * Uncomment if the CPU supports SSE2 (IA-32 specific).
* *
#define POLARSSL_HAVE_SSE2 #define POLARSSL_HAVE_SSE2
*/ */
/* \} name */ /* \} name */
/** /**
* \name SECTION: PolarSSL feature support * \name SECTION: PolarSSL feature support
* *
skipping to change at line 133 skipping to change at line 132
#define POLARSSL_CIPHER_MODE_CFB #define POLARSSL_CIPHER_MODE_CFB
/** /**
* \def POLARSSL_CIPHER_MODE_CTR * \def POLARSSL_CIPHER_MODE_CTR
* *
* Enable Counter Block Cipher mode (CTR) for symmetric ciphers. * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
*/ */
#define POLARSSL_CIPHER_MODE_CTR #define POLARSSL_CIPHER_MODE_CTR
/** /**
* \def POLARSSL_DEBUG_MSG * \def POLARSSL_CIPHER_NULL_CIPHER
* *
* Requires: POLARSSL_DEBUG_C * Enable NULL cipher.
* Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security!
* *
* Enable all SSL/TLS debugging messages. * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites:
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
*/ */
#define POLARSSL_DEBUG_MSG
/** /**
* \def POLARSSL_ERROR_STRERROR_DUMMY * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
*
* Enable weak ciphersuites in SSL / TLS
* Warning: Only do so when you know what you are doing. This allows for
* channels without virtually no security at all!
* *
* Enable a dummy error function to make use of error_strerror() in * This enables the following ciphersuites:
* third party libraries easier. * TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA
* *
* Disable if you run into name conflicts and want to really remove the * Uncomment this macro to enable weak ciphersuites
* error_strerror() #define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/ */
#define POLARSSL_ERROR_STRERROR_DUMMY
/** /**
* \def POLARSSL_GENPRIME * \def POLARSSL_GENPRIME
* *
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
* *
* Enable the RSA prime-number generation code. * Enable the RSA prime-number generation code.
*/ */
#define POLARSSL_GENPRIME #define POLARSSL_GENPRIME
skipping to change at line 220 skipping to change at line 231
*/ */
/** /**
* \def POLARSSL_SELF_TEST * \def POLARSSL_SELF_TEST
* *
* Enable the checkup functions (*_self_test). * Enable the checkup functions (*_self_test).
*/ */
#define POLARSSL_SELF_TEST #define POLARSSL_SELF_TEST
/** /**
* \def POLARSSL_SSL_DEBUG_ALL * \def POLARSSL_SSL_HW_RECORD_ACCEL
* *
* Enable the debug messages in SSL module for all issues. * Enable hooking functions in SSL module for hardware acceleration of
* Debug messages have been disabled in some places to prevent timing * individual records.
* attacks due to (unbalanced) debugging function calls.
* *
* If you need all error reporting you should enable this during debugging, * Uncomment this macro to enable hooking functions.
* but remove this for production servers that should log as well. #define POLARSSL_SSL_HW_RECORD_ACCEL
*
* Uncomment this macro to report all debug messages on errors introducing
* a timing side-channel.
*
#define POLARSSL_SSL_DEBUG_ALL
*/ */
/** /**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
* *
* If set, the X509 parser will not break-off when parsing an X509 certific ate * If set, the X509 parser will not break-off when parsing an X509 certific ate
* and encountering an unknown critical extension. * and encountering an unknown critical extension.
* *
* Uncomment to prevent an error. * Uncomment to prevent an error.
* *
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION #define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/ */
/**
* \def POLARSSL_ZLIB_SUPPORT
*
* If set, the SSL/TLS module uses ZLIB to support compression and
* decompression of packet data.
*
* Used in: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
*
* This feature requires zlib library and headers to be present.
*
* Uncomment to enable use of ZLIB
#define POLARSSL_ZLIB_SUPPORT
*/
/* \} name */ /* \} name */
/** /**
* \name SECTION: PolarSSL modules * \name SECTION: PolarSSL modules
* *
* This section enables or disables entire modules in PolarSSL * This section enables or disables entire modules in PolarSSL
* \{ * \{
*/ */
/** /**
* \def POLARSSL_AES_C * \def POLARSSL_AES_C
* *
* Enable the AES block cipher. * Enable the AES block cipher.
* *
* Module: library/aes.c * Module: library/aes.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* library/pem.c * library/pem.c
* library/ctr_drbg.c * library/ctr_drbg.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites (if other requisites are
* SSL_RSA_AES_128_SHA * enabled as well):
* SSL_RSA_AES_256_SHA * TLS_RSA_WITH_AES_128_CBC_SHA
* SSL_EDH_RSA_AES_256_SHA * TLS_RSA_WITH_AES_256_CBC_SHA
* * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* PEM uses AES for decrypting encrypted keys. * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/ */
#define POLARSSL_AES_C #define POLARSSL_AES_C
/** /**
* \def POLARSSL_ARC4_C * \def POLARSSL_ARC4_C
* *
* Enable the ARCFOUR stream cipher. * Enable the ARCFOUR stream cipher.
* *
* Module: library/arc4.c * Module: library/arc4.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites:
* SSL_RSA_RC4_128_MD5 * TLS_RSA_WITH_RC4_128_MD5
* SSL_RSA_RC4_128_SHA * TLS_RSA_WITH_RC4_128_SHA
*/ */
#define POLARSSL_ARC4_C #define POLARSSL_ARC4_C
/** /**
* \def POLARSSL_ASN1_PARSE_C * \def POLARSSL_ASN1_PARSE_C
* *
* Enable the generic ASN1 parser. * Enable the generic ASN1 parser.
* *
* Module: library/asn1.c * Module: library/asn1.c
* Caller: library/x509parse.c * Caller: library/x509parse.c
*/ */
#define POLARSSL_ASN1_PARSE_C #define POLARSSL_ASN1_PARSE_C
/** /**
* \def POLARSSL_ASN1_WRITE_C
*
* Enable the generic ASN1 writer.
*
* Module: library/asn1write.c
*/
#define POLARSSL_ASN1_WRITE_C
/**
* \def POLARSSL_BASE64_C * \def POLARSSL_BASE64_C
* *
* Enable the Base64 module. * Enable the Base64 module.
* *
* Module: library/base64.c * Module: library/base64.c
* Caller: library/pem.c * Caller: library/pem.c
* *
* This module is required for PEM support (required by X.509). * This module is required for PEM support (required by X.509).
*/ */
#define POLARSSL_BASE64_C #define POLARSSL_BASE64_C
/** /**
* \def POLARSSL_BIGNUM_C * \def POLARSSL_BIGNUM_C
* *
* Enable the multi-precision integer library. * Enable the multo-precision integer library.
* *
* Module: library/bignum.c * Module: library/bignum.c
* Caller: library/dhm.c * Caller: library/dhm.c
* library/rsa.c * library/rsa.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c * library/x509parse.c
* *
* This module is required for RSA and DHM support. * This module is required for RSA and DHM support.
*/ */
#define POLARSSL_BIGNUM_C #define POLARSSL_BIGNUM_C
/** /**
* \def POLARSSL_BLOWFISH_C
*
* Enable the Blowfish block cipher.
*
* Module: library/blowfish.c
*/
#define POLARSSL_BLOWFISH_C
/**
* \def POLARSSL_CAMELLIA_C * \def POLARSSL_CAMELLIA_C
* *
* Enable the Camellia block cipher. * Enable the Camellia block cipher.
* *
* Module: library/camellia.c * Module: library/camellia.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enabled the following cipher suites: * This module enables the following ciphersuites (if other requisites are
* SSL_RSA_CAMELLIA_128_SHA * enabled as well):
* SSL_RSA_CAMELLIA_256_SHA * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* SSL_EDH_RSA_CAMELLIA_256_SHA * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
*/ */
#define POLARSSL_CAMELLIA_C #define POLARSSL_CAMELLIA_C
/** /**
* \def POLARSSL_CERTS_C * \def POLARSSL_CERTS_C
* *
* Enable the test certificates. * Enable the test certificates.
* *
* Module: library/certs.c * Module: library/certs.c
* Caller: * Caller:
skipping to change at line 397 skipping to change at line 448
* This module provides debugging functions. * This module provides debugging functions.
*/ */
#define POLARSSL_DEBUG_C #define POLARSSL_DEBUG_C
/** /**
* \def POLARSSL_DES_C * \def POLARSSL_DES_C
* *
* Enable the DES block cipher. * Enable the DES block cipher.
* *
* Module: library/des.c * Module: library/des.c
* Caller: library/pem.c * Caller: library/ssl_tls.c
* library/ssl_tls.c
*
* This module enables the following ciphersuites:
* SSL_RSA_DES_168_SHA
* SSL_EDH_RSA_DES_168_SHA
* *
* PEM uses DES/3DES for decrypting encrypted keys. * This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/ */
#define POLARSSL_DES_C #define POLARSSL_DES_C
/** /**
* \def POLARSSL_DHM_C * \def POLARSSL_DHM_C
* *
* Enable the Diffie-Hellman-Merkle key exchange. * Enable the Diffie-Hellman-Merkle key exchange.
* *
* Module: library/dhm.c * Module: library/dhm.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites (if other requisites are
* SSL_EDH_RSA_DES_168_SHA * enabled as well):
* SSL_EDH_RSA_AES_256_SHA * TLS_DHE_RSA_WITH_DES_CBC_SHA
* SSL_EDH_RSA_CAMELLIA_256_SHA * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/ */
#define POLARSSL_DHM_C #define POLARSSL_DHM_C
/** /**
* \def POLARSSL_ENTROPY_C * \def POLARSSL_ENTROPY_C
* *
* Enable the platform-specific entropy code. * Enable the platform-specific entropy code.
* *
* Module: library/entropy.c * Module: library/entropy.c
* Caller: * Caller:
skipping to change at line 451 skipping to change at line 510
* Enable error code to error string conversion. * Enable error code to error string conversion.
* *
* Module: library/error.c * Module: library/error.c
* Caller: * Caller:
* *
* This module enables err_strerror(). * This module enables err_strerror().
*/ */
#define POLARSSL_ERROR_C #define POLARSSL_ERROR_C
/** /**
* \def POLARSSL_HAVEGE_C * \def POLARSSL_GCM_C
* *
* Enable the HAVEGE random generator. * Enable the Galois/Counter Mode (GCM) for AES
* *
* Warning: the HAVEGE random generator is not suitable for virtualized * Module: library/gcm.c
* environments
* *
* Warning: the HAVEGE random generator is dependent on timing and specific * Requires: POLARSSL_AES_C
* processor traits. It is therefore not advised to use HAVEGE as *
* your applications primary random generator or primary entropy p * This module enables the following ciphersuites (if other requisites are
ool * enabled as well):
* input. As a secondary input to your entropy pool, it IS able ad * TLS_RSA_WITH_AES_128_GCM_SHA256
d * TLS_RSA_WITH_AES_256_GCM_SHA384
* the (limited) extra entropy it provides. */
#define POLARSSL_GCM_C
/**
* \def POLARSSL_HAVEGE_C
*
* Enable the HAVEGE random generator.
* *
* Module: library/havege.c * Module: library/havege.c
* Caller: * Caller:
* *
* Requires: POLARSSL_TIMING_C * Requires: POLARSSL_TIMING_C
* *
* Uncomment to enable the HAVEGE random generator. * This module enables the HAVEGE random number generator.
