Bump mbedtls to 2.18.1 (headers).
(cherry picked from commit baa261cdc8
)
This commit is contained in:
parent
623a5499da
commit
a4ca649d52
|
@ -564,7 +564,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
|
|||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* Note that for both strategies, sizes are measured in blocks and
|
||||
* that an AES block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||
|
||||
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
|
||||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maximum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
@ -321,7 +321,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
|
|||
* for example, with 96-bit random nonces, you should not encrypt
|
||||
* more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* Note that for both strategies, sizes are measured in blocks and
|
||||
* that an ARIA block is 16 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
/** Buffer too small when writing ASN.1 data structure. */
|
||||
#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
|
||||
|
||||
/* \} name */
|
||||
/** \} name ASN1 Error codes */
|
||||
|
||||
/**
|
||||
* \name DER constants
|
||||
|
@ -121,8 +121,7 @@
|
|||
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
|
||||
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup asn1_module */
|
||||
/** \} name DER constants */
|
||||
|
||||
/** Returns the size of the binary string, without the trailing \\0 */
|
||||
#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
|
||||
|
@ -210,7 +209,7 @@ mbedtls_asn1_named_data;
|
|||
* \return 0 if successful.
|
||||
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
|
||||
* would end beyond \p end.
|
||||
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
|
||||
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
|
||||
*/
|
||||
int mbedtls_asn1_get_len( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
|
@ -235,7 +234,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
|
|||
* with the requested tag.
|
||||
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
|
||||
* would end beyond \p end.
|
||||
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
|
||||
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
|
||||
*/
|
||||
int mbedtls_asn1_get_tag( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
|
@ -607,6 +606,9 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
|
|||
*/
|
||||
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
|
||||
|
||||
/** \} name Functions to parse ASN.1 data structures */
|
||||
/** \} addtogroup asn1_module */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -989,7 +989,7 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
|
|||
* generate yourself and that are supposed to be prime, then
|
||||
* \p rounds should be at least the half of the security
|
||||
* strength of the cryptographic algorithm. On the other hand,
|
||||
* if \p X is chosen uniformly or non-adversially (as is the
|
||||
* if \p X is chosen uniformly or non-adversarially (as is the
|
||||
* case when mbedtls_mpi_gen_prime calls this function), then
|
||||
* \p rounds can be much lower.
|
||||
*
|
||||
|
|
|
@ -185,7 +185,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
|
|||
* #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
|
||||
* #MBEDTLS_BLOWFISH_DECRYPT for decryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv_off The offset in the initialiation vector.
|
||||
* \param iv_off The offset in the initialization vector.
|
||||
* The value pointed to must be smaller than \c 8 Bytes.
|
||||
* It is updated by this function to support the aforementioned
|
||||
* streaming usage.
|
||||
|
@ -246,7 +246,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
|
|||
* The recommended way to ensure uniqueness is to use a message
|
||||
* counter.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* Note that for both strategies, sizes are measured in blocks and
|
||||
* that a Blowfish block is 8 bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
|
|
|
@ -273,7 +273,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
|||
* encrypted: for example, with 96-bit random nonces, you should
|
||||
* not encrypt more than 2**32 messages with the same key.
|
||||
*
|
||||
* Note that for both stategies, sizes are measured in blocks and
|
||||
* Note that for both strategies, sizes are measured in blocks and
|
||||
* that a CAMELLIA block is \c 16 Bytes.
|
||||
*
|
||||
* \warning Upon return, \p stream_block contains sensitive data. Its
|
||||
|
|
|
@ -161,7 +161,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
|||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param nonce The nonce/IV to use for the message.
|
||||
* This must be a redable buffer of length \c 12 Bytes.
|
||||
* This must be a readable buffer of length \c 12 Bytes.
