aes.h   aes.h 
skipping to change at line 51 skipping to change at line 51
#define AES_ENCRYPT 1 #define AES_ENCRYPT 1
#define AES_DECRYPT 0 #define AES_DECRYPT 0
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In valid key length. */ #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In valid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< In valid data input length. */ #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< In valid data input length. */
#if !defined(POLARSSL_AES_ALT) #if !defined(POLARSSL_AES_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief AES context structure * \brief AES context structure
*/ */
typedef struct typedef struct
{ {
int nr; /*!< number of rounds */ int nr; /*!< number of rounds */
uint32_t *rk; /*!< AES round keys */ uint32_t *rk; /*!< AES round keys */
uint32_t buf[68]; /*!< unaligned data */ uint32_t buf[68]; /*!< unaligned data */
} }
aes_context; aes_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief AES key schedule (encryption) * \brief AES key schedule (encryption)
* *
* \param ctx AES context to be initialized * \param ctx AES context to be initialized
* \param key encryption key * \param key encryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/ */
int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned in t keysize ); int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned in t keysize );
skipping to change at line 103 skipping to change at line 103
* \param input 16-byte input block * \param input 16-byte input block
* \param output 16-byte output block * \param output 16-byte output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int aes_crypt_ecb( aes_context *ctx, int aes_crypt_ecb( aes_context *ctx,
int mode, int mode,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ); unsigned char output[16] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/** /**
* \brief AES-CBC buffer encryption/decryption * \brief AES-CBC buffer encryption/decryption
* Length should be a multiple of the block * Length should be a multiple of the block
* size (16 bytes) * size (16 bytes)
* *
* \param ctx AES context * \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT * \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGT H * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGT H
*/ */
int aes_crypt_cbc( aes_context *ctx, int aes_crypt_cbc( aes_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
/** /**
* \brief AES-CFB128 buffer encryption/decryption. * \brief AES-CFB128 buffer encryption/decryption.
* *
* Note: Due to the nature of CFB you should use the same key schedule for * Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
* *
* both
* \param ctx AES context * \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT * \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv_off offset in IV (updated after use) * \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful * \return 0 if successful
*/ */
skipping to change at line 159 skipping to change at line 160
/** /**
* \brief AES-CTR buffer encryption/decryption * \brief AES-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
* *
* \param ctx AES context
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
* within current cipher stream). The offset pointer t o * within current cipher stream). The offset pointer t o
* should be 0 at the start of a stream. * should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter. * \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten * \param stream_block The saved stream-block for resuming. Is overwritten
* by the function. * by the function.
* \param input The input data stream * \param input The input data stream
* \param output The output data stream * \param output The output data stream
* *
 End of changes. 6 change blocks. 
5 lines changed or deleted 7 lines changed or added


 arc4.h   arc4.h 
skipping to change at line 38 skipping to change at line 38
#define POLARSSL_ARC4_H #define POLARSSL_ARC4_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#if !defined(POLARSSL_ARC4_ALT) #if !defined(POLARSSL_ARC4_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief ARC4 context structure * \brief ARC4 context structure
*/ */
typedef struct typedef struct
{ {
int x; /*!< permutation index */ int x; /*!< permutation index */
int y; /*!< permutation index */ int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */ unsigned char m[256]; /*!< permutation table */
} }
arc4_context; arc4_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief ARC4 key schedule * \brief ARC4 key schedule
* *
* \param ctx ARC4 context to be initialized * \param ctx ARC4 context to be initialized
* \param key the secret key * \param key the secret key
* \param keylen length of the key * \param keylen length of the key, in bytes
*/ */
void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen ); void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen );
/** /**
* \brief ARC4 cipher function * \brief ARC4 cipher function
* *
* \param ctx ARC4 context * \param ctx ARC4 context
* \param length length of the input data * \param length length of the input data
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer for the output data * \param output buffer for the output data
 End of changes. 3 change blocks. 
5 lines changed or deleted 5 lines changed or added


 asn1.h   asn1.h 
/** /**
* \file asn1.h * \file asn1.h
* *
* \brief Generic ASN.1 parsing * \brief Generic ASN.1 parsing
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 96 skipping to change at line 96
#define ASN1_BMP_STRING 0x1E #define ASN1_BMP_STRING 0x1E
#define ASN1_PRIMITIVE 0x00 #define ASN1_PRIMITIVE 0x00
#define ASN1_CONSTRUCTED 0x20 #define ASN1_CONSTRUCTED 0x20
#define ASN1_CONTEXT_SPECIFIC 0x80 #define ASN1_CONTEXT_SPECIFIC 0x80
/* \} name */ /* \} name */
/* \} addtogroup asn1_module */ /* \} addtogroup asn1_module */
/** Returns the size of the binary string, without the trailing \\0 */ /** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1) #define OID_SIZE(x) (sizeof(x) - 1)
/** Compares two asn1_buf structures for the same OID. Only works for
* 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
* char *oid' here!
*/
#define OID_CMP(oid_str, oid_buf) \
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0 )
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \name Functions to parse ASN.1 data structures * \name Functions to parse ASN.1 data structures
* \{ * \{
*/ */
/** /**
skipping to change at line 138 skipping to change at line 146
* Container for a sequence of ASN.1 items * Container for a sequence of ASN.1 items
*/ */
typedef struct _asn1_sequence typedef struct _asn1_sequence
{ {
asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct _asn1_sequence *next; /**< The next entry in the sequence. */ struct _asn1_sequence *next; /**< The next entry in the sequence. */
} }
asn1_sequence; asn1_sequence;
/** /**
* Get the length of an ASN.1 element. * Container for a sequence or list of 'named' ASN.1 data items
* Updates the pointer to immediately behind the length. */
typedef struct _asn1_named_data
{
asn1_buf oid; /**< The object identifier. */
asn1_buf val; /**< The named value. */
struct _asn1_named_data *next; /**< The next entry in the sequence. */
}
asn1_named_data;
/**
* \brief Get the length of an ASN.1 element.
* Updates the pointer to immediately behind the length.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param len The variable that will receive the value * \param len The variable that will receive the value
* *
* \return 0 if successful, POLARSSL_ERR_ASN1_OUT_OF_DATA on reaching * \return 0 if successful, POLARSSL_ERR_ASN1_OUT_OF_DATA on reaching
* end of data, POLARSSL_ERR_ASN1_INVALID_LENGTH if length is * end of data, POLARSSL_ERR_ASN1_INVALID_LENGTH if length is
* unparseable. * unparseable.
*/ */
int asn1_get_len( unsigned char **p, int asn1_get_len( unsigned char **p,
const unsigned char *end, const unsigned char *end,
size_t *len ); size_t *len );
/** /**
* Get the tag and length of the tag. Check for the requested tag. * \brief Get the tag and length of the tag. Check for the requested
* Updates the pointer to immediately behind the tag and length. tag.
* Updates the pointer to immediately behind the tag and lengt
h.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param len The variable that will receive the length * \param len The variable that will receive the length
* \param tag The expected tag * \param tag The expected tag
* *
* \return 0 if successful, POLARSSL_ERR_ASN1_UNEXPECTED_TAG if tag di d * \return 0 if successful, POLARSSL_ERR_ASN1_UNEXPECTED_TAG if tag di d
* not match requested tag, or another specific ASN.1 error co de. * not match requested tag, or another specific ASN.1 error co de.
*/ */
int asn1_get_tag( unsigned char **p, int asn1_get_tag( unsigned char **p,
const unsigned char *end, const unsigned char *end,
size_t *len, int tag ); size_t *len, int tag );
/** /**
* Retrieve a boolean ASN.1 tag and its value. * \brief Retrieve a boolean ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag. * Updates the pointer to immediately behind the full tag.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param val The variable that will receive the value * \param val The variable that will receive the value
* *
* \return 0 if successful or a specific ASN.1 error code. * \return 0 if successful or a specific ASN.1 error code.
*/ */
int asn1_get_bool( unsigned char **p, int asn1_get_bool( unsigned char **p,
const unsigned char *end, const unsigned char *end,
int *val ); int *val );
/** /**
* Retrieve an integer ASN.1 tag and its value. * \brief Retrieve an integer ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag. * Updates the pointer to immediately behind the full tag.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param val The variable that will receive the value * \param val The variable that will receive the value
* *
* \return 0 if successful or a specific ASN.1 error code. * \return 0 if successful or a specific ASN.1 error code.
*/ */
int asn1_get_int( unsigned char **p, int asn1_get_int( unsigned char **p,
const unsigned char *end, const unsigned char *end,
int *val ); int *val );
/** /**
* Retrieve a bitstring ASN.1 tag and its value. * \brief Retrieve a bitstring ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag. * Updates the pointer to immediately behind the full tag.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param bs The variable that will receive the value * \param bs The variable that will receive the value
* *
* \return 0 if successful or a specific ASN.1 error code. * \return 0 if successful or a specific ASN.1 error code.
*/ */
int asn1_get_bitstring( unsigned char **p, const unsigned char *end, int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
asn1_bitstring *bs); asn1_bitstring *bs);
/** /**
* Parses and splits an ASN.1 "SEQUENCE OF <tag>" * \brief Retrieve a bitstring ASN.1 tag without unused bits and its
* Updated the pointer to immediately behind the full sequence tag. * value.
* Updates the pointer to the beginning of the bit/octet strin
g.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param len Length of the actual bit/octect string in bytes
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
size_t *len );
/**
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>"
* Updated the pointer to immediately behind the full sequence
tag.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param cur First variable in the chain to fill * \param cur First variable in the chain to fill
* \param tag Type of sequence * \param tag Type of sequence
* *
* \return 0 if successful or a specific ASN.1 error code. * \return 0 if successful or a specific ASN.1 error code.
*/ */
int asn1_get_sequence_of( unsigned char **p, int asn1_get_sequence_of( unsigned char **p,
const unsigned char *end, const unsigned char *end,
asn1_sequence *cur, asn1_sequence *cur,
int tag); int tag);
#if defined(POLARSSL_BIGNUM_C) #if defined(POLARSSL_BIGNUM_C)
/** /**
* Retrieve a MPI value from an integer ASN.1 tag. * \brief Retrieve a MPI value from an integer ASN.1 tag.
* Updates the pointer to immediately behind the full tag. * Updates the pointer to immediately behind the full tag.
* *
* \param p The position in the ASN.1 data * \param p The position in the ASN.1 data
* \param end End of data * \param end End of data
* \param X The MPI that will receive the value * \param X The MPI that will receive the value
* *
* \return 0 if successful or a specific ASN.1 or MPI error code. * \return 0 if successful or a specific ASN.1 or MPI error code.
*/ */
int asn1_get_mpi( unsigned char **p, int asn1_get_mpi( unsigned char **p,
const unsigned char *end, const unsigned char *end,
mpi *X ); mpi *X );
#endif #endif
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
* Updates the pointer to immediately behind the full
* AlgorithmIdentifier.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param alg The buffer to receive the OID
* \param params The buffer to receive the params (if any)
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int asn1_get_alg( unsigned char **p,
const unsigned char *end,
asn1_buf *alg, asn1_buf *params );
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or
no
* params.
* Updates the pointer to immediately behind the full
* AlgorithmIdentifier.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param alg The buffer to receive the OID
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
asn1_buf *alg );
/**
* \brief Find a specific named_data entry in a sequence or list base
d on
* the OID.
*
* \param list The list to seek through
* \param oid The OID to look for
* \param len Size of the OID
*
* \return NULL if not found, or a pointer to the existing entry.
*/
asn1_named_data *asn1_find_named_data( asn1_named_data *list,
const char *oid, size_t len );
/**
* \brief Free a asn1_named_data entry
*
* \param entry The named data entry to free
*/
void asn1_free_named_data( asn1_named_data *entry );
/**
* \brief Free all entries in a asn1_named_data list
* Head will be set to NULL
*
* \param head Pointer to the head of the list of named data entries to fr
ee
*/
void asn1_free_named_data_list( asn1_named_data **head );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* asn1.h */ #endif /* asn1.h */
 End of changes. 10 change blocks. 
15 lines changed or deleted 115 lines changed or added


 asn1write.h   asn1write.h 
/** /**
* \file asn1write.h * \file asn1write.h
* *
* \brief ASN.1 buffer writing functionality * \brief ASN.1 buffer writing functionality
* *
* Copyright (C) 2006-2012, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_ASN1_WRITE_H #ifndef POLARSSL_ASN1_WRITE_H
#define POLARSSL_ASN1_WRITE_H #define POLARSSL_ASN1_WRITE_H
#include "asn1.h" #include "asn1.h"
#define ASN1_CHK_ADD(g, f) if( ( ret = f ) < 0 ) return( ret ); else g += r et #define ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else g += ret; } while( 0 )
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Write a length field in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param len the length to write
*
* \return the length written or a negative error code
*/
int asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
/**
* \brief Write a ASN.1 tag in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param tag the tag to write
*
* \return the length written or a negative error code
*/
int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ); int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
/**
* \brief Write raw buffer data
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf data buffer to write
* \param size length of the data buffer
*
* \return the length written or a negative error code
*/
int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size );
#if defined(POLARSSL_BIGNUM_C)
/**
* \brief Write a big number (ASN1_INTEGER) in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param X the MPI to write
*
* \return the length written or a negative error code
*/
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ); int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
#endif
/**
* \brief Write a NULL tag (ASN1_NULL) with zero data in ASN.1 fo
rmat
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
*
* \return the length written or a negative error code
*/
int asn1_write_null( unsigned char **p, unsigned char *start ); int asn1_write_null( unsigned char **p, unsigned char *start );
int asn1_write_oid( unsigned char **p, unsigned char *start, char *oid );
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *star /**
t, char *algorithm_oid ); * \brief Write an OID tag (ASN1_OID) and data in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param oid the OID to write
* \param oid_len length of the OID
*
* \return the length written or a negative error code
*/
int asn1_write_oid( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len );
/**
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param oid the OID of the algorithm
* \param oid_len length of the OID
* \param par_len length of parameters, which must be already written.
* If 0, NULL parameters are added
*
* \return the length written or a negative error code
*/
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *star
t,
const char *oid, size_t oid_len,
size_t par_len );
/**
* \brief Write a boolean tag (ASN1_BOOLEAN) and value in ASN.1 f
ormat
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param boolean 0 or 1
*
* \return the length written or a negative error code
*/
int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
;
/**
* \brief Write an int tag (ASN1_INTEGER) and value in ASN.1 form
at
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param val the integer value
*
* \return the length written or a negative error code
*/
int asn1_write_int( unsigned char **p, unsigned char *start, int val ); int asn1_write_int( unsigned char **p, unsigned char *start, int val );
/**
* \brief Write a printable string tag (ASN1_PRINTABLE_STRING) an
d
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param text the text to write
* \param text_len length of the text
*
* \return the length written or a negative error code
*/
int asn1_write_printable_string( unsigned char **p, unsigned char *start, int asn1_write_printable_string( unsigned char **p, unsigned char *start,
char *text ); const char *text, size_t text_len );
/**
* \brief Write an IA5 string tag (ASN1_IA5_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param text the text to write
* \param text_len length of the text
*
* \return the length written or a negative error code
*/
int asn1_write_ia5_string( unsigned char **p, unsigned char *start, int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
char *text ); const char *text, size_t text_len );
/**
* \brief Write a bitstring tag (ASN1_BIT_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf the bitstring
* \param bits the total number of bits in the bitstring
*
* \return the length written or a negative error code
*/
int asn1_write_bitstring( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits );
/**
* \brief Write an octet string tag (ASN1_OCTET_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf data buffer to write
* \param size length of the data buffer
*
* \return the length written or a negative error code
*/
int asn1_write_octet_string( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size );
/**
* \brief Create or find a specific named_data entry for writing
in a
* sequence or list based on the OID. If not already in th
ere,
* a new entry is added to the head of the list.
* Warning: Destructive behaviour for the val data!
*
* \param list Pointer to the location of the head of the list to seek
* through (will be updated in case of a new entry)
* \param oid The OID to look for
* \param oid_len Size of the OID
* \param val Data to store (can be NULL if you want to fill it by ha
nd)
* \param val_len Minimum length of the data buffer needed
*
* \return NULL if if there was a memory allocation error, or a pointe
r
* to the new / existing entry.
*/
asn1_named_data *asn1_store_named_data( asn1_named_data **list,
const char *oid, size_t oid_len,
const unsigned char *val,
size_t val_len );
#ifdef __cplusplus
}
#endif
#endif /* POLARSSL_ASN1_WRITE_H */ #endif /* POLARSSL_ASN1_WRITE_H */
 End of changes. 10 change blocks. 
7 lines changed or deleted 211 lines changed or added


 base64.h   base64.h 
/** /**
* \file base64.h * \file base64.h
* *
* \brief RFC 1521 base64 encoding/decoding * \brief RFC 1521 base64 encoding/decoding
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 60 skipping to change at line 60
* *
* \note Call this function with *dlen = 0 to obtain the * \note Call this function with *dlen = 0 to obtain the
* required buffer size in *dlen * required buffer size in *dlen
*/ */
int base64_encode( unsigned char *dst, size_t *dlen, int base64_encode( unsigned char *dst, size_t *dlen,
const unsigned char *src, size_t slen ); const unsigned char *src, size_t slen );
/** /**
* \brief Decode a base64-formatted buffer * \brief Decode a base64-formatted buffer
* *
* \param dst destination buffer * \param dst destination buffer (can be NULL for checking size)
* \param dlen size of the buffer * \param dlen size of the buffer
* \param src source buffer * \param src source buffer
* \param slen amount of data to be decoded * \param slen amount of data to be decoded
* *
* \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, o r * \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, o r
* POLARSSL_ERR_BASE64_INVALID_CHARACTER if the input data is * POLARSSL_ERR_BASE64_INVALID_CHARACTER if the input data is
* not correct. *dlen is always updated to reflect the amou nt * not correct. *dlen is always updated to reflect the amou nt
* of data that has (or would have) been written. * of data that has (or would have) been written.
* *
* \note Call this function with *dlen = 0 to obtain the * \note Call this function with *dst = NULL or *dlen = 0 to obta
* required buffer size in *dlen in
* the required buffer size in *dlen
*/ */
int base64_decode( unsigned char *dst, size_t *dlen, int base64_decode( unsigned char *dst, size_t *dlen,
const unsigned char *src, size_t slen ); const unsigned char *src, size_t slen );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int base64_self_test( int verbose ); int base64_self_test( int verbose );
 End of changes. 3 change blocks. 
4 lines changed or deleted 5 lines changed or added


 bignum.h   bignum.h 
skipping to change at line 161 skipping to change at line 161
#if defined( POLARSSL_HAVE_LONGLONG ) #if defined( POLARSSL_HAVE_LONGLONG )
typedef unsigned long long t_udbl; typedef unsigned long long t_udbl;
#define POLARSSL_HAVE_UDBL #define POLARSSL_HAVE_UDBL
#endif #endif
#endif #endif
#endif #endif
#endif #endif
#endif /* POLARSSL_HAVE_INT16 */ #endif /* POLARSSL_HAVE_INT16 */
#endif /* POLARSSL_HAVE_INT8 */ #endif /* POLARSSL_HAVE_INT8 */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MPI structure * \brief MPI structure
*/ */
typedef struct typedef struct
{ {
int s; /*!< integer sign */ int s; /*!< integer sign */
size_t n; /*!< total # of limbs */ size_t n; /*!< total # of limbs */
t_uint *p; /*!< pointer to limbs */ t_uint *p; /*!< pointer to limbs */
} }
mpi; mpi;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Initialize one MPI * \brief Initialize one MPI
* *
* \param X One MPI to initialize. * \param X One MPI to initialize.
*/ */
void mpi_init( mpi *X ); void mpi_init( mpi *X );
/** /**
* \brief Unallocate one MPI * \brief Unallocate one MPI
* *
 End of changes. 2 change blocks. 
4 lines changed or deleted 4 lines changed or added


 blowfish.h   blowfish.h 
skipping to change at line 55 skipping to change at line 55
#define BLOWFISH_ROUNDS 16 /* when increasing this value, make sure to extend the initialisation vectors */ #define BLOWFISH_ROUNDS 16 /* when increasing this value, make sure to extend the initialisation vectors */
#define BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ #define BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /* *< Invalid key length. */ #define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /* *< Invalid key length. */
#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /* *< Invalid data input length. */ #define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /* *< Invalid data input length. */
#if !defined(POLARSSL_BLOWFISH_ALT) #if !defined(POLARSSL_BLOWFISH_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Blowfish context structure * \brief Blowfish context structure
*/ */
typedef struct typedef struct
{ {
uint32_t P[BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ uint32_t P[BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */ uint32_t S[4][256]; /*!< key dependent S-boxes */
} }
blowfish_context; blowfish_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Blowfish key schedule * \brief Blowfish key schedule
* *
* \param ctx Blowfish context to be initialized * \param ctx Blowfish context to be initialized
* \param key encryption key * \param key encryption key
* \param keysize must be between 32 and 448 bits * \param keysize must be between 32 and 448 bits
* *
* \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_KEY_LE NGTH * \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_KEY_LE NGTH
*/ */
int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsig ned int keysize ); int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsig ned int keysize );
skipping to change at line 95 skipping to change at line 95
* \param input 8-byte input block * \param input 8-byte input block
* \param output 8-byte output block * \param output 8-byte output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int blowfish_crypt_ecb( blowfish_context *ctx, int blowfish_crypt_ecb( blowfish_context *ctx,
int mode, int mode,
const unsigned char input[BLOWFISH_BLOCKSIZE], const unsigned char input[BLOWFISH_BLOCKSIZE],
unsigned char output[BLOWFISH_BLOCKSIZE] ); unsigned char output[BLOWFISH_BLOCKSIZE] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/** /**
* \brief Blowfish-CBC buffer encryption/decryption * \brief Blowfish-CBC buffer encryption/decryption
* Length should be a multiple of the block * Length should be a multiple of the block
* size (8 bytes) * size (8 bytes)
* *
* \param ctx Blowfish context * \param ctx Blowfish context
* \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_INPUT_ LENGTH
*/ */
int blowfish_crypt_cbc( blowfish_context *ctx, int blowfish_crypt_cbc( blowfish_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[BLOWFISH_BLOCKSIZE], unsigned char iv[BLOWFISH_BLOCKSIZE],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/** /**
* \brief Blowfish CFB buffer encryption/decryption. * \brief Blowfish CFB buffer encryption/decryption.
* *
* both
* \param ctx Blowfish context * \param ctx Blowfish context
* \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv_off offset in IV (updated after use) * \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful * \return 0 if successful
*/ */
int blowfish_crypt_cfb64( blowfish_context *ctx, int blowfish_crypt_cfb64( blowfish_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[BLOWFISH_BLOCKSIZE], unsigned char iv[BLOWFISH_BLOCKSIZE],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /*POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
/** /**
* \brief Blowfish-CTR buffer encryption/decryption * \brief Blowfish-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* \param ctx Blowfish context
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
* within current cipher stream). The offset pointer t o * within current cipher stream). The offset pointer t o
* should be 0 at the start of a stream. * should be 0 at the start of a stream.
* \param nonce_counter The 64-bit nonce and counter. * \param nonce_counter The 64-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten * \param stream_block The saved stream-block for resuming. Is overwritten
* by the function. * by the function.
* \param input The input data stream * \param input The input data stream
* \param output The output data stream * \param output The output data stream
* *
* \return 0 if successful * \return 0 if successful
*/ */
int blowfish_crypt_ctr( blowfish_context *ctx, int blowfish_crypt_ctr( blowfish_context *ctx,
size_t length, size_t length,
size_t *nc_off, size_t *nc_off,
unsigned char nonce_counter[BLOWFISH_BLOCKSIZE], unsigned char nonce_counter[BLOWFISH_BLOCKSIZE],
unsigned char stream_block[BLOWFISH_BLOCKSIZE], unsigned char stream_block[BLOWFISH_BLOCKSIZE],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CTR */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#else /* POLARSSL_BLOWFISH_ALT */ #else /* POLARSSL_BLOWFISH_ALT */
#include "blowfish_alt.h" #include "blowfish_alt.h"
#endif /* POLARSSL_BLOWFISH_ALT */ #endif /* POLARSSL_BLOWFISH_ALT */
#endif /* blowfish.h */ #endif /* blowfish.h */
 End of changes. 10 change blocks. 
5 lines changed or deleted 11 lines changed or added


 camellia.h   camellia.h 
skipping to change at line 51 skipping to change at line 51
#define CAMELLIA_ENCRYPT 1 #define CAMELLIA_ENCRYPT 1
#define CAMELLIA_DECRYPT 0 #define CAMELLIA_DECRYPT 0
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< In valid key length. */ #define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< In valid key length. */
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< In valid data input length. */ #define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< In valid data input length. */
#if !defined(POLARSSL_CAMELLIA_ALT) #if !defined(POLARSSL_CAMELLIA_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief CAMELLIA context structure * \brief CAMELLIA context structure
*/ */
typedef struct typedef struct
{ {
int nr; /*!< number of rounds */ int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */ uint32_t rk[68]; /*!< CAMELLIA round keys */
} }
camellia_context; camellia_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief CAMELLIA key schedule (encryption) * \brief CAMELLIA key schedule (encryption)
* *
* \param ctx CAMELLIA context to be initialized * \param ctx CAMELLIA context to be initialized
* \param key encryption key * \param key encryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LE NGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LE NGTH
*/ */
int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, u nsigned int keysize ); int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, u nsigned int keysize );
skipping to change at line 102 skipping to change at line 102
* \param input 16-byte input block * \param input 16-byte input block
* \param output 16-byte output block * \param output 16-byte output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int camellia_crypt_ecb( camellia_context *ctx, int camellia_crypt_ecb( camellia_context *ctx,
int mode, int mode,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ); unsigned char output[16] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/** /**
* \brief CAMELLIA-CBC buffer encryption/decryption * \brief CAMELLIA-CBC buffer encryption/decryption
* Length should be a multiple of the block * Length should be a multiple of the block
* size (16 bytes) * size (16 bytes)
* *
* \param ctx CAMELLIA context * \param ctx CAMELLIA context
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT * \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH
*/ */
int camellia_crypt_cbc( camellia_context *ctx, int camellia_crypt_cbc( camellia_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/** /**
* \brief CAMELLIA-CFB128 buffer encryption/decryption * \brief CAMELLIA-CFB128 buffer encryption/decryption
* *
* Note: Due to the nature of CFB you should use the same key schedule for * Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT. * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
* *
* \param ctx CAMELLIA context * \param ctx CAMELLIA context
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT * \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param length length of the input data * \param length length of the input data
skipping to change at line 147 skipping to change at line 150
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH
*/ */
int camellia_crypt_cfb128( camellia_context *ctx, int camellia_crypt_cfb128( camellia_context *ctx,
int mode, int mode,
size_t length, size_t length,
size_t *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
/** /**
* \brief CAMELLIA-CTR buffer encryption/decryption * \brief CAMELLIA-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * Warning: You have to keep the maximum use of your counter in mind!
* *
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT. * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
* *
* \param ctx CAMELLIA context
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin g * \param nc_off The offset in the current stream_block (for resumin g
* within current cipher stream). The offset pointer t o * within current cipher stream). The offset pointer t o
* should be 0 at the start of a stream. * should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter. * \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten * \param stream_block The saved stream-block for resuming. Is overwritten
* by the function. * by the function.
* \param input The input data stream * \param input The input data stream
* \param output The output data stream * \param output The output data stream
* *
* \return 0 if successful * \return 0 if successful
*/ */
int camellia_crypt_ctr( camellia_context *ctx, int camellia_crypt_ctr( camellia_context *ctx,
size_t length, size_t length,
size_t *nc_off, size_t *nc_off,
unsigned char nonce_counter[16], unsigned char nonce_counter[16],
unsigned char stream_block[16], unsigned char stream_block[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CTR */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#else /* POLARSSL_CAMELLIA_ALT */ #else /* POLARSSL_CAMELLIA_ALT */
#include "camellia_alt.h" #include "camellia_alt.h"
#endif /* POLARSSL_CAMELLIA_ALT */ #endif /* POLARSSL_CAMELLIA_ALT */
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 9 change blocks. 
4 lines changed or deleted 11 lines changed or added


 certs.h   certs.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_CERTS_H #ifndef POLARSSL_CERTS_H
#define POLARSSL_CERTS_H #define POLARSSL_CERTS_H
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern const char test_ca_crt[]; /* Concatenation of all available CA certificates */
extern const char test_ca_key[]; extern const char test_ca_list[];
extern const char test_ca_pwd[];
extern const char test_srv_crt[]; /*
extern const char test_srv_key[]; * Convenience for users who just want a certificate:
extern const char test_cli_crt[]; * RSA by default, or ECDSA if RSA i not available
extern const char test_cli_key[]; */
extern const char *test_ca_crt;
extern const char *test_ca_key;
extern const char *test_ca_pwd;
extern const char *test_srv_crt;
extern const char *test_srv_key;
extern const char *test_cli_crt;
extern const char *test_cli_key;
#if defined(POLARSSL_ECDSA_C)
extern const char test_ca_crt_ec[];
extern const char test_ca_key_ec[];
extern const char test_ca_pwd_ec[];
extern const char test_srv_crt_ec[];
extern const char test_srv_key_ec[];
extern const char test_cli_crt_ec[];
extern const char test_cli_key_ec[];
#endif
#if defined(POLARSSL_RSA_C)
extern const char test_ca_crt_rsa[];
extern const char test_ca_key_rsa[];
extern const char test_ca_pwd_rsa[];
extern const char test_srv_crt_rsa[];
extern const char test_srv_key_rsa[];
extern const char test_cli_crt_rsa[];
extern const char test_cli_key_rsa[];
#endif
#if defined(POLARSSL_DHM_C)
extern const char test_dhm_params[]; extern const char test_dhm_params[];
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* certs.h */ #endif /* certs.h */
 End of changes. 2 change blocks. 
7 lines changed or deleted 37 lines changed or added