#define POLARSSL_HAVEGE_C
*/ */
#define POLARSSL_HAVEGE_C
/** /**
* \def POLARSSL_MD_C * \def POLARSSL_MD_C
* *
* Enable the generic message digest layer. * Enable the generic message digest layer.
* *
* Module: library/md.c * Module: library/md.c
* Caller: * Caller:
* *
* Uncomment to enable generic message digest wrappers. * Uncomment to enable generic message digest wrappers.
skipping to change at line 517 skipping to change at line 583
* *
#define POLARSSL_MD4_C #define POLARSSL_MD4_C
*/ */
/** /**
* \def POLARSSL_MD5_C * \def POLARSSL_MD5_C
* *
* Enable the MD5 hash algorithm * Enable the MD5 hash algorithm
* *
* Module: library/md5.c * Module: library/md5.c
* Caller: library/pem.c * Caller: library/ssl_tls.c
* library/ssl_tls.c
* library/x509parse.c * library/x509parse.c
* *
* This module is required for SSL/TLS and X.509. * This module is required for SSL/TLS and X.509.
* PEM uses MD5 for decrypting encrypted keys.
*/ */
#define POLARSSL_MD5_C #define POLARSSL_MD5_C
/** /**
* \def POLARSSL_NET_C * \def POLARSSL_NET_C
* *
* Enable the TCP/IP networking routines. * Enable the TCP/IP networking routines.
* *
* Module: library/net.c * Module: library/net.c
* Caller: * Caller:
skipping to change at line 551 skipping to change at line 615
* Enable VIA Padlock support on x86. * Enable VIA Padlock support on x86.
* *
* Module: library/padlock.c * Module: library/padlock.c
* Caller: library/aes.c * Caller: library/aes.c
* *
* This modules adds support for the VIA PadLock on x86. * This modules adds support for the VIA PadLock on x86.
*/ */
#define POLARSSL_PADLOCK_C #define POLARSSL_PADLOCK_C
/** /**
* \def POLARSSL_PBKDF2_C
*
* Enable PKCS#5 PBKDF2 key derivation function
*
* Module: library/pbkdf2.c
*
* Requires: POLARSSL_MD_C
*
* This module adds support for the PKCS#5 PBKDF2 key derivation function.
#define POLARSSL_PBKDF2_C
*/
/**
* \def POLARSSL_PEM_C * \def POLARSSL_PEM_C
* *
* Enable PEM decoding * Enable PEM decoding
* *
* Module: library/pem.c * Module: library/pem.c
* Caller: library/x509parse.c * Caller: library/x509parse.c
* *
* Requires: POLARSSL_BASE64_C * Requires: POLARSSL_BASE64_C
* *
* This modules adds support for decoding PEM files. * This modules adds support for decoding PEM files.
*/ */
#define POLARSSL_PEM_C #define POLARSSL_PEM_C
/** /**
* \def POLARSSL_PKCS11_C * \def POLARSSL_PKCS11_C
* *
* Enable support for PKCS#11 smartcard support. * Enable wrapper for PKCS#11 smartcard support.
* *
* Module: library/ssl_srv.c * Module: library/ssl_srv.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* Requires: POLARSSL_SSL_TLS_C * Requires: POLARSSL_SSL_TLS_C
* *
* This module is required for SSL/TLS PKCS #11 smartcard support. * This module enables SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper) * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define POLARSSL_PKCS11_C #define POLARSSL_PKCS11_C
*/ */
/** /**
* \def POLARSSL_RSA_C * \def POLARSSL_RSA_C
* *
* Enable the RSA public-key cryptosystem. * Enable the RSA public-key cryptosystem.
* *
* Module: library/rsa.c * Module: library/rsa.c
skipping to change at line 639 skipping to change at line 716
* *
* Module: library/sha4.c * Module: library/sha4.c
* Caller: library/md_wrap.c * Caller: library/md_wrap.c
* library/x509parse.c * library/x509parse.c
* *
* This module adds support for SHA-384 and SHA-512. * This module adds support for SHA-384 and SHA-512.
*/ */
#define POLARSSL_SHA4_C #define POLARSSL_SHA4_C
/** /**
* \def POLARSSL_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
*
* Module: library/ssl_cache.c
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
*/
#define POLARSSL_SSL_CACHE_C
/**
* \def POLARSSL_SSL_CLI_C * \def POLARSSL_SSL_CLI_C
* *
* Enable the SSL/TLS client code. * Enable the SSL/TLS client code.
* *
* Module: library/ssl_cli.c * Module: library/ssl_cli.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_TLS_C * Requires: POLARSSL_SSL_TLS_C
* *
* This module is required for SSL/TLS client support. * This module is required for SSL/TLS client support.
*/ */
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
/** /*
* \def POLARSSL_SSL_SRV_C * \def POLARSSL_SSL_SRV_C
* *
* Enable the SSL/TLS server code. * Enable the SSL/TLS server code.
* *
* Module: library/ssl_srv.c * Module: library/ssl_srv.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_TLS_C * Requires: POLARSSL_SSL_TLS_C
* *
* This module is required for SSL/TLS server support. * This module is required for SSL/TLS server support.
skipping to change at line 721 skipping to change at line 810
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* *
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C
* *
* This module is required for X.509 certificate parsing. * This module is required for X.509 certificate parsing.
*/ */
#define POLARSSL_X509_PARSE_C #define POLARSSL_X509_PARSE_C
/** /**
* \def POLARSSL_X509_WRITE_C
*
* Enable X.509 buffer writing.
*
* Module: library/x509write.c
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* This module is required for X.509 certificate request writing.
*/
#define POLARSSL_X509_WRITE_C
/**
* \def POLARSSL_XTEA_C * \def POLARSSL_XTEA_C
* *
* Enable the XTEA block cipher. * Enable the XTEA block cipher.
* *
* Module: library/xtea.c * Module: library/xtea.c
* Caller: * Caller:
*/ */
#define POLARSSL_XTEA_C #define POLARSSL_XTEA_C
/* \} name */ /* \} name */
 End of changes. 39 change blocks. 
70 lines changed or deleted 170 lines changed or added


 debug.h   debug.h 
skipping to change at line 33 skipping to change at line 33
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_DEBUG_H #ifndef POLARSSL_DEBUG_H
#define POLARSSL_DEBUG_H #define POLARSSL_DEBUG_H
#include "config.h" #include "config.h"
#include "ssl.h" #include "ssl.h"
#if defined(POLARSSL_DEBUG_MSG) && defined(POLARSSL_DEBUG_C) #if defined(POLARSSL_DEBUG_C)
#define SSL_DEBUG_MSG( level, args ) \ #define SSL_DEBUG_MSG( level, args ) \
debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
#define SSL_DEBUG_RET( level, text, ret ) \ #define SSL_DEBUG_RET( level, text, ret ) \
debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
#define SSL_DEBUG_BUF( level, text, buf, len ) \ #define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 des.h   des.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_DES_H #ifndef POLARSSL_DES_H
#define POLARSSL_DES_H #define POLARSSL_DES_H
#include <string.h> #include <string.h>
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define DES_ENCRYPT 1 #define DES_ENCRYPT 1
#define DES_DECRYPT 0 #define DES_DECRYPT 0
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th e data input has an invalid length. */ #define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th e data input has an invalid length. */
#define DES_KEY_SIZE 8 #define DES_KEY_SIZE 8
/** /**
* \brief DES context structure * \brief DES context structure
*/ */
typedef struct typedef struct
{ {
int mode; /*!< encrypt/decrypt */ int mode; /*!< encrypt/decrypt */
unsigned long sk[32]; /*!< DES subkeys */ uint32_t sk[32]; /*!< DES subkeys */
} }
des_context; des_context;
/** /**
* \brief Triple-DES context structure * \brief Triple-DES context structure
*/ */
typedef struct typedef struct
{ {
int mode; /*!< encrypt/decrypt */ int mode; /*!< encrypt/decrypt */
unsigned long sk[96]; /*!< 3DES subkeys */ uint32_t sk[96]; /*!< 3DES subkeys */
} }
des3_context; des3_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Set key parity on the given key to odd. * \brief Set key parity on the given key to odd.
* *
skipping to change at line 216 skipping to change at line 223
* *
* \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H * \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H
*/ */
int des3_crypt_cbc( des3_context *ctx, int des3_crypt_cbc( des3_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /*
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int des_self_test( int verbose ); int des_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 4 change blocks. 
3 lines changed or deleted 10 lines changed or added


 dhm.h   dhm.h 
skipping to change at line 43 skipping to change at line 43
* DHM Error codes * DHM Error codes
*/ */
#define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Re ading of the DHM parameters failed. */ #define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Re ading of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Ma king of the DHM parameters failed. */ #define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Ma king of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Re ading of the public values failed. */ #define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Re ading of the public values failed. */
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Ma king of the public value failed. */ #define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Ma king of the public value failed. */
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Ca lculation of the DHM secret failed. */ #define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Ca lculation of the DHM secret failed. */
/** /**
* RFC 3526 defines a number of standardized Diffie-Hellman groups
* for IKE.
* RFC 5114 defines a number of standardized Diffie-Hellman groups
* that can be used.
*
* Some are included here for convenience.
*
* Included are:
* RFC 3526 3. 2048-bit MODP Group
* RFC 3526 4. 3072-bit MODP Group
* RFC 5114 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup
* RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
*/
#define POLARSSL_DHM_RFC3526_MODP_2048_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AACAA68FFFFFFFFFFFFFFFF"
#define POLARSSL_DHM_RFC3526_MODP_2048_G "02"
#define POLARSSL_DHM_RFC3526_MODP_3072_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
#define POLARSSL_DHM_RFC3526_MODP_3072_G "02"
#define POLARSSL_DHM_RFC5114_MODP_1024_P \
"B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" \
"9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" \
"13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" \
"98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" \
"A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" \
"DF1FB2BC2E4A4371"
#define POLARSSL_DHM_RFC5114_MODP_1024_G \
"A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" \
"D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" \
"160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" \
"909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" \
"D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" \
"855E6EEB22B3B2E5"
#define POLARSSL_DHM_RFC5114_MODP_2048_P \
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
"B3BF8A317091883681286130BC8985DB1602E714415D9330" \
"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
"CF9DE5384E71B81C0AC4DFFE0C10E64F"
#define POLARSSL_DHM_RFC5114_MODP_2048_G \
"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
"F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
"81BC087F2A7065B384B890D3191F2BFA"
/**
* \brief DHM context structure * \brief DHM context structure
*/ */
typedef struct typedef struct
{ {
size_t len; /*!< size(P) in chars */ size_t len; /*!< size(P) in chars */
mpi P; /*!< prime modulus */ mpi P; /*!< prime modulus */
mpi G; /*!< generator */ mpi G; /*!< generator */
mpi X; /*!< secret value */ mpi X; /*!< secret value */
mpi GX; /*!< self = G^X mod P */ mpi GX; /*!< self = G^X mod P */
mpi GY; /*!< peer = G^Y mod P */ mpi GY; /*!< peer = G^Y mod P */
skipping to change at line 137 skipping to change at line 228
* *
* \param ctx DHM context * \param ctx DHM context
* \param output destination buffer * \param output destination buffer
* \param olen number of chars written * \param olen number of chars written
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_calc_secret( dhm_context *ctx, int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, size_t *olen ); unsigned char *output, size_t *olen );
/** /*
* \brief Free the components of a DHM key * \brief Free the components of a DHM key
*/ */
void dhm_free( dhm_context *ctx ); void dhm_free( dhm_context *ctx );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int dhm_self_test( int verbose ); int dhm_self_test( int verbose );
 End of changes. 2 change blocks. 