|
||||
* \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
|
||||
* #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
|
||||
*
|
||||
|
|
|
@ -173,7 +173,11 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
|
||||
#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
|
||||
|
@ -214,11 +218,32 @@
|
|||
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) && ( \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
|
||||
#error "MBEDTLS_CCM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
|
||||
#error "MBEDTLS_CCM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) && ( \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
|
||||
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
|
||||
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
|
||||
#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
|
||||
#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -338,11 +363,11 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
|
||||
#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
|
||||
#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
|
||||
|
@ -619,6 +644,18 @@
|
|||
#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
!defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C)
|
||||
#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \
|
||||
MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) && \
|
||||
!defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#error "MBEDTLS_PSA_CRYPTO_C, MBEDTLS_RSA_C and MBEDTLS_PKCS1_V15 defined, \
|
||||
but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) )
|
||||
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
|
||||
|
@ -761,14 +798,14 @@
|
|||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
|
||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
|
||||
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
|
||||
|
|
|
@ -128,7 +128,12 @@
|
|||
* MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
|
||||
* MBEDTLS_PLATFORM_STD_TIME.
|
||||
*
|
||||
* Comment if your system does not support time functions
|
||||
* Comment if your system does not support time functions.
|
||||
*
|
||||
* \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
|
||||
* interface - timing.c will include time.h on suitable platforms
|
||||
* regardless of the setting of MBEDTLS_HAVE_TIME, unless
|
||||
* MBEDTLS_TIMING_ALT is used. See timing.c for more information.
|
||||
*/
|
||||
#define MBEDTLS_HAVE_TIME
|
||||
|
||||
|
@ -321,7 +326,7 @@
|
|||
*/
|
||||
//#define MBEDTLS_CHECK_PARAMS_ASSERT
|
||||
|
||||
/* \} name SECTION: System support */
|
||||
/** \} name SECTION: System support */
|
||||
|
||||
/**
|
||||
* \name SECTION: mbed TLS feature support
|
||||
|
@ -395,7 +400,7 @@
|
|||
//#define MBEDTLS_XTEA_ALT
|
||||
|
||||
/*
|
||||
* When replacing the elliptic curve module, pleace consider, that it is
|
||||
* When replacing the elliptic curve module, please consider, that it is
|
||||
* implemented with two .c files:
|
||||
* - ecp.c
|
||||
* - ecp_curves.c
|
||||
|
@ -1493,7 +1498,7 @@
|
|||
* Enable an implementation of SHA-256 that has lower ROM footprint but also
|
||||
* lower performance.
|
||||
*
|
||||
* The default implementation is meant to be a reasonnable compromise between
|
||||
* The default implementation is meant to be a reasonable compromise between
|
||||
* performance and size. This version optimizes more aggressively for size at
|
||||
* the expense of performance. Eg on Cortex-M4 it reduces the size of
|
||||
* mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
|
||||
|
@ -1658,7 +1663,7 @@
|
|||
* Enable support for RFC 7627: Session Hash and Extended Master Secret
|
||||
* Extension.
|
||||
*
|
||||
* This was introduced as "the proper fix" to the Triple Handshake familiy of
|
||||
* This was introduced as "the proper fix" to the Triple Handshake family of
|
||||
* attacks, but it is recommended to always use it (even if you disable
|
||||
* renegotiation), since it actually fixes a more fundamental issue in the
|
||||
* original SSL/TLS design, and has implications beyond Triple Handshake.
|
||||
|
@ -1704,7 +1709,7 @@
|
|||
* \note This option has no influence on the protection against the
|
||||
* triple handshake attack. Even if it is disabled, Mbed TLS will
|
||||
* still ensure that certificates do not change during renegotiation,
|
||||
* for exaple by keeping a hash of the peer's certificate.
|
||||
* for example by keeping a hash of the peer's certificate.
|
||||
*
|
||||
* Comment this macro to disable storing the peer's certificate
|
||||
* after the handshake.
|
||||
|
@ -1909,7 +1914,7 @@
|
|||
* unless you know for sure amplification cannot be a problem in the
|
||||
* environment in which your server operates.
