aes.h   aes.h 
skipping to change at line 144 skipping to change at line 144
* \return 0 if successful * \return 0 if successful
*/ */
int aes_crypt_cfb128( aes_context *ctx, int aes_crypt_cfb128( aes_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/* /**
* \brief AES-CTR buffer encryption/decryption * \brief AES-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
* *
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 arc4.h   arc4.h 
skipping to change at line 69 skipping to change at line 69
* \param ctx ARC4 context * \param ctx ARC4 context
* \param length length of the input data * \param length length of the input data
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer for the output data * \param output buffer for the output data
* *
* \return 0 if successful * \return 0 if successful
*/ */
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *inpu t, int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *inpu t,
unsigned char *output ); unsigned char *output );
/* /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int arc4_self_test( int verbose ); int arc4_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 bignum.h   bignum.h 
skipping to change at line 37 skipping to change at line 37
#ifndef POLARSSL_BIGNUM_H #ifndef POLARSSL_BIGNUM_H
#define POLARSSL_BIGNUM_H #define POLARSSL_BIGNUM_H
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "config.h" #include "config.h"
#ifdef _MSC_VER #ifdef _MSC_VER
#include <basetsd.h> #include <basetsd.h>
#if (_MSC_VER <= 1200)
typedef signed short int16_t;
typedef unsigned short uint16_t;
#else
typedef INT16 int16_t; typedef INT16 int16_t;
typedef UINT16 uint16_t; typedef UINT16 uint16_t;
#endif
typedef INT32 int32_t; typedef INT32 int32_t;
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
typedef UINT64 uint64_t; typedef UINT64 uint64_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ #define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< Th ere is an invalid character in the digit string. */ #define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< Th ere is an invalid character in the digit string. */
skipping to change at line 221 skipping to change at line 226
* \brief Set value from integer * \brief Set value from integer
* *
* \param X MPI to set * \param X MPI to set
* \param z Value to use * \param z Value to use
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_lset( mpi *X, t_sint z ); int mpi_lset( mpi *X, t_sint z );
/* /**
* \brief Get a specific bit from X * \brief Get a specific bit from X
* *
* \param X MPI to use * \param X MPI to use
* \param pos Zero-based index of the bit in X * \param pos Zero-based index of the bit in X
* *
* \return Either a 0 or a 1 * \return Either a 0 or a 1
*/ */
int mpi_get_bit( const mpi *X, size_t pos ); int mpi_get_bit( const mpi *X, size_t pos );
/* /**
* \brief Set a bit of X to a specific value of 0 or 1 * \brief Set a bit of X to a specific value of 0 or 1
* *
* \note Will grow X if necessary to set a bit to 1 in a not yet * \note Will grow X if necessary to set a bit to 1 in a not yet
* existing limb. Will not grow if bit should be set to 0 * existing limb. Will not grow if bit should be set to 0
* *
* \param X MPI to use * \param X MPI to use
* \param pos Zero-based index of the bit in X * \param pos Zero-based index of the bit in X
* \param val The value to set the bit to (0 or 1) * \param val The value to set the bit to (0 or 1)
* *
* \return 0 if successful, * \return 0 if successful,
 End of changes. 4 change blocks. 
2 lines changed or deleted 7 lines changed or added


 blowfish.h   blowfish.h 
skipping to change at line 132 skipping to change at line 132
* \return 0 if successful * \return 0 if successful
*/ */
int blowfish_crypt_cfb64( blowfish_context *ctx, int blowfish_crypt_cfb64( blowfish_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[BLOWFISH_BLOCKSIZE], unsigned char iv[BLOWFISH_BLOCKSIZE],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/* /**
* \brief Blowfish-CTR buffer encryption/decryption * \brief Blowfish-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
* within current cipher stream). The offset pointer t o * within current cipher stream). The offset pointer t o
* should be 0 at the start of a stream. * should be 0 at the start of a stream.