1 lines changed or deleted 92 lines changed or added


 error.h   error.h 
skipping to change at line 52 skipping to change at line 52
* 1 bit - Intentionally not used * 1 bit - Intentionally not used
* 3 bits - High level module ID * 3 bits - High level module ID
* 5 bits - Module-dependent error code * 5 bits - Module-dependent error code
* 6 bits - Low level module errors * 6 bits - Low level module errors
* 1 bit - Intentionally not used * 1 bit - Intentionally not used
* *
* Low-level module errors (0x007E-0x0002) * Low-level module errors (0x007E-0x0002)
* *
* Module Nr Codes assigned * Module Nr Codes assigned
* MPI 7 0x0002-0x0010 * MPI 7 0x0002-0x0010
* ASN1 6 0x0014-0x001E * GCM 2 0x0012-0x0014
* BLOWFISH 2 0x0016-0x0018
* AES 2 0x0020-0x0022 * AES 2 0x0020-0x0022
* CAMELLIA 2 0x0024-0x0026 * CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028 * XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C * BASE64 2 0x002A-0x002C
* PADLOCK 1 0x0030-0x0030 * PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032 * DES 1 0x0032-0x0032
* NET 11 0x0040-0x0054
* CTR_DBRG 3 0x0034-0x003A * CTR_DBRG 3 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040 * ENTROPY 3 0x003C-0x0040
* NET 11 0x0042-0x0056
* ASN1 7 0x0060-0x006C
* MD2 1 0x0070-0x0070 * MD2 1 0x0070-0x0070
* MD4 1 0x0072-0x0072 * MD4 1 0x0072-0x0072
* MD5 1 0x0074-0x0074 * MD5 1 0x0074-0x0074
* SHA1 1 0x0076-0x0076 * SHA1 1 0x0076-0x0076
* SHA2 1 0x0078-0x0078 * SHA2 1 0x0078-0x0078
* SHA4 1 0x007A-0x007A * SHA4 1 0x007A-0x007A
* PBKDF2 1 0x007C-0x007C
* *
* High-level module nr (3 bits - 0x1...-0x8...) * High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors * Name ID Nr of Errors
* PEM 1 9 * PEM 1 8
* X509 2 21 * X509 2 21
* DHM 3 6 * DHM 3 6
* RSA 4 9 * RSA 4 9
* MD 5 4 * MD 5 4
* CIPHER 6 5 * CIPHER 6 5
* SSL 7 30 * SSL 6 2 (Started from top)
* SSL 7 31
* *
* Module dependent error code (5 bits 0x.08.-0x.F8.) * Module dependent error code (5 bits 0x.08.-0x.F8.)
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Translate a PolarSSL error code into a string representation, * \brief Translate a PolarSSL error code into a string representation,
 End of changes. 6 change blocks. 
4 lines changed or deleted 8 lines changed or added


 havege.h   havege.h 
skipping to change at line 63 skipping to change at line 63
*/ */
void havege_init( havege_state *hs ); void havege_init( havege_state *hs );
/** /**
* \brief HAVEGE rand function * \brief HAVEGE rand function
* *
* \param p_rng A HAVEGE state * \param p_rng A HAVEGE state
* \param output Buffer to fill * \param output Buffer to fill
* \param len Length of buffer * \param len Length of buffer
* *
* \return A random int * \return 0
*/ */
int havege_random( void *p_rng, unsigned char *output, size_t len ); int havege_random( void *p_rng, unsigned char *output, size_t len );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* havege.h */ #endif /* havege.h */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 md4.h   md4.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD4_H #ifndef POLARSSL_MD4_H
#define POLARSSL_MD4_H #define POLARSSL_MD4_H
#include <string.h> #include <string.h>
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/w rite error in file. */
/** /**
* \brief MD4 context structure * \brief MD4 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
unsigned long state[4]; /*!< intermediate digest state */ uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
} }
md4_context; md4_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
 End of changes. 2 change blocks. 
2 lines changed or deleted 9 lines changed or added


 md5.h   md5.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD5_H #ifndef POLARSSL_MD5_H
#define POLARSSL_MD5_H #define POLARSSL_MD5_H
#include <string.h> #include <string.h>
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/w rite error in file. */
/** /**
* \brief MD5 context structure * \brief MD5 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
unsigned long state[4]; /*!< intermediate digest state */ uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
} }
md5_context; md5_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
skipping to change at line 150 skipping to change at line 157
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int md5_self_test( int verbose ); int md5_self_test( int verbose );
/* Internal use */
void md5_process( md5_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* md5.h */ #endif /* md5.h */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 net.h   net.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_NET_H #ifndef POLARSSL_NET_H
#define POLARSSL_NET_H #define POLARSSL_NET_H
#include <string.h> #include <string.h>
#define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0040 /**< Fa iled to get an IP address for the given hostname. */ #define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0056 /**< Fa iled to get an IP address for the given hostname. */
#define POLARSSL_ERR_NET_SOCKET_FAILED -0x0042 /**< Fa iled to open a socket. */ #define POLARSSL_ERR_NET_SOCKET_FAILED -0x0042 /**< Fa iled to open a socket. */
#define POLARSSL_ERR_NET_CONNECT_FAILED -0x0044 /**< Th e connection to the given server / port failed. */ #define POLARSSL_ERR_NET_CONNECT_FAILED -0x0044 /**< Th e connection to the given server / port failed. */
#define POLARSSL_ERR_NET_BIND_FAILED -0x0046 /**< Bi nding of the socket failed. */ #define POLARSSL_ERR_NET_BIND_FAILED -0x0046 /**< Bi nding of the socket failed. */
#define POLARSSL_ERR_NET_LISTEN_FAILED -0x0048 /**< Co uld not listen on the socket. */ #define POLARSSL_ERR_NET_LISTEN_FAILED -0x0048 /**< Co uld not listen on the socket. */
#define POLARSSL_ERR_NET_ACCEPT_FAILED -0x004A /**< Co uld not accept the incoming connection. */ #define POLARSSL_ERR_NET_ACCEPT_FAILED -0x004A /**< Co uld not accept the incoming connection. */
#define POLARSSL_ERR_NET_RECV_FAILED -0x004C /**< Re ading information from the socket failed. */ #define POLARSSL_ERR_NET_RECV_FAILED -0x004C /**< Re ading information from the socket failed. */
#define POLARSSL_ERR_NET_SEND_FAILED -0x004E /**< Se nding information through the socket failed. */ #define POLARSSL_ERR_NET_SEND_FAILED -0x004E /**< Se nding information through the socket failed. */
#define POLARSSL_ERR_NET_CONN_RESET -0x0050 /**< Co nnection was reset by peer. */ #define POLARSSL_ERR_NET_CONN_RESET -0x0050 /**< Co nnection was reset by peer. */
#define POLARSSL_ERR_NET_WANT_READ -0x0052 /**< Co nnection requires a read call. */ #define POLARSSL_ERR_NET_WANT_READ -0x0052 /**< Co nnection requires a read call. */
#define POLARSSL_ERR_NET_WANT_WRITE -0x0054 /**< Co nnection requires a write call. */ #define POLARSSL_ERR_NET_WANT_WRITE -0x0054 /**< Co nnection requires a write call. */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 padlock.h   padlock.h 
skipping to change at line 40 skipping to change at line 40
#include "aes.h" #include "aes.h"
#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< In put data should be aligned. */ #define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< In put data should be aligned. */
#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) #if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__)
#ifndef POLARSSL_HAVE_X86 #ifndef POLARSSL_HAVE_X86
#define POLARSSL_HAVE_X86 #define POLARSSL_HAVE_X86
#endif #endif
#ifdef _MSC_VER
#include <basetsd.h>
typedef INT32 int32_t;
#else
#include <inttypes.h>
#endif
#define PADLOCK_RNG 0x000C #define PADLOCK_RNG 0x000C
#define PADLOCK_ACE 0x00C0 #define PADLOCK_ACE 0x00C0
#define PADLOCK_PHE 0x0C00 #define PADLOCK_PHE 0x0C00
#define PADLOCK_PMM 0x3000 #define PADLOCK_PMM 0x3000
#define PADLOCK_ALIGN16(x) (unsigned long *) (16 + ((long) x & ~15)) #define PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief PadLock detection routine * \brief PadLock detection routine
* *
* \param The feature to detect * \param The feature to detect
* *
 End of changes. 2 change blocks. 
1 lines changed or deleted 8 lines changed or added


 pem.h   pem.h 
/** /**
* \file pem.h * \file pem.h
* *
* \brief Privacy Enhanced Mail (PEM) decoding * \brief Privacy Enhanced Mail (PEM) decoding
* *
* Copyright (C) 2006-2013, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 38 skipping to change at line 38
#define POLARSSL_PEM_H #define POLARSSL_PEM_H
#include <string.h> #include <string.h>
/** /**
* \name PEM Error codes * \name PEM Error codes
* These error codes are returned in case of errors reading the * These error codes are returned in case of errors reading the
* PEM data. * PEM data.
* \{ * \{
*/ */
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */ #define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x1080 /**< No PEM header found. */
#define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PE M string is not as expected. */ #define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PE M string is not as expected. */
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Fa iled to allocate memory. */ #define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Fa iled to allocate memory. */
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RS A IV is not in hex-format. */ #define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RS A IV is not in hex-format. */
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Un supported key encryption algorithm. */ #define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Un supported key encryption algorithm. */
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Pr ivate key password can't be empty. */ #define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Pr ivate key password can't be empty. */
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Gi ven private key password does not allow for correct decryption. */ #define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Gi ven private key password does not allow for correct decryption. */
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Un available feature, e.g. hashing/encryption combination. */ #define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Un available feature, e.g. hashing/encryption combination. */
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Ba d input parameters to function. */
/* \} name */ /* \} name */
/** /**
* \brief PEM context structure * \brief PEM context structure
*/ */
typedef struct typedef struct
{ {
unsigned char *buf; /*!< buffer for decoded data */ unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */ size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */ unsigned char *info; /*!< buffer for extra header information */
skipping to change at line 81 skipping to change at line 80
/** /**
* \brief Read a buffer for PEM information and store the resulting * \brief Read a buffer for PEM information and store the resulting
* data into the specified context buffers. * data into the specified context buffers.
