aes.h   aes.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_AES_H #ifndef POLARSSL_AES_H
#define POLARSSL_AES_H #define POLARSSL_AES_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define AES_ENCRYPT 1 #define AES_ENCRYPT 1
#define AES_DECRYPT 0 #define AES_DECRYPT 0
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In valid key length. */ #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In valid key length. */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 bignum.h   bignum.h 
skipping to change at line 35 skipping to change at line 35
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_BIGNUM_H #ifndef POLARSSL_BIGNUM_H
#define POLARSSL_BIGNUM_H #define POLARSSL_BIGNUM_H
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "config.h" #include "config.h"
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
#if (_MSC_VER <= 1200) #if (_MSC_VER <= 1200)
typedef signed short int16_t; typedef signed short int16_t;
typedef unsigned short uint16_t; typedef unsigned short uint16_t;
#else #else
typedef INT16 int16_t; typedef INT16 int16_t;
typedef UINT16 uint16_t; typedef UINT16 uint16_t;
#endif #endif
typedef INT32 int32_t; typedef INT32 int32_t;
typedef INT64 int64_t; typedef INT64 int64_t;
skipping to change at line 131 skipping to change at line 131
typedef uint16_t t_udbl; typedef uint16_t t_udbl;
#define POLARSSL_HAVE_UDBL #define POLARSSL_HAVE_UDBL
#else #else
#if defined(POLARSSL_HAVE_INT16) #if defined(POLARSSL_HAVE_INT16)
typedef int16_t t_sint; typedef int16_t t_sint;
typedef uint16_t t_uint; typedef uint16_t t_uint;
typedef uint32_t t_udbl; typedef uint32_t t_udbl;
#define POLARSSL_HAVE_UDBL #define POLARSSL_HAVE_UDBL
#else #else
#if ( defined(_MSC_VER) && defined(_M_AMD64) ) #if ( defined(_MSC_VER) && defined(_M_AMD64) )
#define POLARSSL_HAVE_INT64
typedef int64_t t_sint; typedef int64_t t_sint;
typedef uint64_t t_uint; typedef uint64_t t_uint;
#else #else
#if ( defined(__GNUC__) && ( \ #if ( defined(__GNUC__) && ( \
defined(__amd64__) || defined(__x86_64__) || \ defined(__amd64__) || defined(__x86_64__) || \
defined(__ppc64__) || defined(__powerpc64__) || \ defined(__ppc64__) || defined(__powerpc64__) || \
defined(__ia64__) || defined(__alpha__) || \ defined(__ia64__) || defined(__alpha__) || \
(defined(__sparc__) && defined(__arch64__)) || \ (defined(__sparc__) && defined(__arch64__)) || \
defined(__s390x__) ) ) defined(__s390x__) ) )
#define POLARSSL_HAVE_INT64
typedef int64_t t_sint; typedef int64_t t_sint;
typedef uint64_t t_uint; typedef uint64_t t_uint;
typedef unsigned int t_udbl __attribute__((mode(TI))); typedef unsigned int t_udbl __attribute__((mode(TI)));
#define POLARSSL_HAVE_UDBL #define POLARSSL_HAVE_UDBL
#else #else
#define POLARSSL_HAVE_INT32
typedef int32_t t_sint; typedef int32_t t_sint;
typedef uint32_t t_uint; typedef uint32_t t_uint;
#if ( defined(_MSC_VER) && defined(_M_IX86) ) #if ( defined(_MSC_VER) && defined(_M_IX86) )
typedef uint64_t t_udbl; typedef uint64_t t_udbl;
#define POLARSSL_HAVE_UDBL #define POLARSSL_HAVE_UDBL
#else #else
#if defined( POLARSSL_HAVE_LONGLONG ) #if defined( POLARSSL_HAVE_LONGLONG )
typedef unsigned long long t_udbl; typedef unsigned long long t_udbl;
#define POLARSSL_HAVE_UDBL #define POLARSSL_HAVE_UDBL
#endif #endif
skipping to change at line 436 skipping to change at line 439
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ); int mpi_add_abs( mpi *X, const mpi *A, const mpi *B );
/** /**
* \brief Unsigned substraction: X = |A| - |B| * \brief Unsigned subtraction: X = |A| - |B|
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A
*/ */
int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B ); int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B );
skipping to change at line 460 skipping to change at line 463
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B ); int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
/** /**
* \brief Signed substraction: X = A - B * \brief Signed subtraction: X = A - B
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B ); int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
skipping to change at line 484 skipping to change at line 487
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b The integer value to add * \param b The integer value to add
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_add_int( mpi *X, const mpi *A, t_sint b ); int mpi_add_int( mpi *X, const mpi *A, t_sint b );
/** /**
* \brief Signed substraction: X = A - b * \brief Signed subtraction: X = A - b
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b The integer value to subtract * \param b The integer value to subtract
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fail ed
*/ */
int mpi_sub_int( mpi *X, const mpi *A, t_sint b ); int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
 End of changes. 7 change blocks. 
4 lines changed or deleted 7 lines changed or added


 blowfish.h   blowfish.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_BLOWFISH_H #ifndef POLARSSL_BLOWFISH_H
#define POLARSSL_BLOWFISH_H #define POLARSSL_BLOWFISH_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define BLOWFISH_ENCRYPT 1 #define BLOWFISH_ENCRYPT 1
#define BLOWFISH_DECRYPT 0 #define BLOWFISH_DECRYPT 0
#define BLOWFISH_MAX_KEY 448 #define BLOWFISH_MAX_KEY 448
#define BLOWFISH_MIN_KEY 32 #define BLOWFISH_MIN_KEY 32
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 camellia.h   camellia.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_CAMELLIA_H #ifndef POLARSSL_CAMELLIA_H
#define POLARSSL_CAMELLIA_H #define POLARSSL_CAMELLIA_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define CAMELLIA_ENCRYPT 1 #define CAMELLIA_ENCRYPT 1
#define CAMELLIA_DECRYPT 0 #define CAMELLIA_DECRYPT 0
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< In valid key length. */ #define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< In valid key length. */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 cipher.h   cipher.h 
skipping to change at line 105 skipping to change at line 105
POLARSSL_CIPHER_CAMELLIA_256_ECB, POLARSSL_CIPHER_CAMELLIA_256_ECB,
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC, POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_CIPHER_CAMELLIA_256_CBC,
POLARSSL_CIPHER_CAMELLIA_128_CFB128, POLARSSL_CIPHER_CAMELLIA_128_CFB128,
POLARSSL_CIPHER_CAMELLIA_192_CFB128, POLARSSL_CIPHER_CAMELLIA_192_CFB128,
POLARSSL_CIPHER_CAMELLIA_256_CFB128, POLARSSL_CIPHER_CAMELLIA_256_CFB128,
POLARSSL_CIPHER_CAMELLIA_128_CTR, POLARSSL_CIPHER_CAMELLIA_128_CTR,
POLARSSL_CIPHER_CAMELLIA_192_CTR, POLARSSL_CIPHER_CAMELLIA_192_CTR,
POLARSSL_CIPHER_CAMELLIA_256_CTR, POLARSSL_CIPHER_CAMELLIA_256_CTR,
POLARSSL_CIPHER_CAMELLIA_128_GCM,
POLARSSL_CIPHER_CAMELLIA_192_GCM,
POLARSSL_CIPHER_CAMELLIA_256_GCM,
POLARSSL_CIPHER_DES_ECB, POLARSSL_CIPHER_DES_ECB,
POLARSSL_CIPHER_DES_CBC, POLARSSL_CIPHER_DES_CBC,
POLARSSL_CIPHER_DES_EDE_ECB, POLARSSL_CIPHER_DES_EDE_ECB,
POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_CIPHER_DES_EDE_CBC,
POLARSSL_CIPHER_DES_EDE3_ECB, POLARSSL_CIPHER_DES_EDE3_ECB,
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_CIPHER_DES_EDE3_CBC,
POLARSSL_CIPHER_BLOWFISH_ECB, POLARSSL_CIPHER_BLOWFISH_ECB,
POLARSSL_CIPHER_BLOWFISH_CBC, POLARSSL_CIPHER_BLOWFISH_CBC,
POLARSSL_CIPHER_BLOWFISH_CFB64, POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR, POLARSSL_CIPHER_BLOWFISH_CTR,
skipping to change at line 152 skipping to change at line 155
enum { enum {
/** Undefined key length */ /** Undefined key length */
POLARSSL_KEY_LENGTH_NONE = 0, POLARSSL_KEY_LENGTH_NONE = 0,
/** Key length, in bits (including parity), for DES keys */ /** Key length, in bits (including parity), for DES keys */
POLARSSL_KEY_LENGTH_DES = 64, POLARSSL_KEY_LENGTH_DES = 64,
/** Key length, in bits (including parity), for DES in two key EDE */ /** Key length, in bits (including parity), for DES in two key EDE */
POLARSSL_KEY_LENGTH_DES_EDE = 128, POLARSSL_KEY_LENGTH_DES_EDE = 128,
/** Key length, in bits (including parity), for DES in three-key EDE */ /** Key length, in bits (including parity), for DES in three-key EDE */
POLARSSL_KEY_LENGTH_DES_EDE3 = 192, POLARSSL_KEY_LENGTH_DES_EDE3 = 192,
/** Maximum length of any IV, in bytes */
POLARSSL_MAX_IV_LENGTH = 16,
}; };
/** Maximum length of any IV, in bytes */
#define POLARSSL_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in bytes */
#define POLARSSL_MAX_BLOCK_LENGTH 16
/** /**
* Base cipher information. The non-mode specific functions and values. * Base cipher information. The non-mode specific functions and values.
