cipher.h   cipher.h 
skipping to change at line 382 skipping to change at line 382
* \return If IV has not been set yet: (recommended) IV size * \return If IV has not been set yet: (recommended) IV size
* (0 for ciphers not using IV/NONCE). * (0 for ciphers not using IV/NONCE).
* If IV has already been set: actual size. * If IV has already been set: actual size.
*/ */
static inline int cipher_get_iv_size( const cipher_context_t *ctx ) static inline int cipher_get_iv_size( const cipher_context_t *ctx )
{ {
if( NULL == ctx || NULL == ctx->cipher_info ) if( NULL == ctx || NULL == ctx->cipher_info )
return 0; return 0;
if( ctx->iv_size != 0 ) if( ctx->iv_size != 0 )
return ctx->iv_size; return (int) ctx->iv_size;
return ctx->cipher_info->iv_size; return ctx->cipher_info->iv_size;
} }
/** /**
* \brief Returns the type of the given cipher. * \brief Returns the type of the given cipher.
* *
* \param ctx cipher's context. Must have been initialised. * \param ctx cipher's context. Must have been initialised.
* *
* \return type of the cipher, or POLARSSL_CIPHER_NONE if ctx has * \return type of the cipher, or POLARSSL_CIPHER_NONE if ctx has
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 compat-1.2.h   compat-1.2.h 
skipping to change at line 35 skipping to change at line 35
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_COMPAT_1_2_H #ifndef POLARSSL_COMPAT_1_2_H
#define POLARSSL_COMPAT_1_2_H #define POLARSSL_COMPAT_1_2_H
#include "config.h" #include "config.h"
// Comment out to disable prototype change warnings // Comment out to disable prototype change warnings
#define SHOW_PROTOTYPE_CHANGE_WARNINGS #define SHOW_PROTOTYPE_CHANGE_WARNINGS
#if defined _MSC_VER
// MSVC does not support #warning
#undef SHOW_PROTOTYPE_CHANGE_WARNINGS
#endif
#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) #if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
#warning "You can disable these warnings by commenting SHOW_PROTOTYPE_CHANG E_WARNINGS in compat-1.2.h" #warning "You can disable these warnings by commenting SHOW_PROTOTYPE_CHANG E_WARNINGS in compat-1.2.h"
#endif #endif
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
#define POLARSSL_SHA2_C #define POLARSSL_SHA2_C
#include "sha256.h" #include "sha256.h"
/* /*
* SHA-2 -> SHA-256 * SHA-2 -> SHA-256
skipping to change at line 56 skipping to change at line 61
typedef sha256_context sha2_context; typedef sha256_context sha2_context;
inline void sha2_starts( sha256_context *ctx, int is224 ) { inline void sha2_starts( sha256_context *ctx, int is224 ) {
sha256_starts( ctx, is224 ); sha256_starts( ctx, is224 );
} }
inline void sha2_update( sha256_context *ctx, const unsigned char *input, inline void sha2_update( sha256_context *ctx, const unsigned char *input,
size_t ilen ) { size_t ilen ) {
sha256_update( ctx, input, ilen ); sha256_update( ctx, input, ilen );
} }
inline void sha2_finish( sha256_context *ctx, unsigned char output[32] ) { inline void sha2_finish( sha256_context *ctx, unsigned char output[32] ) {
return sha256_finish( ctx, output ); sha256_finish( ctx, output );
} }
inline int sha2_file( const char *path, unsigned char output[32], int is224 ) { inline int sha2_file( const char *path, unsigned char output[32], int is224 ) {
return sha256_file( path, output, is224 ); return sha256_file( path, output, is224 );
} }
inline void sha2( const unsigned char *input, size_t ilen, inline void sha2( const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 ) { unsigned char output[32], int is224 ) {
return sha256( input, ilen, output, is224 ); sha256( input, ilen, output, is224 );
} }
inline void sha2_hmac_starts( sha256_context *ctx, const unsigned char *key , inline void sha2_hmac_starts( sha256_context *ctx, const unsigned char *key ,
size_t keylen, int is224 ) { size_t keylen, int is224 ) {
sha256_hmac_starts( ctx, key, keylen, is224 ); sha256_hmac_starts( ctx, key, keylen, is224 );
} }
inline void sha2_hmac_update( sha256_context *ctx, const unsigned char *inp ut, size_t ilen ) { inline void sha2_hmac_update( sha256_context *ctx, const unsigned char *inp ut, size_t ilen ) {
sha256_hmac_update( ctx, input, ilen ); sha256_hmac_update( ctx, input, ilen );
} }
inline void sha2_hmac_finish( sha256_context *ctx, unsigned char output[32] ) { inline void sha2_hmac_finish( sha256_context *ctx, unsigned char output[32] ) {
sha256_hmac_finish( ctx, output ); sha256_hmac_finish( ctx, output );
skipping to change at line 105 skipping to change at line 110
typedef sha512_context sha4_context; typedef sha512_context sha4_context;
inline void sha4_starts( sha512_context *ctx, int is384 ) { inline void sha4_starts( sha512_context *ctx, int is384 ) {
sha512_starts( ctx, is384 ); sha512_starts( ctx, is384 );
} }
inline void sha4_update( sha512_context *ctx, const unsigned char *input, inline void sha4_update( sha512_context *ctx, const unsigned char *input,
size_t ilen ) { size_t ilen ) {
sha512_update( ctx, input, ilen ); sha512_update( ctx, input, ilen );
} }
inline void sha4_finish( sha512_context *ctx, unsigned char output[64] ) { inline void sha4_finish( sha512_context *ctx, unsigned char output[64] ) {
return sha512_finish( ctx, output ); sha512_finish( ctx, output );
} }
inline int sha4_file( const char *path, unsigned char output[64], int is384 ) { inline int sha4_file( const char *path, unsigned char output[64], int is384 ) {
return sha512_file( path, output, is384 ); return sha512_file( path, output, is384 );
} }
inline void sha4( const unsigned char *input, size_t ilen, inline void sha4( const unsigned char *input, size_t ilen,
unsigned char output[32], int is384 ) { unsigned char output[32], int is384 ) {
return sha512( input, ilen, output, is384 ); sha512( input, ilen, output, is384 );
} }
inline void sha4_hmac_starts( sha512_context *ctx, const unsigned char *key , inline void sha4_hmac_starts( sha512_context *ctx, const unsigned char *key ,
size_t keylen, int is384 ) { size_t keylen, int is384 ) {
sha512_hmac_starts( ctx, key, keylen, is384 ); sha512_hmac_starts( ctx, key, keylen, is384 );
} }
inline void sha4_hmac_update( sha512_context *ctx, const unsigned char *inp ut, size_t ilen ) { inline void sha4_hmac_update( sha512_context *ctx, const unsigned char *inp ut, size_t ilen ) {
sha512_hmac_update( ctx, input, ilen ); sha512_hmac_update( ctx, input, ilen );
} }
inline void sha4_hmac_finish( sha512_context *ctx, unsigned char output[64] ) { inline void sha4_hmac_finish( sha512_context *ctx, unsigned char output[64] ) {
sha512_hmac_finish( ctx, output ); sha512_hmac_finish( ctx, output );
skipping to change at line 235 skipping to change at line 240
inline int x509parse_verify( x509_cert *crt, x509_cert *trust_ca, inline int x509parse_verify( x509_cert *crt, x509_cert *trust_ca,
x509_crl *ca_crl, const char *cn, int *flags, x509_crl *ca_crl, const char *cn, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *) , int (*f_vrfy)(void *, x509_cert *, int, int *) ,