* *
* \param ctx context to use * \param ctx context to use
* \param header header string to seek and expect * \param header header string to seek and expect
* \param footer footer string to seek and expect * \param footer footer string to seek and expect
* \param data source data to look in * \param data source data to look in
* \param pwd password for decryption (can be NULL) * \param pwd password for decryption (can be NULL)
* \param pwdlen length of password * \param pwdlen length of password
* \param use_len destination for total length used (set after header is * \param use_len destination for total length used
* correctly read, so unless you get
* POLARSSL_ERR_PEM_BAD_INPUT_DATA or
* POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
* the length to skip)
* *
* \return 0 on success, ior a specific PEM error code * \return 0 on success, ior a specific PEM error code
*/ */
int pem_read_buffer( pem_context *ctx, char *header, char *footer, int pem_read_buffer( pem_context *ctx, char *header, char *footer,
const unsigned char *data, const unsigned char *data,
const unsigned char *pwd, const unsigned char *pwd,
size_t pwdlen, size_t *use_len ); size_t pwdlen, size_t *use_len );
/** /**
* \brief PEM context memory freeing * \brief PEM context memory freeing
 End of changes. 4 change blocks. 
8 lines changed or deleted 3 lines changed or added


 pkcs11.h   pkcs11.h 
skipping to change at line 40 skipping to change at line 40
#define POLARSSL_PKCS11_H #define POLARSSL_PKCS11_H
#include "config.h" #include "config.h"
#if defined(POLARSSL_PKCS11_C) #if defined(POLARSSL_PKCS11_C)
#include "x509.h" #include "x509.h"
#include <pkcs11-helper-1.0/pkcs11h-certificate.h> #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
#if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline
#endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */
/** /**
* Context for PKCS #11 private keys. * Context for PKCS #11 private keys.
*/ */
typedef struct { typedef struct {
pkcs11h_certificate_t pkcs11h_cert; pkcs11h_certificate_t pkcs11h_cert;
int len; int len;
} pkcs11_context; } pkcs11_context;
/** /**
* Fill in a PolarSSL certificate, based on the given PKCS11 helper certifi cate. * Fill in a PolarSSL certificate, based on the given PKCS11 helper certifi cate.
skipping to change at line 124 skipping to change at line 132
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/ */
int pkcs11_sign( pkcs11_context *ctx, int pkcs11_sign( pkcs11_context *ctx,
int mode, int mode,
int hash_id, int hash_id,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/**
* SSL/TLS wrappers for PKCS#11 functions
*/
static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
unsigned int output_max_len )
{
return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, outpu
t,
output_max_len );
}
static inline int ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p
_rng,
int mode, int hash_id, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
((void) f_rng);
((void) p_rng);
return pkcs11_sign( (pkcs11_context *) ctx, mode, hash_id,
hashlen, hash, sig );
}
static inline size_t ssl_pkcs11_key_len( void *ctx )
{
return ( (pkcs11_context *) ctx )->len;
}
#endif /* POLARSSL_PKCS11_C */ #endif /* POLARSSL_PKCS11_C */
#endif /* POLARSSL_PKCS11_H */ #endif /* POLARSSL_PKCS11_H */
 End of changes. 2 change blocks. 
0 lines changed or deleted 37 lines changed or added


 rsa.h   rsa.h 
skipping to change at line 117 skipping to change at line 117
) )
#define ASN1_HASH_SHA1 \ #define ASN1_HASH_SHA1 \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \
ASN1_STR_OID "\x05" \ ASN1_STR_OID "\x05" \
OID_HASH_ALG_SHA1 \ OID_HASH_ALG_SHA1 \
ASN1_STR_NULL "\x00" \ ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x14" ASN1_STR_OCTET_STRING "\x14"
#define ASN1_HASH_SHA1_ALT \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x1F" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x07" \
ASN1_STR_OID "\x05" \
OID_HASH_ALG_SHA1 \
ASN1_STR_OCTET_STRING "\x14"
#define ASN1_HASH_SHA2X \ #define ASN1_HASH_SHA2X \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
ASN1_STR_OID "\x09" \ ASN1_STR_OID "\x09" \
OID_HASH_ALG_SHA2X \ OID_HASH_ALG_SHA2X \
ASN1_STR_NULL "\x00" \ ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x00" ASN1_STR_OCTET_STRING "\x00"
/** /**
* \brief RSA context structure * \brief RSA context structure
 End of changes. 1 change blocks. 
0 lines changed or deleted 7 lines changed or added


 sha1.h   sha1.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA1_H #ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H #define POLARSSL_SHA1_H
#include <string.h> #include <string.h>
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/w rite error in file. */ #define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/w rite error in file. */
/** /**
* \brief SHA-1 context structure * \brief SHA-1 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
unsigned long state[5]; /*!< intermediate digest state */ uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
} }
sha1_context; sha1_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
skipping to change at line 148 skipping to change at line 155
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char output[20] ); unsigned char output[20] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int sha1_self_test( int verbose ); int sha1_self_test( int verbose );
/* Internal use */
void sha1_process( sha1_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* sha1.h */ #endif /* sha1.h */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 sha2.h   sha2.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA2_H #ifndef POLARSSL_SHA2_H
#define POLARSSL_SHA2_H #define POLARSSL_SHA2_H
#include <string.h> #include <string.h>
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/w rite error in file. */ #define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/w rite error in file. */
/** /**
* \brief SHA-256 context structure * \brief SHA-256 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
unsigned long state[8]; /*!< intermediate digest state */ uint32_t state[8]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
int is224; /*!< 0 => SHA-256, else SHA-224 */ int is224; /*!< 0 => SHA-256, else SHA-224 */
} }
sha2_context; sha2_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
skipping to change at line 156 skipping to change at line 163
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 ); unsigned char output[32], int is224 );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int sha2_self_test( int verbose ); int sha2_self_test( int verbose );
/* Internal use */
void sha2_process( sha2_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* sha2.h */ #endif /* sha2.h */
 End of changes. 3 change blocks. 
5 lines changed or deleted 9 lines changed or added


 sha4.h   sha4.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA4_H #ifndef POLARSSL_SHA4_H
#define POLARSSL_SHA4_H #define POLARSSL_SHA4_H
#include <string.h> #include <string.h>
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/w
rite error in file. */
#if defined(_MSC_VER) || defined(__WATCOMC__) #if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64 #define UL64(x) x##ui64
#define long64 __int64 typedef unsigned __int64 uint64_t;
#else #else
#include <inttypes.h>
#define UL64(x) x##ULL #define UL64(x) x##ULL
#define long64 long long
#endif #endif
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/w
rite error in file. */
/** /**
* \brief SHA-512 context structure * \brief SHA-512 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long64 total[2]; /*!< number of bytes processed */ uint64_t total[2]; /*!< number of bytes processed */
unsigned long64 state[8]; /*!< intermediate digest state */ uint64_t state[8]; /*!< intermediate digest state */
unsigned char buffer[128]; /*!< data block being processed */ unsigned char buffer[128]; /*!< data block being processed */
unsigned char ipad[128]; /*!< HMAC: inner padding */ unsigned char ipad[128]; /*!< HMAC: inner padding */
unsigned char opad[128]; /*!< HMAC: outer padding */ unsigned char opad[128]; /*!< HMAC: outer padding */
int is384; /*!< 0 => SHA-512, else SHA-384 */ int is384; /*!< 0 => SHA-512, else SHA-384 */
} }
sha4_context; sha4_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
 End of changes. 6 change blocks. 
7 lines changed or deleted 7 lines changed or added


 ssl.h   ssl.h 
/** /**
* \file ssl.h * \file ssl.h
* *
* \brief SSL/TLS functions. * \brief SSL/TLS functions.
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2012, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 33 skipping to change at line 33
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SSL_H #ifndef POLARSSL_SSL_H
#define POLARSSL_SSL_H #define POLARSSL_SSL_H
#include <time.h> #include <time.h>
#include "net.h" #include "net.h"
#include "dhm.h"
#include "rsa.h" #include "rsa.h"
#include "md5.h" #include "md5.h"
#include "sha1.h" #include "sha1.h"
#include "sha2.h"
#include "sha4.h"
#include "x509.h" #include "x509.h"
#include "config.h" #include "config.h"
#if defined(POLARSSL_PKCS11_C) #if defined(POLARSSL_DHM_C)
#include "pkcs11.h" #include "dhm.h"
#endif
#if defined(POLARSSL_ZLIB_SUPPORT)
#include "zlib.h"
#endif #endif
#if defined(_MSC_VER) && !defined(inline) #if defined(_MSC_VER) && !defined(inline)
#define inline _inline #define inline _inline
#else #else
#if defined(__ARMCC_VERSION) && !defined(inline) #if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline #define inline __inline
#endif /* __ARMCC_VERSION */ #endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */ #endif /*_MSC_VER */
skipping to change at line 85 skipping to change at line 90
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Pr ocessing of the CertificateRequest handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Pr ocessing of the CertificateRequest handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Pr ocessing of the ServerKeyExchange handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Pr ocessing of the ServerKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Pr ocessing of the ServerHelloDone handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Pr ocessing of the ServerHelloDone handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Pr ocessing of the ClientKeyExchange handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Pr ocessing of the ClientKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Pr ocessing of the ClientKeyExchange handshake message failed in DHM Read Publ ic. */ #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Pr ocessing of the ClientKeyExchange handshake message failed in DHM Read Publ ic. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Pr ocessing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. */ #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Pr ocessing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Pr ocessing of the CertificateVerify handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Pr ocessing of the CertificateVerify handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Pr ocessing of the ChangeCipherSpec handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Pr ocessing of the ChangeCipherSpec handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr ocessing of the Finished handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr ocessing of the Finished handshake message failed. */
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Me mory allocation failed */ #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Me mory allocation failed */
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Ha
rdware acceleration function returned with error */
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Ha
rdware acceleration function skipped / left alone data */
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Pr
ocessing of the compression / decompression failed */
#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Ha
ndshake protocol not within min/max boundaries */
/* /*
* Various constants * Various constants
*/ */
#define SSL_MAJOR_VERSION_3 3 #define SSL_MAJOR_VERSION_3 3
#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ #define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define SSL_IS_CLIENT 0 #define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1 #define SSL_IS_SERVER 1
#define SSL_COMPRESS_NULL 0 #define SSL_COMPRESS_NULL 0
#define SSL_COMPRESS_DEFLATE 1
#define SSL_VERIFY_NONE 0 #define SSL_VERIFY_NONE 0
#define SSL_VERIFY_OPTIONAL 1 #define SSL_VERIFY_OPTIONAL 1
#define SSL_VERIFY_REQUIRED 2 #define SSL_VERIFY_REQUIRED 2
#define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1
#define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1
#define SSL_RENEGOTIATION_ENABLED 0
#define SSL_RENEGOTIATION_DISABLED 1
#define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
#define SSL_LEGACY_BREAK_HANDSHAKE 2
#define SSL_MAX_CONTENT_LEN 16384 #define SSL_MAX_CONTENT_LEN 16384
/* /*
* Allow an extra 512 bytes for the record header * Allow an extra 512 bytes for the record header
* and encryption overhead (counter + MAC + padding). * and encryption overhead (counter + MAC + padding)
* and allow for a maximum of 1024 of compression expansion if
* enabled.