* \param nonce_counter The 64-bit nonce and counter. * \param nonce_counter The 64-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten * \param stream_block The saved stream-block for resuming. Is overwritten
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 camellia.h   camellia.h 
skipping to change at line 142 skipping to change at line 142
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH
*/ */
int camellia_crypt_cfb128( camellia_context *ctx, int camellia_crypt_cfb128( camellia_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/* /**
* \brief CAMELLIA-CTR buffer encryption/decryption * \brief CAMELLIA-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT. * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
* *
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 config.h   config.h 
skipping to change at line 153 skipping to change at line 153
* *
* Uncomment this macro to enable the NULL cipher and ciphersuites * Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER #define POLARSSL_CIPHER_NULL_CIPHER
*/ */
/** /**
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
* *
* Enable weak ciphersuites in SSL / TLS * Enable weak ciphersuites in SSL / TLS
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* channels without virtually no security at all! * channels with virtually no security at all!
* *
* This enables the following ciphersuites: * This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA * TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA * TLS_DHE_RSA_WITH_DES_CBC_SHA
* *
* Uncomment this macro to enable weak ciphersuites * Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES #define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/ */
/** /**
skipping to change at line 348 skipping to change at line 348
* Module: library/base64.c * Module: library/base64.c
* Caller: library/pem.c * Caller: library/pem.c
* *
* This module is required for PEM support (required by X.509). * This module is required for PEM support (required by X.509).
*/ */
#define POLARSSL_BASE64_C #define POLARSSL_BASE64_C
/** /**
* \def POLARSSL_BIGNUM_C * \def POLARSSL_BIGNUM_C
* *
* Enable the multo-precision integer library. * Enable the multi-precision integer library.
* *
* Module: library/bignum.c * Module: library/bignum.c
* Caller: library/dhm.c * Caller: library/dhm.c
* library/rsa.c * library/rsa.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c * library/x509parse.c
* *
* This module is required for RSA and DHM support. * This module is required for RSA and DHM support.
*/ */
#define POLARSSL_BIGNUM_C #define POLARSSL_BIGNUM_C
skipping to change at line 741 skipping to change at line 741
* *
* Module: library/ssl_cli.c * Module: library/ssl_cli.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_TLS_C * Requires: POLARSSL_SSL_TLS_C
* *
* This module is required for SSL/TLS client support. * This module is required for SSL/TLS client support.
*/ */
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
/* /**
* \def POLARSSL_SSL_SRV_C * \def POLARSSL_SSL_SRV_C
* *
* Enable the SSL/TLS server code. * Enable the SSL/TLS server code.
* *
* Module: library/ssl_srv.c * Module: library/ssl_srv.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_TLS_C * Requires: POLARSSL_SSL_TLS_C
* *
* This module is required for SSL/TLS server support. * This module is required for SSL/TLS server support.
 End of changes. 3 change blocks. 
3 lines changed or deleted 3 lines changed or added


 des.h   des.h 
skipping to change at line 223 skipping to change at line 223
* *
* \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H * \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H
*/ */
int des3_crypt_cbc( des3_context *ctx, int des3_crypt_cbc( des3_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/* /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int des_self_test( int verbose ); int des_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 dhm.h   dhm.h 
skipping to change at line 228 skipping to change at line 228
* *
* \param ctx DHM context * \param ctx DHM context
* \param output destination buffer * \param output destination buffer
* \param olen number of chars written * \param olen number of chars written
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_calc_secret( dhm_context *ctx, int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, size_t *olen ); unsigned char *output, size_t *olen );
/* /**
* \brief Free the components of a DHM key * \brief Free the components of a DHM key
*/ */
void dhm_free( dhm_context *ctx ); void dhm_free( dhm_context *ctx );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int dhm_self_test( int verbose ); int dhm_self_test( int verbose );
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 gcm.h   gcm.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_GCM_H #ifndef POLARSSL_GCM_H
#define POLARSSL_GCM_H #define POLARSSL_GCM_H
#include "aes.h" #include "aes.h"
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT64 uint64_t;
#else
#include <stdint.h> #include <stdint.h>
#endif
#define GCM_ENCRYPT 1 #define GCM_ENCRYPT 1
#define GCM_DECRYPT 0 #define GCM_DECRYPT 0
#define POLARSSL_ERR_GCM_AUTH_FAILED -0x0012 /**< Au thenticated decryption failed. */ #define POLARSSL_ERR_GCM_AUTH_FAILED -0x0012 /**< Au thenticated decryption failed. */
#define POLARSSL_ERR_GCM_BAD_INPUT -0x0014 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_GCM_BAD_INPUT -0x0014 /**< Ba d input parameters to function. */
/** /**
* \brief GCM context structure * \brief GCM context structure
*/ */
 End of changes. 2 change blocks. 