*/ */
typedef struct { typedef struct {
/** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */ /** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */
cipher_id_t cipher; cipher_id_t cipher;
/** Encrypt using ECB */ /** Encrypt using ECB */
int (*ecb_func)( void *ctx, operation_t mode, int (*ecb_func)( void *ctx, operation_t mode,
skipping to change at line 248 skipping to change at line 254
int key_length; int key_length;
/** Operation that the context's key has been initialised for */ /** Operation that the context's key has been initialised for */
operation_t operation; operation_t operation;
/** Padding functions to use, if relevant for cipher mode */ /** Padding functions to use, if relevant for cipher mode */
void (*add_padding)( unsigned char *output, size_t olen, size_t data_le n ); void (*add_padding)( unsigned char *output, size_t olen, size_t data_le n );
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
/** Buffer for data that hasn't been encrypted yet */ /** Buffer for data that hasn't been encrypted yet */
unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH]; unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH];
/** Number of bytes that still need processing */ /** Number of bytes that still need processing */
size_t unprocessed_len; size_t unprocessed_len;
/** Current IV or NONCE_COUNTER for CTR-mode */ /** Current IV or NONCE_COUNTER for CTR-mode */
unsigned char iv[POLARSSL_MAX_IV_LENGTH]; unsigned char iv[POLARSSL_MAX_IV_LENGTH];
/** IV size in bytes (for ciphers with variable-length IVs) */ /** IV size in bytes (for ciphers with variable-length IVs) */
size_t iv_size; size_t iv_size;
 End of changes. 4 change blocks. 
3 lines changed or deleted 9 lines changed or added


 compat-1.2.h   compat-1.2.h 
skipping to change at line 35 skipping to change at line 35
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_COMPAT_1_2_H #ifndef POLARSSL_COMPAT_1_2_H
#define POLARSSL_COMPAT_1_2_H #define POLARSSL_COMPAT_1_2_H
#include "config.h" #include "config.h"
// Comment out to disable prototype change warnings // Comment out to disable prototype change warnings
#define SHOW_PROTOTYPE_CHANGE_WARNINGS #define SHOW_PROTOTYPE_CHANGE_WARNINGS
#if defined _MSC_VER #if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
#if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline
#endif /* __ARMCC_VERSION */
#endif /* _MSC_VER */
#if defined(_MSC_VER)
// MSVC does not support #warning // MSVC does not support #warning
#undef SHOW_PROTOTYPE_CHANGE_WARNINGS #undef SHOW_PROTOTYPE_CHANGE_WARNINGS
#endif #endif
#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) #if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
#warning "You can disable these warnings by commenting SHOW_PROTOTYPE_CHANG E_WARNINGS in compat-1.2.h" #warning "You can disable these warnings by commenting SHOW_PROTOTYPE_CHANG E_WARNINGS in compat-1.2.h"
#endif #endif
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
#define POLARSSL_SHA2_C #define POLARSSL_SHA2_C
 End of changes. 1 change blocks. 
1 lines changed or deleted 9 lines changed or added


 config.h   config.h 
skipping to change at line 194 skipping to change at line 194
/** /**
* \def POLARSSL_CIPHER_NULL_CIPHER * \def POLARSSL_CIPHER_NULL_CIPHER
* *
* Enable NULL cipher. * Enable NULL cipher.
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security! * encryption or channels without any security!
* *
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites: * the following ciphersuites:
* TLS_RSA_WITH_NULL_MD5 * TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
* TLS_ECDHE_RSA_WITH_NULL_SHA * TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_PSK_WITH_NULL_SHA * TLS_ECDHE_PSK_WITH_NULL_SHA384
* TLS_PSK_WITH_NULL_SHA256 * TLS_ECDHE_PSK_WITH_NULL_SHA256
* TLS_PSK_WITH_NULL_SHA384 * TLS_ECDHE_PSK_WITH_NULL_SHA
* TLS_DHE_PSK_WITH_NULL_SHA
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA384 * TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_RSA_PSK_WITH_NULL_SHA * TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_RSA_PSK_WITH_NULL_SHA256 * TLS_DHE_PSK_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_PSK_WITH_NULL_SHA384 * TLS_RSA_PSK_WITH_NULL_SHA384
* TLS_ECDHE_PSK_WITH_NULL_SHA * TLS_RSA_PSK_WITH_NULL_SHA256
* TLS_ECDHE_PSK_WITH_NULL_SHA256 * TLS_RSA_PSK_WITH_NULL_SHA
* TLS_ECDHE_PSK_WITH_NULL_SHA384 * TLS_PSK_WITH_NULL_SHA384
* TLS_PSK_WITH_NULL_SHA256
* TLS_PSK_WITH_NULL_SHA
* *
* Uncomment this macro to enable the NULL cipher and ciphersuites * Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
*/ */
//#define POLARSSL_CIPHER_NULL_CIPHER
/** /**
* \def POLARSSL_CIPHER_PADDING_XXX * \def POLARSSL_CIPHER_PADDING_XXX
* *
* Uncomment or comment macros to add support for specific padding modes * Uncomment or comment macros to add support for specific padding modes
* in the cipher layer with cipher modes that support padding (e.g. CBC) * in the cipher layer with cipher modes that support padding (e.g. CBC)
* *
* If you disable all padding modes, only full blocks can be used with CBC. * If you disable all padding modes, only full blocks can be used with CBC.
* *
* Enable padding modes in the cipher layer. * Enable padding modes in the cipher layer.
skipping to change at line 242 skipping to change at line 243
* *
* Enable weak ciphersuites in SSL / TLS. * Enable weak ciphersuites in SSL / TLS.
* Warning: Only do so when you know what you are doing. This allows for * Warning: Only do so when you know what you are doing. This allows for
* channels with virtually no security at all! * channels with virtually no security at all!
* *
* This enables the following ciphersuites: * This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA * TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA * TLS_DHE_RSA_WITH_DES_CBC_SHA
* *
* Uncomment this macro to enable weak ciphersuites * Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/ */
//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
/** /**
* \def POLARSSL_ECP_XXXX_ENABLED * \def POLARSSL_ECP_XXXX_ENABLED
* *
* Enables specific curves within the Elliptic Curve module. * Enables specific curves within the Elliptic Curve module.
* By default all supported curves are enables. * By default all supported curves are enabled.