 cipher.h   cipher.h 
/** /**
* \file cipher.h * \file cipher.h
* *
* \brief Generic cipher wrapper. * \brief Generic cipher wrapper.
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
* *
* Copyright (C) 2006-2012, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 33 skipping to change at line 33
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_CIPHER_H #ifndef POLARSSL_CIPHER_H
#define POLARSSL_CIPHER_H #define POLARSSL_CIPHER_H
#include "config.h"
#if defined(POLARSSL_GCM_C)
#define POLARSSL_CIPHER_MODE_AEAD
#endif
#if defined(POLARSSL_CIPHER_MODE_CBC)
#define POLARSSL_CIPHER_MODE_WITH_PADDING
#endif
#include <string.h> #include <string.h>
#if defined(_MSC_VER) && !defined(inline) #if defined(_MSC_VER) && !defined(inline)
#define inline _inline #define inline _inline
#else #else
#if defined(__ARMCC_VERSION) && !defined(inline) #if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline #define inline __inline
#endif /* __ARMCC_VERSION */ #endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */ #endif /*_MSC_VER */
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< Th e selected feature is not available. */ #define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< Th e selected feature is not available. */
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Fa iled to allocate memory. */ #define POLARSSL_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Fa iled to allocate memory. */
#define POLARSSL_ERR_CIPHER_INVALID_PADDING -0x6200 /**< In put data contains invalid padding and is rejected. */ #define POLARSSL_ERR_CIPHER_INVALID_PADDING -0x6200 /**< In put data contains invalid padding and is rejected. */
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< De cryption of block requires a full block. */ #define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< De cryption of block requires a full block. */
#define POLARSSL_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Au
thentication failed (for AEAD modes). */
#ifdef __cplusplus
extern "C" {
#endif
typedef enum { typedef enum {
POLARSSL_CIPHER_ID_NONE = 0, POLARSSL_CIPHER_ID_NONE = 0,
POLARSSL_CIPHER_ID_NULL, POLARSSL_CIPHER_ID_NULL,
POLARSSL_CIPHER_ID_AES, POLARSSL_CIPHER_ID_AES,
POLARSSL_CIPHER_ID_DES, POLARSSL_CIPHER_ID_DES,
POLARSSL_CIPHER_ID_3DES, POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA, POLARSSL_CIPHER_ID_CAMELLIA,
POLARSSL_CIPHER_ID_BLOWFISH, POLARSSL_CIPHER_ID_BLOWFISH,
POLARSSL_CIPHER_ID_ARC4,
} cipher_id_t; } cipher_id_t;
typedef enum { typedef enum {
POLARSSL_CIPHER_NONE = 0, POLARSSL_CIPHER_NONE = 0,
POLARSSL_CIPHER_NULL, POLARSSL_CIPHER_NULL,
POLARSSL_CIPHER_AES_128_ECB,
POLARSSL_CIPHER_AES_192_ECB,
POLARSSL_CIPHER_AES_256_ECB,
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_CIPHER_AES_192_CBC, POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_CIPHER_AES_256_CBC,
POLARSSL_CIPHER_AES_128_CFB128, POLARSSL_CIPHER_AES_128_CFB128,
POLARSSL_CIPHER_AES_192_CFB128, POLARSSL_CIPHER_AES_192_CFB128,
POLARSSL_CIPHER_AES_256_CFB128, POLARSSL_CIPHER_AES_256_CFB128,
POLARSSL_CIPHER_AES_128_CTR, POLARSSL_CIPHER_AES_128_CTR,
POLARSSL_CIPHER_AES_192_CTR, POLARSSL_CIPHER_AES_192_CTR,
POLARSSL_CIPHER_AES_256_CTR, POLARSSL_CIPHER_AES_256_CTR,
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_CIPHER_AES_192_GCM,
POLARSSL_CIPHER_AES_256_GCM,
POLARSSL_CIPHER_CAMELLIA_128_ECB,
POLARSSL_CIPHER_CAMELLIA_192_ECB,
POLARSSL_CIPHER_CAMELLIA_256_ECB,
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC, POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_CIPHER_CAMELLIA_256_CBC,
POLARSSL_CIPHER_CAMELLIA_128_CFB128, POLARSSL_CIPHER_CAMELLIA_128_CFB128,
POLARSSL_CIPHER_CAMELLIA_192_CFB128, POLARSSL_CIPHER_CAMELLIA_192_CFB128,
POLARSSL_CIPHER_CAMELLIA_256_CFB128, POLARSSL_CIPHER_CAMELLIA_256_CFB128,
POLARSSL_CIPHER_CAMELLIA_128_CTR, POLARSSL_CIPHER_CAMELLIA_128_CTR,
POLARSSL_CIPHER_CAMELLIA_192_CTR, POLARSSL_CIPHER_CAMELLIA_192_CTR,
POLARSSL_CIPHER_CAMELLIA_256_CTR, POLARSSL_CIPHER_CAMELLIA_256_CTR,
POLARSSL_CIPHER_DES_ECB,
POLARSSL_CIPHER_DES_CBC, POLARSSL_CIPHER_DES_CBC,
POLARSSL_CIPHER_DES_EDE_ECB,
POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_CIPHER_DES_EDE_CBC,
POLARSSL_CIPHER_DES_EDE3_ECB,
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_CIPHER_DES_EDE3_CBC,
POLARSSL_CIPHER_BLOWFISH_ECB,
POLARSSL_CIPHER_BLOWFISH_CBC, POLARSSL_CIPHER_BLOWFISH_CBC,
POLARSSL_CIPHER_BLOWFISH_CFB64, POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR, POLARSSL_CIPHER_BLOWFISH_CTR,
POLARSSL_CIPHER_ARC4_128,
} cipher_type_t; } cipher_type_t;
typedef enum { typedef enum {
POLARSSL_MODE_NONE = 0, POLARSSL_MODE_NONE = 0,
POLARSSL_MODE_NULL, POLARSSL_MODE_ECB,
POLARSSL_MODE_CBC, POLARSSL_MODE_CBC,
POLARSSL_MODE_CFB, POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB, POLARSSL_MODE_OFB,
POLARSSL_MODE_CTR, POLARSSL_MODE_CTR,
POLARSSL_MODE_GCM,
POLARSSL_MODE_STREAM,
} cipher_mode_t; } cipher_mode_t;
typedef enum { typedef enum {
POLARSSL_PADDING_PKCS7 = 0, /**< PKCS7 padding (default) */
POLARSSL_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding */
POLARSSL_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding */
POLARSSL_PADDING_ZEROS, /**< zero padding (not reversible!) */
POLARSSL_PADDING_NONE, /**< never pad (full blocks only) */
} cipher_padding_t;
typedef enum {
POLARSSL_OPERATION_NONE = -1, POLARSSL_OPERATION_NONE = -1,
POLARSSL_DECRYPT = 0, POLARSSL_DECRYPT = 0,
POLARSSL_ENCRYPT, POLARSSL_ENCRYPT,
} operation_t; } operation_t;
enum { enum {
/** Undefined key length */ /** Undefined key length */
POLARSSL_KEY_LENGTH_NONE = 0, POLARSSL_KEY_LENGTH_NONE = 0,
/** Key length, in bits (including parity), for DES keys */ /** Key length, in bits (including parity), for DES keys */
POLARSSL_KEY_LENGTH_DES = 64, POLARSSL_KEY_LENGTH_DES = 64,
skipping to change at line 124 skipping to change at line 164
}; };
/** /**
* Base cipher information. The non-mode specific functions and values. * Base cipher information. The non-mode specific functions and values.
*/ */
typedef struct { typedef struct {
/** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */ /** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */
cipher_id_t cipher; cipher_id_t cipher;
/** Encrypt using ECB */
int (*ecb_func)( void *ctx, operation_t mode,
const unsigned char *input, unsigned char *output );
/** Encrypt using CBC */ /** Encrypt using CBC */
int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned c har *iv, int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned c har *iv,
const unsigned char *input, unsigned char *output ); const unsigned char *input, unsigned char *output );
/** Encrypt using CFB (Full length) */ /** Encrypt using CFB (Full length) */
int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv _off, int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv _off,
unsigned char *iv, const unsigned char *input, unsigned char *o utput ); unsigned char *iv, const unsigned char *input, unsigned char *o utput );
/** Encrypt using CTR */ /** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned cha r *nonce_counter, int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned cha r *nonce_counter,
unsigned char *stream_block, const unsigned char *input, unsign ed char *output ); unsigned char *stream_block, const unsigned char *input, unsign ed char *output );
/** Encrypt using STREAM */
int (*stream_func)( void *ctx, size_t length,
const unsigned char *input, unsigned char *output )
;
/** Set key for encryption purposes */ /** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned i nt key_length); int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned i nt key_length);
/** Set key for decryption purposes */ /** Set key for decryption purposes */
int (*setkey_dec_func)( void *ctx, const unsigned char *key, unsigned i nt key_length); int (*setkey_dec_func)( void *ctx, const unsigned char *key, unsigned i nt key_length);
/** Allocate a new context */ /** Allocate a new context */
void * (*ctx_alloc_func)( void ); void * (*ctx_alloc_func)( void );
/** Free the given context */ /** Free the given context */
skipping to change at line 167 skipping to change at line 215
/** Cipher mode (e.g. POLARSSL_MODE_CBC) */ /** Cipher mode (e.g. POLARSSL_MODE_CBC) */
cipher_mode_t mode; cipher_mode_t mode;
/** Cipher key length, in bits (default length for variable sized ciphe rs) /** Cipher key length, in bits (default length for variable sized ciphe rs)
* (Includes parity bits for ciphers like DES) */ * (Includes parity bits for ciphers like DES) */
unsigned int key_length; unsigned int key_length;
/** Name of the cipher */ /** Name of the cipher */
const char * name; const char * name;
/** IV size, in bytes */ /** IV/NONCE size, in bytes.
* For cipher that accept many sizes: recommended size */
unsigned int iv_size; unsigned int iv_size;
/** Flag for ciphers that accept many sizes of IV/NONCE */
int accepts_variable_iv_size;
/** block size, in bytes */ /** block size, in bytes */
unsigned int block_size; unsigned int block_size;
/** Base cipher information and functions */ /** Base cipher information and functions */
const cipher_base_t *base; const cipher_base_t *base;
} cipher_info_t; } cipher_info_t;
/** /**
* Generic cipher context. * Generic cipher context.
skipping to change at line 191 skipping to change at line 243
typedef struct { typedef struct {
/** Information about the associated cipher */ /** Information about the associated cipher */
const cipher_info_t *cipher_info; const cipher_info_t *cipher_info;
/** Key length to use */ /** Key length to use */
int key_length; int key_length;
/** Operation that the context's key has been initialised for */ /** Operation that the context's key has been initialised for */
operation_t operation; operation_t operation;
/** Padding functions to use, if relevant for cipher mode */
void (*add_padding)( unsigned char *output, size_t olen, size_t data_le
n );
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len
);
/** Buffer for data that hasn't been encrypted yet */ /** Buffer for data that hasn't been encrypted yet */
unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH]; unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH];
/** Number of bytes that still need processing */ /** Number of bytes that still need processing */
size_t unprocessed_len; size_t unprocessed_len;
/** Current IV or NONCE_COUNTER for CTR-mode */ /** Current IV or NONCE_COUNTER for CTR-mode */
unsigned char iv[POLARSSL_MAX_IV_LENGTH]; unsigned char iv[POLARSSL_MAX_IV_LENGTH];
/** IV size in bytes (for ciphers with variable-length IVs) */
size_t iv_size;
/** Cipher-specific context */ /** Cipher-specific context */
void *cipher_ctx; void *cipher_ctx;
} cipher_context_t; } cipher_context_t;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Returns the list of ciphers supported by the generic cipher modul e. * \brief Returns the list of ciphers supported by the generic cipher modul e.
* *
* \return a statically allocated array of ciphers, the last e ntry * \return a statically allocated array of ciphers, the last e ntry
* is 0. * is 0.
*/ */
const int *cipher_list( void ); const int *cipher_list( void );
/** /**
* \brief Returns the cipher information structure associated * \brief Returns the cipher information structure associated
skipping to change at line 239 skipping to change at line 294
* with the given cipher type. * with the given cipher type.
* *
* \param cipher_type Type of the cipher to search for. * \param cipher_type Type of the cipher to search for.
* *
* \return the cipher information structure associated with th e * \return the cipher information structure associated with th e
* given cipher_type, or NULL if not found. * given cipher_type, or NULL if not found.
*/ */
const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type ); const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type );
/** /**
* \brief Returns the cipher information structure associated
* with the given cipher id, key size and mode.
*
* \param cipher_id Id of the cipher to search for
* (e.g. POLARSSL_CIPHER_ID_AES)
* \param key_length Length of the key in bits
* \param mode Cipher mode (e.g. POLARSSL_MODE_CBC)
*
* \return the cipher information structure associated with th
e
* given cipher_type, or NULL if not found.
*/
const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
int key_length,
const cipher_mode_t mode );
/**
* \brief Initialises and fills the cipher context structure with * \brief Initialises and fills the cipher context structure with
* the appropriate values. * the appropriate values.
* *
* \param ctx context to initialise. May not be NULL. * \param ctx context to initialise. May not be NULL.
* \param cipher_info cipher to use. * \param cipher_info cipher to use.
* *
* \return \c 0 on success, * \return \c 0 on success,
* \c POLARSSL_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, * \c POLARSSL_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
* \c POLARSSL_ERR_CIPHER_ALLOC_FAILED if allocation o f the * \c POLARSSL_ERR_CIPHER_ALLOC_FAILED if allocation o f the
* cipher-specific context failed. * cipher-specific context failed.
skipping to change at line 297 skipping to change at line 368
*/ */
static inline cipher_mode_t cipher_get_cipher_mode( const cipher_context_t *ctx ) static inline cipher_mode_t cipher_get_cipher_mode( const cipher_context_t *ctx )
{ {
if( NULL == ctx || NULL == ctx->cipher_info ) if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_MODE_NONE; return POLARSSL_MODE_NONE;
return ctx->cipher_info->mode; return ctx->cipher_info->mode;
} }
/** /**
* \brief Returns the size of the cipher's IV. * \brief Returns the size of the cipher's IV/NONCE in bytes.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return size of the cipher's IV, or 0 if ctx has not been * \return If IV has not been set yet: (recommended) IV size
* initialised. * (0 for ciphers not using IV/NONCE).
* If IV has already been set: actual size.
*/ */
static inline int cipher_get_iv_size( const cipher_context_t *ctx ) static inline int cipher_get_iv_size( const cipher_context_t *ctx )
{ {
if( NULL == ctx || NULL == ctx->cipher_info ) if( NULL == ctx || NULL == ctx->cipher_info )
return 0; return 0;
if( ctx->iv_size != 0 )
return ctx->iv_size;
return ctx->cipher_info->iv_size; return ctx->cipher_info->iv_size;
} }
/** /**
* \brief Returns the type of the given cipher. * \brief Returns the type of the given cipher.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return type of the cipher, or POLARSSL_CIPHER_NONE if ctx has * \return type of the cipher, or POLARSSL_CIPHER_NONE if ctx has
* not been initialised. * not been initialised.
skipping to change at line 354 skipping to change at line 429
* \brief Returns the key length of the cipher. * \brief Returns the key length of the cipher.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return cipher's key length, in bits, or * \return cipher's key length, in bits, or
* POLARSSL_KEY_LENGTH_NONE if ctx has not been * POLARSSL_KEY_LENGTH_NONE if ctx has not been
* initialised. * initialised.
*/ */
static inline int cipher_get_key_size ( const cipher_context_t *ctx ) static inline int cipher_get_key_size ( const cipher_context_t *ctx )
{ {
if( NULL == ctx ) if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_KEY_LENGTH_NONE; return POLARSSL_KEY_LENGTH_NONE;
return ctx->key_length; return ctx->cipher_info->key_length;
} }
/** /**
* \brief Returns the operation of the given cipher. * \brief Returns the operation of the given cipher.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return operation (POLARSSL_ENCRYPT or POLARSSL_DECRYPT), * \return operation (POLARSSL_ENCRYPT or POLARSSL_DECRYPT),
* or POLARSSL_OPERATION_NONE if ctx has not been * or POLARSSL_OPERATION_NONE if ctx has not been
* initialised. * initialised.
skipping to change at line 395 skipping to change at line 470
* \param operation Operation that the key will be used for, either * \param operation Operation that the key will be used for, either
* POLARSSL_ENCRYPT or POLARSSL_DECRYPT. * POLARSSL_ENCRYPT or POLARSSL_DECRYPT.
* *
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
* parameter verification fails or a cipher specific * parameter verification fails or a cipher specific
* error code. * error code.
*/ */
int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int key _length, int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int key _length,
const operation_t operation ); const operation_t operation );
#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
/** /**
* \brief Reset the given context, setting the IV to iv * \brief Set padding mode, for cipher modes that use padding
.
* (Default: PKCS7 padding.)
*
* \param ctx generic cipher context
* \param mode padding mode
*
* \returns 0 on success, POLARSSL_ERR_CIPHER_FEATURE_UNAVAILAB
LE
* if selected padding mode is not supported, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if the cipher mo
de
* does not support padding.
*/
int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
;
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
/**
* \brief Set the initialization vector (IV) or nonce
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
*
* \returns O on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
*
* \note Some ciphers don't use IVs nor NONCE. For these
* ciphers, this function has no effect.
*/
int cipher_set_iv( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len );
/**
* \brief Finish preparation of the given context
* *
* \param ctx generic cipher context * \param ctx generic cipher context
* \param iv IV to use or NONCE_COUNTER in the case of a CTR-mod e cipher
* *
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
* if parameter verification fails. * if parameter verification fails.
*/ */
int cipher_reset( cipher_context_t *ctx, const unsigned char *iv ); int cipher_reset( cipher_context_t *ctx );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
/**
* \brief Add additional data (for AEAD ciphers).
* This function has no effect for non-AEAD ciphers.
* For AEAD ciphers, it may or may not be called
* repeatedly, and/or interleaved with calls to
* cipher_udpate(), depending on the cipher.
* E.g. for GCM is must be called exactly once, right
* after cipher_reset().
*
* \param ctx generic cipher context
* \param ad Additional data to use.
* \param ad_len Length of ad.
*
* \returns 0 on success, or a specific error code.
*/
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
/** /**
* \brief Generic cipher update function. Encrypts/decrypts * \brief Generic cipher update function. Encrypts/decrypts
* using the given cipher context. Writes as many bloc k * using the given cipher context. Writes as many bloc k
* size'd blocks of data as possible to output. Any da ta * size'd blocks of data as possible to output. Any da ta
* that cannot be written immediately will either be a dded * that cannot be written immediately will either be a dded
* to the next block, or flushed when cipher_final is * to the next block, or flushed when cipher_final is
* called. * called.
* Exception: for POLARSSL_MODE_ECB, expects single bl
ock
* in size (e.g. 16 bytes for AES)
* *
* \param ctx generic cipher context * \param ctx generic cipher context
* \param input buffer holding the input data * \param input buffer holding the input data
* \param ilen length of the input data * \param ilen length of the input data
* \param output buffer for the output data. Should be able to hold at * \param output buffer for the output data. Should be able to hold at
* least ilen + block_size. Cannot be the same buffer as * least ilen + block_size. Cannot be the same buffer as
* input! * input!
* \param olen length of the output data, will be filled with the * \param olen length of the output data, will be filled with the
* actual number of bytes written. * actual number of bytes written.
* *
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
* parameter verification fails, * parameter verification fails,
* POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE on an * POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE on an
* unsupported mode for a cipher or a cipher specific * unsupported mode for a cipher or a cipher specific
* error code. * error code.
*
* \note If the underlying cipher is GCM, all calls to this
* function, except the last one before cipher_finish(
),
* must have ilen a multiple of the block size.
*/ */
int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_ t ilen, int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_ t ilen,
unsigned char *output, size_t *olen ); unsigned char *output, size_t *olen );
/** /**
* \brief Generic cipher finalisation function. If data still * \brief Generic cipher finalisation function. If data still
* needs to be flushed from an incomplete block, data * needs to be flushed from an incomplete block, data
* contained within it will be padded with the size of * contained within it will be padded with the size of
* the last block, and written to the output buffer. * the last block, and written to the output buffer.
* *
* \param ctx Generic cipher context * \param ctx Generic cipher context
* \param output buffer to write data to. Needs block_size data avai lable. * \param output buffer to write data to. Needs block_size available .
* \param olen length of the data written to the output buffer. * \param olen length of the data written to the output buffer.
* *
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
* parameter verification fails, * parameter verification fails,
* POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED if decrypti on * POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED if decrypti on
* expected a full block but was not provided one, * expected a full block but was not provided one,
* POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padd ing * POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padd ing
* while decrypting or a cipher specific error code. * while decrypting or a cipher specific error code.
*/ */
int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *ol int cipher_finish( cipher_context_t *ctx,
en); unsigned char *output, size_t *olen );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
/**
* \brief Write tag for AEAD ciphers.
* No effect for other ciphers.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag buffer to write the tag
* \param tag_len Length of the tag to write
*
* \return 0 on success, or a specific error code.
*/
int cipher_write_tag( cipher_context_t *ctx,
unsigned char *tag, size_t tag_len );
/**
* \brief Check tag for AEAD ciphers.
* No effect for other ciphers.
* Calling time depends on the cipher:
* for GCM, must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag Buffer holding the tag
* \param tag_len Length of the tag to check
*
* \return 0 on success, or a specific error code.
*/
int cipher_check_tag( cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int cipher_self_test( int verbose ); int cipher_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* POLARSSL_MD_H */ #endif /* POLARSSL_CIPHER_H */
 End of changes. 36 change blocks. 
18 lines changed or deleted 192 lines changed or added


 cipher_wrap.h   cipher_wrap.h 
/** /**
* \file cipher_wrap.h * \file cipher_wrap.h
* *
* \brief Cipher wrappers. * \brief Cipher wrappers.
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
* *
* Copyright (C) 2006-2012, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 39 skipping to change at line 39
#ifndef POLARSSL_CIPHER_WRAP_H #ifndef POLARSSL_CIPHER_WRAP_H
#define POLARSSL_CIPHER_WRAP_H #define POLARSSL_CIPHER_WRAP_H
#include "config.h" #include "config.h"
#include "cipher.h" #include "cipher.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if defined(POLARSSL_AES_C) typedef struct
{
cipher_type_t type;
const cipher_info_t *info;
} cipher_definition_t;
extern const cipher_info_t aes_128_cbc_info; extern const cipher_definition_t cipher_definitions[];
extern const cipher_info_t aes_192_cbc_info;
extern const cipher_info_t aes_256_cbc_info;
#if defined(POLARSSL_CIPHER_MODE_CFB) extern int supported_ciphers[];
extern const cipher_info_t aes_128_cfb128_info;
extern const cipher_info_t aes_192_cfb128_info;
extern const cipher_info_t aes_256_cfb128_info;
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
extern const cipher_info_t aes_128_ctr_info;
extern const cipher_info_t aes_192_ctr_info;
extern const cipher_info_t aes_256_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* defined(POLARSSL_AES_C) */
#if defined(POLARSSL_CAMELLIA_C)
extern const cipher_info_t camellia_128_cbc_info;
extern const cipher_info_t camellia_192_cbc_info;
extern const cipher_info_t camellia_256_cbc_info;
#if defined(POLARSSL_CIPHER_MODE_CFB)
extern const cipher_info_t camellia_128_cfb128_info;
extern const cipher_info_t camellia_192_cfb128_info;
extern const cipher_info_t camellia_256_cfb128_info;
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
extern const cipher_info_t camellia_128_ctr_info;
extern const cipher_info_t camellia_192_ctr_info;
extern const cipher_info_t camellia_256_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* defined(POLARSSL_CAMELLIA_C) */
#if defined(POLARSSL_DES_C)
extern const cipher_info_t des_cbc_info;
extern const cipher_info_t des_ede_cbc_info;
extern const cipher_info_t des_ede3_cbc_info;
#endif /* defined(POLARSSL_DES_C) */
#if defined(POLARSSL_BLOWFISH_C)
extern const cipher_info_t blowfish_cbc_info;
#if defined(POLARSSL_CIPHER_MODE_CFB)
extern const cipher_info_t blowfish_cfb64_info;
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
extern const cipher_info_t blowfish_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* defined(POLARSSL_BLOWFISH_C) */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
extern const cipher_info_t null_cipher_info;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* POLARSSL_CIPHER_WRAP_H */ #endif /* POLARSSL_CIPHER_WRAP_H */
 End of changes. 4 change blocks. 
62 lines changed or deleted 8 lines changed or added