0 lines changed or deleted 5 lines changed or added


 pkcs11.h   pkcs11.h 
skipping to change at line 107 skipping to change at line 107
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown. * an error is thrown.
*/ */
int pkcs11_decrypt( pkcs11_context *ctx, int pkcs11_decrypt( pkcs11_context *ctx,
int mode, size_t *olen, int mode, size_t *olen,
const unsigned char *input, const unsigned char *input,
unsigned char *output, unsigned char *output,
unsigned int output_max_len ); size_t output_max_len );
/** /**
* \brief Do a private RSA to sign a message digest * \brief Do a private RSA to sign a message digest
* *
* \param ctx PKCS #11 context * \param ctx PKCS #11 context
* \param mode must be RSA_PRIVATE, for compatibility with rsa.c's sign ature * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's sign ature
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, 384,512} * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, 384,512}
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for SIG_RSA_RAW only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
skipping to change at line 137 skipping to change at line 137
int hash_id, int hash_id,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* SSL/TLS wrappers for PKCS#11 functions * SSL/TLS wrappers for PKCS#11 functions
*/ */
static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
unsigned int output_max_len ) size_t output_max_len )
{ {
return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, outpu t, return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, outpu t,
output_max_len ); output_max_len );
} }
static inline int ssl_pkcs11_sign( void *ctx, static inline int ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p _rng, int (*f_rng)(void *, unsigned char *, size_t), void *p _rng,
int mode, int hash_id, unsigned int hashlen, int mode, int hash_id, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig ) const unsigned char *hash, unsigned char *sig )
{ {
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 rsa.h   rsa.h 
skipping to change at line 170 skipping to change at line 170
} }
rsa_context; rsa_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Initialize an RSA context * \brief Initialize an RSA context
* *
* Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme.
*
* \param ctx RSA context to be initialized * \param ctx RSA context to be initialized
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21 * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier * \param hash_id RSA_PKCS_V21 hash identifier
* *
* \note The hash_id parameter is actually ignored * \note The hash_id parameter is actually ignored
* when using RSA_PKCS_V15 padding. * when using RSA_PKCS_V15 padding.
*/ */
void rsa_init( rsa_context *ctx, void rsa_init( rsa_context *ctx,
int padding, int padding,
int hash_id); int hash_id);
 End of changes. 1 change blocks. 