*/
#if defined(POLARSSL_ZLIB_SUPPORT)
#define SSL_COMPRESSION_ADD 1024
#else
#define SSL_COMPRESSION_ADD 0
#endif
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
/*
* Supported ciphersuites (Official IANA names)
*/ */
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) #define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in T
LS 1.2 */
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in T
LS 1.2 */
#define TLS_RSA_WITH_RC4_128_MD5 0x04
#define TLS_RSA_WITH_RC4_128_SHA 0x05
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext
*/
/* /*
* Supported ciphersuites * Supported Signature and Hash algorithms (For TLS 1.2)
*/ */
#define SSL_RSA_RC4_128_MD5 0x04 #define SSL_HASH_NONE 0
#define SSL_RSA_RC4_128_SHA 0x05 #define SSL_HASH_MD5 1
#define SSL_RSA_DES_168_SHA 0x0A #define SSL_HASH_SHA1 2
#define SSL_EDH_RSA_DES_168_SHA 0x16 #define SSL_HASH_SHA224 3
#define SSL_RSA_AES_128_SHA 0x2F #define SSL_HASH_SHA256 4
#define SSL_EDH_RSA_AES_128_SHA 0x33 #define SSL_HASH_SHA384 5
#define SSL_RSA_AES_256_SHA 0x35 #define SSL_HASH_SHA512 6
#define SSL_EDH_RSA_AES_256_SHA 0x39
#define SSL_SIG_RSA 1
#define SSL_RSA_CAMELLIA_128_SHA 0x41
#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
#define SSL_RSA_CAMELLIA_256_SHA 0x84
#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
/* /*
* Message, alert and handshake types * Message, alert and handshake types
*/ */
#define SSL_MSG_CHANGE_CIPHER_SPEC 20 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
#define SSL_MSG_ALERT 21 #define SSL_MSG_ALERT 21
#define SSL_MSG_HANDSHAKE 22 #define SSL_MSG_HANDSHAKE 22
#define SSL_MSG_APPLICATION_DATA 23 #define SSL_MSG_APPLICATION_DATA 23
#define SSL_ALERT_LEVEL_WARNING 1 #define SSL_ALERT_LEVEL_WARNING 1
#define SSL_ALERT_LEVEL_FATAL 2 #define SSL_ALERT_LEVEL_FATAL 2
#define SSL_ALERT_MSG_CLOSE_NOTIFY 0 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
#define SSL_ALERT_MSG_BAD_RECORD_MAC 20 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
#define SSL_ALERT_MSG_DECRYPTION_FAILED 21 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
#define SSL_ALERT_MSG_RECORD_OVERFLOW 22 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
#define SSL_ALERT_MSG_NO_CERT 41 #define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
#define SSL_ALERT_MSG_BAD_CERT 42 #define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
#define SSL_ALERT_MSG_CERT_REVOKED 44 #define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
#define SSL_ALERT_MSG_CERT_EXPIRED 45 #define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
#define SSL_ALERT_MSG_CERT_UNKNOWN 46 #define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
#define SSL_ALERT_MSG_UNKNOWN_CA 48 #define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
#define SSL_ALERT_MSG_ACCESS_DENIED 49 #define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
#define SSL_ALERT_MSG_DECODE_ERROR 50 #define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
#define SSL_ALERT_MSG_DECRYPT_ERROR 51 #define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
#define SSL_ALERT_MSG_INTERNAL_ERROR 80 #define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
#define SSL_ALERT_MSG_USER_CANCELED 90 #define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
#define SSL_HS_HELLO_REQUEST 0 #define SSL_HS_HELLO_REQUEST 0
#define SSL_HS_CLIENT_HELLO 1 #define SSL_HS_CLIENT_HELLO 1
#define SSL_HS_SERVER_HELLO 2 #define SSL_HS_SERVER_HELLO 2
#define SSL_HS_CERTIFICATE 11 #define SSL_HS_CERTIFICATE 11
#define SSL_HS_SERVER_KEY_EXCHANGE 12 #define SSL_HS_SERVER_KEY_EXCHANGE 12
#define SSL_HS_CERTIFICATE_REQUEST 13 #define SSL_HS_CERTIFICATE_REQUEST 13
#define SSL_HS_SERVER_HELLO_DONE 14 #define SSL_HS_SERVER_HELLO_DONE 14
#define SSL_HS_CERTIFICATE_VERIFY 15 #define SSL_HS_CERTIFICATE_VERIFY 15
#define SSL_HS_CLIENT_KEY_EXCHANGE 16 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
#define SSL_HS_FINISHED 20 #define SSL_HS_FINISHED 20
/* /*
* TLS extensions * TLS extensions
*/ */
#define TLS_EXT_SERVERNAME 0 #define TLS_EXT_SERVERNAME 0
#define TLS_EXT_SERVERNAME_HOSTNAME 0 #define TLS_EXT_SERVERNAME_HOSTNAME 0
#define TLS_EXT_SIG_ALG 13
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
* Generic function pointers for allowing external RSA private key
* implementations.
*/
typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len );
typedef int (*rsa_sign_func)( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p
_rng,
int mode, int hash_id, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
typedef size_t (*rsa_key_len_func)( void *ctx );
/* /*
* SSL state machine * SSL state machine
*/ */
typedef enum typedef enum
{ {
SSL_HELLO_REQUEST, SSL_HELLO_REQUEST,
SSL_CLIENT_HELLO, SSL_CLIENT_HELLO,
SSL_SERVER_HELLO, SSL_SERVER_HELLO,
SSL_SERVER_CERTIFICATE, SSL_SERVER_CERTIFICATE,
SSL_SERVER_KEY_EXCHANGE, SSL_SERVER_KEY_EXCHANGE,
SSL_CERTIFICATE_REQUEST, SSL_CERTIFICATE_REQUEST,
SSL_SERVER_HELLO_DONE, SSL_SERVER_HELLO_DONE,
SSL_CLIENT_CERTIFICATE, SSL_CLIENT_CERTIFICATE,
SSL_CLIENT_KEY_EXCHANGE, SSL_CLIENT_KEY_EXCHANGE,
SSL_CERTIFICATE_VERIFY, SSL_CERTIFICATE_VERIFY,
SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_CHANGE_CIPHER_SPEC,
SSL_CLIENT_FINISHED, SSL_CLIENT_FINISHED,
SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_CHANGE_CIPHER_SPEC,
SSL_SERVER_FINISHED, SSL_SERVER_FINISHED,
SSL_FLUSH_BUFFERS, SSL_FLUSH_BUFFERS,
SSL_HANDSHAKE_WRAPUP,
SSL_HANDSHAKE_OVER SSL_HANDSHAKE_OVER
} }
ssl_states; ssl_states;
typedef struct _ssl_session ssl_session; typedef struct _ssl_session ssl_session;
typedef struct _ssl_context ssl_context; typedef struct _ssl_context ssl_context;
typedef struct _ssl_transform ssl_transform;
typedef struct _ssl_handshake_params ssl_handshake_params;
/* /*
* This structure is used for session resuming. * This structure is used for storing current session data.
*/ */
struct _ssl_session struct _ssl_session
{ {
time_t start; /*!< starting time */ time_t start; /*!< starting time */
int ciphersuite; /*!< chosen ciphersuite */ int ciphersuite; /*!< chosen ciphersuite */
int compression; /*!< chosen compression */
size_t length; /*!< session id length */ size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */ unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */ unsigned char master[48]; /*!< the master secret */
ssl_session *next; /*!< next session entry */ x509_cert *peer_cert; /*!< peer X.509 cert chain */
};
/*
* This structure contains a full set of runtime transform parameters
* either in negotiation or active.
*/
struct _ssl_transform
{
/*
* Session specific crypto layer
*/
unsigned int keylen; /*!< symmetric key length */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
size_t maclen; /*!< MAC length */
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
unsigned char mac_enc[32]; /*!< MAC (encryption) */
unsigned char mac_dec[32]; /*!< MAC (decryption) */
uint32_t ctx_enc[136]; /*!< encryption context */
uint32_t ctx_dec[136]; /*!< decryption context */
/*
* Session specific compression layer
*/
#if defined(POLARSSL_ZLIB_SUPPORT)
z_stream ctx_deflate; /*!< compression context */
z_stream ctx_inflate; /*!< decompression context */
#endif
};
/*
* This structure contains the parameters only needed during handshake.