 config.h   config.h 
skipping to change at line 74 skipping to change at line 74
* \def POLARSSL_HAVE_LONGLONG * \def POLARSSL_HAVE_LONGLONG
* *
* The compiler supports the 'long long' type. * The compiler supports the 'long long' type.
* (Only used on 32-bit platforms) * (Only used on 32-bit platforms)
*/ */
#define POLARSSL_HAVE_LONGLONG #define POLARSSL_HAVE_LONGLONG
/** /**
* \def POLARSSL_HAVE_ASM * \def POLARSSL_HAVE_ASM
* *
* The compiler has support for asm() * The compiler has support for asm().
*
* Uncomment to enable the use of assembly code.
* *
* Requires support for asm() in compiler. * Requires support for asm() in compiler.
* *
* Used in: * Used in:
* library/timing.c * library/timing.c
* library/padlock.c * library/padlock.c
* include/polarssl/bn_mul.h * include/polarssl/bn_mul.h
* *
* Comment to disable the use of assembly code.
*/ */
#define POLARSSL_HAVE_ASM #define POLARSSL_HAVE_ASM
/** /**
* \def POLARSSL_HAVE_SSE2 * \def POLARSSL_HAVE_SSE2
* *
* CPU supports SSE2 instruction set. * CPU supports SSE2 instruction set.
* *
* Uncomment if the CPU supports SSE2 (IA-32 specific). * Uncomment if the CPU supports SSE2 (IA-32 specific).
*
#define POLARSSL_HAVE_SSE2 #define POLARSSL_HAVE_SSE2
*/ */
/* \} name */
/**
* \def POLARSSL_HAVE_TIME
*
* System has time.h and time() / localtime() / gettimeofday().
*
* Comment if your system does not support time functions
*/
#define POLARSSL_HAVE_TIME
/* \} name SECTION: System support */
/** /**
* \name SECTION: PolarSSL feature support * \name SECTION: PolarSSL feature support
* *
* This section sets support for features that are or are not needed * This section sets support for features that are or are not needed
* within the modules that are enabled. * within the modules that are enabled.
* \{ * \{
*/ */
/** /**
skipping to change at line 132 skipping to change at line 139
#define POLARSSL_AES_ALT #define POLARSSL_AES_ALT
#define POLARSSL_ARC4_ALT #define POLARSSL_ARC4_ALT
#define POLARSSL_BLOWFISH_ALT #define POLARSSL_BLOWFISH_ALT
#define POLARSSL_CAMELLIA_ALT #define POLARSSL_CAMELLIA_ALT
#define POLARSSL_DES_ALT #define POLARSSL_DES_ALT
#define POLARSSL_XTEA_ALT #define POLARSSL_XTEA_ALT
#define POLARSSL_MD2_ALT #define POLARSSL_MD2_ALT
#define POLARSSL_MD4_ALT #define POLARSSL_MD4_ALT
#define POLARSSL_MD5_ALT #define POLARSSL_MD5_ALT
#define POLARSSL_SHA1_ALT #define POLARSSL_SHA1_ALT
#define POLARSSL_SHA2_ALT #define POLARSSL_SHA256_ALT
#define POLARSSL_SHA4_ALT #define POLARSSL_SHA512_ALT
*/ */
/** /**
* \def POLARSSL_AES_ROM_TABLES * \def POLARSSL_AES_ROM_TABLES
* *
* Store the AES tables in ROM. * Store the AES tables in ROM.
* *
* Uncomment this macro to store the AES tables in ROM. * Uncomment this macro to store the AES tables in ROM.
* *
#define POLARSSL_AES_ROM_TABLES #define POLARSSL_AES_ROM_TABLES
*/ */
/** /**
* \def POLARSSL_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
*/
#define POLARSSL_CIPHER_MODE_CBC
/**
* \def POLARSSL_CIPHER_MODE_CFB * \def POLARSSL_CIPHER_MODE_CFB
* *
* Enable Cipher Feedback mode (CFB) for symmetric ciphers. * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
*/ */
#define POLARSSL_CIPHER_MODE_CFB #define POLARSSL_CIPHER_MODE_CFB
/** /**
* \def POLARSSL_CIPHER_MODE_CTR * \def POLARSSL_CIPHER_MODE_CTR
* *
* Enable Counter Block Cipher mode (CTR) for symmetric ciphers. * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
skipping to change at line 172 skipping to change at line 186
* *
* Enable NULL cipher. * Enable NULL cipher.
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security! * encryption or channels without any security!
* *
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites: * the following ciphersuites:
* TLS_RSA_WITH_NULL_MD5 * TLS_RSA_WITH_NULL_MD5
* TLS_RSA_WITH_NULL_SHA * TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256 * TLS_RSA_WITH_NULL_SHA256
* TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_PSK_WITH_NULL
* TLS_PSK_WITH_NULL256
* TLS_PSK_WITH_NULL384
* TLS_DHE_PSK_WITH_NULL
* TLS_DHE_PSK_WITH_NULL256
* TLS_DHE_PSK_WITH_NULL384
* TLS_RSA_PSK_WITH_NULL
* TLS_RSA_PSK_WITH_NULL256
* TLS_RSA_PSK_WITH_NULL384
* *
* Uncomment this macro to enable the NULL cipher and ciphersuites * Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER #define POLARSSL_CIPHER_NULL_CIPHER
*/ */
/** /**
* \def POLARSSL_CIPHER_PADDING_XXX
*
* Uncomment or comment macros to add support for specific padding modes
* in the cipher layer with cipher modes that support padding (e.g. CBC)
*
* If you disable all padding modes, only full blocks can be used with CBC.
*
* Enable padding modes in the cipher layer.
*/
#define POLARSSL_CIPHER_PADDING_PKCS7
#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
#define POLARSSL_CIPHER_PADDING_ZEROS
/**
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
* *
* Enable weak ciphersuites in SSL / TLS * Enable weak ciphersuites in SSL / TLS.
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* channels with virtually no security at all! * channels with virtually no security at all!
* *
* This enables the following ciphersuites: * This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA * TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA * TLS_DHE_RSA_WITH_DES_CBC_SHA
* *
* Uncomment this macro to enable weak ciphersuites * Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES #define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/ */
/** /**
* \def POLARSSL_ECP_XXXX_ENABLED
*
* Enables specific curves within the Elliptic Curve module.
* By default all supported curves are enables.
*
* Comment macros to disable the curve and functions for it
*/
#define POLARSSL_ECP_DP_SECP192R1_ENABLED
#define POLARSSL_ECP_DP_SECP224R1_ENABLED
#define POLARSSL_ECP_DP_SECP256R1_ENABLED
#define POLARSSL_ECP_DP_SECP384R1_ENABLED
#define POLARSSL_ECP_DP_SECP521R1_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
*
* Enable the PSK based ciphersuite modes in SSL / TLS.
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
*
* Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_DHM_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_DHE_PSK_WITH_RC4_128_SHA
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
*
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
* (NOT YET IMPLEMENTED)
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
*/
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
*
* Enable the RSA-only based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
*
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
*
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/**
* \def POLARSSL_ERROR_STRERROR_BC
*
* Make available the backward compatible error_strerror() next to the
* current polarssl_strerror().
*
* Disable if you run into name conflicts and want to really remove the
* error_strerror()
*/
#define POLARSSL_ERROR_STRERROR_BC
/**
* \def POLARSSL_ERROR_STRERROR_DUMMY * \def POLARSSL_ERROR_STRERROR_DUMMY
* *
* Enable a dummy error function to make use of error_strerror() in * Enable a dummy error function to make use of polarssl_strerror() in
* third party libraries easier. * third party libraries easier.
* *
* Disable if you run into name conflicts and want to really remove the * Disable if you run into name conflicts and want to really remove the
* error_strerror() * polarssl_strerror()
*/ */
#define POLARSSL_ERROR_STRERROR_DUMMY #define POLARSSL_ERROR_STRERROR_DUMMY
/** /**
* \def POLARSSL_GENPRIME * \def POLARSSL_GENPRIME
* *
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * Enable the prime-number generation code.
* *
* Enable the RSA prime-number generation code. * Requires: POLARSSL_BIGNUM_C
*/ */
#define POLARSSL_GENPRIME #define POLARSSL_GENPRIME
/** /**
* \def POLARSSL_FS_IO * \def POLARSSL_FS_IO
* *
* Enable functions that use the filesystem. * Enable functions that use the filesystem.
*/ */
#define POLARSSL_FS_IO #define POLARSSL_FS_IO
skipping to change at line 244 skipping to change at line 460
* *
* Do not use built-in platform entropy functions. * Do not use built-in platform entropy functions.
* This is useful if your platform does not support * This is useful if your platform does not support
* standards like the /dev/urandom or Windows CryptoAPI. * standards like the /dev/urandom or Windows CryptoAPI.
* *
* Uncomment this macro to disable the built-in platform entropy functions. * Uncomment this macro to disable the built-in platform entropy functions.
#define POLARSSL_NO_PLATFORM_ENTROPY #define POLARSSL_NO_PLATFORM_ENTROPY
*/ */
/** /**
* \def POLARSSL_MEMORY_DEBUG
*
* Enable debugging of buffer allocator memory issues. Automatically prints
* (to stderr) all (fatal) messages on memory allocation issues. Enables
* function for 'debug output' of allocated memory.
*
* Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
* fprintf()
*
* Uncomment this macro to let the buffer allocator print out error message
s.
#define POLARSSL_MEMORY_DEBUG
*/
/**
* \def POLARSSL_MEMORY_BACKTRACE
*
* Include backtrace information with each allocated block.
*
* Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
* GLIBC-compatible backtrace() an backtrace_symbols() support
*
* Uncomment this macro to include backtrace information
#define POLARSSL_MEMORY_BACKTRACE
*/
/**
* \def POLARSSL_PKCS1_V15
*
* Enable support for PKCS#1 v1.5 encoding.
*
* Requires: POLARSSL_RSA_C
*
* This enables support for PKCS#1 v1.5 operations.
*/
#define POLARSSL_PKCS1_V15
/**
* \def POLARSSL_PKCS1_V21 * \def POLARSSL_PKCS1_V21
* *
* Enable support for PKCS#1 v2.1 encoding.
*
* Requires: POLARSSL_MD_C, POLARSSL_RSA_C * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
* *
* Enable support for PKCS#1 v2.1 encoding.
* This enables support for RSAES-OAEP and RSASSA-PSS operations. * This enables support for RSAES-OAEP and RSASSA-PSS operations.
*/ */
#define POLARSSL_PKCS1_V21 #define POLARSSL_PKCS1_V21
/** /**
* \def POLARSSL_RSA_NO_CRT * \def POLARSSL_RSA_NO_CRT
* *
* Do not use the Chinese Remainder Theorem for the RSA private operation. * Do not use the Chinese Remainder Theorem for the RSA private operation.
* *
* Uncomment this macro to disable the use of CRT in RSA. * Uncomment this macro to disable the use of CRT in RSA.
skipping to change at line 314 skipping to change at line 568
* individual records. * individual records.
* *
* Uncomment this macro to enable hooking functions. * Uncomment this macro to enable hooking functions.
#define POLARSSL_SSL_HW_RECORD_ACCEL #define POLARSSL_SSL_HW_RECORD_ACCEL
*/ */
/** /**
* \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
* *
* Enable support for receiving and parsing SSLv2 Client Hello messages for the * Enable support for receiving and parsing SSLv2 Client Hello messages for the
* SSL Server module (POLARSSL_SSL_SRV_C) * SSL Server module (POLARSSL_SSL_SRV_C).
* *
* Comment this macro to disable support for SSLv2 Client Hello messages. * Comment this macro to disable support for SSLv2 Client Hello messages.
*/ */
#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
/** /**
* \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
*
* Enable support for RFC 6066 max_fragment_length extension in SSL.
*
* Comment this macro to disable support for the max_fragment_length extens
ion
*/
#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
/**
* \def POLARSSL_SSL_PROTO_SSL3
*
* Enable support for SSL 3.0.
*
* Requires: POLARSSL_MD5_C
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for SSL 3.0
*/
#define POLARSSL_SSL_PROTO_SSL3
/**
* \def POLARSSL_SSL_PROTO_TLS1
*
* Enable support for TLS 1.0.
*
* Requires: POLARSSL_MD5_C
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for TLS 1.0
*/
#define POLARSSL_SSL_PROTO_TLS1
/**
* \def POLARSSL_SSL_PROTO_TLS1_1
*
* Enable support for TLS 1.1.
*
* Requires: POLARSSL_MD5_C
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for TLS 1.1
*/
#define POLARSSL_SSL_PROTO_TLS1_1
/**
* \def POLARSSL_SSL_PROTO_TLS1_2
*
* Enable support for TLS 1.2.
*
* Requires: POLARSSL_SHA256_C or POLARSSL_SHA512_C
* (Depends on ciphersuites)
*
* Comment this macro to disable support for TLS 1.2
*/
#define POLARSSL_SSL_PROTO_TLS1_2
/**
* \def POLARSSL_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL.
*
* Requires: POLARSSL_AES_C
* POLARSSL_SHA256_C
* POLARSSL_CIPHER_MODE_CBC
*
* Comment this macro to disable support for SSL session tickets
*/
#define POLARSSL_SSL_SESSION_TICKETS
/**
* \def POLARSSL_SSL_SERVER_NAME_INDICATION
*
* Enable support for RFC 6066 server name indication (SNI) in SSL.
*
* Comment this macro to disable support for server name indication in SSL
*/
#define POLARSSL_SSL_SERVER_NAME_INDICATION
/**
* \def POLARSSL_SSL_TRUNCATED_HMAC
*
* Enable support for RFC 6066 truncated HMAC in SSL.
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
#define POLARSSL_SSL_TRUNCATED_HMAC
/**
* \def POLARSSL_THREADING_ALT
*
* Provide your own alternate threading implementation.
*
* Requires: POLARSSL_THREADING_C
*
* Uncomment this to allow your own alternate threading implementation.
#define POLARSSL_THREADING_ALT
*/
/**
* \def POLARSSL_THREADING_DUMMY
*
* Provide a dummy threading implementation.
* Warning: If you use this, all claims of thread-safety in the documentati
on
* are void!
*
* Requires: POLARSSL_THREADING_C
*
* Uncomment this to enable code to compile like with threading enabled
#define POLARSSL_THREADING_DUMMY
*/
/**
* \def POLARSSL_THREADING_PTHREAD
*
* Enable the pthread wrapper layer for the threading layer.
*
* Requires: POLARSSL_THREADING_C
*
* Uncomment this to enable pthread mutexes.
#define POLARSSL_THREADING_PTHREAD
*/
/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
*
* If set, the X509 parser will not break-off when parsing an X509 certific
ate
* and encountering an extension in a v1 or v2 certificate.
*
* Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
*/
/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
* *
* If set, the X509 parser will not break-off when parsing an X509 certific ate * If set, the X509 parser will not break-off when parsing an X509 certific ate
* and encountering an unknown critical extension. * and encountering an unknown critical extension.
* *
* Uncomment to prevent an error. * Uncomment to prevent an error.
* *
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION #define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/ */
skipping to change at line 346 skipping to change at line 734
* *
* Used in: library/ssl_tls.c * Used in: library/ssl_tls.c
* library/ssl_cli.c * library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* This feature requires zlib library and headers to be present. * This feature requires zlib library and headers to be present.
* *
* Uncomment to enable use of ZLIB * Uncomment to enable use of ZLIB
#define POLARSSL_ZLIB_SUPPORT #define POLARSSL_ZLIB_SUPPORT
*/ */
/* \} name */ /* \} name SECTION: PolarSSL feature support */
/** /**
* \name SECTION: PolarSSL modules * \name SECTION: PolarSSL modules
* *
* This section enables or disables entire modules in PolarSSL * This section enables or disables entire modules in PolarSSL
* \{ * \{
*/ */
/** /**
* \def POLARSSL_AES_C * \def POLARSSL_AES_C
skipping to change at line 377 skipping to change at line 765
* TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384 * TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_CBC_SHA
* *
* PEM uses AES for decrypting encrypted keys. * PEM_PARSE uses AES for decrypting encrypted keys.
*/ */
#define POLARSSL_AES_C #define POLARSSL_AES_C
/** /**
* \def POLARSSL_ARC4_C * \def POLARSSL_ARC4_C
* *
* Enable the ARCFOUR stream cipher. * Enable the ARCFOUR stream cipher.
* *
* Module: library/arc4.c * Module: library/arc4.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_RC4_128_MD5 * TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_RC4_128_SHA * TLS_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_PSK_WITH_RC4_128_SHA
*/ */
#define POLARSSL_ARC4_C #define POLARSSL_ARC4_C
/** /**
* \def POLARSSL_ASN1_PARSE_C * \def POLARSSL_ASN1_PARSE_C
* *
* Enable the generic ASN1 parser. * Enable the generic ASN1 parser.
* *
* Module: library/asn1.c * Module: library/asn1.c
* Caller: library/x509parse.c * Caller: library/x509.c
* library/dhm.c
* library/pkcs12.c
* library/pkcs5.c
* library/pkparse.c
*/ */
#define POLARSSL_ASN1_PARSE_C #define POLARSSL_ASN1_PARSE_C
/** /**
* \def POLARSSL_ASN1_WRITE_C * \def POLARSSL_ASN1_WRITE_C
* *
* Enable the generic ASN1 writer. * Enable the generic ASN1 writer.
* *
* Module: library/asn1write.c * Module: library/asn1write.c
* Caller: library/ecdsa.c
* library/pkwrite.c
* library/x509_create.c
* library/x509write_crt.c
* library/x509write_csr.c
*/ */
#define POLARSSL_ASN1_WRITE_C #define POLARSSL_ASN1_WRITE_C
/** /**
* \def POLARSSL_BASE64_C * \def POLARSSL_BASE64_C
* *
* Enable the Base64 module. * Enable the Base64 module.
* *
* Module: library/base64.c * Module: library/base64.c
* Caller: library/pem.c * Caller: library/pem.c
skipping to change at line 434 skipping to change at line 838
*/ */
#define POLARSSL_BASE64_C #define POLARSSL_BASE64_C
/** /**
* \def POLARSSL_BIGNUM_C * \def POLARSSL_BIGNUM_C
* *
* Enable the multi-precision integer library. * Enable the multi-precision integer library.
* *
* Module: library/bignum.c * Module: library/bignum.c
* Caller: library/dhm.c * Caller: library/dhm.c
* library/ecp.c
* library/rsa.c * library/rsa.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c
* *
* This module is required for RSA and DHM support. * This module is required for RSA and DHM support.
*/ */
#define POLARSSL_BIGNUM_C #define POLARSSL_BIGNUM_C
/** /**
* \def POLARSSL_BLOWFISH_C * \def POLARSSL_BLOWFISH_C
* *
* Enable the Blowfish block cipher. * Enable the Blowfish block cipher.
* *
skipping to change at line 490 skipping to change at line 894
* This module is used for testing (ssl_client/server). * This module is used for testing (ssl_client/server).
*/ */
#define POLARSSL_CERTS_C #define POLARSSL_CERTS_C
/** /**
* \def POLARSSL_CIPHER_C * \def POLARSSL_CIPHER_C
* *
* Enable the generic cipher layer. * Enable the generic cipher layer.
* *
* Module: library/cipher.c * Module: library/cipher.c
* Caller: * Caller: library/ssl_tls.c
* *
* Uncomment to enable generic cipher wrappers. * Uncomment to enable generic cipher wrappers.
*/ */
#define POLARSSL_CIPHER_C #define POLARSSL_CIPHER_C
/** /**
* \def POLARSSL_CTR_DRBG_C * \def POLARSSL_CTR_DRBG_C
* *
* Enable the CTR_DRBG AES-256-based random generator * Enable the CTR_DRBG AES-256-based random generator.
* *
* Module: library/ctr_drbg.c * Module: library/ctr_drbg.c
* Caller: * Caller:
* *
* Requires: POLARSSL_AES_C * Requires: POLARSSL_AES_C
* *
* This module provides the CTR_DRBG AES-256 random number generator. * This module provides the CTR_DRBG AES-256 random number generator.
*/ */
#define POLARSSL_CTR_DRBG_C #define POLARSSL_CTR_DRBG_C
skipping to change at line 537 skipping to change at line 941
* Enable the DES block cipher. * Enable the DES block cipher.
* *
* Module: library/des.c * Module: library/des.c
* Caller: library/pem.c * Caller: library/pem.c
* library/ssl_tls.c * library/ssl_tls.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_3DES_EDE_CBC_SHA * TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* *
* PEM uses DES/3DES for decrypting encrypted keys. * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*/ */
#define POLARSSL_DES_C #define POLARSSL_DES_C
/** /**
* \def POLARSSL_DHM_C * \def POLARSSL_DHM_C
* *
* Enable the Diffie-Hellman-Merkle key exchange. * Enable the Diffie-Hellman-Merkle key exchange.
* *
* Module: library/dhm.c * Module: library/dhm.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
skipping to change at line 569 skipping to change at line 975
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/ */
#define POLARSSL_DHM_C #define POLARSSL_DHM_C
/** /**
* \def POLARSSL_ECDH_C
*
* Enable the elliptic curve Diffie-Hellman library.
*
* Module: library/ecdh.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*
* Requires: POLARSSL_ECP_C
*/
#define POLARSSL_ECDH_C
/**
* \def POLARSSL_ECDSA_C
*
* Enable the elliptic curve DSA library.
*
* Module: library/ecdsa.c
* Caller:
*
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
*/
#define POLARSSL_ECDSA_C
/**
* \def POLARSSL_ECP_C
*
* Enable the elliptic curve over GF(p) library.
*
* Module: library/ecp.c
* Caller: library/ecdh.c
* library/ecdsa.c
*
* Requires: POLARSSL_BIGNUM_C
*/
#define POLARSSL_ECP_C
/**
* \def POLARSSL_ENTROPY_C * \def POLARSSL_ENTROPY_C
* *
* Enable the platform-specific entropy code. * Enable the platform-specific entropy code.
* *
* Module: library/entropy.c * Module: library/entropy.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SHA4_C * Requires: POLARSSL_SHA512_C
* *
* This module provides a generic entropy pool * This module provides a generic entropy pool
*/ */
#define POLARSSL_ENTROPY_C #define POLARSSL_ENTROPY_C
/** /**
* \def POLARSSL_ERROR_C * \def POLARSSL_ERROR_C
* *
* Enable error code to error string conversion. * Enable error code to error string conversion.
* *
* Module: library/error.c * Module: library/error.c
* Caller: * Caller:
* *
* This module enables err_strerror(). * This module enables err_strerror().
*/ */
#define POLARSSL_ERROR_C #define POLARSSL_ERROR_C
/** /**
* \def POLARSSL_GCM_C * \def POLARSSL_GCM_C
* *
* Enable the Galois/Counter Mode (GCM) for AES * Enable the Galois/Counter Mode (GCM) for AES.
* *
* Module: library/gcm.c * Module: library/gcm.c
* *
* Requires: POLARSSL_AES_C * Requires: POLARSSL_AES_C
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384 * TLS_RSA_WITH_AES_256_GCM_SHA384
*/ */
skipping to change at line 648 skipping to change at line 1100
* Module: library/md.c * Module: library/md.c
* Caller: * Caller:
* *
* Uncomment to enable generic message digest wrappers. * Uncomment to enable generic message digest wrappers.
*/ */
#define POLARSSL_MD_C #define POLARSSL_MD_C
/** /**
* \def POLARSSL_MD2_C * \def POLARSSL_MD2_C
* *
* Enable the MD2 hash algorithm * Enable the MD2 hash algorithm.
* *
* Module: library/md2.c * Module: library/md2.c
* Caller: library/x509parse.c * Caller:
* *
* Uncomment to enable support for (rare) MD2-signed X.509 certs. * Uncomment to enable support for (rare) MD2-signed X.509 certs.
* *
#define POLARSSL_MD2_C #define POLARSSL_MD2_C
*/ */
/** /**
* \def POLARSSL_MD4_C * \def POLARSSL_MD4_C
* *
* Enable the MD4 hash algorithm * Enable the MD4 hash algorithm.
* *
* Module: library/md4.c * Module: library/md4.c
* Caller: library/x509parse.c * Caller:
* *
* Uncomment to enable support for (rare) MD4-signed X.509 certs. * Uncomment to enable support for (rare) MD4-signed X.509 certs.
* *
#define POLARSSL_MD4_C #define POLARSSL_MD4_C
*/ */
/** /**
* \def POLARSSL_MD5_C * \def POLARSSL_MD5_C
* *
* Enable the MD5 hash algorithm * Enable the MD5 hash algorithm.
* *
* Module: library/md5.c * Module: library/md5.c
* Caller: library/pem.c * Caller: library/md.c
* library/pem.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c
* *
* This module is required for SSL/TLS and X.509. * This module is required for SSL/TLS and X.509.
* PEM uses MD5 for decrypting encrypted keys. * PEM_PARSE uses MD5 for decrypting encrypted keys.
*/ */
#define POLARSSL_MD5_C #define POLARSSL_MD5_C
/** /**
* \def POLARSSL_MEMORY_C
*
* Enable the memory allocation layer.
* By default PolarSSL uses the system-provided malloc() and free().
* (As long as POLARSSL_MEMORY_STDMALLOC and POLARSSL_MEMORY_STDFREE
* are defined and unmodified)
*
* This allows different allocators (self-implemented or provided)
*
* Enable this layer to allow use of alternative memory allocators.
#define POLARSSL_MEMORY_C
*/
/**
* \def POLARSSL_MEMORY_BUFFER_ALLOC_C
*
* Enable the buffer allocator implementation that makes use of a (stack)
* based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
* calls)
*
* Module: library/memory_buffer_alloc.c
*
* Requires: POLARSSL_MEMORY_C
*
* Enable this module to enable the buffer memory allocator.
#define POLARSSL_MEMORY_BUFFER_ALLOC_C
*/
/**
* \def POLARSSL_NET_C * \def POLARSSL_NET_C
* *
* Enable the TCP/IP networking routines. * Enable the TCP/IP networking routines.
* *
* Module: library/net.c * Module: library/net.c
* Caller:
* *
* This module provides TCP/IP networking routines. * This module provides TCP/IP networking routines.
*/ */
#define POLARSSL_NET_C #define POLARSSL_NET_C
/** /**
* \def POLARSSL_OID_C
*
* Enable the OID database.
*
* Module: library/oid.c
* Caller: library/asn1write.c
* library/pkcs5.c
* library/pkparse.c
* library/pkwrite.c
* library/rsa.c
* library/x509.c
* library/x509_create.c
* library/x509_crl.c
* library/x509_crt.c
* library/x509_csr.c
* library/x509write_crt.c
* library/x509write_csr.c
*
* This modules translates between OIDs and internal values.
*/
#define POLARSSL_OID_C
/**
* \def POLARSSL_PADLOCK_C * \def POLARSSL_PADLOCK_C
* *
* Enable VIA Padlock support on x86. * Enable VIA Padlock support on x86.
* *
* Module: library/padlock.c * Module: library/padlock.c
* Caller: library/aes.c * Caller: library/aes.c
* *
* This modules adds support for the VIA PadLock on x86. * This modules adds support for the VIA PadLock on x86.
*/ */
#define POLARSSL_PADLOCK_C #define POLARSSL_PADLOCK_C
/** /**
* \def POLARSSL_PBKDF2_C * \def POLARSSL_PBKDF2_C
* *
* Enable PKCS#5 PBKDF2 key derivation function * Enable PKCS#5 PBKDF2 key derivation function.
* DEPRECATED: Use POLARSSL_PKCS5_C instead * DEPRECATED: Use POLARSSL_PKCS5_C instead
* *
* Module: library/pbkdf2.c * Module: library/pbkdf2.c
* *
* Requires: POLARSSL_PKCS5_C * Requires: POLARSSL_PKCS5_C
* *
* This module adds support for the PKCS#5 PBKDF2 key derivation function. * This module adds support for the PKCS#5 PBKDF2 key derivation function.
*/
#define POLARSSL_PBKDF2_C #define POLARSSL_PBKDF2_C
/**
* \def POLARSSL_PEM_PARSE_C
*
* Enable PEM decoding / parsing.
*
* Module: library/pem.c
* Caller: library/dhm.c
* library/pkparse.c
* library/x509_crl.c
* library/x509_crt.c
* library/x509_csr.c
*
* Requires: POLARSSL_BASE64_C
*
* This modules adds support for decoding / parsing PEM files.
*/ */
#define POLARSSL_PEM_PARSE_C
/** /**
* \def POLARSSL_PEM_C * \def POLARSSL_PEM_WRITE_C
* *
* Enable PEM decoding * Enable PEM encoding / writing.
* *
* Module: library/pem.c * Module: library/pem.c
* Caller: library/x509parse.c * Caller: library/pkwrite.c
* library/x509write_crt.c
* library/x509write_csr.c
* *
* Requires: POLARSSL_BASE64_C * Requires: POLARSSL_BASE64_C
* *
* This modules adds support for decoding PEM files. * This modules adds support for encoding / writing PEM files.
*/ */
#define POLARSSL_PEM_C #define POLARSSL_PEM_WRITE_C
/**
* \def POLARSSL_PK_C
*
* Enable the generic public (asymetric) key layer.
*
* Module: library/pk.c
* Caller: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
*
* Uncomment to enable generic public key wrappers.
*/
#define POLARSSL_PK_C
/**
* \def POLARSSL_PK_PARSE_C
*
* Enable the generic public (asymetric) key parser.
*
* Module: library/pkparse.c
* Caller: library/x509_crt.c
* library/x509_csr.c
*
* Requires: POLARSSL_PK_C
*
* Uncomment to enable generic public key parse functions.
*/
#define POLARSSL_PK_PARSE_C
/**
* \def POLARSSL_PK_WRITE_C
*
* Enable the generic public (asymetric) key writer.
*
* Module: library/pkwrite.c
* Caller: library/x509write.c
*
* Requires: POLARSSL_PK_C
*
* Uncomment to enable generic public key write functions.
*/
#define POLARSSL_PK_WRITE_C
/** /**
* \def POLARSSL_PKCS5_C * \def POLARSSL_PKCS5_C
* *
* Enable PKCS#5 functions * Enable PKCS#5 functions.
* *
* Module: library/pkcs5.c * Module: library/pkcs5.c
* *
* Requires: POLARSSL_MD_C * Requires: POLARSSL_MD_C
* *
* This module adds support for the PKCS#5 functions. * This module adds support for the PKCS#5 functions.
*/ */
#define POLARSSL_PKCS5_C #define POLARSSL_PKCS5_C
/** /**
* \def POLARSSL_PKCS11_C * \def POLARSSL_PKCS11_C
* *
* Enable wrapper for PKCS#11 smartcard support. * Enable wrapper for PKCS#11 smartcard support.
* *
* Module: library/ssl_srv.c * Module: library/pkcs11.c
* Caller: library/ssl_cli.c * Caller: library/pk.c
* library/ssl_srv.c
* *
* Requires: POLARSSL_SSL_TLS_C * Requires: POLARSSL_PK_C
* *
* This module enables SSL/TLS PKCS #11 smartcard support. * This module enables SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper) * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define POLARSSL_PKCS11_C #define POLARSSL_PKCS11_C
*/ */
/** /**
* \def POLARSSL_PKCS12_C * \def POLARSSL_PKCS12_C
* *
* Enable PKCS#12 PBE functions * Enable PKCS#12 PBE functions.
* Adds algorithms for parsing PKCS#8 encrypted private keys * Adds algorithms for parsing PKCS#8 encrypted private keys
* *
* Module: library/pkcs12.c * Module: library/pkcs12.c
* Caller: library/x509parse.c * Caller: library/pkparse.c
* *
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
* Can use: POLARSSL_ARC4_C * Can use: POLARSSL_ARC4_C
* *
* This module enables PKCS#12 functions. * This module enables PKCS#12 functions.
*/ */
#define POLARSSL_PKCS12_C #define POLARSSL_PKCS12_C
/** /**
* \def POLARSSL_RSA_C * \def POLARSSL_RSA_C
* *
* Enable the RSA public-key cryptosystem. * Enable the RSA public-key cryptosystem.
* *
* Module: library/rsa.c * Module: library/rsa.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509.c * library/x509.c
* *
* Requires: POLARSSL_BIGNUM_C * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
* *
* This module is required for SSL/TLS and MD5-signed certificates. * This module is required for SSL/TLS and MD5-signed certificates.
*/ */
#define POLARSSL_RSA_C #define POLARSSL_RSA_C
/** /**
* \def POLARSSL_SHA1_C * \def POLARSSL_SHA1_C
* *
* Enable the SHA1 cryptographic hash algorithm. * Enable the SHA1 cryptographic hash algorithm.
* *
* Module: library/sha1.c * Module: library/sha1.c
* Caller: library/ssl_cli.c * Caller: library/md.c
* library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c * library/x509write_crt.c
* *
* This module is required for SSL/TLS and SHA1-signed certificates. * This module is required for SSL/TLS and SHA1-signed certificates.
*/ */
#define POLARSSL_SHA1_C #define POLARSSL_SHA1_C
/** /**
* \def POLARSSL_SHA2_C * \def POLARSSL_SHA256_C
* *
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
* (Used to be POLARSSL_SHA2_C)
* *
* Module: library/sha2.c * Module: library/sha256.c
* Caller: library/md_wrap.c * Caller: library/entropy.c
* library/x509parse.c * library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
* *
* This module adds support for SHA-224 and SHA-256. * This module adds support for SHA-224 and SHA-256.
* This module is required for the SSL/TLS 1.2 PRF function. * This module is required for the SSL/TLS 1.2 PRF function.
*/ */
#define POLARSSL_SHA2_C #define POLARSSL_SHA256_C
/** /**
* \def POLARSSL_SHA4_C * \def POLARSSL_SHA512_C
* *
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
* (Used to be POLARSSL_SHA4_C)
* *
* Module: library/sha4.c * Module: library/sha512.c
* Caller: library/md_wrap.c * Caller: library/entropy.c
* library/x509parse.c * library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
* *
* This module adds support for SHA-384 and SHA-512. * This module adds support for SHA-384 and SHA-512.
*/ */
#define POLARSSL_SHA4_C #define POLARSSL_SHA512_C
/** /**
* \def POLARSSL_SSL_CACHE_C * \def POLARSSL_SSL_CACHE_C
* *
* Enable simple SSL cache implementation. * Enable simple SSL cache implementation.
* *
* Module: library/ssl_cache.c * Module: library/ssl_cache.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_CACHE_C * Requires: POLARSSL_SSL_CACHE_C
skipping to change at line 891 skipping to change at line 1466
/** /**
* \def POLARSSL_SSL_TLS_C * \def POLARSSL_SSL_TLS_C
* *
* Enable the generic SSL/TLS code. * Enable the generic SSL/TLS code.
* *
* Module: library/ssl_tls.c * Module: library/ssl_tls.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_X509_PARSE_C * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
* and at least one of the POLARSSL_SSL_PROTO_* defines
* *
* This module is required for SSL/TLS. * This module is required for SSL/TLS.
*/ */
#define POLARSSL_SSL_TLS_C #define POLARSSL_SSL_TLS_C
/** /**
* \def POLARSSL_THREADING_C
*
* Enable the threading abstraction layer.
* By default PolarSSL assumes it is used in a non-threaded environment or
that
* contexts are not shared between threads. If you do intend to use context
s
* between threads, you will need to enable this layer to prevent race
* conditions.
*
* Module: library/threading.c
*
* This allows different threading implementations (self-implemented or
* provided).
*
* You will have to enable either POLARSSL_THREADING_ALT,
* POLARSSL_THREADING_PTHREAD or POLARSSL_THREADING_DUMMY.
*
* Enable this layer to allow use of mutexes within PolarSSL
#define POLARSSL_THREADING_C
*/
/**
* \def POLARSSL_TIMING_C * \def POLARSSL_TIMING_C
* *
* Enable the portable timing interface. * Enable the portable timing interface.
* *
* Module: library/timing.c * Module: library/timing.c
* Caller: library/havege.c * Caller: library/havege.c
* *
* This module is used by the HAVEGE random number generator. * This module is used by the HAVEGE random number generator.
*/ */
#define POLARSSL_TIMING_C #define POLARSSL_TIMING_C
skipping to change at line 921 skipping to change at line 1518
* *
* Enable run-time version information. * Enable run-time version information.
* *
* Module: library/version.c * Module: library/version.c
* *
* This module provides run-time version information. * This module provides run-time version information.
*/ */
#define POLARSSL_VERSION_C #define POLARSSL_VERSION_C
/** /**
* \def POLARSSL_X509_PARSE_C * \def POLARSSL_X509_USE_C
*
* Enable X.509 core for using certificates.
*
* Module: library/x509.c
* Caller: library/x509_crl.c
* library/x509_crt.c
* library/x509_csr.c
*
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
* POLARSSL_PK_PARSE_C
*
* This module is required for the X.509 parsing modules.
*/
#define POLARSSL_X509_USE_C
/**
* \def POLARSSL_X509_CRT_PARSE_C
* *
* Enable X.509 certificate parsing. * Enable X.509 certificate parsing.
* *
* Module: library/x509parse.c * Module: library/x509_crt.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* *
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C * Requires: POLARSSL_X509_USE_C
* *
* This module is required for X.509 certificate parsing. * This module is required for X.509 certificate parsing.
*/ */
#define POLARSSL_X509_PARSE_C #define POLARSSL_X509_CRT_PARSE_C
/**
* \def POLARSSL_X509_CRL_PARSE_C
*
* Enable X.509 CRL parsing.
*
* Module: library/x509_crl.c
* Caller: library/x509_crt.c
*
* Requires: POLARSSL_X509_USE_C
*
* This module is required for X.509 CRL parsing.
*/
#define POLARSSL_X509_CRL_PARSE_C
/**
* \def POLARSSL_X509_CSR_PARSE_C
*
* Enable X.509 Certificate Signing Request (CSR) parsing.
*
* Module: library/x509_csr.c
* Caller: library/x509_crt_write.c
*
* Requires: POLARSSL_X509_USE_C
*
* This module is used for reading X.509 certificate request.
*/
#define POLARSSL_X509_CSR_PARSE_C
/** /**
* \def POLARSSL_X509_WRITE_C * \def POLARSSL_X509_CREATE_C
*
* Enable X.509 core for creating certificates.
*
* Module: library/x509_create.c
* *
* Enable X.509 buffer writing. * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
* *
* Module: library/x509write.c * This module is the basis for creating X.509 certificates and CSRs.
*/
#define POLARSSL_X509_CREATE_C
/**
* \def POLARSSL_X509_CRT_WRITE_C
* *
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * Enable creating X.509 certificates.
*
* Module: library/x509_crt_write.c
*
* Requires: POLARSSL_CREATE_C
*
* This module is required for X.509 certificate creation.
*/
#define POLARSSL_X509_CRT_WRITE_C
/**
* \def POLARSSL_X509_CSR_WRITE_C
*
* Enable creating X.509 Certificate Signing Requests (CSR).
*
* Module: library/x509_csr_write.c
*
* Requires: POLARSSL_CREATE_C
* *
* This module is required for X.509 certificate request writing. * This module is required for X.509 certificate request writing.
*/ */
#define POLARSSL_X509_WRITE_C #define POLARSSL_X509_CSR_WRITE_C
/** /**
* \def POLARSSL_XTEA_C * \def POLARSSL_XTEA_C
* *
* Enable the XTEA block cipher. * Enable the XTEA block cipher.
* *
* Module: library/xtea.c * Module: library/xtea.c
* Caller: * Caller:
*/ */
#define POLARSSL_XTEA_C #define POLARSSL_XTEA_C
/* \} name */
/* \} name SECTION: PolarSSL modules */
/** /**
* \name SECTION: Module configuration options * \name SECTION: Module configuration options
* *
* This section allows for the setting of module specific sizes and * This section allows for the setting of module specific sizes and
* configuration options. The default values are already present in the * configuration options. The default values are already present in the
* relevant header files and should suffice for the regular use cases. * relevant header files and should suffice for the regular use cases.
* Our advice is to enable POLARSSL_CONFIG_OPTIONS and change values here * Our advice is to enable POLARSSL_CONFIG_OPTIONS and change values here
* only if you have a good reason and know the consequences. * only if you have a good reason and know the consequences.
* *
skipping to change at line 989 skipping to change at line 1658
#if defined(POLARSSL_CONFIG_OPTIONS) #if defined(POLARSSL_CONFIG_OPTIONS)
// MPI / BIGNUM options // MPI / BIGNUM options
// //
#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size use d. */ #define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size use d. */
#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */ #define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
// CTR_DRBG options // CTR_DRBG options
// //
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used p er seed by default */ #define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used p er seed by default (48 with SHA-512, 32 with SHA-256) */
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed i s performed by default */ #define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed i s performed by default */
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additi onal input bytes */ #define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additi onal input bytes */
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of reques ted bytes per call */ #define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of reques ted bytes per call */
#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ #define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
// Entropy options // Entropy options
// //
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of source s supported */ #define ENTROPY_MAX_SOURCES 20 /**< Maximum number of source s supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ #define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
// Memory options
#define MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of th
is value */
#define POLARSSL_MEMORY_STDMALLOC malloc /**< Default allocator to use
, can be undefined */
#define POLARSSL_MEMORY_STDFREE free /**< Default free to use, can
be undefined */
// SSL Cache options // SSL Cache options
// //
#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ #define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ #define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
// SSL options // SSL options
// //
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / outp ut buffer */ #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / outp ut buffer */
#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tick ets (if enabled) */
#endif /* POLARSSL_CONFIG_OPTIONS */ #endif /* POLARSSL_CONFIG_OPTIONS */
/* \} name */ /* \} name */
/*
* Sanity checks on defines and dependencies
*/
#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C)
#error "POLARSSL_DHM_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C)
#error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C)
#error "POLARSSL_ECDH_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDSA_C) && \
( !defined(POLARSSL_ECP_C) || \
!defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_ASN1_WRITE_C) )
#error "POLARSSL_ECDSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECP_C) && !defined(POLARSSL_BIGNUM_C)
#error "POLARSSL_ECP_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
!defined(POLARSSL_SHA256_C))
#error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
#error "CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
#error "CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(POLARSSL_GCM_C) && !defined(POLARSSL_AES_C)
#error "POLARSSL_GCM_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM
_C)
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequi
sites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequi
sites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prereq
uisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prer
equisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequi
sites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisite
s"
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && !defined(POLARSSL_MEMORY_C)
#error "POLARSSL_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PBKDF2_C) && !defined(POLARSSL_MD_C)
#error "POLARSSL_PBKDF2_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PEM_PARSE_C) && !defined(POLARSSL_BASE64_C)
#error "POLARSSL_PEM_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PEM_WRITE_C) && !defined(POLARSSL_BASE64_C)
#error "POLARSSL_PEM_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PK_PARSE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PK_WRITE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PKCS11_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) )
#error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_CLI_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
!defined(POLARSSL_MD_C) )
#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_SRV_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (!defined(POLARSSL_SSL_PROTO_SSL3) && \
!defined(POLARSSL_SSL_PROTO_TLS1) && !defined(POLARSSL_SSL_PROTO_TLS1_1
) && \
!defined(POLARSSL_SSL_PROTO_TLS1_2))
#error "POLARSSL_SSL_TLS_C defined, but no protocols are active"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
defined(POLARSSL_SSL_PROTO_TLS1_1) && !defined(POLARSSL_SSL_PROTO_TLS1)
)
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_TLS1) && \
defined(POLARSSL_SSL_PROTO_TLS1_2) && !defined(POLARSSL_SSL_PROTO_TLS1_
1))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
defined(POLARSSL_SSL_PROTO_TLS1_2) && (!defined(POLARSSL_SSL_PROTO_TLS1
) || \
!defined(POLARSSL_SSL_PROTO_TLS1_1)))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) &&
\
( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) ||
\
!defined(POLARSSL_CIPHER_MODE_CBC) )
#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_THREADING_DUMMY)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_DUMMY defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_PTHREAD)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_ALT)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_ALT defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_C defined, single threading implementation requi
red"
#endif
#undef POLARSSL_THREADING_IMPL
#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_PK_PARSE_C) )
#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C
) )
#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C
) )
#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
#endif /* config.h */ #endif /* config.h */
 End of changes. 87 change blocks. 
71 lines changed or deleted 985 lines changed or added