* *
* Comment macros to disable the curve and functions for it * Comment macros to disable the curve and functions for it
*/ */
#define POLARSSL_ECP_DP_SECP192R1_ENABLED #define POLARSSL_ECP_DP_SECP192R1_ENABLED
#define POLARSSL_ECP_DP_SECP224R1_ENABLED #define POLARSSL_ECP_DP_SECP224R1_ENABLED
#define POLARSSL_ECP_DP_SECP256R1_ENABLED #define POLARSSL_ECP_DP_SECP256R1_ENABLED
#define POLARSSL_ECP_DP_SECP384R1_ENABLED #define POLARSSL_ECP_DP_SECP384R1_ENABLED
#define POLARSSL_ECP_DP_SECP521R1_ENABLED #define POLARSSL_ECP_DP_SECP521R1_ENABLED
#define POLARSSL_ECP_DP_BP256R1_ENABLED #define POLARSSL_ECP_DP_BP256R1_ENABLED
#define POLARSSL_ECP_DP_BP384R1_ENABLED #define POLARSSL_ECP_DP_BP384R1_ENABLED
#define POLARSSL_ECP_DP_BP512R1_ENABLED #define POLARSSL_ECP_DP_BP512R1_ENABLED
/** /**
* \def POLARSSL_ECP_NIST_OPTIM
*
* Enable specific 'modulo p' routines for each NIST prime.
* Depending on the prime and architecture, makes operations 4 to 8 times
* faster on the corresponding curve.
*
* Comment this macro to disable NIST curves optimisation.
*/
#define POLARSSL_ECP_NIST_OPTIM
/**
* \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
* *
* Enable the PSK based ciphersuite modes in SSL / TLS. * Enable the PSK based ciphersuite modes in SSL / TLS.
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_PSK_WITH_RC4_128_SHA * TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_256_CBC_SHA384 * TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_AES_128_GCM_SHA256 * TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_256_GCM_SHA384 * TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
* *
* Enable the DHE-PSK based ciphersuite modes in SSL / TLS. * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_DHM_C * Requires: POLARSSL_DHM_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_DHE_PSK_WITH_RC4_128_SHA * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
* *
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C * Requires: POLARSSL_ECDH_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_ECDHE_PSK_WITH_RC4_128_SHA * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
* *
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS. * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_PSK_WITH_RC4_128_SHA * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_RC4_128_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
* *
* Enable the RSA-only based ciphersuite modes in SSL / TLS. * Enable the RSA-only based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384 * TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_RC4_128_MD5 * TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_RC4_128_SHA * TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA * TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
*/ */
#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
* *
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS. * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
* *
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
/** /**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
* *
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/ */
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/** /**
* \def POLARSSL_ERROR_STRERROR_BC * \def POLARSSL_ERROR_STRERROR_BC
* *
* Make available the backward compatible error_strerror() next to the * Make available the backward compatible error_strerror() next to the
* current polarssl_strerror(). * current polarssl_strerror().
* *
* Disable if you run into name conflicts and want to really remove the * Disable if you run into name conflicts and want to really remove the
skipping to change at line 661 skipping to change at line 695
* *
* Comment this macro to disable support for TLS 1.1 * Comment this macro to disable support for TLS 1.1
*/ */
#define POLARSSL_SSL_PROTO_TLS1_1 #define POLARSSL_SSL_PROTO_TLS1_1
/** /**
* \def POLARSSL_SSL_PROTO_TLS1_2 * \def POLARSSL_SSL_PROTO_TLS1_2
* *
* Enable support for TLS 1.2. * Enable support for TLS 1.2.
* *
* Requires: POLARSSL_SHA256_C or POLARSSL_SHA512_C * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
* (Depends on ciphersuites) * (Depends on ciphersuites)
* *
* Comment this macro to disable support for TLS 1.2 * Comment this macro to disable support for TLS 1.2
*/ */
#define POLARSSL_SSL_PROTO_TLS1_2 #define POLARSSL_SSL_PROTO_TLS1_2
/** /**
* \def POLARSSL_SSL_SESSION_TICKETS * \def POLARSSL_SSL_SESSION_TICKETS
* *
* Enable support for RFC 5077 session tickets in SSL. * Enable support for RFC 5077 session tickets in SSL.
skipping to change at line 790 skipping to change at line 824
* *
* Enable the AES block cipher. * Enable the AES block cipher.
* *
* Module: library/aes.c * Module: library/aes.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* library/pem.c * library/pem.c
* library/ctr_drbg.c * library/ctr_drbg.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA * TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA
* *
* PEM_PARSE uses AES for decrypting encrypted keys. * PEM_PARSE uses AES for decrypting encrypted keys.
*/ */
#define POLARSSL_AES_C #define POLARSSL_AES_C
/** /**
* \def POLARSSL_ARC4_C * \def POLARSSL_ARC4_C
* *
* Enable the ARCFOUR stream cipher. * Enable the ARCFOUR stream cipher.
* *
* Module: library/arc4.c * Module: library/arc4.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_RC4_128_MD5 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA * TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_RC4_128_SHA * TLS_PSK_WITH_RC4_128_SHA
*/ */
#define POLARSSL_ARC4_C #define POLARSSL_ARC4_C
/** /**
* \def POLARSSL_ASN1_PARSE_C * \def POLARSSL_ASN1_PARSE_C
* *
* Enable the generic ASN1 parser. * Enable the generic ASN1 parser.
* *
* Module: library/asn1.c * Module: library/asn1.c
skipping to change at line 900 skipping to change at line 970
/** /**
* \def POLARSSL_CAMELLIA_C * \def POLARSSL_CAMELLIA_C
* *
* Enable the Camellia block cipher. * Enable the Camellia block cipher.
* *
* Module: library/camellia.c * Module: library/camellia.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/ */
#define POLARSSL_CAMELLIA_C #define POLARSSL_CAMELLIA_C
/** /**
* \def POLARSSL_CERTS_C * \def POLARSSL_CERTS_C
* *
* Enable the test certificates. * Enable the test certificates.
* *
* Module: library/certs.c * Module: library/certs.c
* Caller: * Caller:
* *
* Requires: POLARSSL_PEM_PARSE_C
*
* This module is used for testing (ssl_client/server). * This module is used for testing (ssl_client/server).
*/ */
#define POLARSSL_CERTS_C #define POLARSSL_CERTS_C
/** /**
* \def POLARSSL_CIPHER_C * \def POLARSSL_CIPHER_C
* *
* Enable the generic cipher layer. * Enable the generic cipher layer.
* *
* Module: library/cipher.c * Module: library/cipher.c
skipping to change at line 974 skipping to change at line 1072
* \def POLARSSL_DES_C * \def POLARSSL_DES_C
* *
* Enable the DES block cipher. * Enable the DES block cipher.
* *
* Module: library/des.c * Module: library/des.c
* Caller: library/pem.c * Caller: library/pem.c
* library/ssl_tls.c * library/ssl_tls.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
* TLS_RSA_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA * TLS_PSK_WITH_3DES_EDE_CBC_SHA
* *
* PEM_PARSE uses DES/3DES for decrypting encrypted keys. * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*/ */
#define POLARSSL_DES_C #define POLARSSL_DES_C
/** /**
* \def POLARSSL_DHM_C * \def POLARSSL_DHM_C
* *
* Enable the Diffie-Hellman-Merkle key exchange. * Enable the Diffie-Hellman-Merkle module.
* *
* Module: library/dhm.c * Module: library/dhm.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* This module enables the following ciphersuites (if other requisites are * This module is used by the following key exchanges:
* enabled as well): * DHE-RSA, DHE-PSK
* TLS_DHE_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/ */
#define POLARSSL_DHM_C #define POLARSSL_DHM_C
/** /**
* \def POLARSSL_ECDH_C * \def POLARSSL_ECDH_C
* *
* Enable the elliptic curve Diffie-Hellman library. * Enable the elliptic curve Diffie-Hellman library.