*/
struct _ssl_handshake_params
{
/*
* Handshake specific crypto variables
*/
int sig_alg; /*!< Signature algorithm */
#if defined(POLARSSL_DHM_C)
dhm_context dhm_ctx; /*!< DHM key exchange */
#endif
/*
* Checksum contexts
*/
md5_context fin_md5;
sha1_context fin_sha1;
sha2_context fin_sha2;
sha4_context fin_sha4;
void (*update_checksum)(ssl_context *, unsigned char *, size_t);
void (*calc_verify)(ssl_context *, unsigned char *);
void (*calc_finished)(ssl_context *, unsigned char *, int);
int (*tls_prf)(unsigned char *, size_t, char *,
unsigned char *, size_t,
unsigned char *, size_t);
size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[POLARSSL_MPI_MAX_SIZE];
/*!< premaster secret */
int resume; /*!< session resume indicator*/
}; };
struct _ssl_context struct _ssl_context
{ {
/* /*
* Miscellaneous * Miscellaneous
*/ */
int state; /*!< SSL handshake: current state */ int state; /*!< SSL handshake: current state */
int renegotiation; /*!< Initial or renegotiation */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */ int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
int max_major_ver; /*!< max. major version from client */ int max_major_ver; /*!< max. major version from client */
int max_minor_ver; /*!< max. minor version from client */ int max_minor_ver; /*!< max. minor version from client */
int min_major_ver; /*!< min. major version accepted */
int min_minor_ver; /*!< min. minor version accepted */
/* /*
* Callbacks (RNG, debug, I/O, verification) * Callbacks (RNG, debug, I/O, verification)
*/ */
int (*f_rng)(void *, unsigned char *, size_t); int (*f_rng)(void *, unsigned char *, size_t);
void (*f_dbg)(void *, int, const char *); void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, size_t); int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, const unsigned char *, size_t); int (*f_send)(void *, const unsigned char *, size_t);
int (*f_vrfy)(void *, x509_cert *, int, int); int (*f_vrfy)(void *, x509_cert *, int, int *);
int (*f_get_cache)(void *, ssl_session *);
int (*f_set_cache)(void *, const ssl_session *);
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */ void *p_rng; /*!< context for the RNG function */
void *p_dbg; /*!< context for the debug function */ void *p_dbg; /*!< context for the debug function */
void *p_recv; /*!< context for reading operations */ void *p_recv; /*!< context for reading operations */
void *p_send; /*!< context for writing operations */ void *p_send; /*!< context for writing operations */
void *p_vrfy; /*!< context for verification */ void *p_vrfy; /*!< context for verification */
void *p_get_cache; /*!< context for cache retrieval */
void *p_set_cache; /*!< context for cache store */
void *p_sni; /*!< context for SNI extension */
/* /*
* Session layer * Session layer
*/ */
int resume; /*!< session resuming flag */ ssl_session *session_in; /*!< current session data (in) *
int timeout; /*!< sess. expiration time */ /
ssl_session *session; /*!< current session data */ ssl_session *session_out; /*!< current session data (out) *
int (*s_get)(ssl_context *); /*!< (server) get callback */ /
int (*s_set)(ssl_context *); /*!< (server) set callback */ ssl_session *session; /*!< negotiated session data *
/
ssl_session *session_negotiate; /*!< session data in negotiation *
/
ssl_handshake_params *handshake; /*!< params required only during
the handshake process
*/
/*
* Record layer transformations
*/
ssl_transform *transform_in; /*!< current transform params (in)
*/
ssl_transform *transform_out; /*!< current transform params (in)
*/
ssl_transform *transform; /*!< negotiated transform params
*/
ssl_transform *transform_negotiate; /*!< transform params in negotiati
on */
/* /*
* Record layer (incoming data) * Record layer (incoming data)
*/ */
unsigned char *in_ctr; /*!< 64-bit incoming message counter */ unsigned char *in_ctr; /*!< 64-bit incoming message counter */
unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */ unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
unsigned char *in_msg; /*!< the message contents (in_hdr+5) */ unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
unsigned char *in_offt; /*!< read offset in application data */ unsigned char *in_offt; /*!< read offset in application data */
int in_msgtype; /*!< record header: message type */ int in_msgtype; /*!< record header: message type */
skipping to change at line 277 skipping to change at line 457
size_t in_left; /*!< amount of data read so far */ size_t in_left; /*!< amount of data read so far */
size_t in_hslen; /*!< current handshake message length */ size_t in_hslen; /*!< current handshake message length */
int nb_zero; /*!< # of 0-length encrypted messages */ int nb_zero; /*!< # of 0-length encrypted messages */
/* /*
* Record layer (outgoing data) * Record layer (outgoing data)
*/ */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
unsigned char *out_msg; /*!< the message contents (out_hdr+5) */ unsigned char *out_msg; /*!< the message contents (out_hdr+32)*/
int out_msgtype; /*!< record header: message type */ int out_msgtype; /*!< record header: message type */
size_t out_msglen; /*!< record header: message length */ size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */ size_t out_left; /*!< amount of data not yet written */
/* /*
* PKI layer * PKI layer
*/ */
rsa_context *rsa_key; /*!< own RSA private key */ void *rsa_key; /*!< own RSA private key */
#if defined(POLARSSL_PKCS11_C) rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
pkcs11_context *pkcs11_key; /*!< own PKCS#11 RSA private key * rsa_sign_func rsa_sign; /*!< function for RSA sign */
/ rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/
#endif
x509_cert *own_cert; /*!< own X.509 certificate */ x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */ x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */ x509_crl *ca_crl; /*!< trusted CA CRLs */
x509_cert *peer_cert; /*!< peer X.509 cert chain */
const char *peer_cn; /*!< expected peer CN */ const char *peer_cn; /*!< expected peer CN */
/*
* User settings
*/
int endpoint; /*!< 0: client, 1: server */ int endpoint; /*!< 0: client, 1: server */
int authmode; /*!< verification mode */ int authmode; /*!< verification mode */
int client_auth; /*!< flag for client auth. */ int client_auth; /*!< flag for client auth. */
int verify_result; /*!< verification result */ int verify_result; /*!< verification result */
int disable_renegotiation; /*!< enable/disable renegotiation
/* */
* Crypto layer int allow_legacy_renegotiation; /*!< allow legacy renegotiation
*/ */
dhm_context dhm_ctx; /*!< DHM key exchange */ const int *ciphersuites; /*!< allowed ciphersuites */
md5_context fin_md5; /*!< Finished MD5 checksum */
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */ #if defined(POLARSSL_DHM_C)
mpi dhm_P; /*!< prime modulus for DHM */
int do_crypt; /*!< en(de)cryption flag */ mpi dhm_G; /*!< generator for DHM */
int *ciphersuites; /*!< allowed ciphersuites */ #endif
size_t pmslen; /*!< premaster length */
unsigned int keylen; /*!< symmetric key length */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
size_t maclen; /*!< MAC length */
unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[256]; /*!< premaster secret */
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
unsigned char mac_enc[32]; /*!< MAC (encryption) */
unsigned char mac_dec[32]; /*!< MAC (decryption) */
unsigned long ctx_enc[128]; /*!< encryption context */
unsigned long ctx_dec[128]; /*!< decryption context */
/* /*
* TLS extensions * TLS extensions
*/ */
unsigned char *hostname; unsigned char *hostname;
size_t hostname_len; size_t hostname_len;
/*
* Secure renegotiation
*/
int secure_renegotiation; /*!< does peer support legacy or
secure renegotiation
*/
size_t verify_data_len; /*!< length of verify data stored
*/
char own_verify_data[36]; /*!< previous handshake verify dat
a */
char peer_verify_data[36]; /*!< previous handshake verify dat
a */
}; };
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern int ssl_default_ciphersuites[]; extern const int ssl_default_ciphersuites[];
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
extern int (*ssl_hw_record_init)(ssl_context *ssl,
const unsigned char *key_enc, const unsigned char *key_dec,
const unsigned char *iv_enc, const unsigned char *iv_dec,
const unsigned char *mac_enc, const unsigned char *mac_dec)
;
extern int (*ssl_hw_record_reset)(ssl_context *ssl);
extern int (*ssl_hw_record_write)(ssl_context *ssl);
extern int (*ssl_hw_record_read)(ssl_context *ssl);
extern int (*ssl_hw_record_finish)(ssl_context *ssl);
#endif
/** /**
* \brief Returns the list of ciphersuites supported by the SSL/TLS module. * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
* *
* \return a statically allocated array of ciphersuites, the l ast * \return a statically allocated array of ciphersuites, the l ast
* entry is 0. * entry is 0.
*/ */
static inline const int *ssl_list_ciphersuites( void ) static inline const int *ssl_list_ciphersuites( void )
{ {
return ssl_default_ciphersuites; return ssl_default_ciphersuites;
skipping to change at line 388 skipping to change at line 572
* memory allocation failed * memory allocation failed
*/ */
int ssl_init( ssl_context *ssl ); int ssl_init( ssl_context *ssl );
/** /**
* \brief Reset an already initialized SSL context for re-use * \brief Reset an already initialized SSL context for re-use
* while retaining application-set variables, function * while retaining application-set variables, function
* pointers and data. * pointers and data.
* *
* \param ssl SSL context * \param ssl SSL context
* \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
* POLARSSL_ERR_SSL_COMPRESSION_FAILED
*/ */
void ssl_session_reset( ssl_context *ssl ); int ssl_session_reset( ssl_context *ssl );
/** /**
* \brief Set the current endpoint type * \brief Set the current endpoint type
* *
* \param ssl SSL context * \param ssl SSL context
* \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
*/ */
void ssl_set_endpoint( ssl_context *ssl, int endpoint ); void ssl_set_endpoint( ssl_context *ssl, int endpoint );
/** /**
skipping to change at line 421 skipping to change at line 608
* handshake is complete. * handshake is complete.
* *
* SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
* handshake is aborted if verification failed. * handshake is aborted if verification failed.
*/ */
void ssl_set_authmode( ssl_context *ssl, int authmode ); void ssl_set_authmode( ssl_context *ssl, int authmode );
/** /**
* \brief Set the verification callback (Optional). * \brief Set the verification callback (Optional).
* *
* If set, the verification callback is called once for eve * If set, the verify callback is called for each
ry * certificate in the chain. For implementation
* certificate in the chain. The verification function has * information, please see \c x509parse_verify()
the
* following parameter: (void *parameter, x509_cert certifi
cate,
* int certifcate_depth, int preverify_ok). It should
* return 0 on SUCCESS.
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_vrfy verification function * \param f_vrfy verification function
* \param p_vrfy verification parameter * \param p_vrfy verification parameter
*/ */
void ssl_set_verify( ssl_context *ssl, void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int), int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy ); void *p_vrfy );
/** /**
* \brief Set the random number generator callback * \brief Set the random number generator callback
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
*/ */
void ssl_set_rng( ssl_context *ssl, void ssl_set_rng( ssl_context *ssl,
skipping to change at line 471 skipping to change at line 656
* \param f_recv read callback * \param f_recv read callback
* \param p_recv read parameter * \param p_recv read parameter
* \param f_send write callback * \param f_send write callback
* \param p_send write parameter * \param p_send write parameter
*/ */
void ssl_set_bio( ssl_context *ssl, void ssl_set_bio( ssl_context *ssl,
int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
int (*f_send)(void *, const unsigned char *, size_t), void *p_send ); int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
/** /**
* \brief Set the session callbacks (server-side only) * \brief Set the session cache callbacks (server-side only)
* If not set, no session resuming is done.
* *
* \param ssl SSL context * The session cache has the responsibility to check for st
* \param s_get session get callback ale
* \param s_set session set callback * entries based on timeout. See RFC 5246 for recommendatio
*/ ns.
void ssl_set_scb( ssl_context *ssl, *
int (*s_get)(ssl_context *), * Warning: session.peer_cert is cleared by the SSL/TLS lay
int (*s_set)(ssl_context *) ); er on
* connection shutdown, so do not cache the pointer! Either
/** set
* \brief Set the session resuming flag, timeout and data * it to NULL or make a full copy of the certificate.
*
* The get callback is called once during the initial hands
hake
* to enable session resuming. The get function has the
* following parameters: (void *parameter, ssl_session *ses
sion)
* If a valid entry is found, it should fill the master of
* the session object with the cached values and return 0,
* return 1 otherwise. Optionally peer_cert can be set as w
ell
* if it is properly present in cache entry.
*
* The set callback is called once during the initial hands
hake
* to enable session resuming after the entire handshake ha
s
* been finished. The set function has the following parame
ters:
* (void *parameter, const ssl_session *session). The funct
ion
* should create a cache entry for future retrieval based o
n
* the data in the session structure and should keep in min
d
* that the ssl_session object presented (and all its refer
enced
* data) is cleared by the SSL/TLS layer when the connectio
n is
* terminated. It is recommended to add metadata to determi
ne if
* an entry is still valid in the future. Return 0 if
* successfully cached, return 0 otherwise.
*
* \param ssl SSL context
* \param f_get_cache session get callback
* \param p_get_cache session get parameter
* \param f_set_cache session set callback
* \param p_set_cache session set parameter
*/
void ssl_set_session_cache( ssl_context *ssl,
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache
);
/**
* \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure.
*
* Warning: session.peer_cert is cleared by the SSL/TLS lay
er on
* connection shutdown, so do not cache the pointer! Either
set
* it to NULL or make a full copy of the certificate when
* storing the session for use in this function.
* *
* \param ssl SSL context * \param ssl SSL context
* \param resume if 0 (default), the session will not be resumed
* \param timeout session timeout in seconds, or 0 (no timeout)
* \param session session context * \param session session context
*/ */
void ssl_set_session( ssl_context *ssl, int resume, int timeout, void ssl_set_session( ssl_context *ssl, const ssl_session *session );
ssl_session *session );
/** /**
* \brief Set the list of allowed ciphersuites * \brief Set the list of allowed ciphersuites
* *
* \param ssl SSL context * \param ssl SSL context
* \param ciphersuites 0-terminated list of allowed ciphersuites * \param ciphersuites 0-terminated list of allowed ciphersuites
*/ */
void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites ); void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
* \param ssl SSL context * \param ssl SSL context
* \param ca_chain trusted CA chain * \param ca_chain trusted CA chain
* \param ca_crl trusted CA CRLs * \param ca_crl trusted CA CRLs
* \param peer_cn expected peer CommonName (or NULL) * \param peer_cn expected peer CommonName (or NULL)
* *
* \note TODO: add two more parameters: depth and crl * \note TODO: add two more parameters: depth and crl
skipping to change at line 523 skipping to change at line 741
/** /**
* \brief Set own certificate and private key * \brief Set own certificate and private key
* *
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate * \param own_cert own public certificate
* \param rsa_key own private RSA key * \param rsa_key own private RSA key
*/ */
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key ); rsa_context *rsa_key );
#if defined(POLARSSL_PKCS11_C)
/** /**
* \brief Set own certificate and PKCS#11 private key * \brief Set own certificate and alternate non-PolarSSL private
* key and handling callbacks, such as the PKCS#11 wrappers
* or any other external private key handler.