0 lines changed or deleted 3 lines changed or added


 ssl.h   ssl.h 
skipping to change at line 119 skipping to change at line 119
#define SSL_VERIFY_NONE 0 #define SSL_VERIFY_NONE 0
#define SSL_VERIFY_OPTIONAL 1 #define SSL_VERIFY_OPTIONAL 1
#define SSL_VERIFY_REQUIRED 2 #define SSL_VERIFY_REQUIRED 2
#define SSL_INITIAL_HANDSHAKE 0 #define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1 #define SSL_RENEGOTIATION 1
#define SSL_LEGACY_RENEGOTIATION 0 #define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1 #define SSL_SECURE_RENEGOTIATION 1
#define SSL_RENEGOTIATION_ENABLED 0 #define SSL_RENEGOTIATION_DISABLED 0
#define SSL_RENEGOTIATION_DISABLED 1 #define SSL_RENEGOTIATION_ENABLED 1
#define SSL_LEGACY_NO_RENEGOTIATION 0 #define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
#define SSL_LEGACY_BREAK_HANDSHAKE 2 #define SSL_LEGACY_BREAK_HANDSHAKE 2
#define SSL_MAX_CONTENT_LEN 16384 #define SSL_MAX_CONTENT_LEN 16384
/* /*
* Allow an extra 512 bytes for the record header * Allow an extra 512 bytes for the record header
* and encryption overhead (counter + MAC + padding) * and encryption overhead (counter + MAC + padding)
skipping to change at line 684 skipping to change at line 684
* The set callback is called once during the initial hands hake * The set callback is called once during the initial hands hake
* to enable session resuming after the entire handshake ha s * to enable session resuming after the entire handshake ha s
* been finished. The set function has the following parame ters: * been finished. The set function has the following parame ters:
* (void *parameter, const ssl_session *session). The funct ion * (void *parameter, const ssl_session *session). The funct ion
* should create a cache entry for future retrieval based o n * should create a cache entry for future retrieval based o n
* the data in the session structure and should keep in min d * the data in the session structure and should keep in min d
* that the ssl_session object presented (and all its refer enced * that the ssl_session object presented (and all its refer enced
* data) is cleared by the SSL/TLS layer when the connectio n is * data) is cleared by the SSL/TLS layer when the connectio n is
* terminated. It is recommended to add metadata to determi ne if * terminated. It is recommended to add metadata to determi ne if
* an entry is still valid in the future. Return 0 if * an entry is still valid in the future. Return 0 if
* successfully cached, return 0 otherwise. * successfully cached, return 1 otherwise.
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_get_cache session get callback * \param f_get_cache session get callback
* \param p_get_cache session get parameter * \param p_get_cache session get parameter
* \param f_set_cache session set callback * \param f_set_cache session set callback
* \param p_set_cache session set parameter * \param p_set_cache session set parameter
*/ */
void ssl_set_session_cache( ssl_context *ssl, void ssl_set_session_cache( ssl_context *ssl,
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache, int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache ); int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
skipping to change at line 722 skipping to change at line 722
* *
* \param ssl SSL context * \param ssl SSL context
* \param ciphersuites 0-terminated list of allowed ciphersuites * \param ciphersuites 0-terminated list of allowed ciphersuites
*/ */
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites ); void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
* \param ssl SSL context * \param ssl SSL context
* \param ca_chain trusted CA chain * \param ca_chain trusted CA chain (meaning all fully trusted top-level CA s)
* \param ca_crl trusted CA CRLs * \param ca_crl trusted CA CRLs
* \param peer_cn expected peer CommonName (or NULL) * \param peer_cn expected peer CommonName (or NULL)
*
* \note TODO: add two more parameters: depth and crl
*/ */
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
x509_crl *ca_crl, const char *peer_cn ); x509_crl *ca_crl, const char *peer_cn );
/** /**
* \brief Set own certificate and private key * \brief Set own certificate chain and private key
*
* Note: own_cert should contain IN order from the bottom
* up your certificate chain. The top certificate (self-sig
ned)
* can be omitted.
* *
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate * \param own_cert own public certificate chain
* \param rsa_key own private RSA key * \param rsa_key own private RSA key
*/ */
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key ); rsa_context *rsa_key );
/** /**
* \brief Set own certificate and alternate non-PolarSSL private * \brief Set own certificate and alternate non-PolarSSL private
* key and handling callbacks, such as the PKCS#11 wrappers * key and handling callbacks, such as the PKCS#11 wrappers
* or any other external private key handler. * or any other external private key handler.
* (see the respective RSA functions in rsa.h for documenta tion * (see the respective RSA functions in rsa.h for documenta tion
* of the callback parameters, with the only change being * of the callback parameters, with the only change being
* that the rsa_context * is a void * in the callbacks) * that the rsa_context * is a void * in the callbacks)
* *
* Note: own_cert should contain IN order from the bottom
* up your certificate chain. The top certificate (self-sig
ned)
* can be omitted.