* *
* Module: library/ecdh.c * Module: library/ecdh.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* This module enables the following ciphersuites (if other requisites are * This module is used by the following key exchanges:
* enabled as well): * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
* TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* *
* Requires: POLARSSL_ECP_C * Requires: POLARSSL_ECP_C
*/ */
#define POLARSSL_ECDH_C #define POLARSSL_ECDH_C
/** /**
* \def POLARSSL_ECDSA_C * \def POLARSSL_ECDSA_C
* *
* Enable the elliptic curve DSA library. * Enable the elliptic curve DSA library.
* *
* Module: library/ecdsa.c * Module: library/ecdsa.c
* Caller: * Caller:
* *
* This module is used by the following key exchanges:
* ECDHE-ECDSA
*
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
*/ */
#define POLARSSL_ECDSA_C #define POLARSSL_ECDSA_C
/** /**
* \def POLARSSL_ECP_C * \def POLARSSL_ECP_C
* *
* Enable the elliptic curve over GF(p) library. * Enable the elliptic curve over GF(p) library.
* *
* Module: library/ecp.c * Module: library/ecp.c
skipping to change at line 1088 skipping to change at line 1176
*/ */
#define POLARSSL_ERROR_C #define POLARSSL_ERROR_C
/** /**
* \def POLARSSL_GCM_C * \def POLARSSL_GCM_C
* *
* Enable the Galois/Counter Mode (GCM) for AES. * Enable the Galois/Counter Mode (GCM) for AES.
* *
* Module: library/gcm.c * Module: library/gcm.c
* *
* Requires: POLARSSL_AES_C * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* enabled as well): * requisites are enabled as well.
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/ */
#define POLARSSL_GCM_C #define POLARSSL_GCM_C
/** /**
* \def POLARSSL_HAVEGE_C * \def POLARSSL_HAVEGE_C
* *
* Enable the HAVEGE random generator. * Enable the HAVEGE random generator.
* *
* Warning: the HAVEGE random generator is not suitable for virtualized * Warning: the HAVEGE random generator is not suitable for virtualized
* environments * environments
skipping to change at line 1394 skipping to change at line 1480
* \def POLARSSL_RSA_C * \def POLARSSL_RSA_C
* *
* Enable the RSA public-key cryptosystem. * Enable the RSA public-key cryptosystem.
* *
* Module: library/rsa.c * Module: library/rsa.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509.c * library/x509.c
* *
* Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C * This module is used by the following key exchanges:
* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
* *
* This module is required for SSL/TLS and MD5-signed certificates. * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
*/ */
#define POLARSSL_RSA_C #define POLARSSL_RSA_C
/** /**
* \def POLARSSL_SHA1_C * \def POLARSSL_SHA1_C
* *
* Enable the SHA1 cryptographic hash algorithm. * Enable the SHA1 cryptographic hash algorithm.
* *
* Module: library/sha1.c * Module: library/sha1.c
* Caller: library/md.c * Caller: library/md.c
skipping to change at line 1724 skipping to change at line 1811
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / outp ut buffer */ #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / outp ut buffer */
#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tick ets (if enabled) */ #define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tick ets (if enabled) */
#endif /* POLARSSL_CONFIG_OPTIONS */ #endif /* POLARSSL_CONFIG_OPTIONS */
/* \} name */ /* \} name */
/* /*
* Sanity checks on defines and dependencies * Sanity checks on defines and dependencies
*/ */
#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C) #if defined(POLARSSL_CERTS_C) && !defined(POLARSSL_PEM_PARSE_C)
#error "POLARSSL_DHM_C defined, but not all prerequisites" #error "POLARSSL_CERTS_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C) #if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C)
#error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites" #error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C)
#error "POLARSSL_DHM_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C) #if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C)
#error "POLARSSL_ECDH_C defined, but not all prerequisites" #error "POLARSSL_ECDH_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ECDSA_C) && \ #if defined(POLARSSL_ECDSA_C) && \
( !defined(POLARSSL_ECP_C) || \ ( !defined(POLARSSL_ECP_C) || \
!defined(POLARSSL_ASN1_PARSE_C) || \ !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_ASN1_WRITE_C) ) !defined(POLARSSL_ASN1_WRITE_C) )
#error "POLARSSL_ECDSA_C defined, but not all prerequisites" #error "POLARSSL_ECDSA_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ECP_C) && !defined(POLARSSL_BIGNUM_C) || ( \ #if defined(POLARSSL_ECP_C) && ( !defined(POLARSSL_BIGNUM_C) || ( \
!defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP256R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_BP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP384R1_ENABLED) && \ !defined(POLARSSL_ECP_DP_BP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP512R1_ENABLED) ) !defined(POLARSSL_ECP_DP_BP512R1_ENABLED) ) )
#error "POLARSSL_ECP_C defined, but not all prerequisites" #error "POLARSSL_ECP_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \ #if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
!defined(POLARSSL_SHA256_C)) !defined(POLARSSL_SHA256_C))
#error "POLARSSL_ENTROPY_C defined, but not all prerequisites" #error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \ #if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64) defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
#error "CTR_DRBG_ENTROPY_LEN value too high" #error "CTR_DRBG_ENTROPY_LEN value too high"
#endif #endif
#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) && \ #if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32) defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
#error "CTR_DRBG_ENTROPY_LEN value too high" #error "CTR_DRBG_ENTROPY_LEN value too high"
#endif #endif
#if defined(POLARSSL_GCM_C) && !defined(POLARSSL_AES_C) #if defined(POLARSSL_GCM_C) && ( \
!defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
#error "POLARSSL_GCM_C defined, but not all prerequisites" #error "POLARSSL_GCM_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C) #if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites" #error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM _C) #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM _C)
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequi sites" #error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequi sites"
#endif #endif
skipping to change at line 1848 skipping to change at line 1940
#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C) #if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PKCS11_C defined, but not all prerequisites" #error "POLARSSL_PKCS11_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \ #if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) ) !defined(POLARSSL_OID_C) )
#error "POLARSSL_RSA_C defined, but not all prerequisites" #error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_TLS1 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_1) && ( !defined(POLARSSL_MD5_C) ||
\
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && ( !defined(POLARSSL_SHA1_C) &&
\
!defined(POLARSSL_SHA256_C) && !defined(POLARSSL_SHA512_C) )
#error "POLARSSL_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C) #if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_CLI_C defined, but not all prerequisites" #error "POLARSSL_SSL_CLI_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \ #if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
!defined(POLARSSL_MD_C) ) !defined(POLARSSL_MD_C) )
#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites" #error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C) #if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C)
 End of changes. 64 change blocks. 
132 lines changed or deleted 246 lines changed or added


 des.h   des.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_DES_H #ifndef POLARSSL_DES_H
#define POLARSSL_DES_H #define POLARSSL_DES_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define DES_ENCRYPT 1 #define DES_ENCRYPT 1
#define DES_DECRYPT 0 #define DES_DECRYPT 0
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th e data input has an invalid length. */ #define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th e data input has an invalid length. */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 ecp.h   ecp.h 
skipping to change at line 190 skipping to change at line 190
#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ #define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
/** /**
* \brief Return the list of supported curves with associated inf o * \brief Return the list of supported curves with associated inf o
* *
* \return A statically allocated array, the last entry is 0. * \return A statically allocated array, the last entry is 0.