 ctr_drbg.h   ctr_drbg.h 
skipping to change at line 46 skipping to change at line 46
#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< In put too large (Entropy + additional). */ #define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< In put too large (Entropy + additional). */
#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Re ad/write error in file. */ #define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Re ad/write error in file. */
#define CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cip her */ #define CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cip her */
#define CTR_DRBG_KEYSIZE 32 /**< Key size used by the ciphe r */ #define CTR_DRBG_KEYSIZE 32 /**< Key size used by the ciphe r */
#define CTR_DRBG_KEYBITS ( CTR_DRBG_KEYSIZE * 8 ) #define CTR_DRBG_KEYBITS ( CTR_DRBG_KEYSIZE * 8 )
#define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE ) #define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
/**< The seed length (counter + AES key) */ /**< The seed length (counter + AES key) */
#if !defined(POLARSSL_CONFIG_OPTIONS) #if !defined(POLARSSL_CONFIG_OPTIONS)
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per #if defined(POLARSSL_SHA512_C)
seed by default */ #define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per
seed by default (48 with SHA-512, 32 with SHA-256) */
#else
#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per
seed by default (48 with SHA-512, 32 with SHA-256) */
#endif
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ #define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of addition al input bytes */ #define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of addition al input bytes */
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requeste d bytes per call */ #define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requeste d bytes per call */
#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed b uffer */ #define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed b uffer */
#endif /* !POLARSSL_CONFIG_OPTIONS */ #endif /* !POLARSSL_CONFIG_OPTIONS */
#define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */ #define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
#define CTR_DRBG_PR_ON 1 /**< Prediction resistance enab led */ #define CTR_DRBG_PR_ON 1 /**< Prediction resistance enab led */
#ifdef __cplusplus #ifdef __cplusplus
skipping to change at line 200 skipping to change at line 204
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or * POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
* POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG * POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG
*/ */
int ctr_drbg_random( void *p_rng, int ctr_drbg_random( void *p_rng,
unsigned char *output, size_t output_len ); unsigned char *output, size_t output_len );
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
/** /**
* \brief Write a seed file * \brief Write a seed file
* *
* \param ctx CTR_DRBG context
* \param path Name of the file * \param path Name of the file
* *
* \return 0 if successful, 1 on file error, or * \return 0 if successful, 1 on file error, or
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED * POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
*/ */
int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path ); int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path );
/** /**
* \brief Read and update a seed file. Seed is added to this * \brief Read and update a seed file. Seed is added to this
* instance * instance
* *
* \param ctx CTR_DRBG context
* \param path Name of the file * \param path Name of the file
* *
* \return 0 if successful, 1 on file error, * \return 0 if successful, 1 on file error,
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG * POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG
*/ */
int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path ); int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path );
#endif #endif
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int ctr_drbg_self_test( int verbose ); int ctr_drbg_self_test( int verbose );
/* Internal functions (do not call directly) */
int ctr_drbg_init_entropy_len( ctr_drbg_context *, int (*)(void *, unsigned
char *, size_t), void *, const unsigned char *, size_t, size_t );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* ctr_drbg.h */ #endif /* ctr_drbg.h */
 End of changes. 4 change blocks. 
2 lines changed or deleted 13 lines changed or added


 debug.h   debug.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_DEBUG_H #ifndef POLARSSL_DEBUG_H
#define POLARSSL_DEBUG_H #define POLARSSL_DEBUG_H
#include "config.h" #include "config.h"
#include "ssl.h" #include "ssl.h"
#if defined(POLARSSL_ECP_C)
#include "ecp.h"
#endif
#if defined(POLARSSL_DEBUG_C) #if defined(POLARSSL_DEBUG_C)
#define SSL_DEBUG_MSG( level, args ) \ #define SSL_DEBUG_MSG( level, args ) \
debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
#define SSL_DEBUG_RET( level, text, ret ) \ #define SSL_DEBUG_RET( level, text, ret ) \
debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
#define SSL_DEBUG_BUF( level, text, buf, len ) \ #define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
#if defined(POLARSSL_BIGNUM_C)
#define SSL_DEBUG_MPI( level, text, X ) \ #define SSL_DEBUG_MPI( level, text, X ) \
debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ); debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_ECP_C)
#define SSL_DEBUG_ECP( level, text, X ) \
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \ #define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ); debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
#endif
#else #else
#define SSL_DEBUG_MSG( level, args ) do { } while( 0 ) #define SSL_DEBUG_MSG( level, args ) do { } while( 0 )
#define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 ) #define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
#define SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 ) #define SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
#define SSL_DEBUG_MPI( level, text, X ) do { } while( 0 ) #define SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
#define SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
#define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) #define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
char *debug_fmt( const char *format, ... ); char *debug_fmt( const char *format, ... );
skipping to change at line 77 skipping to change at line 90
const char *file, int line, const char *text ); const char *file, int line, const char *text );
void debug_print_ret( const ssl_context *ssl, int level, void debug_print_ret( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, int ret ); const char *text, int ret );
void debug_print_buf( const ssl_context *ssl, int level, void debug_print_buf( const ssl_context *ssl, int level,
const char *file, int line, const char *text, const char *file, int line, const char *text,
unsigned char *buf, size_t len ); unsigned char *buf, size_t len );
#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level, void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const mpi *X ); const char *text, const mpi *X );
#endif
#if defined(POLARSSL_ECP_C)
void debug_print_ecp( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const ecp_point *X );
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level, void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const x509_cert *crt ); const char *text, const x509_crt *crt );
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* debug.h */ #endif /* debug.h */
 End of changes. 10 change blocks. 
1 lines changed or deleted 24 lines changed or added


 des.h   des.h 
skipping to change at line 52 skipping to change at line 52
#define DES_DECRYPT 0 #define DES_DECRYPT 0
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th e data input has an invalid length. */ #define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th e data input has an invalid length. */
#define DES_KEY_SIZE 8 #define DES_KEY_SIZE 8
#if !defined(POLARSSL_DES_ALT) #if !defined(POLARSSL_DES_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief DES context structure * \brief DES context structure
*/ */
typedef struct typedef struct
{ {
int mode; /*!< encrypt/decrypt */ int mode; /*!< encrypt/decrypt */
uint32_t sk[32]; /*!< DES subkeys */ uint32_t sk[32]; /*!< DES subkeys */
} }
des_context; des_context;
/** /**
* \brief Triple-DES context structure * \brief Triple-DES context structure
*/ */
typedef struct typedef struct
{ {
int mode; /*!< encrypt/decrypt */ int mode; /*!< encrypt/decrypt */
uint32_t sk[96]; /*!< 3DES subkeys */ uint32_t sk[96]; /*!< 3DES subkeys */
} }
des3_context; des3_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Set key parity on the given key to odd. * \brief Set key parity on the given key to odd.
* *
* DES keys are 56 bits long, but each byte is padded with * DES keys are 56 bits long, but each byte is padded with
* a parity bit to allow verification. * a parity bit to allow verification.
* *
* \param key 8-byte secret key * \param key 8-byte secret key
*/ */
void des_key_set_parity( unsigned char key[DES_KEY_SIZE] ); void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
skipping to change at line 180 skipping to change at line 180
* \param ctx DES context * \param ctx DES context
* \param input 64-bit input block * \param input 64-bit input block
* \param output 64-bit output block * \param output 64-bit output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int des_crypt_ecb( des_context *ctx, int des_crypt_ecb( des_context *ctx,
const unsigned char input[8], const unsigned char input[8],
unsigned char output[8] ); unsigned char output[8] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/** /**
* \brief DES-CBC buffer encryption/decryption * \brief DES-CBC buffer encryption/decryption
* *
* \param ctx DES context * \param ctx DES context
* \param mode DES_ENCRYPT or DES_DECRYPT * \param mode DES_ENCRYPT or DES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
*/ */
int des_crypt_cbc( des_context *ctx, int des_crypt_cbc( des_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
/** /**
* \brief 3DES-ECB block encryption/decryption * \brief 3DES-ECB block encryption/decryption
* *
* \param ctx 3DES context * \param ctx 3DES context
* \param input 64-bit input block * \param input 64-bit input block
* \param output 64-bit output block * \param output 64-bit output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int des3_crypt_ecb( des3_context *ctx, int des3_crypt_ecb( des3_context *ctx,
const unsigned char input[8], const unsigned char input[8],
unsigned char output[8] ); unsigned char output[8] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/** /**
* \brief 3DES-CBC buffer encryption/decryption * \brief 3DES-CBC buffer encryption/decryption
* *
* \param ctx 3DES context * \param ctx 3DES context
* \param mode DES_ENCRYPT or DES_DECRYPT * \param mode DES_ENCRYPT or DES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H * \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H
*/ */
int des3_crypt_cbc( des3_context *ctx, int des3_crypt_cbc( des3_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#else /* POLARSSL_DES_ALT */ #else /* POLARSSL_DES_ALT */
#include "des_alt.h" #include "des_alt.h"
#endif /* POLARSSL_DES_ALT */ #endif /* POLARSSL_DES_ALT */
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 6 change blocks. 
4 lines changed or deleted 8 lines changed or added


 dhm.h   dhm.h 
/** /**
* \file dhm.h * \file dhm.h
* *
* \brief Diffie-Hellman-Merkle key exchange * \brief Diffie-Hellman-Merkle key exchange
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 41 skipping to change at line 41
/* /*
* DHM Error codes * DHM Error codes
*/ */
#define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Re ading of the DHM parameters failed. */ #define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Re ading of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Ma king of the DHM parameters failed. */ #define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Ma king of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Re ading of the public values failed. */ #define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Re ading of the public values failed. */
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Ma king of the public value failed. */ #define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Ma king of the public value failed. */
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Ca lculation of the DHM secret failed. */ #define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Ca lculation of the DHM secret failed. */
#define POLARSSL_ERR_DHM_INVALID_FORMAT -0x3380 /**< Th
e ASN.1 data is not formatted correctly. */
#define POLARSSL_ERR_DHM_MALLOC_FAILED -0x3400 /**< Al
location of memory failed. */
#define POLARSSL_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Re
ad/write of file failed. */
/** /**
* RFC 3526 defines a number of standardized Diffie-Hellman groups * RFC 3526 defines a number of standardized Diffie-Hellman groups
* for IKE. * for IKE.
* RFC 5114 defines a number of standardized Diffie-Hellman groups * RFC 5114 defines a number of standardized Diffie-Hellman groups
* that can be used. * that can be used.
* *
* Some are included here for convenience. * Some are included here for convenience.
* *
* Included are: * Included are:
skipping to change at line 133 skipping to change at line 136
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\ "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\ "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\ "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
"F180EB34118E98D119529A45D6F834566E3025E316A330EF"\ "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\ "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\ "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\ "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\ "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
"81BC087F2A7065B384B890D3191F2BFA" "81BC087F2A7065B384B890D3191F2BFA"
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief DHM context structure * \brief DHM context structure
*/ */
typedef struct typedef struct
{ {
size_t len; /*!< size(P) in chars */ size_t len; /*!< size(P) in chars */
mpi P; /*!< prime modulus */ mpi P; /*!< prime modulus */
mpi G; /*!< generator */ mpi G; /*!< generator */
mpi X; /*!< secret value */ mpi X; /*!< secret value */
mpi GX; /*!< self = G^X mod P */ mpi GX; /*!< self = G^X mod P */
mpi GY; /*!< peer = G^Y mod P */ mpi GY; /*!< peer = G^Y mod P */
mpi K; /*!< key = GY^X mod P */ mpi K; /*!< key = GY^X mod P */
mpi RP; /*!< cached R^2 mod P */ mpi RP; /*!< cached R^2 mod P */
mpi Vi; /*!< blinding value */
mpi Vf; /*!< un-blinding value */
mpi _X; /*!< previous X */
} }
dhm_context; dhm_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Parse the ServerKeyExchange parameters * \brief Parse the ServerKeyExchange parameters
* *
* \param ctx DHM context * \param ctx DHM context
* \param p &(start of input buffer) * \param p &(start of input buffer)
* \param end end of buffer * \param end end of buffer
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_read_params( dhm_context *ctx, int dhm_read_params( dhm_context *ctx,
skipping to change at line 222 skipping to change at line 228
unsigned char *output, size_t olen, unsigned char *output, size_t olen,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ); void *p_rng );
/** /**
* \brief Derive and export the shared secret (G^Y)^X mod P * \brief Derive and export the shared secret (G^Y)^X mod P
* *
* \param ctx DHM context * \param ctx DHM context
* \param output destination buffer * \param output destination buffer
* \param olen number of chars written * \param olen number of chars written
* \param f_rng RNG function, for blinding purposes
* \param p_rng RNG parameter
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*
* \note If non-NULL, f_rng is used to blind the input as
* countermeasure against timing attacks. Blinding is
* automatically used if and only if our secret value X is
* re-used and costs nothing otherwise, so it is recommende
d
* to always pass a non-NULL f_rng argument.
*/ */
int dhm_calc_secret( dhm_context *ctx, int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, size_t *olen ); unsigned char *output, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** /**
* \brief Free the components of a DHM key * \brief Free the components of a DHM key
*/ */
void dhm_free( dhm_context *ctx ); void dhm_free( dhm_context *ctx );
#if defined(POLARSSL_ASN1_PARSE_C)
/** \ingroup x509_module */
/**
* \brief Parse DHM parameters
*
* \param dhm DHM context to be initialized
* \param dhmin input buffer
* \param dhminlen size of the buffer
*
* \return 0 if successful, or a specific DHM or PEM error code
*/
int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen );
#if defined(POLARSSL_FS_IO)
/** \ingroup x509_module */
/**
* \brief Load and parse DHM parameters
*
* \param dhm DHM context to be initialized
* \param path filename to read the DHM Parameters from
*
* \return 0 if successful, or a specific DHM or PEM error code
*/
int dhm_parse_dhmfile( dhm_context *dhm, const char *path );
#endif /* POLARSSL_FS_IO */
#endif /* POLARSSL_ASN1_PARSE_C */
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int dhm_self_test( int verbose ); int dhm_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 9 change blocks. 
6 lines changed or deleted 54 lines changed or added


 entropy.h   entropy.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_ENTROPY_H #ifndef POLARSSL_ENTROPY_H
#define POLARSSL_ENTROPY_H #define POLARSSL_ENTROPY_H
#include <string.h> #include <string.h>
#include "config.h" #include "config.h"
#include "sha4.h" #if defined(POLARSSL_SHA512_C)
#include "sha512.h"
#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
#else
#if defined(POLARSSL_SHA256_C)
#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR
#include "sha256.h"
#endif
#endif
#if defined(POLARSSL_THREADING_C)
#include "threading.h"
#endif
#if defined(POLARSSL_HAVEGE_C) #if defined(POLARSSL_HAVEGE_C)
#include "havege.h" #include "havege.h"
#endif #endif
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Cr itical entropy source failure. */ #define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Cr itical entropy source failure. */
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */ #define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */ #define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
#if !defined(POLARSSL_CONFIG_OPTIONS) #if !defined(POLARSSL_CONFIG_OPTIONS)
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supp orted */ #define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supp orted */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ #define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
#endif /* !POLARSSL_CONFIG_OPTIONS */ #endif /* !POLARSSL_CONFIG_OPTIONS */
#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumula tor (SHA-512) */ #define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumula tor (SHA-512) */
#else
#define ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumula
tor (SHA-256) */
#endif
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES #define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Entropy poll callback pointer * \brief Entropy poll callback pointer
* *
skipping to change at line 86 skipping to change at line 103
size_t size; /**< Amount received */ size_t size; /**< Amount received */
size_t threshold; /**< Minimum level required before release */ size_t threshold; /**< Minimum level required before release */
} }
source_state; source_state;
/** /**
* \brief Entropy context structure * \brief Entropy context structure
*/ */
typedef struct typedef struct
{ {
sha4_context accumulator; #if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
sha512_context accumulator;
#else
sha256_context accumulator;
#endif
int source_count; int source_count;
source_state source[ENTROPY_MAX_SOURCES]; source_state source[ENTROPY_MAX_SOURCES];
#if defined(POLARSSL_HAVEGE_C) #if defined(POLARSSL_HAVEGE_C)
havege_state havege_data; havege_state havege_data;
#endif #endif
#if defined(POLARSSL_THREADING_C)
threading_mutex_t mutex; /*!< mutex */
#endif
} }
entropy_context; entropy_context;
/** /**
* \brief Initialize the context * \brief Initialize the context
* *
* \param ctx Entropy context to initialize * \param ctx Entropy context to initialize
*/ */
void entropy_init( entropy_context *ctx ); void entropy_init( entropy_context *ctx );
/** /**
* \brief Free the data in the context
*
* \param ctx Entropy context to free
*/
void entropy_free( entropy_context *ctx );
/**
* \brief Adds an entropy source to poll * \brief Adds an entropy source to poll
* *
* \param ctx Entropy context * \param ctx Entropy context
* \param f_source Entropy function * \param f_source Entropy function
* \param p_source Function data * \param p_source Function data
* \param threshold Minimum required from source before entropy is released * \param threshold Minimum required from source before entropy is released
* ( with entropy_func() ) * ( with entropy_func() )
* *
* \return 0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES * \return 0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
*/ */
skipping to change at line 128 skipping to change at line 159
* \brief Trigger an extra gather poll for the accumulator * \brief Trigger an extra gather poll for the accumulator
* *
* \param ctx Entropy context * \param ctx Entropy context
* *
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED * \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/ */
int entropy_gather( entropy_context *ctx ); int entropy_gather( entropy_context *ctx );
/** /**
* \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOC K_SIZE) * \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOC K_SIZE)
* (Thread-safe if POLARSSL_THREADING_C is enabled)
* *
* \param data Entropy context * \param data Entropy context
* \param output Buffer to fill * \param output Buffer to fill
* \param len Length of buffer * \param len Length of buffer
* *
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED * \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/ */
int entropy_func( void *data, unsigned char *output, size_t len ); int entropy_func( void *data, unsigned char *output, size_t len );
/** /**
 End of changes. 7 change blocks. 
2 lines changed or deleted 35 lines changed or added


 error.h   error.h 
/** /**
* \file error.h * \file error.h
* *
* \brief Error to string translation * \brief Error to string translation
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 56 skipping to change at line 56
* 5 bits - Module-dependent error code * 5 bits - Module-dependent error code
* 6 bits - Low level module errors * 6 bits - Low level module errors
* 1 bit - Intentionally not used * 1 bit - Intentionally not used
* *
* Low-level module errors (0x007E-0x0002) * Low-level module errors (0x007E-0x0002)
* *
* Module Nr Codes assigned * Module Nr Codes assigned
* MPI 7 0x0002-0x0010 * MPI 7 0x0002-0x0010
* GCM 2 0x0012-0x0014 * GCM 2 0x0012-0x0014
* BLOWFISH 2 0x0016-0x0018 * BLOWFISH 2 0x0016-0x0018
* THREADING 3 0x001A-0x001E
* AES 2 0x0020-0x0022 * AES 2 0x0020-0x0022
* CAMELLIA 2 0x0024-0x0026 * CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028 * XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C * BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E
* PADLOCK 1 0x0030-0x0030 * PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032 * DES 1 0x0032-0x0032
* CTR_DBRG 3 0x0034-0x003A * CTR_DBRG 3 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040 * ENTROPY 3 0x003C-0x0040
* NET 11 0x0042-0x0056 * NET 11 0x0042-0x0056
* ASN1 7 0x0060-0x006C * ASN1 7 0x0060-0x006C
* MD2 1 0x0070-0x0070 * MD2 1 0x0070-0x0070
* MD4 1 0x0072-0x0072 * MD4 1 0x0072-0x0072
* MD5 1 0x0074-0x0074 * MD5 1 0x0074-0x0074
* SHA1 1 0x0076-0x0076 * SHA1 1 0x0076-0x0076
* SHA2 1 0x0078-0x0078 * SHA256 1 0x0078-0x0078
* SHA4 1 0x007A-0x007A * SHA512 1 0x007A-0x007A
* PBKDF2 1 0x007C-0x007C
* *
* High-level module nr (3 bits - 0x1...-0x8...) * High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors * Name ID Nr of Errors
* PEM 1 9 * PEM 1 9
* PKCS#12 1 4 (Started from top) * PKCS#12 1 4 (Started from top)
* X509 2 23 * X509 2 18
* DHM 3 6 * PK 2 13 (Started from top)
* PKCS5 3 4 (Started from top) * DHM 3 9
* RSA 4 9 * PKCS5 3 4 (Started from top)
* MD 5 4 * RSA 4 9
* CIPHER 6 5 * ECP 4 7 (Started from top)
* SSL 6 2 (Started from top) * MD 5 4
* SSL 7 31 * CIPHER 6 6
* SSL 6 7 (Started from top)
* SSL 7 31
* *
* Module dependent error code (5 bits 0x.08.-0x.F8.) * Module dependent error code (5 bits 0x.08.-0x.F8.)
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Translate a PolarSSL error code into a string representation, * \brief Translate a PolarSSL error code into a string representation,
* Result is truncated if necessary and always includes a terminatin g * Result is truncated if necessary and always includes a terminatin g
* null byte. * null byte.
* *
* \param errnum error code * \param errnum error code
* \param buffer buffer to place representation in * \param buffer buffer to place representation in
* \param buflen length of the buffer * \param buflen length of the buffer
*/ */
void polarssl_strerror( int errnum, char *buffer, size_t buflen );
#if defined(POLARSSL_ERROR_STRERROR_BC)
void error_strerror( int errnum, char *buffer, size_t buflen ); void error_strerror( int errnum, char *buffer, size_t buflen );
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* error.h */ #endif /* error.h */
 End of changes. 7 change blocks. 
14 lines changed or deleted 23 lines changed or added