|
||||
*
|
||||
* \warning Disabling this can ba a security risk! (see above)
|
||||
* \warning Disabling this can be a security risk! (see above)
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_DTLS
|
||||
*
|
||||
|
@ -2162,8 +2167,19 @@
|
|||
* This setting allows support for cryptographic mechanisms through the PSA
|
||||
* API to be configured separately from support through the mbedtls API.
|
||||
*
|
||||
* Uncomment this to enable use of PSA Crypto configuration settings which
|
||||
* can be found in include/psa/crypto_config.h.
|
||||
* When this option is disabled, the PSA API exposes the cryptographic
|
||||
* mechanisms that can be implemented on top of the `mbedtls_xxx` API
|
||||
* configured with `MBEDTLS_XXX` symbols.
|
||||
*
|
||||
* When this option is enabled, the PSA API exposes the cryptographic
|
||||
* mechanisms requested by the `PSA_WANT_XXX` symbols defined in
|
||||
* include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
|
||||
* automatically enabled if required (i.e. if no PSA driver provides the
|
||||
* mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
|
||||
* in config.h.
|
||||
*
|
||||
* If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
|
||||
* an alternative header to include instead of include/psa/crypto_config.h.
|
||||
*
|
||||
* If you enable this option and write your own configuration file, you must
|
||||
* include mbedtls/config_psa.h in your configuration file. The default
|
||||
|
@ -2289,7 +2305,7 @@
|
|||
* Uncomment to enable use of ZLIB
|
||||
*/
|
||||
//#define MBEDTLS_ZLIB_SUPPORT
|
||||
/* \} name SECTION: mbed TLS feature support */
|
||||
/** \} name SECTION: mbed TLS feature support */
|
||||
|
||||
/**
|
||||
* \name SECTION: mbed TLS modules
|
||||
|
@ -2902,7 +2918,7 @@
|
|||
*
|
||||
* Requires: MBEDTLS_MD_C
|
||||
*
|
||||
* Uncomment to enable the HMAC_DRBG random number geerator.
|
||||
* Uncomment to enable the HMAC_DRBG random number generator.
|
||||
*/
|
||||
#define MBEDTLS_HMAC_DRBG_C
|
||||
|
||||
|
@ -3096,7 +3112,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_PK_C
|
||||
*
|
||||
* Enable the generic public (asymetric) key layer.
|
||||
* Enable the generic public (asymmetric) key layer.
|
||||
*
|
||||
* Module: library/pk.c
|
||||
* Caller: library/ssl_tls.c
|
||||
|
@ -3112,7 +3128,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_PK_PARSE_C
|
||||
*
|
||||
* Enable the generic public (asymetric) key parser.
|
||||
* Enable the generic public (asymmetric) key parser.
|
||||
*
|
||||
* Module: library/pkparse.c
|
||||
* Caller: library/x509_crt.c
|
||||
|
@ -3127,7 +3143,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_PK_WRITE_C
|
||||
*
|
||||
* Enable the generic public (asymetric) key writer.
|
||||
* Enable the generic public (asymmetric) key writer.
|
||||
*
|
||||
* Module: library/pkwrite.c
|
||||
* Caller: library/x509write.c
|
||||
|
@ -3466,6 +3482,10 @@
|
|||
* your own implementation of the whole module by setting
|
||||
* \c MBEDTLS_TIMING_ALT in the current file.
|
||||
*
|
||||
* \note The timing module will include time.h on suitable platforms
|
||||
* regardless of the setting of MBEDTLS_HAVE_TIME, unless
|
||||
* MBEDTLS_TIMING_ALT is used. See timing.c for more information.