*
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate * \param own_cert own public certificate chain
* \param rsa_key alternate implementation private RSA key * \param rsa_key alternate implementation private RSA key
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decryp t() * \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decryp t()
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign() * \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
* \param rsa_key_len_func function returning length of RSA key in bytes * \param rsa_key_len_func function returning length of RSA key in bytes
*/ */
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
void *rsa_key, void *rsa_key,
rsa_decrypt_func rsa_decrypt, rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign, rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len ); rsa_key_len_func rsa_key_len );
skipping to change at line 853 skipping to change at line 859
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*/ */
void ssl_set_min_version( ssl_context *ssl, int major, int minor ); void ssl_set_min_version( ssl_context *ssl, int major, int minor );
/** /**
* \brief Enable / Disable renegotiation support for connection wh en * \brief Enable / Disable renegotiation support for connection wh en
* initiated by peer * initiated by peer
* (Default: SSL_RENEGOTIATION_DISABLED) * (Default: SSL_RENEGOTIATION_DISABLED)
* *
* Note: A server with support enabled is more vulnerable f or a * Note: A server with support enabled is more vulnerable f or a
* resource DoS by a malicious client. * resource DoS by a malicious client. You should enable th
is on
* a client to enable server-initiated renegotiation.
* *
* \param ssl SSL context * \param ssl SSL context
* \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or * \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
* SSL_RENEGOTIATION_DISABLED) * SSL_RENEGOTIATION_DISABLED)
*/ */
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation ); void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
/** /**
* \brief Prevent or allow legacy renegotiation. * \brief Prevent or allow legacy renegotiation.
* (Default: SSL_LEGACY_NO_RENEGOTIATION) * (Default: SSL_LEGACY_NO_RENEGOTIATION)
skipping to change at line 884 skipping to change at line 891
* middle attacks. (See RFC 5746) * middle attacks. (See RFC 5746)
* (Most interoperable and least secure option) * (Most interoperable and least secure option)
* *
* SSL_LEGACY_BREAK_HANDSHAKE breaks off connections * SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
* if peer does not support secure renegotiation. Results * if peer does not support secure renegotiation. Results
* in interoperability issues with non-upgraded peers * in interoperability issues with non-upgraded peers
* that do not support renegotiation altogether. * that do not support renegotiation altogether.
* (Most secure option, interoperability issues) * (Most secure option, interoperability issues)
* *
* \param ssl SSL context * \param ssl SSL context
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION or * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
* SSL_ALLOW_LEGACY_RENEGOTIATION) * SSL_ALLOW_LEGACY_RENEGOTIATION or
* SSL_LEGACY_BREAK_HANDSHAKE)
*/ */
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy ); void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/** /**
* \brief Return the number of data bytes available to read * \brief Return the number of data bytes available to read
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return how many bytes are available in the read buffer * \return how many bytes are available in the read buffer
*/ */
skipping to change at line 1000 skipping to change at line 1008
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ); int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
/** /**
* \brief Send an alert message * \brief Send an alert message
* *
* \param ssl SSL context * \param ssl SSL context
* \param level The alert level of the message * \param level The alert level of the message
* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL) * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
* \param message The alert message (SSL_ALERT_MSG_*) * \param message The alert message (SSL_ALERT_MSG_*)
* *
* \return 1 if successful, or a specific SSL error code. * \return 0 if successful, or a specific SSL error code.
*/ */
int ssl_send_alert_message( ssl_context *ssl, int ssl_send_alert_message( ssl_context *ssl,
unsigned char level, unsigned char level,
unsigned char message ); unsigned char message );
/** /**
* \brief Notify the peer that the connection is being closed * \brief Notify the peer that the connection is being closed
* *
* \param ssl SSL context * \param ssl SSL context
*/ */
int ssl_close_notify( ssl_context *ssl ); int ssl_close_notify( ssl_context *ssl );
 End of changes. 11 change blocks. 