*/ */
const ecp_curve_info *ecp_curve_list( void ); const ecp_curve_info *ecp_curve_list( void );
/** /**
* \brief Get curve information from an internal group identifier
*
* \param grp_id A POLARSSL_ECP_DP_XXX value
*
* \return The associated curve information or NULL
*/
const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id );
/**
* \brief Get curve information from a TLS NamedCurve value
*
* \param grp_id A POLARSSL_ECP_DP_XXX value
*
* \return The associated curve information or NULL
*/
const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
/**
* \brief Initialize a point (as zero) * \brief Initialize a point (as zero)
*/ */
void ecp_point_init( ecp_point *pt ); void ecp_point_init( ecp_point *pt );
/** /**
* \brief Initialize a group (to something meaningless) * \brief Initialize a group (to something meaningless)
*/ */
void ecp_group_init( ecp_group *grp ); void ecp_group_init( ecp_group *grp );
/** /**
skipping to change at line 220 skipping to change at line 238
* \brief Free the components of an ECP group * \brief Free the components of an ECP group
*/ */
void ecp_group_free( ecp_group *grp ); void ecp_group_free( ecp_group *grp );
/** /**
* \brief Free the components of a key pair * \brief Free the components of a key pair
*/ */
void ecp_keypair_free( ecp_keypair *key ); void ecp_keypair_free( ecp_keypair *key );
/** /**
* \brief Set a point to zero * \brief Copy the contents of point Q into P
* *
* \param pt Destination point * \param P Destination point
* \param Q Source point
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai led * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai led
*/ */
int ecp_set_zero( ecp_point *pt ); int ecp_copy( ecp_point *P, const ecp_point *Q );
/** /**
* \brief Tell if a point is zero * \brief Copy the contents of a group object
* *
* \param pt Point to test * \param dst Destination group
* \param src Source group
* *
* \return 1 if point is zero, 0 otherwise * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai
led
*/ */
int ecp_is_zero( ecp_point *pt ); int ecp_group_copy( ecp_group *dst, const ecp_group *src );
/** /**
* \brief Copy the contents of point Q into P * \brief Set a point to zero
* *
* \param P Destination point * \param pt Destination point
* \param Q Source point
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai led * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai led
*/ */
int ecp_copy( ecp_point *P, const ecp_point *Q ); int ecp_set_zero( ecp_point *pt );
/** /**
* \brief Copy the contents of a group object * \brief Tell if a point is zero
* *
* \param dst Destination group * \param pt Point to test
* \param src Source group
* *
* \return 0 if successful, * \return 1 if point is zero, 0 otherwise
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai
led
*/ */
int ecp_group_copy( ecp_group *dst, const ecp_group *src ); int ecp_is_zero( ecp_point *pt );
/** /**
* \brief Import a non-zero point from two ASCII strings * \brief Import a non-zero point from two ASCII strings
* *
* \param P Destination point * \param P Destination point
* \param radix Input numeric base * \param radix Input numeric base
* \param x First affine coordinate as a null-terminated string * \param x First affine coordinate as a null-terminated string
* \param y Second affine coordinate as a null-terminated string * \param y Second affine coordinate as a null-terminated string
* *
* \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
*/ */
int ecp_point_read_string( ecp_point *P, int radix, int ecp_point_read_string( ecp_point *P, int radix,
const char *x, const char *y ); const char *x, const char *y );
/** /**
* \brief Import an ECP group from null-terminated ASCII strings
*
* \param grp Destination group
* \param radix Input numeric base
* \param p Prime modulus of the base field
* \param b Constant term in the equation
* \param gx The generator's X coordinate
* \param gy The generator's Y coordinate
* \param n The generator's order
*
* \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
*
* \note Sets all fields except modp.
*/
int ecp_group_read_string( ecp_group *grp, int radix,
const char *p, const char *b,
const char *gx, const char *gy, const char *n);
/**
* \brief Export a point into unsigned binary data * \brief Export a point into unsigned binary data
* *
* \param grp Group to which the point should belong * \param grp Group to which the point should belong
* \param P Point to export * \param P Point to export
* \param format Point format, should be a POLARSSL_ECP_PF_XXX macro * \param format Point format, should be a POLARSSL_ECP_PF_XXX macro
* \param olen Length of the actual output * \param olen Length of the actual output
* \param buf Output buffer * \param buf Output buffer
* \param buflen Length of the output buffer * \param buflen Length of the output buffer
* *
* \return 0 if successful, * \return 0 if successful,
skipping to change at line 330 skipping to change at line 329
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai led * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation fai led
* *
* \note This function does NOT check that the point actually * \note This function does NOT check that the point actually
* belongs to the given group, see ecp_check_pubkey() for * belongs to the given group, see ecp_check_pubkey() for
* that. * that.
*/ */
int ecp_point_read_binary( const ecp_group *grp, ecp_point *P, int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
const unsigned char *buf, size_t ilen ); const unsigned char *buf, size_t ilen );
/** /**
* \brief Set a group using well-known domain parameters * \brief Import a point from a TLS ECPoint record
*
* \param grp Destination group
* \param index Index in the list of well-known domain parameters
*
* \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
*
* \note Index should be a value of RFC 4492's enum NamdeCurve,
* possibly in the form of a POLARSSL_ECP_DP_XXX macro.
*/
int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
/**
* \brief Set a group from a TLS ECParameters record
* *
* \param grp Destination group * \param grp ECP group used
* \param buf &(Start of input buffer) * \param pt Destination point
* \param buf $(Start of input buffer)
* \param len Buffer length * \param len Buffer length
* *
* \return O if successful, * \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
*/ */
int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t l int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
en ); const unsigned char **buf, size_t len );
/** /**
* \brief Write the TLS ECParameters record for a group * \brief Export a point as a TLS ECPoint record
* *
* \param grp ECP group used * \param grp ECP group used
* \param olen Number of bytes actually written * \param pt Point to export
* \param format Export format
* \param olen length of data written
* \param buf Buffer to write to * \param buf Buffer to write to
* \param blen Buffer length * \param blen Buffer length
* *
* \return 0 if successful, * \return 0 if successful,
* or POLARSSL_ERR_ECP_BAD_INPUT_DATA
* or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
*/ */
int ecp_tls_write_group( const ecp_group *grp, size_t *olen, int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
int format, size_t *olen,
unsigned char *buf, size_t blen ); unsigned char *buf, size_t blen );
/** /**
* \brief Get curve information from an internal group identifier * \brief Import an ECP group from null-terminated ASCII strings
* *
* \param grp_id A POLARSSL_ECP_DP_XXX value * \param grp Destination group
* \param radix Input numeric base
* \param p Prime modulus of the base field
* \param b Constant term in the equation
* \param gx The generator's X coordinate
* \param gy The generator's Y coordinate
* \param n The generator's order
* *
* \return The associated curve information or NULL * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code
*
* \note Sets all fields except modp.
*/ */
const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id ); int ecp_group_read_string( ecp_group *grp, int radix,
const char *p, const char *b,
const char *gx, const char *gy, const char *n);
/** /**
* \brief Get curve information from a TLS NamedCurve value * \brief Set a group using well-known domain parameters
* *
* \param grp_id A POLARSSL_ECP_DP_XXX value * \param grp Destination group
* \param index Index in the list of well-known domain parameters
* *
* \return The associated curve information or NULL * \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
*
* \note Index should be a value of RFC 4492's enum NamdeCurve,
* possibly in the form of a POLARSSL_ECP_DP_XXX macro.
*/ */
const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id ); int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
/** /**
* \brief Import a point from a TLS ECPoint record * \brief Set a group from a TLS ECParameters record
* *
* \param grp ECP group used * \param grp Destination group
* \param pt Destination point * \param buf &(Start of input buffer)
* \param buf $(Start of input buffer)
* \param len Buffer length * \param len Buffer length
* *
* \return O if successful, * \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
*/ */
int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt, int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t l
const unsigned char **buf, size_t len ); en );
/** /**
* \brief Export a point as a TLS ECPoint record * \brief Write the TLS ECParameters record for a group
* *
* \param grp ECP group used * \param grp ECP group used
* \param pt Point to export * \param olen Number of bytes actually written
* \param format Export format
* \param olen length of data written
* \param buf Buffer to write to * \param buf Buffer to write to
* \param blen Buffer length * \param blen Buffer length
* *
* \return 0 if successful, * \return 0 if successful,
* or POLARSSL_ERR_ECP_BAD_INPUT_DATA
* or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
*/ */
int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt, int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
int format, size_t *olen,
unsigned char *buf, size_t blen ); unsigned char *buf, size_t blen );
/** /**
* \brief Addition: R = P + Q * \brief Addition: R = P + Q
* *
* \param grp ECP group * \param grp ECP group
* \param R Destination point * \param R Destination point
* \param P Left-hand point * \param P Left-hand point
* \param Q Right-hand point * \param Q Right-hand point
* *
 End of changes. 38 change blocks. 