 gcm.h   gcm.h 
/** /**
* \file gcm.h * \file gcm.h
* *
* \brief Galois/Counter mode for AES * \brief Galois/Counter mode for 128-bit block ciphers
* *
* Copyright (C) 2006-2012, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_GCM_H #ifndef POLARSSL_GCM_H
#define POLARSSL_GCM_H #define POLARSSL_GCM_H
#include "aes.h" #include "cipher.h"
#ifdef _MSC_VER #ifdef _MSC_VER
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t;
typedef UINT64 uint64_t; typedef UINT64 uint64_t;
#else #else
#include <stdint.h> #include <stdint.h>
#endif #endif
#define GCM_ENCRYPT 1 #define GCM_ENCRYPT 1
#define GCM_DECRYPT 0 #define GCM_DECRYPT 0
#define POLARSSL_ERR_GCM_AUTH_FAILED -0x0012 /**< Au thenticated decryption failed. */ #define POLARSSL_ERR_GCM_AUTH_FAILED -0x0012 /**< Au thenticated decryption failed. */
#define POLARSSL_ERR_GCM_BAD_INPUT -0x0014 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_GCM_BAD_INPUT -0x0014 /**< Ba d input parameters to function. */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief GCM context structure * \brief GCM context structure
*/ */
typedef struct { typedef struct {
aes_context aes_ctx; /*!< AES context used */ cipher_context_t cipher_ctx;/*!< cipher context used */
uint64_t HL[16]; /*!< Precalculated HTable */ uint64_t HL[16]; /*!< Precalculated HTable */
uint64_t HH[16]; /*!< Precalculated HTable */ uint64_t HH[16]; /*!< Precalculated HTable */
uint64_t len; /*!< Total data length */
uint64_t add_len; /*!< Total add length */
unsigned char base_ectr[16];/*!< First ECTR for tag */
unsigned char y[16]; /*!< Y working value */
unsigned char buf[16]; /*!< buf working value */
int mode; /*!< Encrypt or Decrypt */
} }
gcm_context; gcm_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief GCM initialization (encryption) * \brief GCM initialization (encryption)
* *
* \param ctx GCM context to be initialized * \param ctx GCM context to be initialized
* \param cipher cipher to use (a 128-bit block cipher)
* \param key encryption key * \param key encryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH * \return 0 if successful, or a cipher specific error code
*/ */
int gcm_init( gcm_context *ctx, const unsigned char *key, unsigned int keys int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *ke
ize ); y,
unsigned int keysize );
/** /**
* \brief GCM buffer encryption/decryption using AES * \brief GCM buffer encryption/decryption using a block cipher
* *
* \note On encryption, the output buffer can be the same as the input buff er. * \note On encryption, the output buffer can be the same as the input buff er.
* On decryption, the output buffer cannot be the same as input buffe r. * On decryption, the output buffer cannot be the same as input buffe r.
* If buffers overlap, the output buffer must trail at least 8 bytes * If buffers overlap, the output buffer must trail at least 8 bytes
* behind the input buffer. * behind the input buffer.
* *
* \param ctx GCM context * \param ctx GCM context
* \param mode GCM_ENCRYPT or GCM_DECRYPT * \param mode GCM_ENCRYPT or GCM_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector * \param iv initialization vector
skipping to change at line 105 skipping to change at line 114
const unsigned char *iv, const unsigned char *iv,
size_t iv_len, size_t iv_len,
const unsigned char *add, const unsigned char *add,
size_t add_len, size_t add_len,
const unsigned char *input, const unsigned char *input,
unsigned char *output, unsigned char *output,
size_t tag_len, size_t tag_len,
unsigned char *tag ); unsigned char *tag );
/** /**
* \brief GCM buffer authenticated decryption using AES * \brief GCM buffer authenticated decryption using a block ciphe r
* *
* \note On decryption, the output buffer cannot be the same as input buffe r. * \note On decryption, the output buffer cannot be the same as input buffe r.
* If buffers overlap, the output buffer must trail at least 8 bytes * If buffers overlap, the output buffer must trail at least 8 bytes
* behind the input buffer. * behind the input buffer.
* *
* \param ctx GCM context * \param ctx GCM context
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector * \param iv initialization vector
* \param iv_len length of IV * \param iv_len length of IV
* \param add additional data * \param add additional data
skipping to change at line 137 skipping to change at line 146
const unsigned char *iv, const unsigned char *iv,
size_t iv_len, size_t iv_len,
const unsigned char *add, const unsigned char *add,
size_t add_len, size_t add_len,
const unsigned char *tag, const unsigned char *tag,
size_t tag_len, size_t tag_len,
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /**
* \brief Generic GCM stream start function
*
* \param ctx GCM context
* \param mode GCM_ENCRYPT or GCM_DECRYPT
* \param iv initialization vector
* \param iv_len length of IV
* \param add additional data (or NULL if length is 0)
* \param add_len length of additional data
*
* \return 0 if successful
*/
int gcm_starts( gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len );
/**
* \brief Generic GCM update function. Encrypts/decrypts using th
e
* given GCM context. Expects input to be a multiple of 16
* bytes! Only the last call before gcm_finish() can be le
ss
* than 16 bytes!
*
* \note On decryption, the output buffer cannot be the same as input buffe
r.
* If buffers overlap, the output buffer must trail at least 8 bytes
* behind the input buffer.
*
* \param ctx GCM context
* \param length length of the input data
* \param input buffer holding the input data
* \param output buffer for holding the output data
*
* \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
*/
int gcm_update( gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output );
/**
* \brief Generic GCM finalisation function. Wraps up the GCM str
eam
* and generates the tag. The tag can have a maximum lengt
h of
* 16 bytes.
*
* \param ctx GCM context
* \param tag buffer for holding the tag (may be NULL if tag_len is 0
)
* \param tag_len length of the tag to generate
*
* \return 0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
*/
int gcm_finish( gcm_context *ctx,
unsigned char *tag,
size_t tag_len );
/**
* \brief Free a GCM context and underlying cipher sub-context
*
* \param ctx
*/
void gcm_free( gcm_context *ctx );
/**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int gcm_self_test( int verbose ); int gcm_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 14 change blocks. 
13 lines changed or deleted 91 lines changed or added


 havege.h   havege.h 
/** /**
* \file havege.h * \file havege.h
* *
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_HAVEGE_H #ifndef POLARSSL_HAVEGE_H
#define POLARSSL_HAVEGE_H #define POLARSSL_HAVEGE_H
#include <string.h> #include <string.h>
#define COLLECT_SIZE 1024 #define COLLECT_SIZE 1024
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief HAVEGE state structure * \brief HAVEGE state structure
*/ */
typedef struct typedef struct
{ {
int PT1, PT2, offset[2]; int PT1, PT2, offset[2];
int pool[COLLECT_SIZE]; int pool[COLLECT_SIZE];
int WALK[8192]; int WALK[8192];
} }
havege_state; havege_state;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief HAVEGE initialization * \brief HAVEGE initialization
* *
* \param hs HAVEGE state to be initialized * \param hs HAVEGE state to be initialized
*/ */
void havege_init( havege_state *hs ); void havege_init( havege_state *hs );
/** /**
* \brief HAVEGE rand function * \brief HAVEGE rand function
* *
 End of changes. 3 change blocks. 
5 lines changed or deleted 5 lines changed or added


 md.h   md.h 
/** /**
* \file md.h * \file md.h
* *
* \brief Generic message digest wrapper * \brief Generic message digest wrapper
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 47 skipping to change at line 47
#if defined(__ARMCC_VERSION) && !defined(inline) #if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline #define inline __inline
#endif /* __ARMCC_VERSION */ #endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */ #endif /*_MSC_VER */
#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< Th e selected feature is not available. */ #define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< Th e selected feature is not available. */
#define POLARSSL_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_MD_ALLOC_FAILED -0x5180 /**< Fa iled to allocate memory. */ #define POLARSSL_ERR_MD_ALLOC_FAILED -0x5180 /**< Fa iled to allocate memory. */
#define POLARSSL_ERR_MD_FILE_IO_ERROR -0x5200 /**< Op ening or reading of file failed. */ #define POLARSSL_ERR_MD_FILE_IO_ERROR -0x5200 /**< Op ening or reading of file failed. */
#ifdef __cplusplus
extern "C" {
#endif
typedef enum { typedef enum {
POLARSSL_MD_NONE=0, POLARSSL_MD_NONE=0,
POLARSSL_MD_MD2, POLARSSL_MD_MD2,
POLARSSL_MD_MD4, POLARSSL_MD_MD4,
POLARSSL_MD_MD5, POLARSSL_MD_MD5,
POLARSSL_MD_SHA1, POLARSSL_MD_SHA1,
POLARSSL_MD_SHA224, POLARSSL_MD_SHA224,
POLARSSL_MD_SHA256, POLARSSL_MD_SHA256,
POLARSSL_MD_SHA384, POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512, POLARSSL_MD_SHA512,
} md_type_t; } md_type_t;
#if defined(POLARSSL_SHA512_C)
#define POLARSSL_MD_MAX_SIZE 64 /* longest known is SHA512 */ #define POLARSSL_MD_MAX_SIZE 64 /* longest known is SHA512 */
#else
#define POLARSSL_MD_MAX_SIZE 32 /* longest known is SHA256 or less
*/
#endif
/** /**
* Message digest information. Allows message digest functions to be called * Message digest information. Allows message digest functions to be called
* in a generic way. * in a generic way.
*/ */
typedef struct { typedef struct {
/** Digest identifier */ /** Digest identifier */
md_type_t type; md_type_t type;
/** Name of the message digest */ /** Name of the message digest */
skipping to change at line 114 skipping to change at line 122
void (*hmac_func)( const unsigned char *key, size_t keylen, void (*hmac_func)( const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char *output ); unsigned char *output );
/** Allocate a new context */ /** Allocate a new context */
void * (*ctx_alloc_func)( void ); void * (*ctx_alloc_func)( void );
/** Free the given context */ /** Free the given context */
void (*ctx_free_func)( void *ctx ); void (*ctx_free_func)( void *ctx );
/** Internal use only */
void (*process_func)( void *ctx, const unsigned char *input );
} md_info_t; } md_info_t;
/** /**
* Generic message digest context. * Generic message digest context.
*/ */
typedef struct { typedef struct {
/** Information about the associated message digest */ /** Information about the associated message digest */
const md_info_t *md_info; const md_info_t *md_info;
/** Digest-specific context */ /** Digest-specific context */
void *md_ctx; void *md_ctx;
} md_context_t; } md_context_t;
#define MD_CONTEXT_T_INIT { \ #define MD_CONTEXT_T_INIT { \
NULL, /* md_info */ \ NULL, /* md_info */ \
NULL, /* md_ctx */ \ NULL, /* md_ctx */ \
} }
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Returns the list of digests supported by the generic digest modul e. * \brief Returns the list of digests supported by the generic digest modul e.
* *
* \return a statically allocated array of digests, the last entry * \return a statically allocated array of digests, the last entry
* is 0. * is 0.
*/ */
const int *md_list( void ); const int *md_list( void );
/** /**
* \brief Returns the message digest information associated with the * \brief Returns the message digest information associated with the
skipping to change at line 359 skipping to change at line 365
* \param ilen length of the input data * \param ilen length of the input data
* \param output Generic HMAC-result * \param output Generic HMAC-result
* *
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if paramete r * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if paramete r
* verification fails. * verification fails.
*/ */
int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t key len, int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t key len,
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char *output ); unsigned char *output );
/* Internal use */
int md_process( md_context_t *ctx, const unsigned char *data );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* POLARSSL_MD_H */ #endif /* POLARSSL_MD_H */
 End of changes. 7 change blocks. 
5 lines changed or deleted 15 lines changed or added


 md2.h   md2.h 
skipping to change at line 40 skipping to change at line 40
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/w rite error in file. */
#if !defined(POLARSSL_MD2_ALT) #if !defined(POLARSSL_MD2_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MD2 context structure * \brief MD2 context structure
*/ */
typedef struct typedef struct
{ {
unsigned char cksum[16]; /*!< checksum of the data block */ unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */ unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */ unsigned char buffer[16]; /*!< data block being processed */
unsigned char ipad[16]; /*!< HMAC: inner padding */ unsigned char ipad[16]; /*!< HMAC: inner padding */
unsigned char opad[16]; /*!< HMAC: outer padding */ unsigned char opad[16]; /*!< HMAC: outer padding */
size_t left; /*!< amount of data in buffer */ size_t left; /*!< amount of data in buffer */
} }
md2_context; md2_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MD2 context setup * \brief MD2 context setup
* *
* \param ctx context to be initialized * \param ctx context to be initialized
*/ */
void md2_starts( md2_context *ctx ); void md2_starts( md2_context *ctx );
/** /**
* \brief MD2 process buffer * \brief MD2 process buffer
* *
skipping to change at line 167 skipping to change at line 167
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int md2_self_test( int verbose ); int md2_self_test( int verbose );
/* Internal use */
void md2_process( md2_context *ctx );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* md2.h */ #endif /* md2.h */
 End of changes. 3 change blocks. 
4 lines changed or deleted 7 lines changed or added


 md4.h   md4.h 
skipping to change at line 47 skipping to change at line 47
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/w rite error in file. */
#if !defined(POLARSSL_MD4_ALT) #if !defined(POLARSSL_MD4_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MD4 context structure * \brief MD4 context structure
*/ */
typedef struct typedef struct
{ {
uint32_t total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */ uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
} }
md4_context; md4_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MD4 context setup * \brief MD4 context setup
* *
* \param ctx context to be initialized * \param ctx context to be initialized
*/ */
void md4_starts( md4_context *ctx ); void md4_starts( md4_context *ctx );
/** /**
* \brief MD4 process buffer * \brief MD4 process buffer
* *
skipping to change at line 173 skipping to change at line 173
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int md4_self_test( int verbose ); int md4_self_test( int verbose );
/* Internal use */
void md4_process( md4_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* md4.h */ #endif /* md4.h */
 End of changes. 3 change blocks. 
4 lines changed or deleted 7 lines changed or added


 md5.h   md5.h 
skipping to change at line 47 skipping to change at line 47
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/w rite error in file. */
#if !defined(POLARSSL_MD5_ALT) #if !defined(POLARSSL_MD5_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MD5 context structure * \brief MD5 context structure
*/ */
typedef struct typedef struct
{ {
uint32_t total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */ uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
} }
md5_context; md5_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief MD5 context setup * \brief MD5 context setup
* *
* \param ctx context to be initialized * \param ctx context to be initialized
*/ */
void md5_starts( md5_context *ctx ); void md5_starts( md5_context *ctx );
/** /**
* \brief MD5 process buffer * \brief MD5 process buffer
* *
 End of changes. 2 change blocks. 
4 lines changed or deleted 4 lines changed or added


 md_wrap.h   md_wrap.h 
skipping to change at line 51 skipping to change at line 51
#endif #endif
#if defined(POLARSSL_MD4_C) #if defined(POLARSSL_MD4_C)
extern const md_info_t md4_info; extern const md_info_t md4_info;
#endif #endif
#if defined(POLARSSL_MD5_C) #if defined(POLARSSL_MD5_C)
extern const md_info_t md5_info; extern const md_info_t md5_info;
#endif #endif
#if defined(POLARSSL_SHA1_C) #if defined(POLARSSL_SHA1_C)
extern const md_info_t sha1_info; extern const md_info_t sha1_info;
#endif #endif
#if defined(POLARSSL_SHA2_C) #if defined(POLARSSL_SHA256_C)
extern const md_info_t sha224_info; extern const md_info_t sha224_info;
extern const md_info_t sha256_info; extern const md_info_t sha256_info;
#endif #endif
#if defined(POLARSSL_SHA4_C) #if defined(POLARSSL_SHA512_C)
extern const md_info_t sha384_info; extern const md_info_t sha384_info;
extern const md_info_t sha512_info; extern const md_info_t sha512_info;
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* POLARSSL_MD_WRAP_H */ #endif /* POLARSSL_MD_WRAP_H */
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added


 openssl.h   openssl.h 
skipping to change at line 65 skipping to change at line 65
#define MD5_Final( OUT, CTX ) \ #define MD5_Final( OUT, CTX ) \
md5_finish( (CTX), (OUT) ) md5_finish( (CTX), (OUT) )
#define AES_set_encrypt_key( KEY, KEYSIZE, CTX ) \ #define AES_set_encrypt_key( KEY, KEYSIZE, CTX ) \
aes_setkey_enc( (CTX), (KEY), (KEYSIZE) ) aes_setkey_enc( (CTX), (KEY), (KEYSIZE) )
#define AES_set_decrypt_key( KEY, KEYSIZE, CTX ) \ #define AES_set_decrypt_key( KEY, KEYSIZE, CTX ) \
aes_setkey_dec( (CTX), (KEY), (KEYSIZE) ) aes_setkey_dec( (CTX), (KEY), (KEYSIZE) )
#define AES_cbc_encrypt( INPUT, OUTPUT, LEN, CTX, IV, MODE ) \ #define AES_cbc_encrypt( INPUT, OUTPUT, LEN, CTX, IV, MODE ) \
aes_crypt_cbc( (CTX), (MODE), (LEN), (IV), (INPUT), (OUTPUT) ) aes_crypt_cbc( (CTX), (MODE), (LEN), (IV), (INPUT), (OUTPUT) )
#ifdef __cplusplus
extern "C" {
#endif
/* /*
* RSA stuff follows. TODO: needs cleanup * RSA stuff follows. TODO: needs cleanup
*/ */
inline int __RSA_Passthrough( void *output, void *input, int size ) inline int __RSA_Passthrough( void *output, void *input, int size )
{ {
memcpy( output, input, size ); memcpy( output, input, size );
return size; return size;
} }
inline rsa_context* d2i_RSA_PUBKEY( void *ignore, unsigned char **bufptr, inline rsa_context* d2i_RSA_PUBKEY( void *ignore, unsigned char **bufptr,
 End of changes. 1 change blocks. 
0 lines changed or deleted 4 lines changed or added


 pem.h   pem.h 
skipping to change at line 49 skipping to change at line 49
#define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PE M string is not as expected. */ #define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PE M string is not as expected. */
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Fa iled to allocate memory. */ #define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Fa iled to allocate memory. */
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RS A IV is not in hex-format. */ #define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RS A IV is not in hex-format. */
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Un supported key encryption algorithm. */ #define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Un supported key encryption algorithm. */
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Pr ivate key password can't be empty. */ #define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Pr ivate key password can't be empty. */
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Gi ven private key password does not allow for correct decryption. */ #define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Gi ven private key password does not allow for correct decryption. */
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Un available feature, e.g. hashing/encryption combination. */ #define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Un available feature, e.g. hashing/encryption combination. */
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Ba d input parameters to function. */
/* \} name */ /* \} name */
#ifdef __cplusplus
extern "C" {
#endif
#if defined(POLARSSL_PEM_PARSE_C)
/** /**
* \brief PEM context structure * \brief PEM context structure
*/ */
typedef struct typedef struct
{ {
unsigned char *buf; /*!< buffer for decoded data */ unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */ size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */ unsigned char *info; /*!< buffer for extra header information */
} }
pem_context; pem_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief PEM context setup * \brief PEM context setup
* *
* \param ctx context to be initialized * \param ctx context to be initialized
*/ */
void pem_init( pem_context *ctx ); void pem_init( pem_context *ctx );
/** /**
* \brief Read a buffer for PEM information and store the resulting * \brief Read a buffer for PEM information and store the resulting
* data into the specified context buffers. * data into the specified context buffers.
skipping to change at line 87 skipping to change at line 88
* \param footer footer string to seek and expect * \param footer footer string to seek and expect
* \param data source data to look in * \param data source data to look in
* \param pwd password for decryption (can be NULL) * \param pwd password for decryption (can be NULL)
* \param pwdlen length of password * \param pwdlen length of password
* \param use_len destination for total length used (set after header is * \param use_len destination for total length used (set after header is
* correctly read, so unless you get * correctly read, so unless you get
* POLARSSL_ERR_PEM_BAD_INPUT_DATA or * POLARSSL_ERR_PEM_BAD_INPUT_DATA or
* POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is * POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
* the length to skip) * the length to skip)
* *
* \return 0 on success, ior a specific PEM error code * \note Attempts to check password correctness by verifying if
* the decrypted text starts with an ASN.1 sequence of
* appropriate length
*
* \return 0 on success, or a specific PEM error code
*/ */
int pem_read_buffer( pem_context *ctx, char *header, char *footer, int pem_read_buffer( pem_context *ctx, const char *header, const char *foot er,
const unsigned char *data, const unsigned char *data,
const unsigned char *pwd, const unsigned char *pwd,
size_t pwdlen, size_t *use_len ); size_t pwdlen, size_t *use_len );
/** /**
* \brief PEM context memory freeing * \brief PEM context memory freeing
* *
* \param ctx context to be freed * \param ctx context to be freed
*/ */
void pem_free( pem_context *ctx ); void pem_free( pem_context *ctx );
#endif /* POLARSSL_PEM_PARSE_C */
#if defined(POLARSSL_PEM_WRITE_C)
/**
* \brief Write a buffer of PEM information from a DER encoded
* buffer.
*
* \param header header string to write
* \param footer footer string to write
* \param der_data DER data to write
* \param der_len length of the DER data
* \param buf buffer to write to
* \param buf_len length of output buffer
* \param olen total length written / required (if buf_len is not enou
gh)
*
* \return 0 on success, or a specific PEM or BASE64 error code. O
n
* POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL olen is the requir
ed
* size.
*/
int pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
unsigned char *buf, size_t buf_len, size_t *olen );
#endif /* POLARSSL_PEM_WRITE_C */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* pem.h */ #endif /* pem.h */
 End of changes. 5 change blocks. 
6 lines changed or deleted 37 lines changed or added


 pkcs11.h   pkcs11.h 
/** /**
* \file pkcs11.h * \file pkcs11.h
* *
* \brief Wrapper for PKCS#11 library libpkcs11-helper * \brief Wrapper for PKCS#11 library libpkcs11-helper
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 36 skipping to change at line 36
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_PKCS11_H #ifndef POLARSSL_PKCS11_H
#define POLARSSL_PKCS11_H #define POLARSSL_PKCS11_H
#include "config.h" #include "config.h"
#if defined(POLARSSL_PKCS11_C) #if defined(POLARSSL_PKCS11_C)
#include "x509.h" #include "x509_crt.h"
#include <pkcs11-helper-1.0/pkcs11h-certificate.h> #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
#if defined(_MSC_VER) && !defined(inline) #if defined(_MSC_VER) && !defined(inline)
#define inline _inline #define inline _inline
#else #else
#if defined(__ARMCC_VERSION) && !defined(inline) #if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline #define inline __inline
#endif /* __ARMCC_VERSION */ #endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */ #endif /*_MSC_VER */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* Context for PKCS #11 private keys. * Context for PKCS #11 private keys.
*/ */
typedef struct { typedef struct {
pkcs11h_certificate_t pkcs11h_cert; pkcs11h_certificate_t pkcs11h_cert;
int len; int len;
} pkcs11_context; } pkcs11_context;
/** /**
* Fill in a PolarSSL certificate, based on the given PKCS11 helper certifi cate. * Fill in a PolarSSL certificate, based on the given PKCS11 helper certifi cate.
* *
* \param cert X.509 certificate to fill * \param cert X.509 certificate to fill
* \param pkcs11h_cert PKCS #11 helper certificate * \param pkcs11h_cert PKCS #11 helper certificate
* *
* \return 0 on success. * \return 0 on success.
*/ */
int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11h_c ert ); int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11h_ce rt );
/** /**
* Initialise a pkcs11_context, storing the given certificate. Note that th e * Initialise a pkcs11_context, storing the given certificate. Note that th e
* pkcs11_context will take over control of the certificate, freeing it whe n * pkcs11_context will take over control of the certificate, freeing it whe n
* done. * done.
* *
* \param priv_key Private key structure to fill. * \param priv_key Private key structure to fill.
* \param pkcs11_cert PKCS #11 helper certificate * \param pkcs11_cert PKCS #11 helper certificate
* *
* \return 0 on success * \return 0 on success
skipping to change at line 135 skipping to change at line 139
int pkcs11_sign( pkcs11_context *ctx, int pkcs11_sign( pkcs11_context *ctx,
int mode, int mode,
int hash_id, int hash_id,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* SSL/TLS wrappers for PKCS#11 functions * SSL/TLS wrappers for PKCS#11 functions
*/ */
static inline int ssl_pkcs11_decrypt( void *ctx, static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t), void *p const unsigned char *input, unsigned char *output,
_rng, size_t output_max_len )
int mode, size_t *olen, const unsigned char *input,
unsigned char *output, size_t output_max_len )
{ {
((void) f_rng);
((void) p_rng);
return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, outpu t, return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, outpu t,
output_max_len ); output_max_len );
} }
static inline int ssl_pkcs11_sign( void *ctx, static inline int ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p _rng, int (*f_rng)(void *, unsigned char *, size_t), void *p _rng,
int mode, int hash_id, unsigned int hashlen, int mode, int hash_id, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig ) const unsigned char *hash, unsigned char *sig )
{ {
((void) f_rng); ((void) f_rng);
((void) p_rng); ((void) p_rng);
return pkcs11_sign( (pkcs11_context *) ctx, mode, hash_id, return pkcs11_sign( (pkcs11_context *) ctx, mode, hash_id,
hashlen, hash, sig ); hashlen, hash, sig );
} }
static inline size_t ssl_pkcs11_key_len( void *ctx ) static inline size_t ssl_pkcs11_key_len( void *ctx )
{ {
return ( (pkcs11_context *) ctx )->len; return ( (pkcs11_context *) ctx )->len;
} }
#ifdef __cplusplus
}
#endif
#endif /* POLARSSL_PKCS11_C */ #endif /* POLARSSL_PKCS11_C */
#endif /* POLARSSL_PKCS11_H */ #endif /* POLARSSL_PKCS11_H */
 End of changes. 7 change blocks. 
10 lines changed or deleted 14 lines changed or added


 pkcs12.h   pkcs12.h 
skipping to change at line 48 skipping to change at line 48
#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PB E ASN.1 data not as expected. */ #define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PB E ASN.1 data not as expected. */
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Gi ven private key password does not allow for correct decryption. */ #define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Gi ven private key password does not allow for correct decryption. */
#define PKCS12_DERIVE_KEY 1 /*< encryption/decryption key */ #define PKCS12_DERIVE_KEY 1 /*< encryption/decryption key */
#define PKCS12_DERIVE_IV 2 /*< initialization vector */ #define PKCS12_DERIVE_IV 2 /*< initialization vector */
#define PKCS12_DERIVE_MAC_KEY 3 /*< integrity / MAC key */ #define PKCS12_DERIVE_MAC_KEY 3 /*< integrity / MAC key */
#define PKCS12_PBE_DECRYPT 0 #define PKCS12_PBE_DECRYPT 0
#define PKCS12_PBE_ENCRYPT 1 #define PKCS12_PBE_ENCRYPT 1
/*
* PKCS#12 PBE types
*/
#define OID_PKCS12 "\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12 "\x01\x01"
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12 "\x01\x03"
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12 "\x01\x04"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief PKCS12 Password Based function (encryption / decryptio n) * \brief PKCS12 Password Based function (encryption / decryptio n)
* for pbeWithSHAAnd128BitRC4 * for pbeWithSHAAnd128BitRC4
* *
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structu re * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structu re
* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT * \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
 End of changes. 1 change blocks. 
8 lines changed or deleted 0 lines changed or added


 pkcs5.h   pkcs5.h 
/** /**
* \file pkcs#5.h * \file pkcs5.h
* *
* \brief PKCS#5 functions * \brief PKCS#5 functions
* *
* \author Mathias Olsson <mathias@kompetensum.com> * \author Mathias Olsson <mathias@kompetensum.com>
* *
* Copyright (C) 2006-2013, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
skipping to change at line 52 skipping to change at line 52
#endif #endif
#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Un expected ASN.1 data. */ #define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Un expected ASN.1 data. */
#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Re quested encryption or digest alg not available. */ #define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Re quested encryption or digest alg not available. */
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Gi ven private key password does not allow for correct decryption. */ #define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Gi ven private key password does not allow for correct decryption. */
#define PKCS5_DECRYPT 0 #define PKCS5_DECRYPT 0
#define PKCS5_ENCRYPT 1 #define PKCS5_ENCRYPT 1
/*
* PKCS#5 OIDs
*/
#define OID_PKCS5 "\x2a\x86\x48\x86\xf7\x0d\x01\x05"
#define OID_PKCS5_PBES2 OID_PKCS5 "\x0d"
#define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c"
/*
* Encryption Algorithm OIDs
*/
#define OID_DES_CBC "\x2b\x0e\x03\x02\x07"
#define OID_DES_EDE3_CBC "\x2a\x86\x48\x86\xf7\x0d\x03\x07"
/*
* Digest Algorithm OIDs
*/
#define OID_HMAC_SHA1 "\x2a\x86\x48\x86\xf7\x0d\x02\x07"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief PKCS#5 PBES2 function * \brief PKCS#5 PBES2 function
* *
* \param pbe_params the ASN.1 algorithm parameters * \param pbe_params the ASN.1 algorithm parameters
* \param mode either PKCS5_DECRYPT or PKCS5_ENCRYPT * \param mode either PKCS5_DECRYPT or PKCS5_ENCRYPT
* \param pwd password to use when generating key * \param pwd password to use when generating key
* \param plen length of password * \param pwdlen length of password
* \param data data to process * \param data data to process
* \param datalen length of data * \param datalen length of data
* \param output output buffer * \param output output buffer
* *
* \returns 0 on success, or a PolarSSL error code if verification f ails. * \returns 0 on success, or a PolarSSL error code if verification f ails.
*/ */
int pkcs5_pbes2( asn1_buf *pbe_params, int mode, int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen, const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen, const unsigned char *data, size_t datalen,
unsigned char *output ); unsigned char *output );
 End of changes. 3 change blocks. 
20 lines changed or deleted 2 lines changed or added