13 lines changed or deleted 24 lines changed or added


 version.h   version.h 
skipping to change at line 42 skipping to change at line 42
#define POLARSSL_VERSION_H #define POLARSSL_VERSION_H
#include "config.h" #include "config.h"
/** /**
* The version number x.y.z is split into three parts. * The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 2 #define POLARSSL_VERSION_MINOR 2
#define POLARSSL_VERSION_PATCH 0 #define POLARSSL_VERSION_PATCH 1
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define POLARSSL_VERSION_NUMBER 0x01020000 #define POLARSSL_VERSION_NUMBER 0x01020100
#define POLARSSL_VERSION_STRING "1.2.0" #define POLARSSL_VERSION_STRING "1.2.1"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.0" #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.1"
#if defined(POLARSSL_VERSION_C) #if defined(POLARSSL_VERSION_C)
/** /**
* Get the version number. * Get the version number.
* *
* \return The constructed version number in the format * \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch). * MMNNPP00 (Major, Minor, Patch).
*/ */
unsigned int version_get_number( void ); unsigned int version_get_number( void );
 End of changes. 2 change blocks. 
4 lines changed or deleted 4 lines changed or added


 x509.h   x509.h 
skipping to change at line 643 skipping to change at line 643
/** /**
* \brief Give an known OID, return its descriptive string. * \brief Give an known OID, return its descriptive string.
* *
* \param oid buffer containing the oid * \param oid buffer containing the oid
* *
* \return Return a string if the OID is known, * \return Return a string if the OID is known,
* or NULL otherwise. * or NULL otherwise.
*/ */
const char *x509_oid_get_description( x509_buf *oid ); const char *x509_oid_get_description( x509_buf *oid );
/* /**
* \brief Give an OID, return a string version of its OID number. * \brief Give an OID, return a string version of its OID number.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param oid Buffer containing the OID * \param oid Buffer containing the OID
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ); int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
skipping to change at line 682 skipping to change at line 682
* \brief Verify the certificate signature * \brief Verify the certificate signature
* *
* The verify callback is a user-supplied callback that * The verify callback is a user-supplied callback that
* can clear / modify / add flags for a certificate. If set , * can clear / modify / add flags for a certificate. If set ,
* the verification callback is called for each * the verification callback is called for each
* certificate in the chain (from the trust-ca down to the * certificate in the chain (from the trust-ca down to the
* presented crt). The parameters for the callback are: * presented crt). The parameters for the callback are:
* (void *parameter, x509_cert *crt, int certificate_depth, * (void *parameter, x509_cert *crt, int certificate_depth,
* int *flags). With the flags representing current flags f or * int *flags). With the flags representing current flags f or
* that specific certificate and the certificate depth from * that specific certificate and the certificate depth from
* the top (Trust CA depth = 0). * the bottom (Peer cert depth = 0).
* *
* All flags left after returning from the callback * All flags left after returning from the callback
* are also returned to the application. The function shoul d * are also returned to the application. The function shoul d
* return 0 for anything but a fatal error. * return 0 for anything but a fatal error.
* *
* \param crt a certificate to be verified * \param crt a certificate to be verified
* \param trust_ca the trusted CA chain * \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's * \param ca_crl the CRL chain for trusted CA's
* \param cn expected Common Name (can be set to * \param cn expected Common Name (can be set to
* NULL if the CN must not be verified) * NULL if the CN must not be verified)
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 xtea.h   xtea.h 
skipping to change at line 100 skipping to change at line 100
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 * POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
*/ */
int xtea_crypt_cbc( xtea_context *ctx, int xtea_crypt_cbc( xtea_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
unsigned char *input, unsigned char *input,
unsigned char *output); unsigned char *output);
/* /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int xtea_self_test( int verbose ); int xtea_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/