81 lines changed or deleted 81 lines changed or added


 error.h   error.h 
skipping to change at line 88 skipping to change at line 88
* PEM 1 9 * PEM 1 9
* PKCS#12 1 4 (Started from top) * PKCS#12 1 4 (Started from top)
* X509 2 18 * X509 2 18
* PK 2 13 (Started from top) * PK 2 13 (Started from top)
* DHM 3 9 * DHM 3 9
* PKCS5 3 4 (Started from top) * PKCS5 3 4 (Started from top)
* RSA 4 9 * RSA 4 9
* ECP 4 7 (Started from top) * ECP 4 7 (Started from top)
* MD 5 4 * MD 5 4
* CIPHER 6 6 * CIPHER 6 6
* SSL 6 7 (Started from top) * SSL 6 8 (Started from top)
* SSL 7 31 * SSL 7 31
* *
* Module dependent error code (5 bits 0x.08.-0x.F8.) * Module dependent error code (5 bits 0x.08.-0x.F8.)
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 gcm.h   gcm.h 
skipping to change at line 32 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_GCM_H #ifndef POLARSSL_GCM_H
#define POLARSSL_GCM_H #define POLARSSL_GCM_H
#include "cipher.h" #include "cipher.h"
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
typedef UINT64 uint64_t; typedef UINT64 uint64_t;
#else #else
#include <stdint.h> #include <stdint.h>
#endif #endif
#define GCM_ENCRYPT 1 #define GCM_ENCRYPT 1
#define GCM_DECRYPT 0 #define GCM_DECRYPT 0
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 md4.h   md4.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD4_H #ifndef POLARSSL_MD4_H
#define POLARSSL_MD4_H #define POLARSSL_MD4_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/w rite error in file. */
#if !defined(POLARSSL_MD4_ALT) #if !defined(POLARSSL_MD4_ALT)
// Regular implementation // Regular implementation
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 md5.h   md5.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD5_H #ifndef POLARSSL_MD5_H
#define POLARSSL_MD5_H #define POLARSSL_MD5_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/w rite error in file. */ #define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/w rite error in file. */
#if !defined(POLARSSL_MD5_ALT) #if !defined(POLARSSL_MD5_ALT)
// Regular implementation // Regular implementation
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 oid.h   oid.h 
skipping to change at line 107 skipping to change at line 107
* { iso(1) identified-organization(3) dod(6) internet(1) * { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) } * security(5) mechanisms(5) pkix(7) }
*/ */
#define OID_PKIX OID_ISO_IDENTIFIED_ORG OID_ORG_DOD "\x01\x05\x05\x07" #define OID_PKIX OID_ISO_IDENTIFIED_ORG OID_ORG_DOD "\x01\x05\x05\x07"
/* /*
* Arc for standard naming attributes * Arc for standard naming attributes
*/ */
#define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ #define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ #define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumb er AttributeType:= {id-at 5} */
#define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryNam e AttributeType:= {id-at 6} */ #define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryNam e AttributeType:= {id-at 6} */
#define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality A ttributeType:= {id-at 7} */ #define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality A ttributeType:= {id-at 7} */
#define OID_AT_STATE OID_AT "\x08" /**< id-at-state Attr ibuteType:= {id-at 8} */ #define OID_AT_STATE OID_AT "\x08" /**< id-at-state Attr ibuteType:= {id-at 8} */
#define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizati onName AttributeType:= {id-at 10} */ #define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizati onName AttributeType:= {id-at 10} */
#define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizati onalUnitName AttributeType:= {id-at 11} */ #define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizati onalUnitName AttributeType:= {id-at 11} */
#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddr
ess AttributeType:= {id-at 16} */
#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode
AttributeType:= {id-at 17} */
/* /*
* OIDs for standard certificate extensions * OIDs for standard certificate extensions
*/ */
#define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authori tyKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ #define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authori tyKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
#define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subject KeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ #define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subject KeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
#define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsag e OBJECT IDENTIFIER ::= { id-ce 15 } */ #define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsag e OBJECT IDENTIFIER ::= { id-ce 15 } */
#define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certifi catePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ #define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certifi catePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
#define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyM appings OBJECT IDENTIFIER ::= { id-ce 33 } */ #define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyM appings OBJECT IDENTIFIER ::= { id-ce 33 } */
#define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subject AltName OBJECT IDENTIFIER ::= { id-ce 17 } */ #define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subject AltName OBJECT IDENTIFIER ::= { id-ce 17 } */
 End of changes. 2 change blocks. 
0 lines changed or deleted 5 lines changed or added


 padlock.h   padlock.h 
skipping to change at line 40 skipping to change at line 40
#include "aes.h" #include "aes.h"
#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< In put data should be aligned. */ #define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< In put data should be aligned. */
#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) #if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__)
#ifndef POLARSSL_HAVE_X86 #ifndef POLARSSL_HAVE_X86
#define POLARSSL_HAVE_X86 #define POLARSSL_HAVE_X86
#endif #endif
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef INT32 int32_t; typedef INT32 int32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define PADLOCK_RNG 0x000C #define PADLOCK_RNG 0x000C
#define PADLOCK_ACE 0x00C0 #define PADLOCK_ACE 0x00C0
#define PADLOCK_PHE 0x0C00 #define PADLOCK_PHE 0x0C00
#define PADLOCK_PMM 0x3000 #define PADLOCK_PMM 0x3000
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 pbkdf2.h   pbkdf2.h 
skipping to change at line 37 skipping to change at line 37
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_PBKDF2_H #ifndef POLARSSL_PBKDF2_H
#define POLARSSL_PBKDF2_H #define POLARSSL_PBKDF2_H
#include <string.h> #include <string.h>
#include "md.h" #include "md.h"
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Ba d input parameters to function. */ #define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Ba d input parameters to function. */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 pkcs5.h   pkcs5.h 
skipping to change at line 37 skipping to change at line 37
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_PKCS5_H #ifndef POLARSSL_PKCS5_H
#define POLARSSL_PKCS5_H #define POLARSSL_PKCS5_H
#include <string.h> #include <string.h>
#include "asn1.h" #include "asn1.h"
#include "md.h" #include "md.h"
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Ba d input parameters to function. */ #define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Ba d input parameters to function. */
#define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Un expected ASN.1 data. */ #define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Un expected ASN.1 data. */
#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Re quested encryption or digest alg not available. */ #define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Re quested encryption or digest alg not available. */
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Gi ven private key password does not allow for correct decryption. */ #define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Gi ven private key password does not allow for correct decryption. */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 sha1.h   sha1.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA1_H #ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H #define POLARSSL_SHA1_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/w rite error in file. */ #define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/w rite error in file. */
#if !defined(POLARSSL_SHA1_ALT) #if !defined(POLARSSL_SHA1_ALT)
// Regular implementation // Regular implementation
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 sha256.h   sha256.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA256_H #ifndef POLARSSL_SHA256_H
#define POLARSSL_SHA256_H #define POLARSSL_SHA256_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define POLARSSL_ERR_SHA256_FILE_IO_ERROR -0x0078 /**< Read/w rite error in file. */ #define POLARSSL_ERR_SHA256_FILE_IO_ERROR -0x0078 /**< Read/w rite error in file. */
#if !defined(POLARSSL_SHA256_ALT) #if !defined(POLARSSL_SHA256_ALT)
// Regular implementation // Regular implementation
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 ssl.h   ssl.h 
skipping to change at line 135 skipping to change at line 135
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr ocessing of the Finished handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr ocessing of the Finished handshake message failed. */
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Me mory allocation failed */ #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Me mory allocation failed */
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Ha rdware acceleration function returned with error */ #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Ha rdware acceleration function returned with error */
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Ha rdware acceleration function skipped / left alone data */ #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Ha rdware acceleration function skipped / left alone data */
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Pr ocessing of the compression / decompression failed */ #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Pr ocessing of the compression / decompression failed */