|
||||
*
|
||||
* \note See also our Knowledge Base article about porting to a new
|
||||
* environment:
|
||||
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
|
||||
|
@ -3598,7 +3618,88 @@
|
|||
*/
|
||||
#define MBEDTLS_XTEA_C
|
||||
|
||||
/* \} name SECTION: mbed TLS modules */
|
||||
/** \} name SECTION: mbed TLS modules */
|
||||
|
||||
/**
|
||||
* \name SECTION: General configuration options
|
||||
*
|
||||
* This section contains Mbed TLS build settings that are not associated
|
||||
* with a particular module.
|
||||
*
|
||||
* \{
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CONFIG_FILE
|
||||
*
|
||||
* If defined, this is a header which will be included instead of
|
||||
* `"mbedtls/config.h"`.
|
||||
* This header file specifies the compile-time configuration of Mbed TLS.
|
||||
* Unlike other configuration options, this one must be defined on the
|
||||
* compiler command line: a definition in `config.h` would have no effect.
|
||||
*
|
||||
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
||||
* non-standard feature of the C language, so this feature is only available
|
||||
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
||||
*
|
||||
* The value of this symbol is typically a path in double quotes, either
|
||||
* absolute or relative to a directory on the include search path.
|
||||
*/
|
||||
//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_USER_CONFIG_FILE
|
||||
*
|
||||
* If defined, this is a header which will be included after
|
||||
* `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
|
||||
* This allows you to modify the default configuration, including the ability
|
||||
* to undefine options that are enabled by default.
|
||||
*
|
||||
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
||||
* non-standard feature of the C language, so this feature is only available
|
||||
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
||||
*
|
||||
* The value of this symbol is typically a path in double quotes, either
|
||||
* absolute or relative to a directory on the include search path.
|
||||
*/
|
||||
//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
|
||||
*
|
||||
* If defined, this is a header which will be included instead of
|
||||
* `"psa/crypto_config.h"`.
|
||||
* This header file specifies which cryptographic mechanisms are available
|
||||
* through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
|
||||
* is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
|
||||
*
|
||||
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
||||
* non-standard feature of the C language, so this feature is only available
|
||||
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
||||
*
|
||||
* The value of this symbol is typically a path in double quotes, either
|
||||
* absolute or relative to a directory on the include search path.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
|
||||
*
|
||||
* If defined, this is a header which will be included after
|
||||
* `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
|
||||
* This allows you to modify the default configuration, including the ability
|
||||
* to undefine options that are enabled by default.
|
||||
*
|
||||
* This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
|
||||
* non-standard feature of the C language, so this feature is only available
|
||||
* with compilers that perform macro expansion on an <tt>\#include</tt> line.
|
||||
*
|
||||
* The value of this symbol is typically a path in double quotes, either
|
||||
* absolute or relative to a directory on the include search path.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
|
||||
|
||||
/** \} name SECTION: General configuration options */
|
||||
|
||||
/**
|
||||
* \name SECTION: Module configuration options
|
||||
|
@ -3609,11 +3710,15 @@
|
|||
*
|
||||
* Our advice is to enable options and change their values here
|
||||
* only if you have a good reason and know the consequences.
|
||||
*
|
||||
* Please check the respective header file for documentation on these
|
||||
* parameters (to prevent duplicate documentation).
|
||||
* \{
|
||||
*/
|
||||
/* The Doxygen documentation here is used when a user comments out a
|
||||
* setting and runs doxygen themselves. On the other hand, when we typeset
|
||||
* the full documentation including disabled settings, the documentation
|
||||
* in specific modules' header files is used if present. When editing this
|
||||
* file, make sure that each option is documented in exactly one place,
|
||||
* plus optionally a same-line Doxygen comment here if there is a Doxygen
|
||||
* comment in the specific module. */
|
||||
|
||||
/* MPI / BIGNUM options */
|
||||
//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
|
||||
|
@ -4002,7 +4107,7 @@
|
|||
*/
|
||||
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
/** \} name SECTION: Module configuration options */
|
||||
|
||||
/* Target and application specific configurations
|
||||
*
|
||||
|
|
|
@ -138,7 +138,7 @@
|
|||
/**< The maximum size of seed or reseed buffer in bytes. */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_CTR_DRBG_PR_OFF 0
|
||||
/**< Prediction resistance is disabled. */
|
||||
|
|
|
@ -139,7 +139,7 @@ extern "C" {
|
|||
* discarded.