void *p_vrfy ) { void *p_vrfy ) {
return x509_crt_verify( crt, trust_ca, ca_crl, cn, flags, f_vrfy, p_vrf y ); return x509_crt_verify( crt, trust_ca, ca_crl, cn, flags, f_vrfy, p_vrf y );
} }
inline int x509parse_revoked( const x509_cert *crt, const x509_crl *crl ) { inline int x509parse_revoked( const x509_cert *crt, const x509_crl *crl ) {
return x509_crt_revoked( crt, crl ); return x509_crt_revoked( crt, crl );
} }
inline void x509_free( x509_cert *crt ) { inline void x509_free( x509_cert *crt ) {
return x509_crt_free( crt ); x509_crt_free( crt );
} }
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_X509_CRL_PARSE_C) #if defined(POLARSSL_X509_CRL_PARSE_C)
#define POLARSSL_X509_PARSE_C #define POLARSSL_X509_PARSE_C
#include "x509_crl.h" #include "x509_crl.h"
inline int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ) { inline int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ) {
return x509_crl_parse( chain, buf, buflen ); return x509_crl_parse( chain, buf, buflen );
} }
inline int x509parse_crlfile( x509_crl *chain, const char *path ) { inline int x509parse_crlfile( x509_crl *chain, const char *path ) {
skipping to change at line 357 skipping to change at line 362
return( ret ); return( ret );
} }
#endif /* POLARSSL_PK_PARSE_C && POLARSSL_RSA_C */ #endif /* POLARSSL_PK_PARSE_C && POLARSSL_RSA_C */
#if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_RSA_C) #if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_RSA_C)
#include "pk.h" #include "pk.h"
inline int x509_write_pubkey_der( unsigned char *buf, size_t len, rsa_conte xt *rsa ) { inline int x509_write_pubkey_der( unsigned char *buf, size_t len, rsa_conte xt *rsa ) {
int ret; int ret;
pk_context ctx; pk_context ctx;
if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret ); if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret );
if( ( ret = rsa_copy( ctx.pk_ctx, rsa ) ) != 0 ) return( ret ); if( ( ret = rsa_copy( pk_rsa( ctx ), rsa ) ) != 0 ) return( ret );
ret = pk_write_pubkey_der( &ctx, buf, len ); ret = pk_write_pubkey_der( &ctx, buf, len );
pk_free( &ctx ); pk_free( &ctx );
return( ret ); return( ret );
} }
inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_context *rsa ) { inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
int ret; int ret;
pk_context ctx; pk_context ctx;
if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret ); if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret );
if( ( ret = rsa_copy( ctx.pk_ctx, rsa ) ) != 0 ) return( ret ); if( ( ret = rsa_copy( pk_rsa( ctx ), rsa ) ) != 0 ) return( ret );
ret = pk_write_key_der( &ctx, buf, len ); ret = pk_write_key_der( &ctx, buf, len );
pk_free( &ctx ); pk_free( &ctx );
return( ret ); return( ret );
} }
#endif /* POLARSSL_PK_WRITE_C && POLARSSL_RSA_C */ #endif /* POLARSSL_PK_WRITE_C && POLARSSL_RSA_C */
#endif /* compat-1.2.h */ #endif /* compat-1.2.h */
 End of changes. 8 change blocks. 
7 lines changed or deleted 12 lines changed or added


 config.h   config.h 
skipping to change at line 51 skipping to change at line 51
* This section sets system specific settings. * This section sets system specific settings.
* \{ * \{
*/ */
/** /**
* \def POLARSSL_HAVE_INT8 * \def POLARSSL_HAVE_INT8
* *
* The system uses 8-bit wide native integers. * The system uses 8-bit wide native integers.
* *
* Uncomment if native integers are 8-bit wide. * Uncomment if native integers are 8-bit wide.
#define POLARSSL_HAVE_INT8
*/ */
//#define POLARSSL_HAVE_INT8
/** /**
* \def POLARSSL_HAVE_INT16 * \def POLARSSL_HAVE_INT16
* *
* The system uses 16-bit wide native integers. * The system uses 16-bit wide native integers.
* *
* Uncomment if native integers are 16-bit wide. * Uncomment if native integers are 16-bit wide.
#define POLARSSL_HAVE_INT16
*/ */
//#define POLARSSL_HAVE_INT16
/** /**
* \def POLARSSL_HAVE_LONGLONG * \def POLARSSL_HAVE_LONGLONG
* *
* The compiler supports the 'long long' type. * The compiler supports the 'long long' type.
* (Only used on 32-bit platforms) * (Only used on 32-bit platforms)
*/ */
#define POLARSSL_HAVE_LONGLONG #define POLARSSL_HAVE_LONGLONG
/** /**
skipping to change at line 93 skipping to change at line 93
* Comment to disable the use of assembly code. * Comment to disable the use of assembly code.
*/ */
#define POLARSSL_HAVE_ASM #define POLARSSL_HAVE_ASM
/** /**
* \def POLARSSL_HAVE_SSE2 * \def POLARSSL_HAVE_SSE2
* *
* CPU supports SSE2 instruction set. * CPU supports SSE2 instruction set.
* *
* Uncomment if the CPU supports SSE2 (IA-32 specific). * Uncomment if the CPU supports SSE2 (IA-32 specific).
#define POLARSSL_HAVE_SSE2
*/ */
//#define POLARSSL_HAVE_SSE2
/**
* \def POLARSSL_HAVE_READDIR_R
*
* (Non Windows) System has readdir_r().
*
* Required for x509_crt_parse_path() in non-Windows systems.
*
* Comment if your system does not have support.
*/
#define POLARSSL_HAVE_READDIR_R
/** /**
* \def POLARSSL_HAVE_TIME * \def POLARSSL_HAVE_TIME
* *
* System has time.h and time() / localtime() / gettimeofday(). * System has time.h and time() / localtime() / gettimeofday().
* *
* Comment if your system does not support time functions * Comment if your system does not support time functions
*/ */
#define POLARSSL_HAVE_TIME #define POLARSSL_HAVE_TIME
/* \} name SECTION: System support */ /* \} name SECTION: System support */
skipping to change at line 129 skipping to change at line 140
* implementations). Keep in mind that the function prototypes should remai n * implementations). Keep in mind that the function prototypes should remai n
* the same. * the same.
* *
* Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
* provide the "struct aes_context" definition and omit the base function * provide the "struct aes_context" definition and omit the base function
* declarations and implementations. "aes_alt.h" will be included from * declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions. * "aes.h" to include the new function definitions.
* *
* Uncomment a macro to enable alternate implementation for core algorithm * Uncomment a macro to enable alternate implementation for core algorithm
* functions * functions
#define POLARSSL_AES_ALT
#define POLARSSL_ARC4_ALT
#define POLARSSL_BLOWFISH_ALT
#define POLARSSL_CAMELLIA_ALT
#define POLARSSL_DES_ALT
#define POLARSSL_XTEA_ALT
#define POLARSSL_MD2_ALT
#define POLARSSL_MD4_ALT
#define POLARSSL_MD5_ALT
#define POLARSSL_SHA1_ALT
#define POLARSSL_SHA256_ALT
#define POLARSSL_SHA512_ALT
*/ */
//#define POLARSSL_AES_ALT
//#define POLARSSL_ARC4_ALT
//#define POLARSSL_BLOWFISH_ALT
//#define POLARSSL_CAMELLIA_ALT
//#define POLARSSL_DES_ALT
//#define POLARSSL_XTEA_ALT
//#define POLARSSL_MD2_ALT
//#define POLARSSL_MD4_ALT
//#define POLARSSL_MD5_ALT
//#define POLARSSL_SHA1_ALT
//#define POLARSSL_SHA256_ALT
//#define POLARSSL_SHA512_ALT
/** /**
* \def POLARSSL_AES_ROM_TABLES * \def POLARSSL_AES_ROM_TABLES
* *
* Store the AES tables in ROM. * Store the AES tables in ROM.