 rsa.h   rsa.h 
/** /**
* \file rsa.h * \file rsa.h
* *
* \brief The RSA public-key cryptosystem * \brief The RSA public-key cryptosystem
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_RSA_H #ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H #define POLARSSL_RSA_H
#include "config.h"
#include "bignum.h" #include "bignum.h"
#include "md.h"
#if defined(POLARSSL_THREADING_C)
#include "threading.h"
#endif
/* /*
* RSA Error codes * RSA Error codes
*/ */
#define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< In put data contains invalid padding and is rejected. */ #define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< In put data contains invalid padding and is rejected. */
#define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< So mething failed during generation of a key. */ #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< So mething failed during generation of a key. */
#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Ke y failed to pass the libraries validity check. */ #define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Ke y failed to pass the libraries validity check. */
#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< Th e public key operation failed. */ #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< Th e public key operation failed. */
#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< Th e private key operation failed. */ #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< Th e private key operation failed. */
#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< Th e PKCS#1 verification failed. */ #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< Th e PKCS#1 verification failed. */
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< Th e output buffer for decryption is not large enough. */ #define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< Th e output buffer for decryption is not large enough. */
#define POLARSSL_ERR_RSA_RNG_FAILED -0x4480 /**< Th e random generator failed to generate non-zeros. */ #define POLARSSL_ERR_RSA_RNG_FAILED -0x4480 /**< Th e random generator failed to generate non-zeros. */
/* /*
* PKCS#1 constants * RSA constants
*/ */
#define SIG_RSA_RAW 0
#define SIG_RSA_MD2 2
#define SIG_RSA_MD4 3
#define SIG_RSA_MD5 4
#define SIG_RSA_SHA1 5
#define SIG_RSA_SHA224 14
#define SIG_RSA_SHA256 11
#define SIG_RSA_SHA384 12
#define SIG_RSA_SHA512 13
#define RSA_PUBLIC 0 #define RSA_PUBLIC 0
#define RSA_PRIVATE 1 #define RSA_PRIVATE 1
#define RSA_PKCS_V15 0 #define RSA_PKCS_V15 0
#define RSA_PKCS_V21 1 #define RSA_PKCS_V21 1
#define RSA_SIGN 1 #define RSA_SIGN 1
#define RSA_CRYPT 2 #define RSA_CRYPT 2
#define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30"
#define ASN1_STR_NULL "\x05"
#define ASN1_STR_OID "\x06"
#define ASN1_STR_OCTET_STRING "\x04"
#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a"
#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x
00"
#define OID_ISO_MEMBER_BODIES "\x2a"
#define OID_ISO_IDENTIFIED_ORG "\x2b"
/*
* ISO Member bodies OID parts
*/
#define OID_COUNTRY_US "\x86\x48"
#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d"
/* /*
* ISO Identified organization OID parts * The above constants may be used even if the RSA module is compile out,
* eg for alternative (PKCS#11) RSA implemenations in the PK layers.
*/ */
#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" #if defined(POLARSSL_RSA_C)
/* #ifdef __cplusplus
* DigestInfo ::= SEQUENCE { extern "C" {
* digestAlgorithm DigestAlgorithmIdentifier, #endif
* digest Digest }
*
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
*
* Digest ::= OCTET STRING
*/
#define ASN1_HASH_MDX \
( \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \
ASN1_STR_OID "\x08" \
OID_DIGEST_ALG_MDX \
ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x10" \
)
#define ASN1_HASH_SHA1 \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \
ASN1_STR_OID "\x05" \
OID_HASH_ALG_SHA1 \
ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x14"
#define ASN1_HASH_SHA1_ALT \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x1F" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x07" \
ASN1_STR_OID "\x05" \
OID_HASH_ALG_SHA1 \
ASN1_STR_OCTET_STRING "\x14"
#define ASN1_HASH_SHA2X \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
ASN1_STR_OID "\x09" \
OID_HASH_ALG_SHA2X \
ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x00"
/** /**
* \brief RSA context structure * \brief RSA context structure
*/ */
typedef struct typedef struct
{ {
int ver; /*!< always 0 */ int ver; /*!< always 0 */
size_t len; /*!< size(N) in chars */ size_t len; /*!< size(N) in chars */
mpi N; /*!< public modulus */ mpi N; /*!< public modulus */
skipping to change at line 154 skipping to change at line 96
mpi P; /*!< 1st prime factor */ mpi P; /*!< 1st prime factor */
mpi Q; /*!< 2nd prime factor */ mpi Q; /*!< 2nd prime factor */
mpi DP; /*!< D % (P - 1) */ mpi DP; /*!< D % (P - 1) */
mpi DQ; /*!< D % (Q - 1) */ mpi DQ; /*!< D % (Q - 1) */
mpi QP; /*!< 1 / (Q % P) */ mpi QP; /*!< 1 / (Q % P) */
mpi RN; /*!< cached R^2 mod N */ mpi RN; /*!< cached R^2 mod N */
mpi RP; /*!< cached R^2 mod P */ mpi RP; /*!< cached R^2 mod P */
mpi RQ; /*!< cached R^2 mod Q */ mpi RQ; /*!< cached R^2 mod Q */
#if !defined(POLARSSL_RSA_NO_CRT)
mpi Vi; /*!< cached blinding value */
mpi Vf; /*!< cached un-blinding value */
#endif
int padding; /*!< RSA_PKCS_V15 for 1.5 padding and int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
RSA_PKCS_v21 for OAEP/PSS */ RSA_PKCS_v21 for OAEP/PSS */
int hash_id; /*!< Hash identifier of md_type_t as int hash_id; /*!< Hash identifier of md_type_t as
specified in the md.h header file specified in the md.h header file
for the EME-OAEP and EMSA-PSS for the EME-OAEP and EMSA-PSS
encoding */ encoding */
#if defined(POLARSSL_THREADING_C)
threading_mutex_t mutex; /*!< Thread-safety mutex */
#endif
} }
rsa_context; rsa_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Initialize an RSA context * \brief Initialize an RSA context
* *
* Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme. * encryption scheme and the RSASSA-PSS signature scheme.
* *
* \param ctx RSA context to be initialized * \param ctx RSA context to be initialized
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21 * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier * \param hash_id RSA_PKCS_V21 hash identifier
* *
skipping to change at line 429 skipping to change at line 375
unsigned char *output, unsigned char *output,
size_t output_max_len ); size_t output_max_len );
/** /**
* \brief Generic wrapper to perform a PKCS#1 signature using the * \brief Generic wrapper to perform a PKCS#1 signature using the
* mode from the context. Do a private RSA operation to sig n * mode from the context. Do a private RSA operation to sig n
* a message digest * a message digest
* *
* \param ctx RSA context * \param ctx RSA context
* \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
* RSA_PRIVATE) * RSA_PRIVATE)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw da
384,512} ta)
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
* *
* \note In case of PKCS#1 v2.1 encoding keep in mind that * \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the * the hash_id in the RSA context is the one used for the
* encoding. hash_id in the function call is the type of ha sh * encoding. hash_id in the function call is the type of ha sh
* that is encoded. According to RFC 3447 it is advised to * that is encoded. According to RFC 3447 it is advised to
* keep both hashes the same. * keep both hashes the same.
*/ */
int rsa_pkcs1_sign( rsa_context *ctx, int rsa_pkcs1_sign( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode, int mode,
int hash_id, md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
* *
* \param ctx RSA context * \param ctx RSA context
* \param f_rng RNG function (Only needed for RSA_PRIVATE) * \param f_rng RNG function (Only needed for RSA_PRIVATE)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw da
384,512} ta)
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/ */
int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t ), int (*f_rng)(void *, unsigned char *, size_t ),
void *p_rng, void *p_rng,
int mode, int mode,
int hash_id, md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
* *
* \param ctx RSA context * \param ctx RSA context
* \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
* RSA_PRIVATE) * RSA_PRIVATE)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw da
384,512} ta)
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
* *
* \note In case of PKCS#1 v2.1 encoding keep in mind that * \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the * the hash_id in the RSA context is the one used for the
* encoding. hash_id in the function call is the type of ha sh * encoding. hash_id in the function call is the type of ha sh
* that is encoded. According to RFC 3447 it is advised to * that is encoded. According to RFC 3447 it is advised to
* keep both hashes the same. * keep both hashes the same.
*/ */
int rsa_rsassa_pss_sign( rsa_context *ctx, int rsa_rsassa_pss_sign( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode, int mode,
int hash_id, md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* \brief Generic wrapper to perform a PKCS#1 verification using t he * \brief Generic wrapper to perform a PKCS#1 verification using t he
* mode from the context. Do a public RSA operation and che ck * mode from the context. Do a public RSA operation and che ck
* the message digest * the message digest
* *
* \param ctx points to an RSA public key * \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for RSA_PRIVATE) * \param f_rng RNG function (Only needed for RSA_PRIVATE)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw da
384,512} ta)
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
* *
* \note In case of PKCS#1 v2.1 encoding keep in mind that * \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the * the hash_id in the RSA context is the one used for the
* verification. hash_id in the function call is the type o f hash * verification. hash_id in the function call is the type o f hash
* that is verified. According to RFC 3447 it is advised to * that is verified. According to RFC 3447 it is advised to
* keep both hashes the same. * keep both hashes the same.
*/ */
int rsa_pkcs1_verify( rsa_context *ctx, int rsa_pkcs1_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode, int mode,
int hash_id, md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); const unsigned char *sig );
/** /**
* \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VE RIFY) * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VE RIFY)
* *
* \param ctx points to an RSA public key * \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for RSA_PRIVATE) * \param f_rng RNG function (Only needed for RSA_PRIVATE)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw da
384,512} ta)
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/ */
int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size _t), int (*f_rng)(void *, unsigned char *, size _t),
void *p_rng, void *p_rng,
int mode, int mode,
int hash_id, md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); const unsigned char *sig );
/** /**
* \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIF Y) * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIF Y)
* \brief Do a public RSA and check the message digest * \brief Do a public RSA and check the message digest
* *
* \param ctx points to an RSA public key * \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for RSA_PRIVATE) * \param f_rng RNG function (Only needed for RSA_PRIVATE)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw da
384,512} ta)
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
* *
* \note In case of PKCS#1 v2.1 encoding keep in mind that * \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the * the hash_id in the RSA context is the one used for the
* verification. hash_id in the function call is the type o f hash * verification. hash_id in the function call is the type o f hash
* that is verified. According to RFC 3447 it is advised to * that is verified. According to RFC 3447 it is advised to
* keep both hashes the same. * keep both hashes the same.
*/ */
int rsa_rsassa_pss_verify( rsa_context *ctx, int rsa_rsassa_pss_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode, int mode,
int hash_id, md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); const unsigned char *sig );
/**
* \brief Copy the components of an RSA context
*
* \param dst Destination context
* \param src Source context
*
* \return O on success,
* POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation fail
ure
*/
int rsa_copy( rsa_context *dst, const rsa_context *src );
/** /**
* \brief Free the components of an RSA key * \brief Free the components of an RSA key
* *
* \param ctx RSA Context to free * \param ctx RSA Context to free
*/ */
void rsa_free( rsa_context *ctx ); void rsa_free( rsa_context *ctx );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int rsa_self_test( int verbose ); int rsa_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* POLARSSL_RSA_C */
#endif /* rsa.h */ #endif /* rsa.h */
 End of changes. 29 change blocks. 
106 lines changed or deleted 65 lines changed or added


 sha1.h   sha1.h 
skipping to change at line 47 skipping to change at line 47
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/w rite error in file. */ #define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/w rite error in file. */
#if !defined(POLARSSL_SHA1_ALT) #if !defined(POLARSSL_SHA1_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief SHA-1 context structure * \brief SHA-1 context structure
*/ */
typedef struct typedef struct
{ {
uint32_t total[2]; /*!< number of bytes processed */ uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */ uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
} }
sha1_context; sha1_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief SHA-1 context setup * \brief SHA-1 context setup
* *
* \param ctx context to be initialized * \param ctx context to be initialized
*/ */
void sha1_starts( sha1_context *ctx ); void sha1_starts( sha1_context *ctx );
/** /**
* \brief SHA-1 process buffer * \brief SHA-1 process buffer
* *
 End of changes. 2 change blocks. 
4 lines changed or deleted 4 lines changed or added