|
||||
* (Default value: 0 = No debug )
|
||||
*
|
||||
* \param threshold theshold level of messages to filter on. Messages at a
|
||||
* \param threshold threshold level of messages to filter on. Messages at a
|
||||
* higher level will be discarded.
|
||||
* - Debug levels
|
||||
* - 0 No debug
|
||||
|
|
|
@ -68,7 +68,7 @@ typedef enum {
|
|||
* (KeyExchange) as defined by the Thread spec.
|
||||
*
|
||||
* In order to benefit from this symmetry, we choose a different naming
|
||||
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
|
||||
* convention from the Thread v1.0 spec. Correspondence is indicated in the
|
||||
* description as a pair C: client name, S: server name
|
||||
*/
|
||||
typedef struct mbedtls_ecjpake_context
|
||||
|
|
|
@ -315,7 +315,7 @@ mbedtls_ecp_group;
|
|||
#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
|
||||
/*
|
||||
* Maximum "window" size used for point multiplication.
|
||||
* Default: a point where higher memory usage yields disminishing performance
|
||||
* Default: a point where higher memory usage yields diminishing performance
|
||||
* returns.
|
||||
* Minimum value: 2. Maximum value: 7.
|
||||
*
|
||||
|
@ -351,7 +351,7 @@ mbedtls_ecp_group;
|
|||
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
|
||||
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#else /* MBEDTLS_ECP_ALT */
|
||||
#include "ecp_alt.h"
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
*/
|
||||
/** Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
|
||||
/* \} name */
|
||||
/** \} name */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -74,7 +74,7 @@
|
|||
#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */
|
||||
#define MBEDTLS_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */
|
||||
|
@ -207,7 +207,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
|||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
|
||||
* \brief Initialisation of simplified HMAC_DRBG (never reseeds).
|
||||
*
|
||||
* This function is meant for use in algorithms that need a pseudorandom
|
||||
* input such as deterministic ECDSA.
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#define MBEDTLS_MEMORY_VERIFY_NONE 0
|
||||
#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
|
||||
|
|
|
@ -143,7 +143,7 @@
|
|||
#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
|
||||
#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
|
||||
#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
|
||||
#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
|
||||
#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
|
||||
#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
|
||||
#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
|
||||
/** Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
|
||||
/* \} name */
|
||||
/** \} name PEM Error codes */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -217,32 +217,6 @@ typedef struct
|
|||
typedef void mbedtls_pk_restart_ctx;
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/**
|
||||
* Quick access to an RSA context inside a PK context.
|
||||
*
|
||||
* \warning You must make sure the PK context actually holds an RSA context
|
||||
* before using this function!
|
||||
*/
|
||||
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
|
||||
{
|
||||
return( (mbedtls_rsa_context *) (pk).pk_ctx );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* Quick access to an EC context inside a PK context.
|
||||
*
|
||||
* \warning You must make sure the PK context actually holds an EC context
|
||||
* before using this function!
|
||||
*/
|
||||
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
|
||||
{
|
||||
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
/**
|
||||
* \brief Types for RSA-alt abstraction
|
||||
|
@ -656,6 +630,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
|
|||
*/
|
||||
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/**
|
||||
* Quick access to an RSA context inside a PK context.
|
||||
*
|
||||
* \warning This function can only be used when the type of the context, as
|
||||
* returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
|
||||
* Ensuring that is the caller's responsibility.
|
||||
* Alternatively, you can check whether this function returns NULL.
|
||||
*
|
||||
* \return The internal RSA context held by the PK context, or NULL.