* (see the respective RSA functions in rsa.h for documenta
tion
* of the callback parameters, with the only change being
* that the rsa_context * is a void * in the callbacks)
* *
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate * \param own_cert own public certificate
* \param pkcs11_key own PKCS#11 RSA key * \param rsa_key alternate implementation private RSA key
*/ * \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decryp
void ssl_set_own_cert_pkcs11( ssl_context *ssl, x509_cert *own_cert, t()
pkcs11_context *pkcs11_key ); * \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
#endif * \param rsa_key_len_func function returning length of RSA key in bytes
*/
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
void *rsa_key,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
#if defined(POLARSSL_DHM_C)
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator * \param dhm_G Diffie-Hellman-Merkle generator
* *
* \return 0 if successful * \return 0 if successful
*/ */
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_ G ); int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_ G );
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read from existing context (server-side only) * read from existing context (server-side only)
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_ctx Diffie-Hellman-Merkle context * \param dhm_ctx Diffie-Hellman-Merkle context
* *
* \return 0 if successful * \return 0 if successful
*/ */
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx ); int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#endif
/** /**
* \brief Set hostname for ServerName TLS Extension * \brief Set hostname for ServerName TLS extension
* (client-side only)
* *
* *
* \param ssl SSL context * \param ssl SSL context
* \param hostname the server hostname * \param hostname the server hostname
* *
* \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
*/ */
int ssl_set_hostname( ssl_context *ssl, const char *hostname ); int ssl_set_hostname( ssl_context *ssl, const char *hostname );
/** /**
* \brief Set server side ServerName TLS extension callback
* (optional, server-side only).
*
* If set, the ServerName callback is called whenever the
* server receives a ServerName TLS extension from the clie
nt
* during a handshake. The ServerName callback has the
* following parameters: (void *parameter, ssl_context *ssl
,
* const unsigned char *hostname, size_t len). If a suitabl
e
* certificate is found, the callback should set the
* certificate and key to use with ssl_set_own_cert() (and
* possibly adjust the CA chain as well) and return 0. The
* callback should return -1 to abort the handshake at this
* point.
*
* \param ssl SSL context
* \param f_sni verification function
* \param p_sni verification parameter
*/
void ssl_set_sni( ssl_context *ssl,
int (*f_sni)(void *, ssl_context *, const unsigned char *
,
size_t),
void *p_sni );
/**
* \brief Set the maximum supported version sent from the client s ide * \brief Set the maximum supported version sent from the client s ide
* *
* \param ssl SSL context * \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported ) * \param major Major version number (only SSL_MAJOR_VERSION_3 supported )
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported) * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported)
*/ */
void ssl_set_max_version( ssl_context *ssl, int major, int minor ); void ssl_set_max_version( ssl_context *ssl, int major, int minor );
/** /**
* \brief Set the minimum accepted SSL/TLS protocol version
* (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0)
*
* \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported
)
* \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported)
*/
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
/**
* \brief Enable / Disable renegotiation support for connection wh
en
* initiated by peer
* (Default: SSL_RENEGOTIATION_DISABLED)
*
* Note: A server with support enabled is more vulnerable f
or a
* resource DoS by a malicious client.
*
* \param ssl SSL context
* \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
* SSL_RENEGOTIATION_DISABLED)
*/
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
/**
* \brief Prevent or allow legacy renegotiation.
* (Default: SSL_LEGACY_NO_RENEGOTIATION)
*
* SSL_LEGACY_NO_RENEGOTIATION allows connections to
* be established even if the peer does not support
* secure renegotiation, but does not allow renegotiation
* to take place if not secure.
* (Interoperable and secure option)
*
* SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
* with non-upgraded peers. Allowing legacy renegotiation
* makes the connection vulnerable to specific man in the
* middle attacks. (See RFC 5746)
* (Most interoperable and least secure option)
*
* SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
* if peer does not support secure renegotiation. Results
* in interoperability issues with non-upgraded peers
* that do not support renegotiation altogether.
* (Most secure option, interoperability issues)
*
* \param ssl SSL context
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION or
* SSL_ALLOW_LEGACY_RENEGOTIATION)
*/
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/**
* \brief Return the number of data bytes available to read * \brief Return the number of data bytes available to read
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return how many bytes are available in the read buffer * \return how many bytes are available in the read buffer
*/ */
size_t ssl_get_bytes_avail( const ssl_context *ssl ); size_t ssl_get_bytes_avail( const ssl_context *ssl );
/** /**
* \brief Return the result of the certificate verification * \brief Return the result of the certificate verification
skipping to change at line 620 skipping to change at line 930
/** /**
* \brief Return the current SSL version (SSLv3/TLSv1/etc) * \brief Return the current SSL version (SSLv3/TLSv1/etc)
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return a string containing the SSL version * \return a string containing the SSL version
*/ */
const char *ssl_get_version( const ssl_context *ssl ); const char *ssl_get_version( const ssl_context *ssl );
/** /**
* \brief Return the peer certificate from the current connection
*
* Note: Can be NULL in case no certificate was sent during
* the handshake. Different calls for the same connection c
an
* return the same or different pointers for the same
* certificate and even a different certificate altogether.
* The peer cert CAN change in a single connection if
* renegotiation is performed.
*
* \param ssl SSL context
*
* \return the current peer certificate
*/
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
/**
* \brief Perform the SSL handshake * \brief Perform the SSL handshake
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, POLARSSL_ERR_NET_WANT_READ, * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
* POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod e. * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod e.
*/ */
int ssl_handshake( ssl_context *ssl ); int ssl_handshake( ssl_context *ssl );
/** /**
* \brief Perform an SSL renegotiation on the running connection
*
* \param ssl SSL context
*
* \return 0 if succesful, or any ssl_handshake() return value.
*/
int ssl_renegotiate( ssl_context *ssl );
/**
* \brief Read at most 'len' application data bytes * \brief Read at most 'len' application data bytes
* *
* \param ssl SSL context * \param ssl SSL context
* \param buf buffer that will hold the data * \param buf buffer that will hold the data
* \param len how many bytes must be read * \param len how many bytes must be read
* *
* \return This function returns the number of bytes read, 0 for EO F, * \return This function returns the number of bytes read, 0 for EO F,
* or a negative error code. * or a negative error code.
*/ */
int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ); int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
skipping to change at line 658 skipping to change at line 993
* \return This function returns the number of bytes written, * \return This function returns the number of bytes written,
* or a negative error code. * or a negative error code.
* *
* \note When this function returns POLARSSL_ERR_NET_WANT_WRITE, * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
* it must be called later with the *same* arguments, * it must be called later with the *same* arguments,
* until it returns a positive value. * until it returns a positive value.
*/ */
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ); int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
/** /**
* \brief Send an alert message
*
* \param ssl SSL context
* \param level The alert level of the message
* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
* \param message The alert message (SSL_ALERT_MSG_*)
*
* \return 1 if successful, or a specific SSL error code.
*/
int ssl_send_alert_message( ssl_context *ssl,
unsigned char level,
unsigned char message );
/**
* \brief Notify the peer that the connection is being closed * \brief Notify the peer that the connection is being closed
* *
* \param ssl SSL context * \param ssl SSL context
*/ */
int ssl_close_notify( ssl_context *ssl ); int ssl_close_notify( ssl_context *ssl );
/** /**
* \brief Free an SSL context * \brief Free referenced items in an SSL context and clear memory
* *
* \param ssl SSL context * \param ssl SSL context
*/ */
void ssl_free( ssl_context *ssl ); void ssl_free( ssl_context *ssl );
/**
* \brief Free referenced items in an SSL session including the
* peer certificate and clear memory
*
* \param session SSL session
*/
void ssl_session_free( ssl_session *session );
/**
* \brief Free referenced items in an SSL transform context and c
lear
* memory
*
* \param transform SSL transform context
*/
void ssl_transform_free( ssl_transform *transform );
/**
* \brief Free referenced items in an SSL handshake context and c
lear
* memory
*
* \param handshake SSL handshake context
*/
void ssl_handshake_free( ssl_handshake_params *handshake );
/* /*
* Internal functions (do not call directly) * Internal functions (do not call directly)
*/ */
int ssl_handshake_client( ssl_context *ssl ); int ssl_handshake_client( ssl_context *ssl );
int ssl_handshake_server( ssl_context *ssl ); int ssl_handshake_server( ssl_context *ssl );
void ssl_handshake_wrapup( ssl_context *ssl );
int ssl_send_fatal_handshake_failure( ssl_context *ssl );
int ssl_derive_keys( ssl_context *ssl ); int ssl_derive_keys( ssl_context *ssl );
void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
int ssl_read_record( ssl_context *ssl ); int ssl_read_record( ssl_context *ssl );
/** /**
* \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or * \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
* another negative error code. * another negative error code.
*/ */
int ssl_fetch_input( ssl_context *ssl, size_t nb_want ); int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
int ssl_write_record( ssl_context *ssl ); int ssl_write_record( ssl_context *ssl );
int ssl_flush_output( ssl_context *ssl ); int ssl_flush_output( ssl_context *ssl );
int ssl_parse_certificate( ssl_context *ssl ); int ssl_parse_certificate( ssl_context *ssl );
int ssl_write_certificate( ssl_context *ssl ); int ssl_write_certificate( ssl_context *ssl );
int ssl_parse_change_cipher_spec( ssl_context *ssl ); int ssl_parse_change_cipher_spec( ssl_context *ssl );
int ssl_write_change_cipher_spec( ssl_context *ssl ); int ssl_write_change_cipher_spec( ssl_context *ssl );
int ssl_parse_finished( ssl_context *ssl ); int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl ); int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* ssl.h */ #endif /* ssl.h */
 End of changes. 58 change blocks. 
125 lines changed or deleted 552 lines changed or added


 version.h   version.h 
/** /**
* \file version.h * \file version.h
* *
* \brief Run-time version information * \brief Run-time version information
* *
* Copyright (C) 2006-2013, Brainspark B.V. * Copyright (C) 2006-2012, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 41 skipping to change at line 41
#ifndef POLARSSL_VERSION_H #ifndef POLARSSL_VERSION_H
#define POLARSSL_VERSION_H #define POLARSSL_VERSION_H
#include "config.h" #include "config.h"
/** /**
* The version number x.y.z is split into three parts. * The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 1 #define POLARSSL_VERSION_MINOR 2
#define POLARSSL_VERSION_PATCH 8 #define POLARSSL_VERSION_PATCH 0
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define POLARSSL_VERSION_NUMBER 0x01010800 #define POLARSSL_VERSION_NUMBER 0x01020000
#define POLARSSL_VERSION_STRING "1.1.8" #define POLARSSL_VERSION_STRING "1.2.0"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.1.8" #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.0"
#if defined(POLARSSL_VERSION_C) #if defined(POLARSSL_VERSION_C)
/** /**
* Get the version number. * Get the version number.