 ssl.h   ssl.h 
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SSL_H #ifndef POLARSSL_SSL_H
#define POLARSSL_SSL_H #define POLARSSL_SSL_H
#include <time.h> #include "config.h"
#include "net.h" #include "net.h"
#include "rsa.h" #include "bignum.h"
#include "ssl_ciphersuites.h"
#if defined(POLARSSL_MD5_C)
#include "md5.h" #include "md5.h"
#endif
#if defined(POLARSSL_SHA1_C)
#include "sha1.h" #include "sha1.h"
#include "sha2.h" #endif
#include "sha4.h"
#include "x509.h" #if defined(POLARSSL_SHA256_C)
#include "config.h" #include "sha256.h"
#endif
#if defined(POLARSSL_SHA512_C)
#include "sha512.h"
#endif
// for session tickets
#if defined(POLARSSL_AES_C)
#include "aes.h"
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
#include "x509_crt.h"
#include "x509_crl.h"
#endif
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
#include "dhm.h" #include "dhm.h"
#endif #endif
#if defined(POLARSSL_ECDH_C)
#include "ecdh.h"
#endif
#if defined(POLARSSL_ZLIB_SUPPORT) #if defined(POLARSSL_ZLIB_SUPPORT)
#include "zlib.h" #include "zlib.h"
#endif #endif
#if defined(POLARSSL_HAVE_TIME)
#include <time.h>
#endif
#if defined(_MSC_VER) && !defined(inline) #if defined(_MSC_VER) && !defined(inline)
#define inline _inline #define inline _inline
#else #else
#if defined(__ARMCC_VERSION) && !defined(inline) #if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline #define inline __inline
#endif /* __ARMCC_VERSION */ #endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */ #endif /*_MSC_VER */
/* /*
* SSL Error codes * SSL Error codes
skipping to change at line 71 skipping to change at line 100
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Ve rification of the message MAC failed. */ #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Ve rification of the message MAC failed. */
#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< Th e connection indicated an EOF. */ #define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< Th e connection indicated an EOF. */
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */ #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< Th e server has no ciphersuites in common with the client. */ #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< Th e server has no ciphersuites in common with the client. */
#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */ #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authent ication mode. */ #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authent ication mode. */
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Ou r own certificate(s) is/are too large to send in an SSL message.*/ #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Ou r own certificate(s) is/are too large to send in an SSL message.*/
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< Th e own certificate is not set, but needed by the server. */ #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< Th e own certificate is not set, but needed by the server. */
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< Th e own private key is not set, but needed. */ #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< Th e own private key or pre-shared key is not set, but needed. */
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Ve rification of our peer failed. */ #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Ve rification of our peer failed. */
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< Th e peer notified us that the connection is going to be closed. */ #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< Th e peer notified us that the connection is going to be closed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Pr ocessing of the ClientHello handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Pr ocessing of the ClientHello handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Pr ocessing of the ServerHello handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Pr ocessing of the ServerHello handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Pr ocessing of the Certificate handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Pr ocessing of the Certificate handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Pr ocessing of the CertificateRequest handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Pr ocessing of the CertificateRequest handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Pr ocessing of the ServerKeyExchange handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Pr ocessing of the ServerKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Pr ocessing of the ServerHelloDone handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Pr ocessing of the ServerHelloDone handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Pr ocessing of the ClientKeyExchange handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Pr ocessing of the ClientKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Pr #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Pr
ocessing of the ClientKeyExchange handshake message failed in DHM Read Publ ocessing of the ClientKeyExchange handshake message failed in DHM / ECDH Re
ic. */ ad Public. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Pr #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Pr
ocessing of the ClientKeyExchange handshake message failed in DHM Calculate ocessing of the ClientKeyExchange handshake message failed in DHM / ECDH Ca
Secret. */ lculate Secret. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Pr ocessing of the CertificateVerify handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Pr ocessing of the CertificateVerify handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Pr ocessing of the ChangeCipherSpec handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Pr ocessing of the ChangeCipherSpec handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr ocessing of the Finished handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr ocessing of the Finished handshake message failed. */
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Me mory allocation failed */ #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Me mory allocation failed */
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Ha rdware acceleration function returned with error */ #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Ha rdware acceleration function returned with error */
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Ha rdware acceleration function skipped / left alone data */ #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Ha rdware acceleration function skipped / left alone data */
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Pr ocessing of the compression / decompression failed */ #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Pr ocessing of the compression / decompression failed */
#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Ha ndshake protocol not within min/max boundaries */ #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Ha ndshake protocol not within min/max boundaries */
#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Pr
ocessing of the NewSessionTicket handshake message failed. */
#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Se
ssion ticket has expired. */
#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Pu
blic key type mismatch (eg, asked for RSA key exchange and presented EC key
) */
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Un
kown identity received (eg, PSK identity) */
/* /*
* Various constants * Various constants
*/ */
#define SSL_MAJOR_VERSION_3 3 #define SSL_MAJOR_VERSION_3 3
#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ #define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ #define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
/* Determine minimum supported version */
#define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
#if defined(POLARSSL_SSL_PROTO_SSL3)
#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
#else
#if defined(POLARSSL_SSL_PROTO_TLS1)
#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_1)
#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
#endif
#endif
#endif
#endif
/* Determine maximum supported version */
#define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_1)
#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
#else
#if defined(POLARSSL_SSL_PROTO_TLS1)
#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
#else
#if defined(POLARSSL_SSL_PROTO_SSL3)
#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
#endif
#endif
#endif
#endif
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */
#define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension
*/
#define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9
*/
#define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10
*/
#define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11
*/
#define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12
*/
#define SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value
*/
#define SSL_IS_CLIENT 0 #define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1 #define SSL_IS_SERVER 1
#define SSL_COMPRESS_NULL 0 #define SSL_COMPRESS_NULL 0
#define SSL_COMPRESS_DEFLATE 1 #define SSL_COMPRESS_DEFLATE 1
#define SSL_VERIFY_NONE 0 #define SSL_VERIFY_NONE 0
#define SSL_VERIFY_OPTIONAL 1 #define SSL_VERIFY_OPTIONAL 1
#define SSL_VERIFY_REQUIRED 2 #define SSL_VERIFY_REQUIRED 2
#define SSL_INITIAL_HANDSHAKE 0 #define SSL_INITIAL_HANDSHAKE 0
skipping to change at line 126 skipping to change at line 206
#define SSL_LEGACY_RENEGOTIATION 0 #define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1 #define SSL_SECURE_RENEGOTIATION 1
#define SSL_RENEGOTIATION_DISABLED 0 #define SSL_RENEGOTIATION_DISABLED 0
#define SSL_RENEGOTIATION_ENABLED 1 #define SSL_RENEGOTIATION_ENABLED 1
#define SSL_LEGACY_NO_RENEGOTIATION 0 #define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
#define SSL_LEGACY_BREAK_HANDSHAKE 2 #define SSL_LEGACY_BREAK_HANDSHAKE 2
#define SSL_TRUNC_HMAC_DISABLED 0
#define SSL_TRUNC_HMAC_ENABLED 1
#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7
*/
#define SSL_SESSION_TICKETS_DISABLED 0
#define SSL_SESSION_TICKETS_ENABLED 1
#if !defined(POLARSSL_CONFIG_OPTIONS)
#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tick
ets (if enabled) */
#endif /* !POLARSSL_CONFIG_OPTIONS */
/* /*
* Size of the input / output buffer. * Size of the input / output buffer.
* Note: the RFC defines the default size of SSL / TLS messages. If you * Note: the RFC defines the default size of SSL / TLS messages. If you
* change the value here, other clients / servers may not be able to * change the value here, other clients / servers may not be able to
* communicate with you anymore. Only change this value if you control * communicate with you anymore. Only change this value if you control
* both sides of the connection and have it reduced at both sides! * both sides of the connection and have it reduced at both sides!
*/ */
#if !defined(POLARSSL_CONFIG_OPTIONS) #if !defined(POLARSSL_CONFIG_OPTIONS)
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
#endif /* !POLARSSL_CONFIG_OPTIONS */ #endif /* !POLARSSL_CONFIG_OPTIONS */
skipping to change at line 151 skipping to change at line 242
* enabled. * enabled.
*/ */
#if defined(POLARSSL_ZLIB_SUPPORT) #if defined(POLARSSL_ZLIB_SUPPORT)
#define SSL_COMPRESSION_ADD 1024 #define SSL_COMPRESSION_ADD 1024
#else #else
#define SSL_COMPRESSION_ADD 0 #define SSL_COMPRESSION_ADD 0
#endif #endif
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512) #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
/*
* Supported ciphersuites (Official IANA names)
*/
#define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in T
LS 1.2 */
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in T
LS 1.2 */
#define TLS_RSA_WITH_RC4_128_MD5 0x04
#define TLS_RSA_WITH_RC4_128_SHA 0x05
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
/* /*
* Supported Signature and Hash algorithms (For TLS 1.2) * Supported Signature and Hash algorithms (For TLS 1.2)
* RFC 5246 section 7.4.1.4.1
*/ */
#define SSL_HASH_NONE 0 #define SSL_HASH_NONE 0
#define SSL_HASH_MD5 1 #define SSL_HASH_MD5 1
#define SSL_HASH_SHA1 2 #define SSL_HASH_SHA1 2
#define SSL_HASH_SHA224 3 #define SSL_HASH_SHA224 3
#define SSL_HASH_SHA256 4 #define SSL_HASH_SHA256 4
#define SSL_HASH_SHA384 5 #define SSL_HASH_SHA384 5
#define SSL_HASH_SHA512 6 #define SSL_HASH_SHA512 6
#define SSL_SIG_ANON 0
#define SSL_SIG_RSA 1 #define SSL_SIG_RSA 1
#define SSL_SIG_ECDSA 3
/* /*
* Client Certificate Types * Client Certificate Types
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
*/ */
#define SSL_CERT_TYPE_RSA_SIGN 1 #define SSL_CERT_TYPE_RSA_SIGN 1
#define SSL_CERT_TYPE_ECDSA_SIGN 64
/* /*
* Message, alert and handshake types * Message, alert and handshake types
*/ */
#define SSL_MSG_CHANGE_CIPHER_SPEC 20 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
#define SSL_MSG_ALERT 21 #define SSL_MSG_ALERT 21
#define SSL_MSG_HANDSHAKE 22 #define SSL_MSG_HANDSHAKE 22
#define SSL_MSG_APPLICATION_DATA 23 #define SSL_MSG_APPLICATION_DATA 23
#define SSL_ALERT_LEVEL_WARNING 1 #define SSL_ALERT_LEVEL_WARNING 1
skipping to change at line 246 skipping to change at line 304
#define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ #define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
#define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ #define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
#define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ #define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
#define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ #define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ #define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ #define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
#define SSL_HS_HELLO_REQUEST 0 #define SSL_HS_HELLO_REQUEST 0
#define SSL_HS_CLIENT_HELLO 1 #define SSL_HS_CLIENT_HELLO 1
#define SSL_HS_SERVER_HELLO 2 #define SSL_HS_SERVER_HELLO 2
#define SSL_HS_NEW_SESSION_TICKET 4
#define SSL_HS_CERTIFICATE 11 #define SSL_HS_CERTIFICATE 11
#define SSL_HS_SERVER_KEY_EXCHANGE 12 #define SSL_HS_SERVER_KEY_EXCHANGE 12
#define SSL_HS_CERTIFICATE_REQUEST 13 #define SSL_HS_CERTIFICATE_REQUEST 13
#define SSL_HS_SERVER_HELLO_DONE 14 #define SSL_HS_SERVER_HELLO_DONE 14
#define SSL_HS_CERTIFICATE_VERIFY 15 #define SSL_HS_CERTIFICATE_VERIFY 15
#define SSL_HS_CLIENT_KEY_EXCHANGE 16 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
#define SSL_HS_FINISHED 20 #define SSL_HS_FINISHED 20
/* /*
* TLS extensions * TLS extensions
*/ */
#define TLS_EXT_SERVERNAME 0 #define TLS_EXT_SERVERNAME 0
#define TLS_EXT_SERVERNAME_HOSTNAME 0 #define TLS_EXT_SERVERNAME_HOSTNAME 0
#define TLS_EXT_MAX_FRAGMENT_LENGTH 1
#define TLS_EXT_TRUNCATED_HMAC 4
#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
#define TLS_EXT_SIG_ALG 13
#define TLS_EXT_SESSION_TICKET 35
#define TLS_EXT_SIG_ALG 13 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01 /*
* Size defines
*/
#if !defined(POLARSSL_MPI_MAX_SIZE)
#define POLARSSL_PREMASTER_SIZE 512
#else
#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* /*
* Generic function pointers for allowing external RSA private key * Generic function pointers for allowing external RSA private key
* implementations. * implementations.
*/ */
typedef int (*rsa_decrypt_func)( void *ctx, typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, int mode, size_t *olen,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
size_t output_max_len ); size_t output_max_len );
typedef int (*rsa_sign_func)( void *ctx, typedef int (*rsa_sign_func)( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p _rng, int (*f_rng)(void *, unsigned char *, size_t), void *p _rng,
int mode, int hash_id, unsigned int hashlen, int mode, int hash_id, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig ); const unsigned char *hash, unsigned char *sig );
typedef size_t (*rsa_key_len_func)( void *ctx ); typedef size_t (*rsa_key_len_func)( void *ctx );
/* /*
* SSL state machine * SSL state machine
skipping to change at line 304 skipping to change at line 384
SSL_SERVER_HELLO_DONE, SSL_SERVER_HELLO_DONE,
SSL_CLIENT_CERTIFICATE, SSL_CLIENT_CERTIFICATE,
SSL_CLIENT_KEY_EXCHANGE, SSL_CLIENT_KEY_EXCHANGE,
SSL_CERTIFICATE_VERIFY, SSL_CERTIFICATE_VERIFY,
SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_CHANGE_CIPHER_SPEC,
SSL_CLIENT_FINISHED, SSL_CLIENT_FINISHED,
SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_CHANGE_CIPHER_SPEC,
SSL_SERVER_FINISHED, SSL_SERVER_FINISHED,
SSL_FLUSH_BUFFERS, SSL_FLUSH_BUFFERS,
SSL_HANDSHAKE_WRAPUP, SSL_HANDSHAKE_WRAPUP,
SSL_HANDSHAKE_OVER SSL_HANDSHAKE_OVER,
SSL_SERVER_NEW_SESSION_TICKET,
} }
ssl_states; ssl_states;
typedef struct _ssl_session ssl_session; typedef struct _ssl_session ssl_session;
typedef struct _ssl_context ssl_context; typedef struct _ssl_context ssl_context;
typedef struct _ssl_transform ssl_transform; typedef struct _ssl_transform ssl_transform;
typedef struct _ssl_handshake_params ssl_handshake_params; typedef struct _ssl_handshake_params ssl_handshake_params;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
typedef struct _ssl_ticket_keys ssl_ticket_keys;
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
typedef struct _ssl_key_cert ssl_key_cert;
#endif
/* /*
* This structure is used for storing current session data. * This structure is used for storing current session data.
*/ */
struct _ssl_session struct _ssl_session
{ {
#if defined(POLARSSL_HAVE_TIME)
time_t start; /*!< starting time */ time_t start; /*!< starting time */
#endif
int ciphersuite; /*!< chosen ciphersuite */ int ciphersuite; /*!< chosen ciphersuite */
int compression; /*!< chosen compression */ int compression; /*!< chosen compression */
size_t length; /*!< session id length */ size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */ unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */ unsigned char master[48]; /*!< the master secret */
x509_cert *peer_cert; /*!< peer X.509 cert chain */
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt *peer_cert; /*!< peer X.509 cert chain */
#endif /* POLARSSL_X509_CRT_PARSE_C */
int verify_result; /*!< verification result */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
unsigned char *ticket; /*!< RFC 5077 session ticket */
size_t ticket_len; /*!< session ticket length */
uint32_t ticket_lifetime; /*!< ticket lifetime hint */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer *
/
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< flag for truncated hmac activation *
/
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
}; };
/* /*
* This structure contains a full set of runtime transform parameters * This structure contains a full set of runtime transform parameters
* either in negotiation or active. * either in negotiation or active.
*/ */
struct _ssl_transform struct _ssl_transform
{ {
/* /*
* Session specific crypto layer * Session specific crypto layer
*/ */
const ssl_ciphersuite_t *ciphersuite_info;
/*!< Chosen cipersuite_info */
unsigned int keylen; /*!< symmetric key length */ unsigned int keylen; /*!< symmetric key length */
size_t minlen; /*!< min. ciphertext length */ size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */ size_t ivlen; /*!< IV length */
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
size_t maclen; /*!< MAC length */ size_t maclen; /*!< MAC length */
unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */
unsigned char mac_enc[32]; /*!< MAC (encryption) */ #if defined(POLARSSL_SSL_PROTO_SSL3)
unsigned char mac_dec[32]; /*!< MAC (decryption) */ /* Needed only for SSL v3.0 secret */
unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */
unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */
#endif /* POLARSSL_SSL_PROTO_SSL3 */
uint32_t ctx_enc[136]; /*!< encryption context */ md_context_t md_ctx_enc; /*!< MAC (encryption) */
uint32_t ctx_dec[136]; /*!< decryption context */ md_context_t md_ctx_dec; /*!< MAC (decryption) */
cipher_context_t cipher_ctx_enc; /*!< encryption context */
cipher_context_t cipher_ctx_dec; /*!< decryption context */
/* /*
* Session specific compression layer * Session specific compression layer
*/ */
#if defined(POLARSSL_ZLIB_SUPPORT) #if defined(POLARSSL_ZLIB_SUPPORT)
z_stream ctx_deflate; /*!< compression context */ z_stream ctx_deflate; /*!< compression context */
z_stream ctx_inflate; /*!< decompression context */ z_stream ctx_inflate; /*!< decompression context */
#endif #endif
}; };
skipping to change at line 374 skipping to change at line 489
{ {
/* /*
* Handshake specific crypto variables * Handshake specific crypto variables
*/ */
int sig_alg; /*!< Signature algorithm */ int sig_alg; /*!< Signature algorithm */
int cert_type; /*!< Requested cert type */ int cert_type; /*!< Requested cert type */
int verify_sig_alg; /*!< Signature algorithm for verif y */ int verify_sig_alg; /*!< Signature algorithm for verif y */
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
dhm_context dhm_ctx; /*!< DHM key exchange */ dhm_context dhm_ctx; /*!< DHM key exchange */
#endif #endif
#if defined(POLARSSL_ECDH_C)
ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
const ecp_curve_info **curves; /*!< Supported elliptic curves */
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* Current key/cert or key/cert list.
* On client: pointer to ssl->key_cert, only the first entry used.
* On server: starts as a pointer to ssl->key_cert, then becomes
* a pointer to the chosen key from this list or the SNI list.
*/
ssl_key_cert *key_cert;
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
#endif
#endif
/* /*
* Checksum contexts * Checksum contexts
*/ */
md5_context fin_md5; #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) ||
sha1_context fin_sha1; \
sha2_context fin_sha2; defined(POLARSSL_SSL_PROTO_TLS1_1)
sha4_context fin_sha4; md5_context fin_md5;
sha1_context fin_sha1;
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#if defined(POLARSSL_SHA256_C)
sha256_context fin_sha256;
#endif
#if defined(POLARSSL_SHA512_C)
sha512_context fin_sha512;
#endif
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
void (*update_checksum)(ssl_context *, unsigned char *, size_t); void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
void (*calc_verify)(ssl_context *, unsigned char *); void (*calc_verify)(ssl_context *, unsigned char *);
void (*calc_finished)(ssl_context *, unsigned char *, int); void (*calc_finished)(ssl_context *, unsigned char *, int);
int (*tls_prf)(unsigned char *, size_t, char *, int (*tls_prf)(const unsigned char *, size_t, const char *,
unsigned char *, size_t, const unsigned char *, size_t,
unsigned char *, size_t); unsigned char *, size_t);
size_t pmslen; /*!< premaster length */ size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */ unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[POLARSSL_MPI_MAX_SIZE]; unsigned char premaster[POLARSSL_PREMASTER_SIZE];
/*!< premaster secret */ /*!< premaster secret */
int resume; /*!< session resume indicator*/ int resume; /*!< session resume indicator*/
int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
};
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/*
* Parameters needed to secure session tickets
*/
struct _ssl_ticket_keys
{
unsigned char key_name[16]; /*!< name to quickly discard bad ticket
s */
aes_context enc; /*!< encryption context
*/
aes_context dec; /*!< decryption context
*/
unsigned char mac_key[16]; /*!< authentication key
*/
}; };
#endif /* POLARSSL_SSL_SESSION_TICKETS */
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs
*/
struct _ssl_key_cert
{
x509_crt *cert; /*!< cert */
pk_context *key; /*!< private key */
int key_own_alloc; /*!< did we allocate key? */
ssl_key_cert *next; /*!< next key/cert pair */
};
#endif /* POLARSSL_X509_CRT_PARSE_C */
struct _ssl_context struct _ssl_context
{ {
/* /*
* Miscellaneous * Miscellaneous
*/ */
int state; /*!< SSL handshake: current state */ int state; /*!< SSL handshake: current state */
int renegotiation; /*!< Initial or renegotiation */ int renegotiation; /*!< Initial or renegotiation */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */ int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
int max_major_ver; /*!< max. major version from client */ int max_major_ver; /*!< max. major version used */
int max_minor_ver; /*!< max. minor version from client */ int max_minor_ver; /*!< max. minor version used */
int min_major_ver; /*!< min. major version accepted */ int min_major_ver; /*!< min. major version used */
int min_minor_ver; /*!< min. minor version accepted */ int min_minor_ver; /*!< min. minor version used */
/* /*
* Callbacks (RNG, debug, I/O, verification) * Callbacks (RNG, debug, I/O, verification)
*/ */
int (*f_rng)(void *, unsigned char *, size_t); int (*f_rng)(void *, unsigned char *, size_t);
void (*f_dbg)(void *, int, const char *); void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, size_t); int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, const unsigned char *, size_t); int (*f_send)(void *, const unsigned char *, size_t);
int (*f_vrfy)(void *, x509_cert *, int, int *);
int (*f_get_cache)(void *, ssl_session *); int (*f_get_cache)(void *, ssl_session *);
int (*f_set_cache)(void *, const ssl_session *); int (*f_set_cache)(void *, const ssl_session *);
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */ void *p_rng; /*!< context for the RNG function */
void *p_dbg; /*!< context for the debug function */ void *p_dbg; /*!< context for the debug function */
void *p_recv; /*!< context for reading operations */ void *p_recv; /*!< context for reading operations */
void *p_send; /*!< context for writing operations */ void *p_send; /*!< context for writing operations */
void *p_vrfy; /*!< context for verification */
void *p_get_cache; /*!< context for cache retrieval */ void *p_get_cache; /*!< context for cache retrieval */
void *p_set_cache; /*!< context for cache store */ void *p_set_cache; /*!< context for cache store */
void *p_sni; /*!< context for SNI extension */
void *p_hw_data; /*!< context for HW acceleration */ void *p_hw_data; /*!< context for HW acceleration */
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
void *p_sni; /*!< context for SNI extension */
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
int (*f_vrfy)(void *, x509_crt *, int, int *);
void *p_vrfy; /*!< context for verification */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
void *p_psk; /*!< context for PSK retrieval */
#endif
/* /*
* Session layer * Session layer
*/ */
ssl_session *session_in; /*!< current session data (in) * / ssl_session *session_in; /*!< current session data (in) * /
ssl_session *session_out; /*!< current session data (out) * / ssl_session *session_out; /*!< current session data (out) * /
ssl_session *session; /*!< negotiated session data * / ssl_session *session; /*!< negotiated session data * /
ssl_session *session_negotiate; /*!< session data in negotiation * / ssl_session *session_negotiate; /*!< session data in negotiation * /
ssl_handshake_params *handshake; /*!< params required only during ssl_handshake_params *handshake; /*!< params required only during
the handshake process */ the handshake process */
skipping to change at line 461 skipping to change at line 646
ssl_transform *transform_in; /*!< current transform params (in) */ ssl_transform *transform_in; /*!< current transform params (in) */
ssl_transform *transform_out; /*!< current transform params (in) */ ssl_transform *transform_out; /*!< current transform params (in) */
ssl_transform *transform; /*!< negotiated transform params */ ssl_transform *transform; /*!< negotiated transform params */
ssl_transform *transform_negotiate; /*!< transform params in negotiati on */ ssl_transform *transform_negotiate; /*!< transform params in negotiati on */
/* /*
* Record layer (incoming data) * Record layer (incoming data)
*/ */
unsigned char *in_ctr; /*!< 64-bit incoming message counter */ unsigned char *in_ctr; /*!< 64-bit incoming message counter */
unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */ unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
unsigned char *in_msg; /*!< the message contents (in_hdr+5) */ unsigned char *in_iv; /*!< ivlen-byte IV (in_hdr+5) */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
unsigned char *in_offt; /*!< read offset in application data */ unsigned char *in_offt; /*!< read offset in application data */
int in_msgtype; /*!< record header: message type */ int in_msgtype; /*!< record header: message type */
size_t in_msglen; /*!< record header: message length */ size_t in_msglen; /*!< record header: message length */
size_t in_left; /*!< amount of data read so far */ size_t in_left; /*!< amount of data read so far */
size_t in_hslen; /*!< current handshake message length */ size_t in_hslen; /*!< current handshake message length */
int nb_zero; /*!< # of 0-length encrypted messages */ int nb_zero; /*!< # of 0-length encrypted messages */
int record_read; /*!< record is already present */
/* /*
* Record layer (outgoing data) * Record layer (outgoing data)
*/ */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
unsigned char *out_msg; /*!< the message contents (out_hdr+32)*/ unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
int out_msgtype; /*!< record header: message type */ int out_msgtype; /*!< record header: message type */
size_t out_msglen; /*!< record header: message length */ size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */ size_t out_left; /*!< amount of data not yet written */
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
/* /*
* PKI layer * PKI layer
*/ */
void *rsa_key; /*!< own RSA private key */ #if defined(POLARSSL_X509_CRT_PARSE_C)
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/ ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
rsa_sign_func rsa_sign; /*!< function for RSA sign */
rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/ x509_crt *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */
x509_cert *own_cert; /*!< own X.509 certificate */ const char *peer_cn; /*!< expected peer CN */
x509_cert *ca_chain; /*!< own trusted CA chain */ #endif /* POLARSSL_X509_CRT_PARSE_C */
x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */ /*
* Support for generating and checking session tickets
*/
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/* /*
* User settings * User settings
*/ */
int endpoint; /*!< 0: client, 1: server */ int endpoint; /*!< 0: client, 1: server */
int authmode; /*!< verification mode */ int authmode; /*!< verification mode */
int client_auth; /*!< flag for client auth. */ int client_auth; /*!< flag for client auth. */
int verify_result; /*!< verification result */ int verify_result; /*!< verification result */
int disable_renegotiation; /*!< enable/disable renegotiation */ int disable_renegotiation; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */ int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int **ciphersuites; /*!< allowed ciphersuites / versio const int *ciphersuite_list[4]; /*!< allowed ciphersuites / versio
n */ n */
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< negotiate truncated hmac?
*/
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int session_tickets; /*!< use session tickets? */
int ticket_lifetime; /*!< session ticket lifetime */
#endif
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
mpi dhm_P; /*!< prime modulus for DHM */ mpi dhm_P; /*!< prime modulus for DHM */
mpi dhm_G; /*!< generator for DHM */ mpi dhm_G; /*!< generator for DHM */
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/*
* PSK values
*/
unsigned char *psk;
size_t psk_len;
unsigned char *psk_identity;
size_t psk_identity_len;
#endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/* /*
* TLS extensions * SNI extension
*/ */
unsigned char *hostname; unsigned char *hostname;
size_t hostname_len; size_t hostname_len;
#endif
/* /*
* Secure renegotiation * Secure renegotiation
*/ */
int secure_renegotiation; /*!< does peer support legacy or int secure_renegotiation; /*!< does peer support legacy or
secure renegotiation */ secure renegotiation */
size_t verify_data_len; /*!< length of verify data stored */ size_t verify_data_len; /*!< length of verify data stored */
char own_verify_data[36]; /*!< previous handshake verify dat a */ char own_verify_data[36]; /*!< previous handshake verify dat a */
char peer_verify_data[36]; /*!< previous handshake verify dat a */ char peer_verify_data[36]; /*!< previous handshake verify dat a */
}; };
#ifdef __cplusplus #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
extern "C" {
#endif
extern const int ssl_default_ciphersuites[]; #define SSL_CHANNEL_OUTBOUND 0
#define SSL_CHANNEL_INBOUND 1
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
extern int (*ssl_hw_record_init)(ssl_context *ssl, extern int (*ssl_hw_record_init)(ssl_context *ssl,
const unsigned char *key_enc, const unsigned char *key_dec, const unsigned char *key_enc, const unsigned char *key_dec,
size_t keylen,
const unsigned char *iv_enc, const unsigned char *iv_dec, const unsigned char *iv_enc, const unsigned char *iv_dec,
const unsigned char *mac_enc, const unsigned char *mac_dec) size_t ivlen,
; const unsigned char *mac_enc, const unsigned char *mac_dec,
size_t maclen);
extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
extern int (*ssl_hw_record_reset)(ssl_context *ssl); extern int (*ssl_hw_record_reset)(ssl_context *ssl);
extern int (*ssl_hw_record_write)(ssl_context *ssl); extern int (*ssl_hw_record_write)(ssl_context *ssl);
extern int (*ssl_hw_record_read)(ssl_context *ssl); extern int (*ssl_hw_record_read)(ssl_context *ssl);
extern int (*ssl_hw_record_finish)(ssl_context *ssl); extern int (*ssl_hw_record_finish)(ssl_context *ssl);
#endif #endif
/** /**
* \brief Returns the list of ciphersuites supported by the SSL/TLS module. * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
* *
* \return a statically allocated array of ciphersuites, the l ast * \return a statically allocated array of ciphersuites, the l ast
* entry is 0. * entry is 0.
*/ */
static inline const int *ssl_list_ciphersuites( void ) const int *ssl_list_ciphersuites( void );
{
return ssl_default_ciphersuites;
}
/** /**
* \brief Return the name of the ciphersuite associated with the given * \brief Return the name of the ciphersuite associated with the given
* ID * ID
* *
* \param ciphersuite_id SSL ciphersuite ID * \param ciphersuite_id SSL ciphersuite ID
* *
* \return a string containing the ciphersuite name * \return a string containing the ciphersuite name
*/ */
const char *ssl_get_ciphersuite_name( const int ciphersuite_id ); const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
skipping to change at line 577 skipping to change at line 792
* name * name
* *
* \param ciphersuite_name SSL ciphersuite name * \param ciphersuite_name SSL ciphersuite name
* *
* \return the ID with the ciphersuite or 0 if not found * \return the ID with the ciphersuite or 0 if not found
*/ */
int ssl_get_ciphersuite_id( const char *ciphersuite_name ); int ssl_get_ciphersuite_id( const char *ciphersuite_name );
/** /**
* \brief Initialize an SSL context * \brief Initialize an SSL context
* (An individual SSL context is not thread-safe)
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if * \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
* memory allocation failed * memory allocation failed
*/ */
int ssl_init( ssl_context *ssl ); int ssl_init( ssl_context *ssl );
/** /**
* \brief Reset an already initialized SSL context for re-use * \brief Reset an already initialized SSL context for re-use
skipping to change at line 602 skipping to change at line 818
POLARSSL_ERR_SSL_HW_ACCEL_FAILED or POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
* POLARSSL_ERR_SSL_COMPRESSION_FAILED * POLARSSL_ERR_SSL_COMPRESSION_FAILED
*/ */
int ssl_session_reset( ssl_context *ssl ); int ssl_session_reset( ssl_context *ssl );
/** /**
* \brief Set the current endpoint type * \brief Set the current endpoint type
* *
* \param ssl SSL context * \param ssl SSL context
* \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
*
* \note This function should be called right after ssl_init() si
nce
* some other ssl_set_foo() functions depend on it.
*/ */
void ssl_set_endpoint( ssl_context *ssl, int endpoint ); void ssl_set_endpoint( ssl_context *ssl, int endpoint );
/** /**
* \brief Set the certificate verification mode * \brief Set the certificate verification mode
* *
* \param ssl SSL context * \param ssl SSL context
* \param authmode can be: * \param authmode can be:
* *
* SSL_VERIFY_NONE: peer certificate is not checked (default), * SSL_VERIFY_NONE: peer certificate is not checked (default),
skipping to change at line 624 skipping to change at line 843
* SSL_VERIFY_OPTIONAL: peer certificate is checked, however the * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
* handshake continues even if verification failed; * handshake continues even if verification failed;
* ssl_get_verify_result() can be called after the * ssl_get_verify_result() can be called after the
* handshake is complete. * handshake is complete.
* *
* SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
* handshake is aborted if verification failed. * handshake is aborted if verification failed.
*/ */
void ssl_set_authmode( ssl_context *ssl, int authmode ); void ssl_set_authmode( ssl_context *ssl, int authmode );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/** /**
* \brief Set the verification callback (Optional). * \brief Set the verification callback (Optional).
* *
* If set, the verify callback is called for each * If set, the verify callback is called for each
* certificate in the chain. For implementation * certificate in the chain. For implementation
* information, please see \c x509parse_verify() * information, please see \c x509parse_verify()
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_vrfy verification function * \param f_vrfy verification function
* \param p_vrfy verification parameter * \param p_vrfy verification parameter
*/ */
void ssl_set_verify( ssl_context *ssl, void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *), int (*f_vrfy)(void *, x509_crt *, int, int *),
void *p_vrfy ); void *p_vrfy );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/** /**
* \brief Set the random number generator callback * \brief Set the random number generator callback
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
*/ */
void ssl_set_rng( ssl_context *ssl, void ssl_set_rng( ssl_context *ssl,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
skipping to change at line 719 skipping to change at line 940
* \param p_set_cache session set parameter * \param p_set_cache session set parameter
*/ */
void ssl_set_session_cache( ssl_context *ssl, void ssl_set_session_cache( ssl_context *ssl,
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache, int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache ); int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
/** /**
* \brief Request resumption of session (client-side only) * \brief Request resumption of session (client-side only)
* Session data is copied from presented session structure. * Session data is copied from presented session structure.
* *
* Warning: session.peer_cert is cleared by the SSL/TLS lay
er on
* connection shutdown, so do not cache the pointer! Either
set
* it to NULL or make a full copy of the certificate when
* storing the session for use in this function.
*
* \param ssl SSL context * \param ssl SSL context
* \param session session context * \param session session context
*
* \return 0 if successful,
* POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation fail
ed,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
* arguments are otherwise invalid
*
* \sa ssl_get_session()
*/ */
void ssl_set_session( ssl_context *ssl, const ssl_session *session ); int ssl_set_session( ssl_context *ssl, const ssl_session *session );
/** /**
* \brief Set the list of allowed ciphersuites * \brief Set the list of allowed ciphersuites
* (Default: ssl_default_ciphersuites)
* (Overrides all version specific lists) * (Overrides all version specific lists)
* *
* \param ssl SSL context * \param ssl SSL context
* \param ciphersuites 0-terminated list of allowed ciphersuites * \param ciphersuites 0-terminated list of allowed ciphersuites
*/ */
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites ); void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
/** /**
* \brief Set the list of allowed ciphersuites for a specific * \brief Set the list of allowed ciphersuites for a specific
* version of the protocol. * version of the protocol.
* (Default: ssl_default_ciphersuites)
* (Only useful on the server side) * (Only useful on the server side)
* *
* \param ssl SSL context * \param ssl SSL context
* \param ciphersuites 0-terminated list of allowed ciphersuites * \param ciphersuites 0-terminated list of allowed ciphersuites
* \param major Major version number (only SSL_MAJOR_VERSION_3 * \param major Major version number (only SSL_MAJOR_VERSION_3
* supported) * supported)
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*/ */
void ssl_set_ciphersuites_for_version( ssl_context *ssl, void ssl_set_ciphersuites_for_version( ssl_context *ssl,
const int *ciphersuites, const int *ciphersuites,
int major, int minor ); int major, int minor );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
* \param ssl SSL context * \param ssl SSL context
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CA s) * \param ca_chain trusted CA chain (meaning all fully trusted top-level CA s)
* \param ca_crl trusted CA CRLs * \param ca_crl trusted CA CRLs
* \param peer_cn expected peer CommonName (or NULL) * \param peer_cn expected peer CommonName (or NULL)
*/ */
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
x509_crl *ca_crl, const char *peer_cn ); x509_crl *ca_crl, const char *peer_cn );
/** /**
* \brief Set own certificate chain and private key * \brief Set own certificate chain and private key
* *
* \note own_cert should contain in order from the bottom up your
* certificate chain. The top certificate (self-signed)
* can be omitted.
*
* \note This function may be called more than once if you want t
o
* support multiple certificates (eg, one using RSA and one
* using ECDSA). However, on client, currently only the fir
st
* certificate is used (subsequent calls have no effect).
*
* \param ssl SSL context
* \param own_cert own public certificate chain
* \param pk_key own private key
*
* \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
*/
int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
pk_context *pk_key );
#if defined(POLARSSL_RSA_C)
/**
* \brief Set own certificate chain and private RSA key
*
* Note: own_cert should contain IN order from the bottom * Note: own_cert should contain IN order from the bottom
* up your certificate chain. The top certificate (self-sig ned) * up your certificate chain. The top certificate (self-sig ned)
* can be omitted. * can be omitted.
* *
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate chain * \param own_cert own public certificate chain
* \param rsa_key own private RSA key * \param rsa_key own private RSA key
*
* \return 0 on success, or a specific error code.
*/ */
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
rsa_context *rsa_key ); rsa_context *rsa_key );
#endif /* POLARSSL_RSA_C */
/** /**
* \brief Set own certificate and alternate non-PolarSSL private * \brief Set own certificate and alternate non-PolarSSL RSA priva te
* key and handling callbacks, such as the PKCS#11 wrappers * key and handling callbacks, such as the PKCS#11 wrappers
* or any other external private key handler. * or any other external private key handler.
* (see the respective RSA functions in rsa.h for documenta tion * (see the respective RSA functions in rsa.h for documenta tion
* of the callback parameters, with the only change being * of the callback parameters, with the only change being
* that the rsa_context * is a void * in the callbacks) * that the rsa_context * is a void * in the callbacks)
* *
* Note: own_cert should contain IN order from the bottom * Note: own_cert should contain IN order from the bottom
* up your certificate chain. The top certificate (self-sig ned) * up your certificate chain. The top certificate (self-sig ned)
* can be omitted. * can be omitted.
* *
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate chain * \param own_cert own public certificate chain
* \param rsa_key alternate implementation private RSA key * \param rsa_key alternate implementation private RSA key
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decryp * \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt()
t() * \param rsa_sign alternate implementation of \c rsa_pkcs1_sign()
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign() * \param rsa_key_len function returning length of RSA key in bytes
* \param rsa_key_len_func function returning length of RSA key in bytes *
*/ * \return 0 on success, or a specific error code.
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, */
void *rsa_key, int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
rsa_decrypt_func rsa_decrypt, void *rsa_key,
rsa_sign_func rsa_sign, rsa_decrypt_func rsa_decrypt,
rsa_key_len_func rsa_key_len ); rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/**
* \brief Set the Pre Shared Key (PSK) and the identity name conne
cted
* to it.
*
* \param ssl SSL context
* \param psk pointer to the pre-shared key
* \param psk_len pre-shared key length
* \param psk_identity pointer to the pre-shared key identity
* \param psk_identity_len identity key length
*
* \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
*/
int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len
,
const unsigned char *psk_identity, size_t psk_identity_len
);
/**
* \brief Set the PSK callback (server-side only) (Optional).
*
* If set, the PSK callback is called for each
* handshake where a PSK ciphersuite was negotiated.
* The callback provides the identity received and wants to
* receive the actual PSK data and length.
*
* The callback has the following parameters: (void *parame
ter,
* ssl_context *ssl, const unsigned char *psk_identity,
* size_t identity_len)
* If a valid PSK identity is found, the callback should us
e
* ssl_set_psk() on the ssl context to set the correct PSK
and
* identity and return 0.
* Any other return value will result in a denied PSK ident
ity.
*
* \param ssl SSL context
* \param f_psk PSK identity function
* \param p_psk PSK identity parameter
*/
void ssl_set_psk_cb( ssl_context *ssl,
int (*f_psk)(void *, ssl_context *, const unsigned cha
r *,
size_t),
void *p_psk );
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]) * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator * \param dhm_G Diffie-Hellman-Merkle generator
skipping to change at line 833 skipping to change at line 1125
* read from existing context (server-side only) * read from existing context (server-side only)
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_ctx Diffie-Hellman-Merkle context * \param dhm_ctx Diffie-Hellman-Merkle context
* *
* \return 0 if successful * \return 0 if successful
*/ */
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx ); int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#endif #endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/** /**
* \brief Set hostname for ServerName TLS extension * \brief Set hostname for ServerName TLS extension
* (client-side only) * (client-side only)
* *
* *
* \param ssl SSL context * \param ssl SSL context
* \param hostname the server hostname * \param hostname the server hostname
* *
* \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
*/ */
skipping to change at line 868 skipping to change at line 1161
* point. * point.
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_sni verification function * \param f_sni verification function
* \param p_sni verification parameter * \param p_sni verification parameter
*/ */
void ssl_set_sni( ssl_context *ssl, void ssl_set_sni( ssl_context *ssl,
int (*f_sni)(void *, ssl_context *, const unsigned char * , int (*f_sni)(void *, ssl_context *, const unsigned char * ,
size_t), size_t),
void *p_sni ); void *p_sni );
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
/** /**
* \brief Set the maximum supported version sent from the client s ide * \brief Set the maximum supported version sent from the client s ide
* and/or accepted at the server side
* (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
*
* Note: This ignores ciphersuites from 'higher' versions.
* Note: Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored.
* *
* \param ssl SSL context * \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported ) * \param major Major version number (only SSL_MAJOR_VERSION_3 supported )
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*/ */
void ssl_set_max_version( ssl_context *ssl, int major, int minor ); void ssl_set_max_version( ssl_context *ssl, int major, int minor );
/** /**
* \brief Set the minimum accepted SSL/TLS protocol version * \brief Set the minimum accepted SSL/TLS protocol version
* (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0) * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
*
* Note: Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored.
* *
* \param ssl SSL context * \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported ) * \param major Major version number (only SSL_MAJOR_VERSION_3 supported )
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*/ */
void ssl_set_min_version( ssl_context *ssl, int major, int minor ); void ssl_set_min_version( ssl_context *ssl, int major, int minor );
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Set the maximum fragment length to emit and/or negotiate
* (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
* (Server: set maximum fragment length to emit,
* usually negotiated by the client during handshake
* (Client: set maximum fragment length to emit *and*
* negotiate with the server during handshake)
*
* \param ssl SSL context
* \param mfl_code Code for maximum fragment length (allowed values:
* SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
* SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
*
* \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
*/
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
/**
* \brief Activate negotiation of truncated HMAC (Client only)
* (Default: SSL_TRUNC_HMAC_ENABLED)
*
* \param ssl SSL context
* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
* SSL_TRUNC_HMAC_DISABLED)
*
* \return O if successful,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
*/
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/**
* \brief Enable / Disable session tickets
* (Default: SSL_SESSION_TICKETS_ENABLED on client,
* SSL_SESSION_TICKETS_DISABLED on server)
*
* \note On server, ssl_set_rng() must be called before this func
tion
* to allow generating the ticket encryption and
* authentication keys.
*
* \param ssl SSL context
* \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or
* SSL_SESSION_TICKETS_DISABLED)
*
* \return O if successful,
* or a specific error code (server only).
*/
int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
/**
* \brief Set session ticket lifetime (server only)
* (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 da
y))
*
* \param ssl SSL context
* \param lifetime session ticket lifetime
*/
void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
#endif /* POLARSSL_SSL_SESSION_TICKETS */
/** /**
* \brief Enable / Disable renegotiation support for connection wh en * \brief Enable / Disable renegotiation support for connection wh en
* initiated by peer * initiated by peer
* (Default: SSL_RENEGOTIATION_DISABLED) * (Default: SSL_RENEGOTIATION_DISABLED)
* *
* Note: A server with support enabled is more vulnerable f or a * Note: A server with support enabled is more vulnerable f or a
* resource DoS by a malicious client. You should enable th is on * resource DoS by a malicious client. You should enable th is on
* a client to enable server-initiated renegotiation. * a client to enable server-initiated renegotiation.
* *
* \param ssl SSL context * \param ssl SSL context
skipping to change at line 976 skipping to change at line 1342
/** /**
* \brief Return the current SSL version (SSLv3/TLSv1/etc) * \brief Return the current SSL version (SSLv3/TLSv1/etc)
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return a string containing the SSL version * \return a string containing the SSL version
*/ */
const char *ssl_get_version( const ssl_context *ssl ); const char *ssl_get_version( const ssl_context *ssl );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/** /**
* \brief Return the peer certificate from the current connection * \brief Return the peer certificate from the current connection
* *
* Note: Can be NULL in case no certificate was sent during * Note: Can be NULL in case no certificate was sent during
* the handshake. Different calls for the same connection c an * the handshake. Different calls for the same connection c an
* return the same or different pointers for the same * return the same or different pointers for the same
* certificate and even a different certificate altogether. * certificate and even a different certificate altogether.
* The peer cert CAN change in a single connection if * The peer cert CAN change in a single connection if
* renegotiation is performed. * renegotiation is performed.
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return the current peer certificate * \return the current peer certificate
*/ */
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ); const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/**
* \brief Save session in order to resume it later (client-side on
ly)
* Session data is copied to presented session structure.
*
* \warning Currently, peer certificate is lost in the operation.
*
* \param ssl SSL context
* \param session session context
*
* \return 0 if successful,
* POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation fail
ed,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
* arguments are otherwise invalid
*
* \sa ssl_set_session()
*/
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
/** /**
* \brief Perform the SSL handshake * \brief Perform the SSL handshake
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, POLARSSL_ERR_NET_WANT_READ, * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
* POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod e. * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod e.
*/ */
int ssl_handshake( ssl_context *ssl ); int ssl_handshake( ssl_context *ssl );
skipping to change at line 1134 skipping to change at line 1520
int ssl_parse_certificate( ssl_context *ssl ); int ssl_parse_certificate( ssl_context *ssl );
int ssl_write_certificate( ssl_context *ssl ); int ssl_write_certificate( ssl_context *ssl );
int ssl_parse_change_cipher_spec( ssl_context *ssl ); int ssl_parse_change_cipher_spec( ssl_context *ssl );
int ssl_write_change_cipher_spec( ssl_context *ssl ); int ssl_write_change_cipher_spec( ssl_context *ssl );
int ssl_parse_finished( ssl_context *ssl ); int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl ); int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite ); void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciph
int ssl_get_ciphersuite_min_version( const int ciphersuite_id ); ersuite_info );
#if defined(POLARSSL_PK_C)
unsigned char ssl_sig_from_pk( pk_context *pk );
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
#endif
md_type_t ssl_md_alg_from_hash( unsigned char hash );
#if defined(POLARSSL_X509_CRT_PARSE_C)
static inline pk_context *ssl_own_key( ssl_context *ssl )
{
return( ssl->handshake->key_cert == NULL ? NULL
: ssl->handshake->key_cert->key );
}
static inline x509_crt *ssl_own_cert( ssl_context *ssl )
{
return( ssl->handshake->key_cert == NULL ? NULL
: ssl->handshake->key_cert->cert );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* ssl.h */ #endif /* ssl.h */
 End of changes. 84 change blocks. 
137 lines changed or deleted 575 lines changed or added


 ssl_cache.h   ssl_cache.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SSL_CACHE_H #ifndef POLARSSL_SSL_CACHE_H
#define POLARSSL_SSL_CACHE_H #define POLARSSL_SSL_CACHE_H
#include "ssl.h" #include "ssl.h"
#if defined(POLARSSL_THREADING_C)
#include "threading.h"
#endif
#if !defined(POLARSSL_CONFIG_OPTIONS) #if !defined(POLARSSL_CONFIG_OPTIONS)
#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ #define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cac he */ #define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cac he */
#endif /* !POLARSSL_CONFIG_OPTIONS */ #endif /* !POLARSSL_CONFIG_OPTIONS */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
typedef struct _ssl_cache_context ssl_cache_context; typedef struct _ssl_cache_context ssl_cache_context;
typedef struct _ssl_cache_entry ssl_cache_entry; typedef struct _ssl_cache_entry ssl_cache_entry;
/** /**
* \brief This structure is used for storing cache entries * \brief This structure is used for storing cache entries
*/ */
struct _ssl_cache_entry struct _ssl_cache_entry
{ {
#if defined(POLARSSL_HAVE_TIME)
time_t timestamp; /*!< entry timestamp */ time_t timestamp; /*!< entry timestamp */
#endif
ssl_session session; /*!< entry session */ ssl_session session; /*!< entry session */
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_buf peer_cert; /*!< entry peer_cert */ x509_buf peer_cert; /*!< entry peer_cert */
#endif
ssl_cache_entry *next; /*!< chain pointer */ ssl_cache_entry *next; /*!< chain pointer */
}; };
/** /**
* \brief Cache context * \brief Cache context
*/ */
struct _ssl_cache_context struct _ssl_cache_context
{ {
ssl_cache_entry *chain; /*!< start of the chain */ ssl_cache_entry *chain; /*!< start of the chain */
int timeout; /*!< cache entry timeout */ int timeout; /*!< cache entry timeout */
int max_entries; /*!< maximum entries */ int max_entries; /*!< maximum entries */
#if defined(POLARSSL_THREADING_C)
threading_mutex_t mutex; /*!< mutex */
#endif
}; };
/** /**
* \brief Initialize an SSL cache context * \brief Initialize an SSL cache context
* *
* \param cache SSL cache context * \param cache SSL cache context
*/ */
void ssl_cache_init( ssl_cache_context *cache ); void ssl_cache_init( ssl_cache_context *cache );
/** /**
* \brief Cache get callback implementation * \brief Cache get callback implementation
* (Thread-safe if POLARSSL_THREADING_C is enabled)
* *
* \param data SSL cache context * \param data SSL cache context
* \param session session to retrieve entry for * \param session session to retrieve entry for
*/ */
int ssl_cache_get( void *data, ssl_session *session ); int ssl_cache_get( void *data, ssl_session *session );
/** /**
* \brief Cache set callback implementation * \brief Cache set callback implementation
* (Thread-safe if POLARSSL_THREADING_C is enabled)
* *
* \param data SSL cache context * \param data SSL cache context
* \param session session to store entry for * \param session session to store entry for
*/ */
int ssl_cache_set( void *data, const ssl_session *session ); int ssl_cache_set( void *data, const ssl_session *session );
#if defined(POLARSSL_HAVE_TIME)
/** /**
* \brief Set the cache timeout * \brief Set the cache timeout
* (Default: SSL_CACHE_DEFAULT_TIMEOUT (1 day)) * (Default: SSL_CACHE_DEFAULT_TIMEOUT (1 day))
* *
* A timeout of 0 indicates no timeout. * A timeout of 0 indicates no timeout.
* *
* \param cache SSL cache context * \param cache SSL cache context
* \param timeout cache entry timeout * \param timeout cache entry timeout
*/ */
void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ); void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout );
#endif /* POLARSSL_HAVE_TIME */
/** /**
* \brief Set the cache timeout * \brief Set the cache timeout
* (Default: SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) * (Default: SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
* *
* \param cache SSL cache context * \param cache SSL cache context
* \param max cache entry maximum * \param max cache entry maximum
*/ */
void ssl_cache_set_max_entries( ssl_cache_context *cache, int max ); void ssl_cache_set_max_entries( ssl_cache_context *cache, int max );
 End of changes. 10 change blocks. 
0 lines changed or deleted 15 lines changed or added