* *
* Uncomment this macro to store the AES tables in ROM. * Uncomment this macro to store the AES tables in ROM.
* *
#define POLARSSL_AES_ROM_TABLES
*/ */
//#define POLARSSL_AES_ROM_TABLES
/** /**
* \def POLARSSL_CIPHER_MODE_CBC * \def POLARSSL_CIPHER_MODE_CBC
* *
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
*/ */
#define POLARSSL_CIPHER_MODE_CBC #define POLARSSL_CIPHER_MODE_CBC
/** /**
* \def POLARSSL_CIPHER_MODE_CFB * \def POLARSSL_CIPHER_MODE_CFB
skipping to change at line 187 skipping to change at line 198
* Enable NULL cipher. * Enable NULL cipher.
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security! * encryption or channels without any security!
* *
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites: * the following ciphersuites:
* TLS_RSA_WITH_NULL_MD5 * TLS_RSA_WITH_NULL_MD5
* TLS_RSA_WITH_NULL_SHA * TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256 * TLS_RSA_WITH_NULL_SHA256
* TLS_ECDHE_RSA_WITH_NULL_SHA * TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_PSK_WITH_NULL * TLS_PSK_WITH_NULL_SHA
* TLS_PSK_WITH_NULL256 * TLS_PSK_WITH_NULL_SHA256
* TLS_PSK_WITH_NULL384 * TLS_PSK_WITH_NULL_SHA384
* TLS_DHE_PSK_WITH_NULL * TLS_DHE_PSK_WITH_NULL_SHA
* TLS_DHE_PSK_WITH_NULL256 * TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL384 * TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_RSA_PSK_WITH_NULL * TLS_RSA_PSK_WITH_NULL_SHA
* TLS_RSA_PSK_WITH_NULL256 * TLS_RSA_PSK_WITH_NULL_SHA256
* TLS_RSA_PSK_WITH_NULL384 * TLS_RSA_PSK_WITH_NULL_SHA384
* TLS_ECDHE_PSK_WITH_NULL_SHA
* TLS_ECDHE_PSK_WITH_NULL_SHA256
* TLS_ECDHE_PSK_WITH_NULL_SHA384
* *
* Uncomment this macro to enable the NULL cipher and ciphersuites * Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
*/ */
//#define POLARSSL_CIPHER_NULL_CIPHER
/** /**
* \def POLARSSL_CIPHER_PADDING_XXX * \def POLARSSL_CIPHER_PADDING_XXX
* *
* Uncomment or comment macros to add support for specific padding modes * Uncomment or comment macros to add support for specific padding modes
* in the cipher layer with cipher modes that support padding (e.g. CBC) * in the cipher layer with cipher modes that support padding (e.g. CBC)
* *
* If you disable all padding modes, only full blocks can be used with CBC. * If you disable all padding modes, only full blocks can be used with CBC.
* *
* Enable padding modes in the cipher layer. * Enable padding modes in the cipher layer.
skipping to change at line 228 skipping to change at line 242
* *
* Enable weak ciphersuites in SSL / TLS. * Enable weak ciphersuites in SSL / TLS.
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* channels with virtually no security at all! * channels with virtually no security at all!
* *
* This enables the following ciphersuites: * This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA * TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA * TLS_DHE_RSA_WITH_DES_CBC_SHA
* *
* Uncomment this macro to enable weak ciphersuites * Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/ */
//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
/** /**
* \def POLARSSL_ECP_XXXX_ENABLED * \def POLARSSL_ECP_XXXX_ENABLED
* *
* Enables specific curves within the Elliptic Curve module. * Enables specific curves within the Elliptic Curve module.
* By default all supported curves are enables. * By default all supported curves are enables.
* *
* Comment macros to disable the curve and functions for it * Comment macros to disable the curve and functions for it
*/ */
#define POLARSSL_ECP_DP_SECP192R1_ENABLED #define POLARSSL_ECP_DP_SECP192R1_ENABLED
#define POLARSSL_ECP_DP_SECP224R1_ENABLED #define POLARSSL_ECP_DP_SECP224R1_ENABLED
#define POLARSSL_ECP_DP_SECP256R1_ENABLED #define POLARSSL_ECP_DP_SECP256R1_ENABLED
#define POLARSSL_ECP_DP_SECP384R1_ENABLED #define POLARSSL_ECP_DP_SECP384R1_ENABLED
#define POLARSSL_ECP_DP_SECP521R1_ENABLED #define POLARSSL_ECP_DP_SECP521R1_ENABLED
#define POLARSSL_ECP_DP_BP256R1_ENABLED
#define POLARSSL_ECP_DP_BP384R1_ENABLED
#define POLARSSL_ECP_DP_BP512R1_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
* *
* Enable the PSK based ciphersuite modes in SSL / TLS. * Enable the PSK based ciphersuite modes in SSL / TLS.
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_PSK_WITH_RC4_128_SHA * TLS_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA * TLS_PSK_WITH_3DES_EDE_CBC_SHA
skipping to change at line 284 skipping to change at line 301
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
*/ */
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
*
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_ECDH_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
* *
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS. * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
* (NOT YET IMPLEMENTED) *
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_PSK_WITH_RC4_128_SHA * TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
*/ */
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
* *
* Enable the RSA-only based ciphersuite modes in SSL / TLS. * Enable the RSA-only based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
skipping to change at line 445 skipping to change at line 482
/** /**
* \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
* *
* Do not add default entropy sources. These are the platform specific, * Do not add default entropy sources. These are the platform specific,
* hardclock and HAVEGE based poll functions. * hardclock and HAVEGE based poll functions.
* *
* This is useful to have more control over the added entropy sources in an * This is useful to have more control over the added entropy sources in an
* application. * application.
* *
* Uncomment this macro to prevent loading of default entropy functions. * Uncomment this macro to prevent loading of default entropy functions.
#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
*/ */
//#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
/** /**
* \def POLARSSL_NO_PLATFORM_ENTROPY * \def POLARSSL_NO_PLATFORM_ENTROPY
* *
* Do not use built-in platform entropy functions. * Do not use built-in platform entropy functions.
* This is useful if your platform does not support * This is useful if your platform does not support
* standards like the /dev/urandom or Windows CryptoAPI. * standards like the /dev/urandom or Windows CryptoAPI.
* *
* Uncomment this macro to disable the built-in platform entropy functions. * Uncomment this macro to disable the built-in platform entropy functions.
#define POLARSSL_NO_PLATFORM_ENTROPY
*/ */
//#define POLARSSL_NO_PLATFORM_ENTROPY
/** /**
* \def POLARSSL_MEMORY_DEBUG * \def POLARSSL_MEMORY_DEBUG
* *
* Enable debugging of buffer allocator memory issues. Automatically prints * Enable debugging of buffer allocator memory issues. Automatically prints
* (to stderr) all (fatal) messages on memory allocation issues. Enables * (to stderr) all (fatal) messages on memory allocation issues. Enables
* function for 'debug output' of allocated memory. * function for 'debug output' of allocated memory.
* *
* Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
* fprintf() * fprintf()
* *
* Uncomment this macro to let the buffer allocator print out error message s. * Uncomment this macro to let the buffer allocator print out error message s.
#define POLARSSL_MEMORY_DEBUG */
*/ //#define POLARSSL_MEMORY_DEBUG
/** /**
* \def POLARSSL_MEMORY_BACKTRACE * \def POLARSSL_MEMORY_BACKTRACE
* *
* Include backtrace information with each allocated block. * Include backtrace information with each allocated block.
* *
* Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
* GLIBC-compatible backtrace() an backtrace_symbols() support * GLIBC-compatible backtrace() an backtrace_symbols() support
* *
* Uncomment this macro to include backtrace information * Uncomment this macro to include backtrace information
#define POLARSSL_MEMORY_BACKTRACE
*/ */
//#define POLARSSL_MEMORY_BACKTRACE
/** /**
* \def POLARSSL_PKCS1_V15 * \def POLARSSL_PKCS1_V15
* *
* Enable support for PKCS#1 v1.5 encoding. * Enable support for PKCS#1 v1.5 encoding.