#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Ha ndshake protocol not within min/max boundaries */ #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Ha ndshake protocol not within min/max boundaries */
#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Pr ocessing of the NewSessionTicket handshake message failed. */ #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Pr ocessing of the NewSessionTicket handshake message failed. */
#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Se ssion ticket has expired. */ #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Se ssion ticket has expired. */
#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Pu blic key type mismatch (eg, asked for RSA key exchange and presented EC key ) */ #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Pu blic key type mismatch (eg, asked for RSA key exchange and presented EC key ) */
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Un kown identity received (eg, PSK identity) */ #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Un kown identity received (eg, PSK identity) */
#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< In ternal error (eg, unexpected failure in lower-level module) */
/* /*
* Various constants * Various constants
*/ */
#define SSL_MAJOR_VERSION_3 3 #define SSL_MAJOR_VERSION_3 3
#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ #define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ #define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
skipping to change at line 202 skipping to change at line 203
#define SSL_IS_CLIENT 0 #define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1 #define SSL_IS_SERVER 1
#define SSL_COMPRESS_NULL 0 #define SSL_COMPRESS_NULL 0
#define SSL_COMPRESS_DEFLATE 1 #define SSL_COMPRESS_DEFLATE 1
#define SSL_VERIFY_NONE 0 #define SSL_VERIFY_NONE 0
#define SSL_VERIFY_OPTIONAL 1 #define SSL_VERIFY_OPTIONAL 1
#define SSL_VERIFY_REQUIRED 2 #define SSL_VERIFY_REQUIRED 2
#define SSL_INITIAL_HANDSHAKE 0 #define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1 #define SSL_RENEGOTIATION 1 /* In progress */
#define SSL_RENEGOTIATION_DONE 2 /* Done */
#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
#define SSL_LEGACY_RENEGOTIATION 0 #define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1 #define SSL_SECURE_RENEGOTIATION 1
#define SSL_RENEGOTIATION_DISABLED 0 #define SSL_RENEGOTIATION_DISABLED 0
#define SSL_RENEGOTIATION_ENABLED 1 #define SSL_RENEGOTIATION_ENABLED 1
#define SSL_LEGACY_NO_RENEGOTIATION 0 #define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
#define SSL_LEGACY_BREAK_HANDSHAKE 2 #define SSL_LEGACY_BREAK_HANDSHAKE 2
skipping to change at line 346 skipping to change at line 349
#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
#define TLS_EXT_SUPPORTED_POINT_FORMATS 11 #define TLS_EXT_SUPPORTED_POINT_FORMATS 11
#define TLS_EXT_SIG_ALG 13 #define TLS_EXT_SIG_ALG 13
#define TLS_EXT_SESSION_TICKET 35 #define TLS_EXT_SESSION_TICKET 35
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/* /*
* TLS extension flags (for extensions with outgoing ServerHello content
* that need it (e.g. for RENEGOTIATION_INFO the server already knows becau
se
* of state of the renegotiation flag, so no indicator is required)
*/
#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
/*
* Size defines * Size defines
*/ */
#if !defined(POLARSSL_MPI_MAX_SIZE) #if !defined(POLARSSL_MPI_MAX_SIZE)
#define POLARSSL_PREMASTER_SIZE 512 #define POLARSSL_PREMASTER_SIZE 512
#else #else
#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE #define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
skipping to change at line 549 skipping to change at line 559
size_t pmslen; /*!< premaster length */ size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */ unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[POLARSSL_PREMASTER_SIZE]; unsigned char premaster[POLARSSL_PREMASTER_SIZE];
/*!< premaster secret */ /*!< premaster secret */
int resume; /*!< session resume indicator*/ int resume; /*!< session resume indicator*/
int max_major_ver; /*!< max. major version client*/ int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/ int max_minor_ver; /*!< max. minor version client*/
int cli_exts; /*!< client extension presence*/
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */ int new_session_ticket; /*!< use NewSessionTicket? */
#endif /* POLARSSL_SSL_SESSION_TICKETS */ #endif /* POLARSSL_SSL_SESSION_TICKETS */
}; };
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
* Parameters needed to secure session tickets * Parameters needed to secure session tickets
*/ */
skipping to change at line 1414 skipping to change at line 1425
* Do not call this function if state is SSL_HANDSHAKE_OVER . * Do not call this function if state is SSL_HANDSHAKE_OVER .
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, POLARSSL_ERR_NET_WANT_READ, * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
* POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod e. * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod e.
*/ */
int ssl_handshake_step( ssl_context *ssl ); int ssl_handshake_step( ssl_context *ssl );
/** /**
* \brief Perform an SSL renegotiation on the running connection * \brief Initiate an SSL renegotiation on the running connection.
* Client: perform the renegotiation right now.
* Server: request renegotiation, which will be performed
* during the next call to ssl_read() if honored by client.
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if succesful, or any ssl_handshake() return value. * \return 0 if successful, or any ssl_handshake() return value.
*/ */
int ssl_renegotiate( ssl_context *ssl ); int ssl_renegotiate( ssl_context *ssl );
/** /**
* \brief Read at most 'len' application data bytes * \brief Read at most 'len' application data bytes
* *
* \param ssl SSL context * \param ssl SSL context
* \param buf buffer that will hold the data * \param buf buffer that will hold the data
* \param len how many bytes must be read * \param len how many bytes must be read
* *
skipping to change at line 1558 skipping to change at line 1572
: ssl->handshake->key_cert->key ); : ssl->handshake->key_cert->key );
} }
static inline x509_crt *ssl_own_cert( ssl_context *ssl ) static inline x509_crt *ssl_own_cert( ssl_context *ssl )
{ {
return( ssl->handshake->key_cert == NULL ? NULL return( ssl->handshake->key_cert == NULL ? NULL
: ssl->handshake->key_cert->cert ); : ssl->handshake->key_cert->cert );
} }
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
/* constant-time buffer comparison */
static inline int safer_memcmp( const void *a, const void *b, size_t n )
{
size_t i;
const unsigned char *A = (const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b;
unsigned char diff = 0;
for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i];
return( diff );
}
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* ssl.h */ #endif /* ssl.h */
 End of changes. 7 change blocks. 
3 lines changed or deleted 32 lines changed or added


 ssl_ciphersuites.h   ssl_ciphersuites.h 
skipping to change at line 159 skipping to change at line 159
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! * / #define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! * /
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! * / #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! * /
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */ #define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */ #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */ #define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2 */ #define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2 */ #define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08D /**< TLS 1.2 */
#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */
#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */ #define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */ #define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */ #define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */ #define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */ #define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */ #define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */ #define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */ #define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
typedef enum { typedef enum {
skipping to change at line 218 skipping to change at line 233
const int *ssl_list_ciphersuites( void ); const int *ssl_list_ciphersuites( void );
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersui te_name ); const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersui te_name );
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id ); const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
#if defined(POLARSSL_PK_C) #if defined(POLARSSL_PK_C)
pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info ); pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
#endif #endif
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info ); int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* ssl_ciphersuites.h */ #endif /* ssl_ciphersuites.h */
 End of changes. 3 change blocks. 
1 lines changed or deleted 17 lines changed or added


 version.h   version.h 
skipping to change at line 42 skipping to change at line 42
#define POLARSSL_VERSION_H #define POLARSSL_VERSION_H
#include "config.h" #include "config.h"
/** /**
* The version number x.y.z is split into three parts. * The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 3 #define POLARSSL_VERSION_MINOR 3
#define POLARSSL_VERSION_PATCH 1 #define POLARSSL_VERSION_PATCH 2
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define POLARSSL_VERSION_NUMBER 0x01030100 #define POLARSSL_VERSION_NUMBER 0x01030200
#define POLARSSL_VERSION_STRING "1.3.1" #define POLARSSL_VERSION_STRING "1.3.2"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.1" #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.2"
#if defined(POLARSSL_VERSION_C) #if defined(POLARSSL_VERSION_C)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* Get the version number. * Get the version number.
* *
 End of changes. 2 change blocks. 