|
||||
*/
|
||||
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
|
||||
{
|
||||
switch( mbedtls_pk_get_type( &pk ) )
|
||||
{
|
||||
case MBEDTLS_PK_RSA:
|
||||
return( (mbedtls_rsa_context *) (pk).pk_ctx );
|
||||
default:
|
||||
return( NULL );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* Quick access to an EC context inside a PK context.
|
||||
*
|
||||
* \warning This function can only be used when the type of the context, as
|
||||
* returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
|
||||
* #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
|
||||
* Ensuring that is the caller's responsibility.
|
||||
* Alternatively, you can check whether this function returns NULL.
|
||||
*
|
||||
* \return The internal EC context held by the PK context, or NULL.
|
||||
*/
|
||||
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
|
||||
{
|
||||
switch( mbedtls_pk_get_type( &pk ) )
|
||||
{
|
||||
case MBEDTLS_PK_ECKEY:
|
||||
case MBEDTLS_PK_ECKEY_DH:
|
||||
case MBEDTLS_PK_ECDSA:
|
||||
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
|
||||
default:
|
||||
return( NULL );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C)
|
||||
/** \ingroup pk_module */
|
||||
/**
|
||||
|
|
|
@ -70,7 +70,9 @@ extern "C" {
|
|||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include <time.h>
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
|
||||
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
|
||||
|
@ -127,7 +129,7 @@ extern "C" {
|
|||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free.
|
||||
|
|
|
@ -32,14 +32,6 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
/*
|
||||
* The time_t datatype
|
||||
*/
|
||||
|
|
|
@ -67,7 +67,7 @@ extern "C" {
|
|||
* \brief User supplied callback function for parameter validation failure.
|
||||
* See #MBEDTLS_CHECK_PARAMS for context.
|
||||
*
|
||||
* This function will be called unless an alternative treatement
|
||||
* This function will be called unless an alternative treatment
|
||||
* is defined through the #MBEDTLS_PARAM_FAILED macro.
|
||||
*
|
||||
* This function can return, and the operation will be aborted, or
|
||||
|
@ -198,7 +198,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
|||
*
|
||||
* This macro has an empty expansion. It exists for documentation purposes:
|
||||
* a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
|
||||
* has been analyzed for return-check usefuless, whereas the lack of
|
||||
* has been analyzed for return-check usefulness, whereas the lack of
|
||||
* an annotation indicates that the function has not been analyzed and its
|
||||
* return-check usefulness is unknown.
|
||||
*/
|
||||
|
|
|
@ -88,7 +88,7 @@
|
|||
|
||||
/*
|
||||
* The above constants may be used even if the RSA module is compile out,
|
||||
* eg for alternative (PKCS#11) RSA implemenations in the PK layers.
|
||||
* eg for alternative (PKCS#11) RSA implementations in the PK layers.
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -552,7 +552,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
*
|
||||
* \note Blinding is used if and only if a PRNG is provided.
|
||||
*
|
||||
* \note If blinding is used, both the base of exponentation
|
||||
* \note If blinding is used, both the base of exponentiation
|
||||
* and the exponent are blinded, providing protection
|
||||
* against some side-channel attacks.
|
||||
*
|
||||
|
@ -687,7 +687,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initnialized RSA context to use.
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. This is needed for padding
|
||||
* generation and must be provided.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
|
|
|
@ -349,7 +349,7 @@
|
|||
#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* Length of the verify data for secure renegotiation
|
||||
|
@ -1152,7 +1152,7 @@ struct mbedtls_ssl_config
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/** Callback to create & write a cookie for ClientHello veirifcation */
|
||||
/** Callback to create & write a cookie for ClientHello verification */
|
||||
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
|
||||
const unsigned char *, size_t );
|
||||
/** Callback to verify validity of a ClientHello cookie */
|
||||
|
@ -1405,7 +1405,7 @@ struct mbedtls_ssl_context
|
|||
unsigned char *compress_buf; /*!< zlib data buffer */
|
||||
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
signed char split_done; /*!< current record already splitted? */
|
||||
signed char split_done; /*!< current record already split? */
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
/*
|
||||
|
@ -1688,7 +1688,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
|
|||
*
|
||||
* \note The two most common use cases are:
|
||||
* - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
|
||||
* - blocking I/O, f_recv == NULL, f_recv_timout != NULL
|
||||
* - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
|
||||
*
|
||||
* \note For DTLS, you need to provide either a non-NULL
|
||||
* f_recv_timeout callback, or a f_recv that doesn't block.