* *
* Requires: POLARSSL_RSA_C * Requires: POLARSSL_RSA_C
* *
* This enables support for PKCS#1 v1.5 operations. * This enables support for PKCS#1 v1.5 operations.
*/ */
skipping to change at line 514 skipping to change at line 551
*/ */
#define POLARSSL_PKCS1_V21 #define POLARSSL_PKCS1_V21
/** /**
* \def POLARSSL_RSA_NO_CRT * \def POLARSSL_RSA_NO_CRT
* *
* Do not use the Chinese Remainder Theorem for the RSA private operation. * Do not use the Chinese Remainder Theorem for the RSA private operation.
* *
* Uncomment this macro to disable the use of CRT in RSA. * Uncomment this macro to disable the use of CRT in RSA.
* *
#define POLARSSL_RSA_NO_CRT
*/ */
//#define POLARSSL_RSA_NO_CRT
/** /**
* \def POLARSSL_SELF_TEST * \def POLARSSL_SELF_TEST
* *
* Enable the checkup functions (*_self_test). * Enable the checkup functions (*_self_test).
*/ */
#define POLARSSL_SELF_TEST #define POLARSSL_SELF_TEST
/** /**
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
skipping to change at line 551 skipping to change at line 588
* Enable the debug messages in SSL module for all issues. * Enable the debug messages in SSL module for all issues.
* Debug messages have been disabled in some places to prevent timing * Debug messages have been disabled in some places to prevent timing
* attacks due to (unbalanced) debugging function calls. * attacks due to (unbalanced) debugging function calls.
* *
* If you need all error reporting you should enable this during debugging, * If you need all error reporting you should enable this during debugging,
* but remove this for production servers that should log as well. * but remove this for production servers that should log as well.
* *
* Uncomment this macro to report all debug messages on errors introducing * Uncomment this macro to report all debug messages on errors introducing
* a timing side-channel. * a timing side-channel.
* *
#define POLARSSL_SSL_DEBUG_ALL
*/ */
//#define POLARSSL_SSL_DEBUG_ALL
/** /**
* \def POLARSSL_SSL_HW_RECORD_ACCEL * \def POLARSSL_SSL_HW_RECORD_ACCEL
* *
* Enable hooking functions in SSL module for hardware acceleration of * Enable hooking functions in SSL module for hardware acceleration of
* individual records. * individual records.
* *
* Uncomment this macro to enable hooking functions. * Uncomment this macro to enable hooking functions.
#define POLARSSL_SSL_HW_RECORD_ACCEL
*/ */
//#define POLARSSL_SSL_HW_RECORD_ACCEL
/** /**
* \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
* *
* Enable support for receiving and parsing SSLv2 Client Hello messages for the * Enable support for receiving and parsing SSLv2 Client Hello messages for the
* SSL Server module (POLARSSL_SSL_SRV_C). * SSL Server module (POLARSSL_SSL_SRV_C).
* *
* Comment this macro to disable support for SSLv2 Client Hello messages. * Comment this macro to disable support for SSLv2 Client Hello messages.
*/ */
#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
skipping to change at line 670 skipping to change at line 707
#define POLARSSL_SSL_TRUNCATED_HMAC #define POLARSSL_SSL_TRUNCATED_HMAC
/** /**
* \def POLARSSL_THREADING_ALT * \def POLARSSL_THREADING_ALT
* *
* Provide your own alternate threading implementation. * Provide your own alternate threading implementation.
* *
* Requires: POLARSSL_THREADING_C * Requires: POLARSSL_THREADING_C
* *
* Uncomment this to allow your own alternate threading implementation. * Uncomment this to allow your own alternate threading implementation.
#define POLARSSL_THREADING_ALT
*/ */
//#define POLARSSL_THREADING_ALT
/** /**
* \def POLARSSL_THREADING_DUMMY * \def POLARSSL_THREADING_DUMMY
* *
* Provide a dummy threading implementation. * Provide a dummy threading implementation.
* Warning: If you use this, all claims of thread-safety in the documentati on * Warning: If you use this, all claims of thread-safety in the documentati on
* are void! * are void!
* *
* Requires: POLARSSL_THREADING_C * Requires: POLARSSL_THREADING_C
* *
* Uncomment this to enable code to compile like with threading enabled * Uncomment this to enable code to compile like with threading enabled
#define POLARSSL_THREADING_DUMMY
*/ */
//#define POLARSSL_THREADING_DUMMY
/** /**
* \def POLARSSL_THREADING_PTHREAD * \def POLARSSL_THREADING_PTHREAD
* *
* Enable the pthread wrapper layer for the threading layer. * Enable the pthread wrapper layer for the threading layer.
* *
* Requires: POLARSSL_THREADING_C * Requires: POLARSSL_THREADING_C
* *
* Uncomment this to enable pthread mutexes. * Uncomment this to enable pthread mutexes.
#define POLARSSL_THREADING_PTHREAD
*/ */
//#define POLARSSL_THREADING_PTHREAD
/** /**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
* *
* If set, the X509 parser will not break-off when parsing an X509 certific ate * If set, the X509 parser will not break-off when parsing an X509 certific ate
* and encountering an extension in a v1 or v2 certificate. * and encountering an extension in a v1 or v2 certificate.
* *
* Uncomment to prevent an error. * Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
*/ */
//#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
/** /**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
* *
* If set, the X509 parser will not break-off when parsing an X509 certific ate * If set, the X509 parser will not break-off when parsing an X509 certific ate
* and encountering an unknown critical extension. * and encountering an unknown critical extension.
* *
* Uncomment to prevent an error. * Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/ */
//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
/** /**
* \def POLARSSL_ZLIB_SUPPORT * \def POLARSSL_ZLIB_SUPPORT
* *
* If set, the SSL/TLS module uses ZLIB to support compression and * If set, the SSL/TLS module uses ZLIB to support compression and
* decompression of packet data. * decompression of packet data.
* *
* Used in: library/ssl_tls.c * Used in: library/ssl_tls.c
* library/ssl_cli.c * library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* This feature requires zlib library and headers to be present. * This feature requires zlib library and headers to be present.
* *
* Uncomment to enable use of ZLIB * Uncomment to enable use of ZLIB
#define POLARSSL_ZLIB_SUPPORT
*/ */
//#define POLARSSL_ZLIB_SUPPORT
/* \} name SECTION: PolarSSL feature support */ /* \} name SECTION: PolarSSL feature support */
/** /**
* \name SECTION: PolarSSL modules * \name SECTION: PolarSSL modules
* *
* This section enables or disables entire modules in PolarSSL * This section enables or disables entire modules in PolarSSL
* \{ * \{
*/ */
/** /**
skipping to change at line 1016 skipping to change at line 1051
/** /**
* \def POLARSSL_ECP_C * \def POLARSSL_ECP_C
* *
* Enable the elliptic curve over GF(p) library. * Enable the elliptic curve over GF(p) library.
* *
* Module: library/ecp.c * Module: library/ecp.c
* Caller: library/ecdh.c * Caller: library/ecdh.c
* library/ecdsa.c * library/ecdsa.c
* *
* Requires: POLARSSL_BIGNUM_C * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
*/ */
#define POLARSSL_ECP_C #define POLARSSL_ECP_C
/** /**
* \def POLARSSL_ENTROPY_C * \def POLARSSL_ENTROPY_C
* *
* Enable the platform-specific entropy code. * Enable the platform-specific entropy code.