 timing.h   timing.h 
/** /**
* \file timing.h * \file timing.h
* *
* \brief Portable interface to the CPU cycle counter * \brief Portable interface to the CPU cycle counter
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_TIMING_H #ifndef POLARSSL_TIMING_H
#define POLARSSL_TIMING_H #define POLARSSL_TIMING_H
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief timer structure * \brief timer structure
*/ */
struct hr_time struct hr_time
{ {
unsigned char opaque[32]; unsigned char opaque[32];
}; };
#ifdef __cplusplus
extern "C" {
#endif
extern volatile int alarmed; extern volatile int alarmed;
/** /**
* \brief Return the CPU cycle counter value * \brief Return the CPU cycle counter value
*/ */
unsigned long hardclock( void ); unsigned long hardclock( void );
/** /**
* \brief Return the elapsed time in milliseconds * \brief Return the elapsed time in milliseconds
* *
 End of changes. 3 change blocks. 
5 lines changed or deleted 5 lines changed or added


 version.h   version.h 
/** /**
* \file version.h * \file version.h
* *
* \brief Run-time version information * \brief Run-time version information
* *
* Copyright (C) 2006-2012, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 41 skipping to change at line 41
#ifndef POLARSSL_VERSION_H #ifndef POLARSSL_VERSION_H
#define POLARSSL_VERSION_H #define POLARSSL_VERSION_H
#include "config.h" #include "config.h"
/** /**
* The version number x.y.z is split into three parts. * The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 2 #define POLARSSL_VERSION_MINOR 3
#define POLARSSL_VERSION_PATCH 10 #define POLARSSL_VERSION_PATCH 0
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define POLARSSL_VERSION_NUMBER 0x01020A00 #define POLARSSL_VERSION_NUMBER 0x01030000
#define POLARSSL_VERSION_STRING "1.2.10" #define POLARSSL_VERSION_STRING "1.3.0"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.10" #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.0"
#if defined(POLARSSL_VERSION_C) #if defined(POLARSSL_VERSION_C)
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* Get the version number. * Get the version number.
* *
* \return The constructed version number in the format * \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch). * MMNNPP00 (Major, Minor, Patch).
*/ */
unsigned int version_get_number( void ); unsigned int version_get_number( void );
/** /**
* Get the version string ("x.y.z"). * Get the version string ("x.y.z").
skipping to change at line 79 skipping to change at line 83
void version_get_string( char *string ); void version_get_string( char *string );
/** /**
* Get the full version string ("PolarSSL x.y.z"). * Get the full version string ("PolarSSL x.y.z").
* *
* \param string The string that will receive the value. * \param string The string that will receive the value.
* (Should be at least 18 bytes in size) * (Should be at least 18 bytes in size)
*/ */
void version_get_string_full( char *string ); void version_get_string_full( char *string );
#ifdef __cplusplus
}
#endif
#endif /* POLARSSL_VERSION_C */ #endif /* POLARSSL_VERSION_C */
#endif /* version.h */ #endif /* version.h */
 End of changes. 5 change blocks. 
6 lines changed or deleted 14 lines changed or added


 x509.h   x509.h 
/** /**
* \file x509.h * \file x509.h
* *
* \brief X.509 certificate and private key decoding * \brief X.509 generic defines and structures
* *
* Copyright (C) 2006-2011, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_X509_H #ifndef POLARSSL_X509_H
#define POLARSSL_X509_H #define POLARSSL_X509_H
#include "config.h"
#include "asn1.h" #include "asn1.h"
#include "pk.h"
#if defined(POLARSSL_RSA_C)
#include "rsa.h" #include "rsa.h"
#include "dhm.h" #endif
/** /**
* \addtogroup x509_module * \addtogroup x509_module
* \{ * \{
*/ */
/** /**
* \name X509 Error codes * \name X509 Error codes
* \{ * \{
*/ */
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Un available feature, e.g. RSA hashing/encryption combination. */ #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Un available feature, e.g. RSA hashing/encryption combination. */
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x2100 /**< Th #define POLARSSL_ERR_X509_UNKNOWN_OID -0x2100 /**< Re
e PEM-encoded certificate contains invalid elements, e.g. invalid character quested OID is unknown. */
. */ #define POLARSSL_ERR_X509_INVALID_FORMAT -0x2180 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x2180 /**< Th e CRT/CRL/CSR format is invalid, e.g. different type expected. */
e certificate format is invalid, e.g. different type expected. */ #define POLARSSL_ERR_X509_INVALID_VERSION -0x2200 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x2200 /**< Th e CRT/CRL/CSR version element is invalid. */
e certificate version element is invalid. */ #define POLARSSL_ERR_X509_INVALID_SERIAL -0x2280 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x2280 /**< Th e serial tag or value is invalid. */
e serial tag or value is invalid. */ #define POLARSSL_ERR_X509_INVALID_ALG -0x2300 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x2300 /**< Th e algorithm tag or value is invalid. */
e algorithm tag or value is invalid. */ #define POLARSSL_ERR_X509_INVALID_NAME -0x2380 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x2380 /**< Th e name tag or value is invalid. */
e name tag or value is invalid. */ #define POLARSSL_ERR_X509_INVALID_DATE -0x2400 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x2400 /**< Th e date tag or value is invalid. */
e date tag or value is invalid. */ #define POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x2480 /**< Th e signature tag or value invalid. */
e pubkey tag or value is invalid (only RSA is supported). */ #define POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500 /**< Th
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2500 /**< Th e extension tag or value is invalid. */
e signature tag or value invalid. */ #define POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580 /**< CR
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2580 /**< Th T/CRL/CSR has an unsupported version number. */
e extension tag or value is invalid. */ #define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600 /**< Si
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2600 /**< Ce gnature algorithm (oid) is unsupported. */
rtificate or CRL has an unsupported version number. */ #define POLARSSL_ERR_X509_SIG_MISMATCH -0x2680 /**< Si
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2680 /**< Si gnature algorithms do not match. (see \c ::x509_crt sig_oid) */
gnature algorithm (oid) is unsupported. */ #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Ce
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Ke rtificate verification failed, e.g. CRL, CA or signature check failed. */
y algorithm is unsupported (only RSA is supported). */ #define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Fo
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2780 /**< Ce rmat not recognized as DER or PEM. */
rtificate signature algorithms do not match. (see \c ::x509_cert sig_oid) * #define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 /**< In
/ put invalid. */
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Ce #define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Al
rtificate verification failed, e.g. CRL, CA or signature check failed. */ location of memory failed. */
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Un #define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Re
supported RSA key version */ ad/write of file failed. */
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< In
valid RSA key tag or value. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Fo
rmat not recognized as DER or PEM. */
#define POLARSSL_ERR_X509_INVALID_INPUT -0x2A00 /**< In
put invalid. */
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2A80 /**< Al
location of memory failed. */
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2B00 /**< Re
ad/write of file failed. */
#define POLARSSL_ERR_X509_PASSWORD_REQUIRED -0x2B80 /**< Pr
ivate key password can't be empty. */
#define POLARSSL_ERR_X509_PASSWORD_MISMATCH -0x2C00 /**< Gi
ven private key password does not allow for correct decryption. */
/* \} name */ /* \} name */
/** /**
* \name X509 Verify codes * \name X509 Verify codes
* \{ * \{
*/ */
#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ #define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
#define BADCERT_REVOKED 0x02 /**< The certificate has been rev oked (is on a CRL). */ #define BADCERT_REVOKED 0x02 /**< The certificate has been rev oked (is on a CRL). */
#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ #define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not corre ctly signed by the trusted CA. */ #define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not corre ctly signed by the trusted CA. */
#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */ #define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */ #define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */ #define BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ #define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ #define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
/* \} name */ /* \} name */
/* \} addtogroup x509_module */ /* \} addtogroup x509_module */
/* /*
* various object identifiers
*/
#define X520_COMMON_NAME 3
#define X520_COUNTRY 6
#define X520_LOCALITY 7
#define X520_STATE 8
#define X520_ORGANIZATION 10
#define X520_ORG_UNIT 11
#define PKCS9_EMAIL 1
#define X509_OUTPUT_DER 0x01
#define X509_OUTPUT_PEM 0x02
#define PEM_LINE_LENGTH 72
#define X509_ISSUER 0x01
#define X509_SUBJECT 0x02
#define OID_X520 "\x55\x04"
#define OID_CN OID_X520 "\x03"
#define OID_COUNTRY OID_X520 "\x06"
#define OID_LOCALITY OID_X520 "\x07"
#define OID_STATE OID_X520 "\x08"
#define OID_ORGANIZATION OID_X520 "\x0A"
#define OID_ORG_UNIT OID_X520 "\x0B"
#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
#define OID_PKCS1_RSA OID_PKCS1 "\x01"
#define OID_PKCS1_SHA1 OID_PKCS1 "\x05"
#define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01"
/** ISO arc for standard certificate and CRL extensions */
#define OID_ID_CE "\x55\x1D" /**< id-ce OBJECT IDENTIFIER ::
= {joint-iso-ccitt(2) ds(5) 29} */
/**
* Private Internet Extensions
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define OID_PKIX "\x2B\x06\x01\x05\x05\x07"
/*
* OIDs for standard certificate extensions
*/
#define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authori
tyKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
#define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subject
KeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
#define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsag
e OBJECT IDENTIFIER ::= { id-ce 15 } */
#define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certifi
catePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
#define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyM
appings OBJECT IDENTIFIER ::= { id-ce 33 } */
#define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subject
AltName OBJECT IDENTIFIER ::= { id-ce 17 } */
#define OID_ISSUER_ALT_NAME OID_ID_CE "\x12" /**< id-ce-issuerA
ltName OBJECT IDENTIFIER ::= { id-ce 18 } */
#define OID_SUBJECT_DIRECTORY_ATTRS OID_ID_CE "\x09" /**< id-ce-subject
DirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
#define OID_BASIC_CONSTRAINTS OID_ID_CE "\x13" /**< id-ce-basicCo
nstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
#define OID_NAME_CONSTRAINTS OID_ID_CE "\x1E" /**< id-ce-nameCon
straints OBJECT IDENTIFIER ::= { id-ce 30 } */
#define OID_POLICY_CONSTRAINTS OID_ID_CE "\x24" /**< id-ce-policyC
onstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
#define OID_EXTENDED_KEY_USAGE OID_ID_CE "\x25" /**< id-ce-extKeyU
sage OBJECT IDENTIFIER ::= { id-ce 37 } */
#define OID_CRL_DISTRIBUTION_POINTS OID_ID_CE "\x1F" /**< id-ce-cRLDist
ributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
#define OID_INIHIBIT_ANYPOLICY OID_ID_CE "\x36" /**< id-ce-inhibit
AnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define OID_FRESHEST_CRL OID_ID_CE "\x2E" /**< id-ce-freshes
tCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* X.509 v3 Key Usage Extension flags * X.509 v3 Key Usage Extension flags
*/ */
#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ #define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define KU_NON_REPUDIATION (0x40) /* bit 1 */ #define KU_NON_REPUDIATION (0x40) /* bit 1 */
#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ #define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ #define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define KU_KEY_AGREEMENT (0x08) /* bit 4 */ #define KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */ #define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define KU_CRL_SIGN (0x02) /* bit 6 */ #define KU_CRL_SIGN (0x02) /* bit 6 */
/* /*
* X.509 v3 Extended key usage OIDs
*/
#define OID_ANY_EXTENDED_KEY_USAGE OID_EXTENDED_KEY_USAGE "\x00" /**<
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
#define OID_KP OID_PKIX "\x03" /**< id-kp OBJECT I
DENTIFIER ::= { id-pkix 3 } */
#define OID_SERVER_AUTH OID_KP "\x01" /**< id-kp-serverAuth
OBJECT IDENTIFIER ::= { id-kp 1 } */
#define OID_CLIENT_AUTH OID_KP "\x02" /**< id-kp-clientAuth
OBJECT IDENTIFIER ::= { id-kp 2 } */
#define OID_CODE_SIGNING OID_KP "\x03" /**< id-kp-codeSignin
g OBJECT IDENTIFIER ::= { id-kp 3 } */
#define OID_EMAIL_PROTECTION OID_KP "\x04" /**< id-kp-emailProte
ction OBJECT IDENTIFIER ::= { id-kp 4 } */
#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStampi
ng OBJECT IDENTIFIER ::= { id-kp 8 } */
#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSignin
g OBJECT IDENTIFIER ::= { id-kp 9 } */
#define STRING_SERVER_AUTH "TLS Web Server Authentication"
#define STRING_CLIENT_AUTH "TLS Web Client Authentication"
#define STRING_CODE_SIGNING "Code Signing"
#define STRING_EMAIL_PROTECTION "E-mail Protection"
#define STRING_TIME_STAMPING "Time Stamping"
#define STRING_OCSP_SIGNING "OCSP Signing"
/*
* OIDs for CRL extensions
*/
#define OID_PRIVATE_KEY_USAGE_PERIOD OID_ID_CE "\x10"
#define OID_CRL_NUMBER OID_ID_CE "\x14" /**< id-ce-cRLNumb
er OBJECT IDENTIFIER ::= { id-ce 20 } */
/*
* Netscape certificate extensions
*/
#define OID_NETSCAPE "\x60\x86\x48\x01\x86\xF8\x42" /**< Net
scape OID */
#define OID_NS_CERT OID_NETSCAPE "\x01"
#define OID_NS_CERT_TYPE OID_NS_CERT "\x01"
#define OID_NS_BASE_URL OID_NS_CERT "\x02"
#define OID_NS_REVOCATION_URL OID_NS_CERT "\x03"
#define OID_NS_CA_REVOCATION_URL OID_NS_CERT "\x04"
#define OID_NS_RENEWAL_URL OID_NS_CERT "\x07"
#define OID_NS_CA_POLICY_URL OID_NS_CERT "\x08"
#define OID_NS_SSL_SERVER_NAME OID_NS_CERT "\x0C"
#define OID_NS_COMMENT OID_NS_CERT "\x0D"
#define OID_NS_DATA_TYPE OID_NETSCAPE "\x02"
#define OID_NS_CERT_SEQUENCE OID_NS_DATA_TYPE "\x05"
/*
* Netscape certificate types * Netscape certificate types
* (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
*/ */
#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ #define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ #define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ #define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ #define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ #define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ #define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ #define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ #define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
/*
* X.509 extension types
*/
#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) #define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) #define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define EXT_KEY_USAGE (1 << 2) #define EXT_KEY_USAGE (1 << 2)
#define EXT_CERTIFICATE_POLICIES (1 << 3) #define EXT_CERTIFICATE_POLICIES (1 << 3)
#define EXT_POLICY_MAPPINGS (1 << 4) #define EXT_POLICY_MAPPINGS (1 << 4)
#define EXT_SUBJECT_ALT_NAME (1 << 5) #define EXT_SUBJECT_ALT_NAME (1 << 5)
#define EXT_ISSUER_ALT_NAME (1 << 6) #define EXT_ISSUER_ALT_NAME (1 << 6)
#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) #define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define EXT_BASIC_CONSTRAINTS (1 << 8) #define EXT_BASIC_CONSTRAINTS (1 << 8)
#define EXT_NAME_CONSTRAINTS (1 << 9) #define EXT_NAME_CONSTRAINTS (1 << 9)
skipping to change at line 240 skipping to change at line 137
#define EXT_NS_CERT_TYPE (1 << 16) #define EXT_NS_CERT_TYPE (1 << 16)
/* /*
* Storage format identifiers * Storage format identifiers
* Recognized formats: PEM and DER * Recognized formats: PEM and DER
*/ */
#define X509_FORMAT_DER 1 #define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2 #define X509_FORMAT_PEM 2
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \addtogroup x509_module * \addtogroup x509_module
* \{ */ * \{ */
/** /**
* \name Structures for parsing X.509 certificates and CRLs * \name Structures for parsing X.509 certificates, CRLs and CSRs
* \{ * \{
*/ */
/** /**
* Type-length-value structure that allows for ASN1 using DER. * Type-length-value structure that allows for ASN1 using DER.
*/ */
typedef asn1_buf x509_buf; typedef asn1_buf x509_buf;
/** /**
* Container for ASN1 bit strings. * Container for ASN1 bit strings.
*/ */
typedef asn1_bitstring x509_bitstring; typedef asn1_bitstring x509_bitstring;
/** /**
* Container for ASN1 named information objects. * Container for ASN1 named information objects.
* It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc .). * It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc .).
*/ */
typedef struct _x509_name typedef asn1_named_data x509_name;
{
x509_buf oid; /**< The object identifier. */
x509_buf val; /**< The named value. */
struct _x509_name *next; /**< The next named information object. */
}
x509_name;
/** /**
* Container for a sequence of ASN.1 items * Container for a sequence of ASN.1 items
*/ */
typedef asn1_sequence x509_sequence; typedef asn1_sequence x509_sequence;
/** Container for date and time (precision in seconds). */ /** Container for date and time (precision in seconds). */
typedef struct _x509_time typedef struct _x509_time
{ {
int year, mon, day; /**< Date. */ int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */ int hour, min, sec; /**< Time. */
} }
x509_time; x509_time;
/** /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct _x509_cert
{
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The pa
rt that is To Be Signed. */
int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3)
*/
x509_buf serial; /**< Unique id for certificate issued by a
specific CA. */
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for qu
ick comparison. */
x509_buf subject_raw; /**< The raw subject data (DER). Used for q
uick comparison. */
x509_name issuer; /**< The parsed issuer data (named informat
ion object). */
x509_name subject; /**< The parsed subject data (named informa
tion object). */
x509_time valid_from; /**< Start time of certificate validity. */
x509_time valid_to; /**< End time of certificate validity. */
x509_buf pk_oid; /**< Subject public key info. Includes the
public key algorithm and the key itself. */
rsa_context rsa; /**< Container for the RSA context. Only RS
A is supported for public keys at this time. */
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique ide
ntifier. */
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique id
entifier. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Bas
ic Contraints are supported at this time. */
x509_sequence subject_alt_names; /**< Optional list of Subject Alter
native Names (Only dNSName supported). */
int ext_types; /**< Bit string containing detected and par
sed extensions */
int ca_istrue; /**< Optional Basic Constraint extension va
lue: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension va
lue: The maximum path length to the root certificate. Path length is 1 high
er than RFC 5280 'meaning', so 1+ */
unsigned char key_usage; /**< Optional key usage extension value: Se
e the values below */
x509_sequence ext_key_usage; /**< Optional list of extended key usage O
IDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type ext
ension value: See the values below */
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oi
d1. */
x509_buf sig; /**< Signature: hash of the tbs part signed
with the private key. */
int sig_alg; /**< Internal representation of the signatu
re algorithm, e.g. SIG_RSA_MD2 */
struct _x509_cert *next; /**< Next certificate in the CA-chain. */
}
x509_cert;
/**
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct _x509_crl_entry
{
x509_buf raw;
x509_buf serial;
x509_time revocation_date;
x509_buf entry_ext;
struct _x509_crl_entry *next;
}
x509_crl_entry;
/**
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct _x509_crl
{
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part t
hat is To Be Signed. */
int version;
x509_buf sig_oid1;
x509_buf issuer_raw; /**< The raw issuer data (DER). */
x509_name issuer; /**< The parsed issuer data (named information
object). */
x509_time this_update;
x509_time next_update;
x509_crl_entry entry; /**< The CRL entries containing the certificate
revocation times for this CA. */
x509_buf crl_ext;
x509_buf sig_oid2;
x509_buf sig;
int sig_alg;
struct _x509_crl *next;
}
x509_crl;
/** \} name Structures for parsing X.509 certificates and CRLs */
/** \} addtogroup x509_module */ /** \} addtogroup x509_module */
/** /**
* \name Structures for writing X.509 certificates.
* XvP: commented out as they are not used.
* - <tt>typedef struct _x509_node x509_node;</tt>
* - <tt>typedef struct _x509_raw x509_raw;</tt>
*/
/*
typedef struct _x509_node
{
unsigned char *data;
unsigned char *p;
unsigned char *end;
size_t len;
}
x509_node;
typedef struct _x509_raw
{
x509_node raw;
x509_node tbs;
x509_node version;
x509_node serial;
x509_node tbs_signalg;
x509_node issuer;
x509_node validity;
x509_node subject;
x509_node subpubkey;
x509_node signalg;
x509_node sign;
}
x509_raw;
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* \name Functions to read in DHM parameters, a certificate, CRL or private
RSA key
* \{
*/
/** \ingroup x509_module */
/**
* \brief Parse a single DER formatted certificate and add it
* to the chained list.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate DER data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t b
uflen );
/**
* \brief Parse one or more certificates and add them
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate data
* \param buflen size of the buffer
*
* \return 0 if all certificates parsed successfully, a positive nu
mber
* if partly successful or a specific X509 or PEM error cod
e
*/
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t bufle
n );
/** \ingroup x509_module */
/**
* \brief Load one or more certificates and add them
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param path filename to read the certificates from
*
* \return 0 if all certificates parsed successfully, a positive nu
mber
* if partly successful or a specific X509 or PEM error cod
e
*/
int x509parse_crtfile( x509_cert *chain, const char *path );
/** \ingroup x509_module */
/**
* \brief Load one or more certificate files from a path and add t
hem
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param path directory / folder to read the certificate files from
*
* \return 0 if all certificates parsed successfully, a positive nu
mber
* if partly successful or a specific X509 or PEM error cod
e
*/
int x509parse_crtpath( x509_cert *chain, const char *path );
/** \ingroup x509_module */
/**
* \brief Parse one or more CRLs and add them
* to the chained list
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen
);
/** \ingroup x509_module */
/**
* \brief Load one or more CRLs and add them
* to the chained list
*
* \param chain points to the start of the chain
* \param path filename to read the CRLs from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crlfile( x509_crl *chain, const char *path );
/** \ingroup x509_module */
/**
* \brief Parse a private RSA key
*
* \param rsa RSA context to be initialized
* \param key input buffer
* \param keylen size of the buffer
* \param pwd password for decryption (optional)
* \param pwdlen size of the password
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_key( rsa_context *rsa,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen );
/** \ingroup x509_module */
/**
* \brief Load and parse a private RSA key
*
* \param rsa RSA context to be initialized
* \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL)
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_keyfile( rsa_context *rsa, const char *path,
const char *password );
/** \ingroup x509_module */
/**
* \brief Parse a public RSA key
*
* \param rsa RSA context to be initialized
* \param key input buffer
* \param keylen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_public_key( rsa_context *rsa,
const unsigned char *key, size_t keylen );
/** \ingroup x509_module */
/**
* \brief Load and parse a public RSA key
*
* \param rsa RSA context to be initialized
* \param path filename to read the private key from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_public_keyfile( rsa_context *rsa, const char *path );
/** \ingroup x509_module */
/**
* \brief Parse DHM parameters
*
* \param dhm DHM context to be initialized
* \param dhmin input buffer
* \param dhminlen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhm
inlen );
/** \ingroup x509_module */
/**
* \brief Load and parse DHM parameters
*
* \param dhm DHM context to be initialized
* \param path filename to read the DHM Parameters from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_dhmfile( dhm_context *dhm, const char *path );
/** \} name Functions to read in DHM parameters, a certificate, CRL or priv
ate RSA key */
/**
* \brief Store the certificate DN in printable form into buf; * \brief Store the certificate DN in printable form into buf;
* no more than size characters will be written. * no more than size characters will be written.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param dn The X509 name to represent * \param dn The X509 name to represent
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn ); int x509_dn_gets( char *buf, size_t size, const x509_name *dn );
/** /**
* \brief Store the certificate serial in printable form into buf; * \brief Store the certificate serial in printable form into buf;
* no more than size characters will be written. * no more than size characters will be written.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param serial The X509 serial to represent * \param serial The X509 serial to represent
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial ) int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
;
/**
* \brief Returns an informational string about the
* certificate.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param prefix A line prefix
* \param crt The X509 certificate to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
int x509parse_cert_info( char *buf, size_t size, const char *prefix,
const x509_cert *crt );
/**
* \brief Returns an informational string about the
* CRL.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param prefix A line prefix
* \param crl The X509 CRL to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
int x509parse_crl_info( char *buf, size_t size, const char *prefix,
const x509_crl *crl );
/** /**
* \brief Give an known OID, return its descriptive string. * \brief Give an known OID, return its descriptive string.
* *
* \param oid buffer containing the oid * \param oid buffer containing the oid
* *
* \return Return a string if the OID is known, * \return Return a string if the OID is known,
* or NULL otherwise. * or NULL otherwise.
*/ */
const char *x509_oid_get_description( x509_buf *oid ); const char *x509_oid_get_description( x509_buf *oid );
/** /**
* \brief Give an OID, return a string version of its OID number. * \brief Give an OID, return a string version of its OID number.
* (Deprecated. Use oid_get_numeric_string() instead)
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param oid Buffer containing the OID * \param oid Buffer containing the OID
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ); int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/** /**
* \brief Check a given x509_time against the system time and chec k * \brief Check a given x509_time against the system time and chec k
* if it is valid. * if it is valid.
* *
* \param time x509_time to check * \param time x509_time to check
* *
* \return Return 0 if the x509_time is still valid, * \return Return 0 if the x509_time is still valid,
* or 1 otherwise. * or 1 otherwise.
*/ */
int x509parse_time_expired( const x509_time *time ); int x509_time_expired( const x509_time *time );
/**
* \name Functions to verify a certificate
* \{
*/
/** \ingroup x509_module */
/**
* \brief Verify the certificate signature
*
* The verify callback is a user-supplied callback that
* can clear / modify / add flags for a certificate. If set
,
* the verification callback is called for each
* certificate in the chain (from the trust-ca down to the
* presented crt). The parameters for the callback are:
* (void *parameter, x509_cert *crt, int certificate_depth,
* int *flags). With the flags representing current flags f
or
* that specific certificate and the certificate depth from
* the bottom (Peer cert depth = 0).
*
* All flags left after returning from the callback
* are also returned to the application. The function shoul
d
* return 0 for anything but a fatal error.
*
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
* \param cn expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* \param f_vrfy verification function
* \param p_vrfy verification parameter
*
* \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
* in which case *flags will have one or more of
* the following values set:
* BADCERT_EXPIRED --
* BADCERT_REVOKED --
* BADCERT_CN_MISMATCH --
* BADCERT_NOT_TRUSTED
* or another error in case of a fatal error encountered
* during the verification process.
*/
int x509parse_verify( x509_cert *crt,
x509_cert *trust_ca,
x509_crl *ca_crl,
const char *cn, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy );
/**
* \brief Verify the certificate signature
*
* \param crt a certificate to be verified
* \param crl the CRL to verify against
*
* \return 1 if the certificate is revoked, 0 otherwise
*
*/
int x509parse_revoked( const x509_cert *crt, const x509_crl *crl );
/** \} name Functions to verify a certificate */
/**
* \name Functions to clear a certificate, CRL or private RSA key
* \{
*/
/** \ingroup x509_module */
/**
* \brief Unallocate all certificate data
*
* \param crt Certificate chain to free
*/
void x509_free( x509_cert *crt );
/** \ingroup x509_module */
/**
* \brief Unallocate all CRL data
*
* \param crl CRL chain to free
*/
void x509_crl_free( x509_crl *crl );
/** \} name Functions to clear a certificate, CRL or private RSA key */
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int x509_self_test( int verbose ); int x509_self_test( int verbose );
/*
* Internal module functions. You probably do not want to use these unless
you
* know you do.
*/
int x509_get_name( unsigned char **p, const unsigned char *end,
x509_name *cur );
int x509_get_alg_null( unsigned char **p, const unsigned char *end,
x509_buf *alg );
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *si
g );
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg );
int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end,
x509_buf *serial );
int x509_get_ext( unsigned char **p, const unsigned char *end,
x509_buf *ext, int tag );
int x509_load_file( const char *path, unsigned char **buf, size_t *n );
int x509_key_size_helper( char *buf, size_t size, const char *name );
int x509_string_to_names( asn1_named_data **head, char *name );
int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid
_len, int critical, const unsigned char *val, size_t
val_len );
int x509_write_extensions( unsigned char **p, unsigned char *start,
asn1_named_data *first );
int x509_write_names( unsigned char **p, unsigned char *start,
asn1_named_data *first );
int x509_write_sig( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* x509.h */ #endif /* x509.h */
 End of changes. 19 change blocks. 
654 lines changed or deleted 89 lines changed or added


 xtea.h   xtea.h 
skipping to change at line 50 skipping to change at line 50
#define XTEA_ENCRYPT 1 #define XTEA_ENCRYPT 1
#define XTEA_DECRYPT 0 #define XTEA_DECRYPT 0
#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< Th e data input has an invalid length. */ #define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< Th e data input has an invalid length. */
#if !defined(POLARSSL_XTEA_ALT) #if !defined(POLARSSL_XTEA_ALT)
// Regular implementation // Regular implementation
// //
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief XTEA context structure * \brief XTEA context structure
*/ */
typedef struct typedef struct
{ {
uint32_t k[4]; /*!< key */ uint32_t k[4]; /*!< key */
} }
xtea_context; xtea_context;
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief XTEA key schedule * \brief XTEA key schedule
* *
* \param ctx XTEA context to be initialized * \param ctx XTEA context to be initialized
* \param key the secret key * \param key the secret key
*/ */
void xtea_setup( xtea_context *ctx, unsigned char key[16] ); void xtea_setup( xtea_context *ctx, const unsigned char key[16] );
/** /**
* \brief XTEA cipher function * \brief XTEA cipher function
* *
* \param ctx XTEA context * \param ctx XTEA context
* \param mode XTEA_ENCRYPT or XTEA_DECRYPT * \param mode XTEA_ENCRYPT or XTEA_DECRYPT
* \param input 8-byte input block * \param input 8-byte input block
* \param output 8-byte output block * \param output 8-byte output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int xtea_crypt_ecb( xtea_context *ctx, int xtea_crypt_ecb( xtea_context *ctx,
int mode, int mode,
unsigned char input[8], const unsigned char input[8],
unsigned char output[8] ); unsigned char output[8] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/** /**
* \brief XTEA CBC cipher function * \brief XTEA CBC cipher function
* *
* \param ctx XTEA context * \param ctx XTEA context
* \param mode XTEA_ENCRYPT or XTEA_DECRYPT * \param mode XTEA_ENCRYPT or XTEA_DECRYPT
* \param length the length of input, multiple of 8 * \param length the length of input, multiple of 8
* \param iv initialization vector for CBC mode * \param iv initialization vector for CBC mode
* \param input input block * \param input input block
* \param output output block * \param output output block
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 * POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
*/ */
int xtea_crypt_cbc( xtea_context *ctx, int xtea_crypt_cbc( xtea_context *ctx,
int mode, int mode,
size_t length, size_t length,
unsigned char iv[8], unsigned char iv[8],
unsigned char *input, const unsigned char *input,
unsigned char *output); unsigned char *output);
#endif /* POLARSSL_CIPHER_MODE_CBC */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#else /* POLARSSL_XTEA_ALT */ #else /* POLARSSL_XTEA_ALT */
#include "xtea_alt.h" #include "xtea_alt.h"
#endif /* POLARSSL_XTEA_ALT */ #endif /* POLARSSL_XTEA_ALT */
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 7 change blocks. 
7 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/