|
||||
|
@ -1846,7 +1846,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
/**
|
||||
* \brief Set the Maximum Tranport Unit (MTU).
|
||||
* \brief Set the Maximum Transport Unit (MTU).
|
||||
* Special value: 0 means unset (no limit).
|
||||
* This represents the maximum size of a datagram payload
|
||||
* handled by the transport layer (usually UDP) as determined
|
||||
|
@ -2387,7 +2387,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
|
|||
* ones going through the authentication-decryption phase.
|
||||
*
|
||||
* \note This is a security trade-off related to the fact that it's
|
||||
* often relatively easy for an active attacker ot inject UDP
|
||||
* often relatively easy for an active attacker to inject UDP
|
||||
* datagrams. On one hand, setting a low limit here makes it
|
||||
* easier for such an attacker to forcibly terminated a
|
||||
* connection. On the other hand, a high limit or no limit
|
||||
|
@ -2498,7 +2498,7 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min,
|
|||
* successfully cached, return 1 otherwise.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param p_cache parmater (context) for both callbacks
|
||||
* \param p_cache parameter (context) for both callbacks
|
||||
* \param f_get_cache session get callback
|
||||
* \param f_set_cache session set callback
|
||||
*/
|
||||
|
@ -2529,7 +2529,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
|||
/**
|
||||
* \brief Load serialized session data into a session structure.
|
||||
* On client, this can be used for loading saved sessions
|
||||
* before resuming them with mbedstls_ssl_set_session().
|
||||
* before resuming them with mbedtls_ssl_set_session().
|
||||
* On server, this can be used for alternative implementations
|
||||
* of session cache or session tickets.
|
||||
*
|
||||
|
@ -2793,7 +2793,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
|
|||
*
|
||||
* \note On client, only the first call has any effect. That is,
|
||||
* only one client certificate can be provisioned. The
|
||||
* server's preferences in its CertficateRequest message will
|
||||
* server's preferences in its CertificateRequest message will
|
||||
* be ignored and our only cert will be sent regardless of
|
||||
* whether it matches those preferences - the server can then
|
||||
* decide what it wants to do with it.
|
||||
|
@ -3241,7 +3241,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
|||
* \param protos Pointer to a NULL-terminated list of supported protocols,
|
||||
* in decreasing preference order. The pointer to the list is
|
||||
* recorded by the library for later reference as required, so
|
||||
* the lifetime of the table must be atleast as long as the
|
||||
* the lifetime of the table must be at least as long as the
|
||||
* lifetime of the SSL configuration structure.
|
||||
*
|
||||
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
||||
|
@ -3255,7 +3255,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
|
|||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Protcol name, or NULL if no protocol was negotiated.
|
||||
* \return Protocol name, or NULL if no protocol was negotiated.
|
||||
*/
|
||||
const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
@ -3338,7 +3338,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
|
|||
unsigned char *mki_value,
|
||||
uint16_t mki_len );
|
||||
/**
|
||||
* \brief Get the negotiated DTLS-SRTP informations:
|
||||
* \brief Get the negotiated DTLS-SRTP information:
|
||||
* Protection profile and MKI value.
|
||||
*
|
||||
* \warning This function must be called after the handshake is
|
||||
|
@ -3346,7 +3346,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
|
|||
* not be trusted or acted upon before the handshake completes.