* *
* Module: library/entropy.c * Module: library/entropy.c
* Caller: * Caller:
skipping to change at line 1082 skipping to change at line 1117
* your applications primary random generator or primary entropy p ool * your applications primary random generator or primary entropy p ool
* input. As a secondary input to your entropy pool, it IS able ad d * input. As a secondary input to your entropy pool, it IS able ad d
* the (limited) extra entropy it provides. * the (limited) extra entropy it provides.
* *
* Module: library/havege.c * Module: library/havege.c
* Caller: * Caller:
* *
* Requires: POLARSSL_TIMING_C * Requires: POLARSSL_TIMING_C
* *
* Uncomment to enable the HAVEGE random generator. * Uncomment to enable the HAVEGE random generator.
#define POLARSSL_HAVEGE_C
*/ */
//#define POLARSSL_HAVEGE_C
/** /**
* \def POLARSSL_MD_C * \def POLARSSL_MD_C
* *
* Enable the generic message digest layer. * Enable the generic message digest layer.
* *
* Module: library/md.c * Module: library/md.c
* Caller: * Caller:
* *
* Uncomment to enable generic message digest wrappers. * Uncomment to enable generic message digest wrappers.
skipping to change at line 1106 skipping to change at line 1141
/** /**
* \def POLARSSL_MD2_C * \def POLARSSL_MD2_C
* *
* Enable the MD2 hash algorithm. * Enable the MD2 hash algorithm.
* *
* Module: library/md2.c * Module: library/md2.c
* Caller: * Caller:
* *
* Uncomment to enable support for (rare) MD2-signed X.509 certs. * Uncomment to enable support for (rare) MD2-signed X.509 certs.
*
#define POLARSSL_MD2_C
*/ */
//#define POLARSSL_MD2_C
/** /**
* \def POLARSSL_MD4_C * \def POLARSSL_MD4_C
* *
* Enable the MD4 hash algorithm. * Enable the MD4 hash algorithm.
* *
* Module: library/md4.c * Module: library/md4.c
* Caller: * Caller:
* *
* Uncomment to enable support for (rare) MD4-signed X.509 certs. * Uncomment to enable support for (rare) MD4-signed X.509 certs.
*
#define POLARSSL_MD4_C
*/ */
//#define POLARSSL_MD4_C
/** /**
* \def POLARSSL_MD5_C * \def POLARSSL_MD5_C
* *
* Enable the MD5 hash algorithm. * Enable the MD5 hash algorithm.
* *
* Module: library/md5.c * Module: library/md5.c
* Caller: library/md.c * Caller: library/md.c
* library/pem.c * library/pem.c
* library/ssl_tls.c * library/ssl_tls.c
skipping to change at line 1149 skipping to change at line 1182
* \def POLARSSL_MEMORY_C * \def POLARSSL_MEMORY_C
* *
* Enable the memory allocation layer. * Enable the memory allocation layer.
* By default PolarSSL uses the system-provided malloc() and free(). * By default PolarSSL uses the system-provided malloc() and free().
* (As long as POLARSSL_MEMORY_STDMALLOC and POLARSSL_MEMORY_STDFREE * (As long as POLARSSL_MEMORY_STDMALLOC and POLARSSL_MEMORY_STDFREE
* are defined and unmodified) * are defined and unmodified)
* *
* This allows different allocators (self-implemented or provided) * This allows different allocators (self-implemented or provided)
* *
* Enable this layer to allow use of alternative memory allocators. * Enable this layer to allow use of alternative memory allocators.
#define POLARSSL_MEMORY_C
*/ */
//#define POLARSSL_MEMORY_C
/** /**
* \def POLARSSL_MEMORY_BUFFER_ALLOC_C * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
* *
* Enable the buffer allocator implementation that makes use of a (stack) * Enable the buffer allocator implementation that makes use of a (stack)
* based buffer to 'allocate' dynamic memory. (replaces malloc() and free() * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
* calls) * calls)
* *
* Module: library/memory_buffer_alloc.c * Module: library/memory_buffer_alloc.c
* *
* Requires: POLARSSL_MEMORY_C * Requires: POLARSSL_MEMORY_C
* *
* Enable this module to enable the buffer memory allocator. * Enable this module to enable the buffer memory allocator.
#define POLARSSL_MEMORY_BUFFER_ALLOC_C
*/ */
//#define POLARSSL_MEMORY_BUFFER_ALLOC_C
/** /**
* \def POLARSSL_NET_C * \def POLARSSL_NET_C
* *
* Enable the TCP/IP networking routines. * Enable the TCP/IP networking routines.
* *
* Module: library/net.c * Module: library/net.c
* *
* This module provides TCP/IP networking routines. * This module provides TCP/IP networking routines.
*/ */
skipping to change at line 1331 skipping to change at line 1364
* *
* Enable wrapper for PKCS#11 smartcard support. * Enable wrapper for PKCS#11 smartcard support.
* *
* Module: library/pkcs11.c * Module: library/pkcs11.c
* Caller: library/pk.c * Caller: library/pk.c
* *
* Requires: POLARSSL_PK_C * Requires: POLARSSL_PK_C
* *
* This module enables SSL/TLS PKCS #11 smartcard support. * This module enables SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper) * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define POLARSSL_PKCS11_C
*/ */
//#define POLARSSL_PKCS11_C
/** /**
* \def POLARSSL_PKCS12_C * \def POLARSSL_PKCS12_C
* *
* Enable PKCS#12 PBE functions. * Enable PKCS#12 PBE functions.
* Adds algorithms for parsing PKCS#8 encrypted private keys * Adds algorithms for parsing PKCS#8 encrypted private keys
* *
* Module: library/pkcs12.c * Module: library/pkcs12.c
* Caller: library/pkparse.c * Caller: library/pkparse.c
* *
skipping to change at line 1491 skipping to change at line 1524
* *
* Module: library/threading.c * Module: library/threading.c
* *
* This allows different threading implementations (self-implemented or * This allows different threading implementations (self-implemented or
* provided). * provided).
* *
* You will have to enable either POLARSSL_THREADING_ALT, * You will have to enable either POLARSSL_THREADING_ALT,
* POLARSSL_THREADING_PTHREAD or POLARSSL_THREADING_DUMMY. * POLARSSL_THREADING_PTHREAD or POLARSSL_THREADING_DUMMY.
* *
* Enable this layer to allow use of mutexes within PolarSSL * Enable this layer to allow use of mutexes within PolarSSL
#define POLARSSL_THREADING_C
*/ */
//#define POLARSSL_THREADING_C
/** /**
* \def POLARSSL_TIMING_C * \def POLARSSL_TIMING_C
* *
* Enable the portable timing interface. * Enable the portable timing interface.
* *
* Module: library/timing.c * Module: library/timing.c
* Caller: library/havege.c * Caller: library/havege.c
* *
* This module is used by the HAVEGE random number generator. * This module is used by the HAVEGE random number generator.
skipping to change at line 1710 skipping to change at line 1743
#error "POLARSSL_ECDH_C defined, but not all prerequisites" #error "POLARSSL_ECDH_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ECDSA_C) && \ #if defined(POLARSSL_ECDSA_C) && \
( !defined(POLARSSL_ECP_C) || \ ( !defined(POLARSSL_ECP_C) || \
!defined(POLARSSL_ASN1_PARSE_C) || \ !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_ASN1_WRITE_C) ) !defined(POLARSSL_ASN1_WRITE_C) )
#error "POLARSSL_ECDSA_C defined, but not all prerequisites" #error "POLARSSL_ECDSA_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ECP_C) && !defined(POLARSSL_BIGNUM_C) #if defined(POLARSSL_ECP_C) && !defined(POLARSSL_BIGNUM_C) || ( \
!defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP512R1_ENABLED) )
#error "POLARSSL_ECP_C defined, but not all prerequisites" #error "POLARSSL_ECP_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \ #if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
!defined(POLARSSL_SHA256_C)) !defined(POLARSSL_SHA256_C))
#error "POLARSSL_ENTROPY_C defined, but not all prerequisites" #error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \ #if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64) defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
#error "CTR_DRBG_ENTROPY_LEN value too high" #error "CTR_DRBG_ENTROPY_LEN value too high"
skipping to change at line 1739 skipping to change at line 1780
#endif #endif
#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C) #if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites" #error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM _C) #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM _C)
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequi sites" #error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequi sites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&
\
!defined(POLARSSL_ECDH_C)
#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prereq
uisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \ ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) ) !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequi sites" #error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequi sites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) ) !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prereq uisites" #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prereq uisites"
 End of changes. 62 change blocks. 