* *
* \return The constructed version number in the format * \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch). * MMNNPP00 (Major, Minor, Patch).
*/ */
unsigned int version_get_number( void ); unsigned int version_get_number( void );
 End of changes. 3 change blocks. 
6 lines changed or deleted 6 lines changed or added


 x509.h   x509.h 
skipping to change at line 79 skipping to change at line 79
* \{ * \{
*/ */
#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ #define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
#define BADCERT_REVOKED 0x02 /**< The certificate has been rev oked (is on a CRL). */ #define BADCERT_REVOKED 0x02 /**< The certificate has been rev oked (is on a CRL). */
#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ #define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not corre ctly signed by the trusted CA. */ #define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not corre ctly signed by the trusted CA. */
#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */ #define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */ #define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */ #define BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ #define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
/* \} name */ /* \} name */
/* \} addtogroup x509_module */ /* \} addtogroup x509_module */
/* /*
* various object identifiers * various object identifiers
*/ */
#define X520_COMMON_NAME 3 #define X520_COMMON_NAME 3
#define X520_COUNTRY 6 #define X520_COUNTRY 6
#define X520_LOCALITY 7 #define X520_LOCALITY 7
#define X520_STATE 8 #define X520_STATE 8
skipping to change at line 101 skipping to change at line 102
#define PKCS9_EMAIL 1 #define PKCS9_EMAIL 1
#define X509_OUTPUT_DER 0x01 #define X509_OUTPUT_DER 0x01
#define X509_OUTPUT_PEM 0x02 #define X509_OUTPUT_PEM 0x02
#define PEM_LINE_LENGTH 72 #define PEM_LINE_LENGTH 72
#define X509_ISSUER 0x01 #define X509_ISSUER 0x01
#define X509_SUBJECT 0x02 #define X509_SUBJECT 0x02
#define OID_X520 "\x55\x04" #define OID_X520 "\x55\x04"
#define OID_CN OID_X520 "\x03" #define OID_CN OID_X520 "\x03"
#define OID_COUNTRY OID_X520 "\x06"
#define OID_LOCALITY OID_X520 "\x07"
#define OID_STATE OID_X520 "\x08"
#define OID_ORGANIZATION OID_X520 "\x0A"
#define OID_ORG_UNIT OID_X520 "\x0B"
#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01" #define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
#define OID_PKCS1_RSA OID_PKCS1 "\x01" #define OID_PKCS1_RSA OID_PKCS1 "\x01"
#define OID_PKCS1_SHA1 OID_PKCS1 "\x05"
#define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" #define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09" #define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" #define OID_PKCS9_EMAIL OID_PKCS9 "\x01"
/** ISO arc for standard certificate and CRL extensions */ /** ISO arc for standard certificate and CRL extensions */
#define OID_ID_CE "\x55\x1D" /**< id-ce OBJECT IDENTIFIER :: = {joint-iso-ccitt(2) ds(5) 29} */ #define OID_ID_CE "\x55\x1D" /**< id-ce OBJECT IDENTIFIER :: = {joint-iso-ccitt(2) ds(5) 29} */
/** /**
skipping to change at line 302 skipping to change at line 309
x509_time valid_from; /**< Start time of certificate validity. */ x509_time valid_from; /**< Start time of certificate validity. */
x509_time valid_to; /**< End time of certificate validity. */ x509_time valid_to; /**< End time of certificate validity. */
x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */ x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */
rsa_context rsa; /**< Container for the RSA context. Only RS A is supported for public keys at this time. */ rsa_context rsa; /**< Container for the RSA context. Only RS A is supported for public keys at this time. */
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique ide ntifier. */ x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique ide ntifier. */
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique id entifier. */ x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique id entifier. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Bas ic Contraints are supported at this time. */ x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Bas ic Contraints are supported at this time. */
x509_sequence subject_alt_names; /**< Optional list of Subject Alter native Names (Only dNSName supported). */
int ext_types; /**< Bit string containing detected and par sed extensions */ int ext_types; /**< Bit string containing detected and par sed extensions */
int ca_istrue; /**< Optional Basic Constraint extension va lue: 1 if this certificate belongs to a CA, 0 otherwise. */ int ca_istrue; /**< Optional Basic Constraint extension va lue: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension va lue: The maximum path length to the root certificate. */ int max_pathlen; /**< Optional Basic Constraint extension va lue: The maximum path length to the root certificate. Path length is 1 high er than RFC 5280 'meaning', so 1+ */
unsigned char key_usage; /**< Optional key usage extension value: Se e the values below */ unsigned char key_usage; /**< Optional key usage extension value: Se e the values below */
x509_sequence ext_key_usage; /**< Optional list of extended key usage O IDs. */ x509_sequence ext_key_usage; /**< Optional list of extended key usage O IDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type ext ension value: See the values below */ unsigned char ns_cert_type; /**< Optional Netscape certificate type ext ension value: See the values below */
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oi d1. */ x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oi d1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
int sig_alg; /**< Internal representation of the signatu re algorithm, e.g. SIG_RSA_MD2 */ int sig_alg; /**< Internal representation of the signatu re algorithm, e.g. SIG_RSA_MD2 */
skipping to change at line 419 skipping to change at line 427
extern "C" { extern "C" {
#endif #endif
/** /**
* \name Functions to read in DHM parameters, a certificate, CRL or private RSA key * \name Functions to read in DHM parameters, a certificate, CRL or private RSA key
* \{ * \{
*/ */
/** \ingroup x509_module */ /** \ingroup x509_module */
/** /**
* \brief Parse a single DER formatted certificate and add it
* to the chained list.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate DER data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t b
uflen );
/**
* \brief Parse one or more certificates and add them * \brief Parse one or more certificates and add them
* to the chained list. Parses permissively. If some * to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number * certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete * of failed certificates it encountered. If none complete
* correctly, the first error is returned. * correctly, the first error is returned.
* *
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param buf buffer holding the certificate data * \param buf buffer holding the certificate data
* \param buflen size of the buffer * \param buflen size of the buffer
* *
skipping to change at line 464 skipping to change at line 460
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param path filename to read the certificates from * \param path filename to read the certificates from
* *
* \return 0 if all certificates parsed successfully, a positive nu mber * \return 0 if all certificates parsed successfully, a positive nu mber
* if partly successful or a specific X509 or PEM error cod e * if partly successful or a specific X509 or PEM error cod e
*/ */
int x509parse_crtfile( x509_cert *chain, const char *path ); int x509parse_crtfile( x509_cert *chain, const char *path );
/** \ingroup x509_module */ /** \ingroup x509_module */
/** /**
* \brief Load one or more certificate files from a path and add t
hem
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param path directory / folder to read the certificate files from
*
* \return 0 if all certificates parsed successfully, a positive nu
mber
* if partly successful or a specific X509 or PEM error cod
e
*/
int x509parse_crtpath( x509_cert *chain, const char *path );
/** \ingroup x509_module */
/**
* \brief Parse one or more CRLs and add them * \brief Parse one or more CRLs and add them
* to the chained list * to the chained list
* *
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param buf buffer holding the CRL data * \param buf buffer holding the CRL data
* \param buflen size of the buffer * \param buflen size of the buffer
* *
* \return 0 if successful, or a specific X509 or PEM error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ); int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
skipping to change at line 631 skipping to change at line 643
/** /**
* \brief Give an known OID, return its descriptive string. * \brief Give an known OID, return its descriptive string.
* *
* \param oid buffer containing the oid * \param oid buffer containing the oid
* *
* \return Return a string if the OID is known, * \return Return a string if the OID is known,
* or NULL otherwise. * or NULL otherwise.
*/ */
const char *x509_oid_get_description( x509_buf *oid ); const char *x509_oid_get_description( x509_buf *oid );
/** /*
* \brief Give an OID, return a string version of its OID number. * \brief Give an OID, return a string version of its OID number.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param oid Buffer containing the OID * \param oid Buffer containing the OID
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ); int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
skipping to change at line 662 skipping to change at line 674
int x509parse_time_expired( const x509_time *time ); int x509parse_time_expired( const x509_time *time );
/** /**
* \name Functions to verify a certificate * \name Functions to verify a certificate
* \{ * \{
*/ */
/** \ingroup x509_module */ /** \ingroup x509_module */
/** /**
* \brief Verify the certificate signature * \brief Verify the certificate signature
* *
* The verify callback is a user-supplied callback that
* can clear / modify / add flags for a certificate. If set
,
* the verification callback is called for each
* certificate in the chain (from the trust-ca down to the
* presented crt). The parameters for the callback are:
* (void *parameter, x509_cert *crt, int certificate_depth,
* int *flags). With the flags representing current flags f
or
* that specific certificate and the certificate depth from
* the top (Trust CA depth = 0).
*
* All flags left after returning from the callback
* are also returned to the application. The function shoul
d
* return 0 for anything but a fatal error.
*
* \param crt a certificate to be verified * \param crt a certificate to be verified
* \param trust_ca the trusted CA chain * \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's * \param ca_crl the CRL chain for trusted CA's
* \param cn expected Common Name (can be set to * \param cn expected Common Name (can be set to
* NULL if the CN must not be verified) * NULL if the CN must not be verified)
* \param flags result of the verification * \param flags result of the verification
* \param f_vrfy verification function * \param f_vrfy verification function
* \param p_vrfy verification parameter * \param p_vrfy verification parameter
* *
* \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED, * \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
* in which case *flags will have one or more of * in which case *flags will have one or more of
* the following values set: * the following values set:
* BADCERT_EXPIRED -- * BADCERT_EXPIRED --
* BADCERT_REVOKED -- * BADCERT_REVOKED --
* BADCERT_CN_MISMATCH -- * BADCERT_CN_MISMATCH --
* BADCERT_NOT_TRUSTED * BADCERT_NOT_TRUSTED
* * or another error in case of a fatal error encountered
* \note TODO: add two arguments, depth and crl * during the verification process.
*/ */
int x509parse_verify( x509_cert *crt, int x509parse_verify( x509_cert *crt,
x509_cert *trust_ca, x509_cert *trust_ca,
x509_crl *ca_crl, x509_crl *ca_crl,
const char *cn, int *flags, const char *cn, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int), int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy ); void *p_vrfy );
/** /**
* \brief Verify the certificate signature * \brief Verify the certificate signature
* *
* \param crt a certificate to be verified * \param crt a certificate to be verified
* \param crl the CRL to verify against * \param crl the CRL to verify against
* *
* \return 1 if the certificate is revoked, 0 otherwise * \return 1 if the certificate is revoked, 0 otherwise
* *
 End of changes. 11 change blocks. 
18 lines changed or deleted 49 lines changed or added


 xtea.h   xtea.h 
skipping to change at line 100 skipping to change at line 100
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 * POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
*/ */
int xtea_crypt_cbc( xtea_context *ctx, int xtea_crypt_cbc( xtea_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
unsigned char *input, unsigned char *input,
unsigned char *output); unsigned char *output);
/** /*
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int xtea_self_test( int verbose ); int xtea_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/