4 lines changed or deleted 4 lines changed or added


 x509.h   x509.h 
skipping to change at line 268 skipping to change at line 268
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg, int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg ); pk_type_t *pk_alg );
int x509_get_time( unsigned char **p, const unsigned char *end, int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time ); x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end, int x509_get_serial( unsigned char **p, const unsigned char *end,
x509_buf *serial ); x509_buf *serial );
int x509_get_ext( unsigned char **p, const unsigned char *end, int x509_get_ext( unsigned char **p, const unsigned char *end,
x509_buf *ext, int tag ); x509_buf *ext, int tag );
int x509_load_file( const char *path, unsigned char **buf, size_t *n ); int x509_load_file( const char *path, unsigned char **buf, size_t *n );
int x509_key_size_helper( char *buf, size_t size, const char *name ); int x509_key_size_helper( char *buf, size_t size, const char *name );
int x509_string_to_names( asn1_named_data **head, char *name ); int x509_string_to_names( asn1_named_data **head, const char *name );
int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid _len, int critical, const unsigned char *val, size_t val_len ); int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid _len, int critical, const unsigned char *val, size_t val_len );
int x509_write_extensions( unsigned char **p, unsigned char *start, int x509_write_extensions( unsigned char **p, unsigned char *start,
asn1_named_data *first ); asn1_named_data *first );
int x509_write_names( unsigned char **p, unsigned char *start, int x509_write_names( unsigned char **p, unsigned char *start,
asn1_named_data *first ); asn1_named_data *first );
int x509_write_sig( unsigned char **p, unsigned char *start, int x509_write_sig( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len, const char *oid, size_t oid_len,
unsigned char *sig, size_t size ); unsigned char *sig, size_t size );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added


 x509_crt.h   x509_crt.h 
skipping to change at line 315 skipping to change at line 315
* e.g. "20131231235959" for December 31st 2013 * e.g. "20131231235959" for December 31st 2013
* at 23:59:59 * at 23:59:59
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* \param not_before not_before timestamp * \param not_before not_before timestamp
* \param not_after not_after timestamp * \param not_after not_after timestamp
* *
* \return 0 if timestamp was parsed successfully, or * \return 0 if timestamp was parsed successfully, or
* a specific error code * a specific error code
*/ */
int x509write_crt_set_validity( x509write_cert *ctx, char *not_before, int x509write_crt_set_validity( x509write_cert *ctx, const char *not_before
char *not_after ); ,
const char *not_after );
/** /**
* \brief Set the issuer name for a Certificate * \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list * Issuer names should contain a comma-separated list
* of OID types and values: * of OID types and values:
* e.g. "C=NL,O=Offspark,CN=PolarSSL CA" * e.g. "C=NL,O=Offspark,CN=PolarSSL CA"
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* \param issuer_name issuer name to set * \param issuer_name issuer name to set
* *
* \return 0 if issuer name was parsed successfully, or * \return 0 if issuer name was parsed successfully, or
* a specific error code * a specific error code
*/ */
int x509write_crt_set_issuer_name( x509write_cert *ctx, char *issuer_name ) int x509write_crt_set_issuer_name( x509write_cert *ctx,
; const char *issuer_name );
/** /**
* \brief Set the subject name for a Certificate * \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list * Subject names should contain a comma-separated list
* of OID types and values: * of OID types and values:
* e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1" * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* \param subject_name subject name to set * \param subject_name subject name to set
* *
* \return 0 if subject name was parsed successfully, or * \return 0 if subject name was parsed successfully, or
* a specific error code * a specific error code
*/ */
int x509write_crt_set_subject_name( x509write_cert *ctx, char *subject_name int x509write_crt_set_subject_name( x509write_cert *ctx,
); const char *subject_name );
/** /**
* \brief Set the subject public key for the certificate * \brief Set the subject public key for the certificate
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* \param key public key to include * \param key public key to include
*/ */
void x509write_crt_set_subject_key( x509write_cert *ctx, pk_context *key ); void x509write_crt_set_subject_key( x509write_cert *ctx, pk_context *key );
/** /**
skipping to change at line 403 skipping to change at line 405
* \param is_ca is this a CA certificate * \param is_ca is this a CA certificate
* \param max_pathlen maximum length of certificate chains below this * \param max_pathlen maximum length of certificate chains below this
* certificate (only for CA certificates, -1 is * certificate (only for CA certificates, -1 is
* inlimited) * inlimited)
* *
* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAI LED * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAI LED
*/ */
int x509write_crt_set_basic_constraints( x509write_cert *ctx, int x509write_crt_set_basic_constraints( x509write_cert *ctx,
int is_ca, int max_pathlen ); int is_ca, int max_pathlen );
#if defined(POLARSSL_SHA1_C)
/** /**
* \brief Set the subjectKeyIdentifier extension for a CRT * \brief Set the subjectKeyIdentifier extension for a CRT
* Requires that x509write_crt_set_subject_key() has been * Requires that x509write_crt_set_subject_key() has been
* called before * called before
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* *
* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAI LED * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAI LED
*/ */
int x509write_crt_set_subject_key_identifier( x509write_cert *ctx ); int x509write_crt_set_subject_key_identifier( x509write_cert *ctx );
skipping to change at line 424 skipping to change at line 427
/** /**
* \brief Set the authorityKeyIdentifier extension for a CRT * \brief Set the authorityKeyIdentifier extension for a CRT
* Requires that x509write_crt_set_issuer_key() has been * Requires that x509write_crt_set_issuer_key() has been
* called before * called before
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* *
* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAI LED * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAI LED
*/ */
int x509write_crt_set_authority_key_identifier( x509write_cert *ctx ); int x509write_crt_set_authority_key_identifier( x509write_cert *ctx );
#endif /* POLARSSL_SHA1_C */
/** /**
* \brief Set the Key Usage Extension flags * \brief Set the Key Usage Extension flags
* (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN) * (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
* *
* \param ctx CRT context to use * \param ctx CRT context to use
* \param key_usage key usage flags to set * \param key_usage key usage flags to set
* *
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILE D * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILE D
*/ */
 End of changes. 5 change blocks. 
6 lines changed or deleted 9 lines changed or added


 x509_csr.h   x509_csr.h 
skipping to change at line 158 skipping to change at line 158
* Subject names should contain a comma-separated list * Subject names should contain a comma-separated list
* of OID types and values: * of OID types and values:
* e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1" * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
* *
* \param ctx CSR context to use * \param ctx CSR context to use
* \param subject_name subject name to set * \param subject_name subject name to set
* *
* \return 0 if subject name was parsed successfully, or * \return 0 if subject name was parsed successfully, or
* a specific error code * a specific error code
*/ */
int x509write_csr_set_subject_name( x509write_csr *ctx, char *subject_name int x509write_csr_set_subject_name( x509write_csr *ctx,
); const char *subject_name );
/** /**
* \brief Set the key for a CSR (public key will be included, * \brief Set the key for a CSR (public key will be included,
* private key used to sign the CSR when writing it) * private key used to sign the CSR when writing it)
* *
* \param ctx CSR context to use * \param ctx CSR context to use
* \param key Asymetric key to include * \param key Asymetric key to include
*/ */
void x509write_csr_set_key( x509write_csr *ctx, pk_context *key ); void x509write_csr_set_key( x509write_csr *ctx, pk_context *key );
 End of changes. 1 change blocks. 
2 lines changed or deleted 2 lines changed or added


 xtea.h   xtea.h 
skipping to change at line 34 skipping to change at line 34
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_XTEA_H #ifndef POLARSSL_XTEA_H
#define POLARSSL_XTEA_H #define POLARSSL_XTEA_H
#include "config.h" #include "config.h"
#include <string.h> #include <string.h>
#ifdef _MSC_VER #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define XTEA_ENCRYPT 1 #define XTEA_ENCRYPT 1
#define XTEA_DECRYPT 0 #define XTEA_DECRYPT 0
#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< Th e data input has an invalid length. */ #define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< Th e data input has an invalid length. */
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/