56 lines changed or deleted 104 lines changed or added


 dhm.h   dhm.h 
skipping to change at line 155 skipping to change at line 155
size_t len; /*!< size(P) in chars */ size_t len; /*!< size(P) in chars */
mpi P; /*!< prime modulus */ mpi P; /*!< prime modulus */
mpi G; /*!< generator */ mpi G; /*!< generator */
mpi X; /*!< secret value */ mpi X; /*!< secret value */
mpi GX; /*!< self = G^X mod P */ mpi GX; /*!< self = G^X mod P */
mpi GY; /*!< peer = G^Y mod P */ mpi GY; /*!< peer = G^Y mod P */
mpi K; /*!< key = GY^X mod P */ mpi K; /*!< key = GY^X mod P */
mpi RP; /*!< cached R^2 mod P */ mpi RP; /*!< cached R^2 mod P */
mpi Vi; /*!< blinding value */ mpi Vi; /*!< blinding value */
mpi Vf; /*!< un-blinding value */ mpi Vf; /*!< un-blinding value */
mpi _X; /*!< previous X */ mpi pX; /*!< previous X */
} }
dhm_context; dhm_context;
/** /**
* \brief Parse the ServerKeyExchange parameters * \brief Parse the ServerKeyExchange parameters
* *
* \param ctx DHM context * \param ctx DHM context
* \param p &(start of input buffer) * \param p &(start of input buffer)
* \param end end of buffer * \param end end of buffer
* *
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 ecdh.h   ecdh.h 
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_ECDH_H #ifndef POLARSSL_ECDH_H
#define POLARSSL_ECDH_H #define POLARSSL_ECDH_H
#include "polarssl/ecp.h" #include "ecp.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief ECDH context structure * \brief ECDH context structure
*/ */
typedef struct typedef struct
{ {
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 ecdsa.h   ecdsa.h 
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_ECDSA_H #ifndef POLARSSL_ECDSA_H
#define POLARSSL_ECDSA_H #define POLARSSL_ECDSA_H
#include "polarssl/ecp.h" #include "ecp.h"
/** /**
* \brief ECDSA context structure * \brief ECDSA context structure
* *
* \note Purposefully begins with the same members as struct ecp_keypair. * \note Purposefully begins with the same members as struct ecp_keypair.
*/ */
typedef struct typedef struct
{ {
ecp_group grp; /*!< ellipitic curve used */ ecp_group grp; /*!< ellipitic curve used */
mpi d; /*!< secret signature key */ mpi d; /*!< secret signature key */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 ecp.h   ecp.h 
skipping to change at line 30 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_ECP_H #ifndef POLARSSL_ECP_H
#define POLARSSL_ECP_H #define POLARSSL_ECP_H
#include "polarssl/bignum.h" #include "bignum.h"
/* /*
* ECP error codes * ECP error codes
*/ */
#define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< Th e buffer is too small to write to. */ #define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< Th e buffer is too small to write to. */
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Re quested curve not available. */ #define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Re quested curve not available. */
#define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00 /**< Th e signature is not valid. */ #define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00 /**< Th e signature is not valid. */
#define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80 /**< Me mory allocation failed. */ #define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80 /**< Me mory allocation failed. */
#define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Ge neration of random value, such as (ephemeral) key, failed. */ #define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Ge neration of random value, such as (ephemeral) key, failed. */
skipping to change at line 64 skipping to change at line 64
* sources should be used. See ecp_use_known_dp(). * sources should be used. See ecp_use_known_dp().
*/ */
typedef enum typedef enum
{ {
POLARSSL_ECP_DP_NONE = 0, POLARSSL_ECP_DP_NONE = 0,
POLARSSL_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */ POLARSSL_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
POLARSSL_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */ POLARSSL_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
POLARSSL_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */ POLARSSL_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
POLARSSL_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */ POLARSSL_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */ POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
POLARSSL_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */
POLARSSL_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */
POLARSSL_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */
} ecp_group_id; } ecp_group_id;
/** /**
* Number of supported curves (plus one for NONE) * Number of supported curves (plus one for NONE)
*/ */
#define POLARSSL_ECP_DP_MAX 6 #define POLARSSL_ECP_DP_MAX 9
/** /**
* Curve information for use by other modules * Curve information for use by other modules
*/ */
typedef struct typedef struct
{ {
ecp_group_id grp_id; /*!< Internal identifier */ ecp_group_id grp_id; /*!< Internal identifier */
uint16_t tls_id; /*!< TLS NamedCurve identifier */ uint16_t tls_id; /*!< TLS NamedCurve identifier */
uint16_t size; /*!< Curve size in bits */ uint16_t size; /*!< Curve size in bits */
const char *name; /*!< Human-friendly name */ const char *name; /*!< Human-friendly name */
skipping to change at line 116 skipping to change at line 119
* *
* If modp is NULL, reduction modulo P is done using a generic algorithm. * If modp is NULL, reduction modulo P is done using a generic algorithm.
* Otherwise, it must point to a function that takes an mpi in the range * Otherwise, it must point to a function that takes an mpi in the range
* 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
* than pbits, so that the integer may be efficiently brought in the 0..P-1 * than pbits, so that the integer may be efficiently brought in the 0..P-1
* range by a few additions or substractions. It must return 0 on success a nd * range by a few additions or substractions. It must return 0 on success a nd
* non-zero on failure. * non-zero on failure.
*/ */
typedef struct typedef struct
{ {
ecp_group_id id; /*!< RFC 4492 group ID */ ecp_group_id id; /*!< internal group identifier
mpi P; /*!< prime modulus of the base field */ */
mpi A; /*!< currently unused (-3 assumed) */ mpi P; /*!< prime modulus of the base field
mpi B; /*!< constant term in the equation */ */
ecp_point G; /*!< generator of the subgroup used */ mpi A; /*!< linear term in the equation
mpi N; /*!< the order of G */ */
size_t pbits; /*!< number of bits in P */ mpi B; /*!< constant term in the equation
size_t nbits; /*!< number of bits in N */ */
unsigned int h; /*!< cofactor (unused now: assume 1) */ ecp_point G; /*!< generator of the subgroup used
int (*modp)(mpi *); /*!< function for fast reduction mod P */ */
int (*t_pre)(ecp_point *, void *); /*!< currently unused */ mpi N; /*!< the order of G
int (*t_post)(ecp_point *, void *); /*!< currently unused */ */
void *t_data; /*!< currently unused */ size_t pbits; /*!< number of bits in P
ecp_point *T; /*!< pre-computed points (unused now) */ */
size_t T_size; /*!< number for pre-computed points */ size_t nbits; /*!< number of bits in N
*/
unsigned int h; /*!< cofactor (unused now: assume 1)
*/
int (*modp)(mpi *); /*!< function for fast reduction mod P
*/
int (*t_pre)(ecp_point *, void *); /*!< currently unused
*/
int (*t_post)(ecp_point *, void *); /*!< currently unused
*/
void *t_data; /*!< currently unused
*/
ecp_point *T; /*!< pre-computed points for ecp_mul()
*/
size_t T_size; /*!< number for pre-computed points
*/
} }
ecp_group; ecp_group;
/** /**
* \brief ECP key pair structure * \brief ECP key pair structure
* *
* A generic key pair that could be used for ECDSA, fixed ECDH, etc. * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
* *
* \note Members purposefully in the same order as struc ecdsa_context. * \note Members purposefully in the same order as struc ecdsa_context.
*/ */
 End of changes. 4 change blocks. 
17 lines changed or deleted 35 lines changed or added


 oid.h   oid.h 
skipping to change at line 77 skipping to change at line 77
/* /*
* ISO Identified organization OID parts * ISO Identified organization OID parts
*/ */
#define OID_ORG_DOD "\x06" /* {dod(6)} */ #define OID_ORG_DOD "\x06" /* {dod(6)} */
#define OID_ORG_OIW "\x0e" #define OID_ORG_OIW "\x0e"
#define OID_OIW_SECSIG OID_ORG_OIW "\x03" #define OID_OIW_SECSIG OID_ORG_OIW "\x03"
#define OID_OIW_SECSIG_ALG OID_OIW_SECSIG "\x02" #define OID_OIW_SECSIG_ALG OID_OIW_SECSIG "\x02"
#define OID_OIW_SECSIG_SHA1 OID_OIW_SECSIG_ALG "\x1a" #define OID_OIW_SECSIG_SHA1 OID_OIW_SECSIG_ALG "\x1a"
#define OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ #define OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define OID_CERTICOM OID_ISO_IDENTIFIED_ORG OID_ORG_CERT ICOM #define OID_CERTICOM OID_ISO_IDENTIFIED_ORG OID_ORG_CERT ICOM
#define OID_ORG_TELETRUST "\x24" /* teletrust(36) */
#define OID_TELETRUST OID_ISO_IDENTIFIED_ORG OID_ORG_TELE
TRUST
/* /*
* ISO ITU OID parts * ISO ITU OID parts
*/ */
#define OID_ORGANIZATION "\x01" /* {organization(1) } */ #define OID_ORGANIZATION "\x01" /* {organization(1) } */
#define OID_ISO_ITU_US_ORG OID_ISO_ITU_COUNTRY OID_COUNTRY_US OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1) } */ #define OID_ISO_ITU_US_ORG OID_ISO_ITU_COUNTRY OID_COUNTRY_US OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1) } */
#define OID_ORG_GOV "\x65" /* {gov(101)} */ #define OID_ORG_GOV "\x65" /* {gov(101)} */
#define OID_GOV OID_ISO_ITU_US_ORG OID_ORG_GOV /* { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ #define OID_GOV OID_ISO_ITU_US_ORG OID_ORG_GOV /* { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
skipping to change at line 261 skipping to change at line 263
/* id-ecPublicKey OBJECT IDENTIFIER ::= { /* id-ecPublicKey OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
#define OID_EC_ALG_UNRESTRICTED OID_ANSI_X9_62 "\x02\01" #define OID_EC_ALG_UNRESTRICTED OID_ANSI_X9_62 "\x02\01"
/* id-ecDH OBJECT IDENTIFIER ::= { /* id-ecDH OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) * iso(1) identified-organization(3) certicom(132)
* schemes(1) ecdh(12) } */ * schemes(1) ecdh(12) } */
#define OID_EC_ALG_ECDH OID_CERTICOM "\x01\x0c" #define OID_EC_ALG_ECDH OID_CERTICOM "\x01\x0c"
/* /*
* ECParameters namedCurve identifiers, from RFC 5480 * ECParameters namedCurve identifiers, from RFC 5480 and RFC 5639
*/ */
/* secp192r1 OBJECT IDENTIFIER ::= { /* secp192r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */ * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
#define OID_EC_GRP_SECP192R1 OID_ANSI_X9_62 "\x03\x01\x01" #define OID_EC_GRP_SECP192R1 OID_ANSI_X9_62 "\x03\x01\x01"
/* secp224r1 OBJECT IDENTIFIER ::= { /* secp224r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 33 } */ * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
#define OID_EC_GRP_SECP224R1 OID_CERTICOM "\x00\x21" #define OID_EC_GRP_SECP224R1 OID_CERTICOM "\x00\x21"
skipping to change at line 284 skipping to change at line 286
#define OID_EC_GRP_SECP256R1 OID_ANSI_X9_62 "\x03\x01\x07" #define OID_EC_GRP_SECP256R1 OID_ANSI_X9_62 "\x03\x01\x07"
/* secp384r1 OBJECT IDENTIFIER ::= { /* secp384r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 34 } */ * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
#define OID_EC_GRP_SECP384R1 OID_CERTICOM "\x00\x22" #define OID_EC_GRP_SECP384R1 OID_CERTICOM "\x00\x22"
/* secp521r1 OBJECT IDENTIFIER ::= { /* secp521r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
#define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23" #define OID_EC_GRP_SECP521R1 OID_CERTICOM "\x00\x23"
/* RFC 5639 4.1
* ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
* identified-organization(3) teletrust(36) algorithm(3) signature-
* algorithm(3) ecSign(2) 8}
* ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
* versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
#define OID_EC_BRAINPOOL_V1 OID_TELETRUST "\x03\x03\x02\x08\x01\x01
"
/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
#define OID_EC_GRP_BP256R1 OID_EC_BRAINPOOL_V1 "\x07"
/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
#define OID_EC_GRP_BP384R1 OID_EC_BRAINPOOL_V1 "\x0B"
/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
#define OID_EC_GRP_BP512R1 OID_EC_BRAINPOOL_V1 "\x0D"
/* /*
* ECDSA signature identifers, from RFC 5480 * ECDSA signature identifers, from RFC 5480
*/ */
#define OID_ANSI_X9_62_SIG OID_ANSI_X9_62 "\x04" /* signatures(4) */ #define OID_ANSI_X9_62_SIG OID_ANSI_X9_62 "\x04" /* signatures(4) */
#define OID_ANSI_X9_62_SIG_SHA2 OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with -SHA2(3) */ #define OID_ANSI_X9_62_SIG_SHA2 OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with -SHA2(3) */
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { /* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
#define OID_ECDSA_SHA1 OID_ANSI_X9_62_SIG "\x01" #define OID_ECDSA_SHA1 OID_ANSI_X9_62_SIG "\x01"
 End of changes. 3 change blocks. 
1 lines changed or deleted 22 lines changed or added


 pk.h   pk.h 
skipping to change at line 113 skipping to change at line 113
POLARSSL_PK_DEBUG_MPI, POLARSSL_PK_DEBUG_MPI,
POLARSSL_PK_DEBUG_ECP, POLARSSL_PK_DEBUG_ECP,
} pk_debug_type; } pk_debug_type;
/** /**
* \brief Item to send to the debug module * \brief Item to send to the debug module
*/ */
typedef struct typedef struct
{ {
pk_debug_type type; pk_debug_type type;
char *name; const char *name;
void *value; void *value;
} pk_debug_item; } pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */ /** Maximum number of item send for debugging, plus 1 */
#define POLARSSL_PK_DEBUG_MAX_ITEMS 3 #define POLARSSL_PK_DEBUG_MAX_ITEMS 3
/** /**
* \brief Public key information and operations * \brief Public key information and operations
*/ */
typedef struct typedef struct
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 ssl.h   ssl.h 
skipping to change at line 78 skipping to change at line 78
#endif #endif
#if defined(POLARSSL_ZLIB_SUPPORT) #if defined(POLARSSL_ZLIB_SUPPORT)
#include "zlib.h" #include "zlib.h"
#endif #endif
#if defined(POLARSSL_HAVE_TIME) #if defined(POLARSSL_HAVE_TIME)
#include <time.h> #include <time.h>
#endif #endif
/* For convenience below and in programs */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) ||
\
defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) ||
\
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) ||
\
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
#endif
#if defined(_MSC_VER) && !defined(inline) #if defined(_MSC_VER) && !defined(inline)
#define inline _inline #define inline _inline
#else #else
#if defined(__ARMCC_VERSION) && !defined(inline) #if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline #define inline __inline
#endif /* __ARMCC_VERSION */ #endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */ #endif /*_MSC_VER */
/* /*
* SSL Error codes * SSL Error codes
skipping to change at line 617 skipping to change at line 625
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t); int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
void *p_sni; /*!< context for SNI extension */ void *p_sni; /*!< context for SNI extension */
#endif #endif
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
int (*f_vrfy)(void *, x509_crt *, int, int *); int (*f_vrfy)(void *, x509_crt *, int, int *);
void *p_vrfy; /*!< context for verification */ void *p_vrfy; /*!< context for verification */
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t); int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
void *p_psk; /*!< context for PSK retrieval */ void *p_psk; /*!< context for PSK retrieval */
#endif #endif
/* /*
* Session layer * Session layer
*/ */
ssl_session *session_in; /*!< current session data (in) * / ssl_session *session_in; /*!< current session data (in) * /
ssl_session *session_out; /*!< current session data (out) * / ssl_session *session_out; /*!< current session data (out) * /
ssl_session *session; /*!< negotiated session data * / ssl_session *session; /*!< negotiated session data * /
skipping to change at line 670 skipping to change at line 678
*/ */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */ unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
int out_msgtype; /*!< record header: message type */ int out_msgtype; /*!< record header: message type */
size_t out_msglen; /*!< record header: message length */ size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */ size_t out_left; /*!< amount of data not yet written */
#if defined(POLARSSL_ZLIB_SUPPORT)
unsigned char *compress_buf; /*!< zlib data buffer */
#endif
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */ unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
/* /*
* PKI layer * PKI layer
*/ */
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */ ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
skipping to change at line 715 skipping to change at line 726
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
int session_tickets; /*!< use session tickets? */ int session_tickets; /*!< use session tickets? */
int ticket_lifetime; /*!< session ticket lifetime */ int ticket_lifetime; /*!< session ticket lifetime */
#endif #endif
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
mpi dhm_P; /*!< prime modulus for DHM */ mpi dhm_P; /*!< prime modulus for DHM */
mpi dhm_G; /*!< generator for DHM */ mpi dhm_G; /*!< generator for DHM */
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
/* /*
* PSK values * PSK values
*/ */
unsigned char *psk; unsigned char *psk;
size_t psk_len; size_t psk_len;
unsigned char *psk_identity; unsigned char *psk_identity;
size_t psk_identity_len; size_t psk_identity_len;
#endif #endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
skipping to change at line 1057 skipping to change at line 1068
* *
* \return 0 on success, or a specific error code. * \return 0 on success, or a specific error code.
*/ */
int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
void *rsa_key, void *rsa_key,
rsa_decrypt_func rsa_decrypt, rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign, rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len ); rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
/** /**
* \brief Set the Pre Shared Key (PSK) and the identity name conne cted * \brief Set the Pre Shared Key (PSK) and the identity name conne cted
* to it. * to it.
* *
* \param ssl SSL context * \param ssl SSL context
* \param psk pointer to the pre-shared key * \param psk pointer to the pre-shared key
* \param psk_len pre-shared key length * \param psk_len pre-shared key length
* \param psk_identity pointer to the pre-shared key identity * \param psk_identity pointer to the pre-shared key identity
* \param psk_identity_len identity key length * \param psk_identity_len identity key length
* *
skipping to change at line 1097 skipping to change at line 1108
* Any other return value will result in a denied PSK ident ity. * Any other return value will result in a denied PSK ident ity.
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_psk PSK identity function * \param f_psk PSK identity function
* \param p_psk PSK identity parameter * \param p_psk PSK identity parameter
*/ */
void ssl_set_psk_cb( ssl_context *ssl, void ssl_set_psk_cb( ssl_context *ssl,
int (*f_psk)(void *, ssl_context *, const unsigned cha r *, int (*f_psk)(void *, ssl_context *, const unsigned cha r *,
size_t), size_t),
void *p_psk ); void *p_psk );
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]) * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator * \param dhm_G Diffie-Hellman-Merkle generator
skipping to change at line 1522 skipping to change at line 1533
int ssl_write_certificate( ssl_context *ssl ); int ssl_write_certificate( ssl_context *ssl );
int ssl_parse_change_cipher_spec( ssl_context *ssl ); int ssl_parse_change_cipher_spec( ssl_context *ssl );
int ssl_write_change_cipher_spec( ssl_context *ssl ); int ssl_write_change_cipher_spec( ssl_context *ssl );
int ssl_parse_finished( ssl_context *ssl ); int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl ); int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciph ersuite_info ); void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciph ersuite_info );
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex
);
#endif
#if defined(POLARSSL_PK_C) #if defined(POLARSSL_PK_C)
unsigned char ssl_sig_from_pk( pk_context *pk ); unsigned char ssl_sig_from_pk( pk_context *pk );
pk_type_t ssl_pk_alg_from_sig( unsigned char sig ); pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
#endif #endif
md_type_t ssl_md_alg_from_hash( unsigned char hash ); md_type_t ssl_md_alg_from_hash( unsigned char hash );
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
static inline pk_context *ssl_own_key( ssl_context *ssl ) static inline pk_context *ssl_own_key( ssl_context *ssl )
{ {
 End of changes. 7 change blocks. 
4 lines changed or deleted 23 lines changed or added


 ssl_ciphersuites.h   ssl_ciphersuites.h 
skipping to change at line 147 skipping to change at line 147
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! *
/
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! *
/
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! *
/
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! *
/
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3!
*/
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2
*/
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2
*/
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */ #define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */ #define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */ #define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */ #define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */ #define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */ #define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
typedef enum { typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0, POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA, POLARSSL_KEY_EXCHANGE_RSA,
POLARSSL_KEY_EXCHANGE_DHE_RSA, POLARSSL_KEY_EXCHANGE_DHE_RSA,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_KEY_EXCHANGE_PSK,
POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_KEY_EXCHANGE_DHE_PSK,
POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_KEY_EXCHANGE_RSA_PSK,
POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
} key_exchange_type_t; } key_exchange_type_t;
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t; typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /*<! Weak ciphersuite flag */ #define POLARSSL_CIPHERSUITE_WEAK 0x01 /*<! Weak ciphersuite flag */
/** /**
* \brief This structure is used for storing ciphersuite information * \brief This structure is used for storing ciphersuite information
*/ */
struct _ssl_ciphersuite_t struct _ssl_ciphersuite_t
 End of changes. 4 change blocks. 
8 lines changed or deleted 28 lines changed or added


 version.h   version.h 
skipping to change at line 42 skipping to change at line 42
#define POLARSSL_VERSION_H #define POLARSSL_VERSION_H
#include "config.h" #include "config.h"
/** /**
* The version number x.y.z is split into three parts. * The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 3 #define POLARSSL_VERSION_MINOR 3
#define POLARSSL_VERSION_PATCH 0 #define POLARSSL_VERSION_PATCH 1
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define POLARSSL_VERSION_NUMBER 0x01030000 #define POLARSSL_VERSION_NUMBER 0x01030100
#define POLARSSL_VERSION_STRING "1.3.0" #define POLARSSL_VERSION_STRING "1.3.1"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.0" #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.1"
#if defined(POLARSSL_VERSION_C) #if defined(POLARSSL_VERSION_C)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* Get the version number. * Get the version number.
* *
 End of changes. 2 change blocks. 
4 lines changed or deleted 4 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/