|
||||
*
|
||||
* \param ssl The SSL context to query.
|
||||
* \param dtls_srtp_info The negotiated DTLS-SRTP informations:
|
||||
* \param dtls_srtp_info The negotiated DTLS-SRTP information:
|
||||
* - Protection profile in use.
|
||||
* A direct mapping of the iana defined value for protection
|
||||
* profile on an uint16_t.
|
||||
|
@ -3508,7 +3508,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
|||
* \c mbedtls_ssl_get_record_expansion().
|
||||
*
|
||||
* \note For DTLS, it is also possible to set a limit for the total
|
||||
* size of daragrams passed to the transport layer, including
|
||||
* size of datagrams passed to the transport layer, including
|
||||
* record overhead, see \c mbedtls_ssl_set_mtu().
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
|
@ -3568,7 +3568,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
|
|||
* initiated by peer
|
||||
* (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
|
||||
*
|
||||
* \warning It is recommended to always disable renegotation unless you
|
||||
* \warning It is recommended to always disable renegotiation unless you
|
||||
* know you need it and you know what you're doing. In the
|
||||
* past, there have been several issues associated with
|
||||
* renegotiation or a poor understanding of its properties.
|
||||
|
@ -3631,7 +3631,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_
|
|||
* scenario.
|
||||
*
|
||||
* \note With DTLS and server-initiated renegotiation, the
|
||||
* HelloRequest is retransmited every time mbedtls_ssl_read() times
|
||||
* HelloRequest is retransmitted every time mbedtls_ssl_read() times
|
||||
* out or receives Application Data, until:
|
||||
* - max_records records have beens seen, if it is >= 0, or
|
||||
* - the number of retransmits that would happen during an
|
||||
|
@ -4263,7 +4263,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
|
|||
* \return \c 0 if successful.
|
||||
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
|
||||
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
|
||||
* while reseting the context.
|
||||
* while resetting the context.
|
||||
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
|
||||
* progress, or there is pending data for reading or sending,
|
||||
* or the connection does not use DTLS 1.2 with an AEAD
|
||||
|
@ -4357,7 +4357,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
|
||||
|
||||
/**
|
||||
* \brief Load reasonnable default SSL configuration values.
|
||||
* \brief Load reasonable default SSL configuration values.
|
||||
* (You need to call mbedtls_ssl_config_init() first.)
|
||||
*
|
||||
* \param conf SSL configuration context
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -84,7 +84,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
|
|||
* \brief Set expiration delay for cookies
|
||||
* (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
|
||||
*
|
||||
* \param ctx Cookie contex
|
||||
* \param ctx Cookie context
|
||||
* \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
|
||||
* issued in the meantime.
|
||||
* 0 to disable expiration (NOT recommended)
|
||||
|
|
|
@ -934,16 +934,22 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
|||
*/
|
||||
void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
||||
|
||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||
|
||||
|
@ -1023,27 +1029,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
|||
* following the above definition.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
unsigned update_hs_digest );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
|
||||
|
||||
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
|
||||
|
||||
/**
|
||||
|
@ -1108,13 +1126,18 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
|
|||
|
||||
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
|
||||
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_md_type_t md );
|
||||
#endif
|
||||
|
@ -1170,6 +1193,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
|
|||
*
|
||||
* Return 0 if everything is OK, -1 if not.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite,
|
||||
int cert_endpoint,
|
||||
|
@ -1218,21 +1242,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
|
||||
#endif
|
||||
|
||||
/* Visible for testing purposes only */
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
|
||||
void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
||||
#endif
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
||||
const mbedtls_ssl_session *src );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len );
|
||||
|
@ -1242,6 +1271,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
|||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash, size_t *hashlen,
|
||||
unsigned char *data, size_t data_len,
|
||||
|
@ -1254,11 +1284,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
|||
#endif
|
||||
|
||||
void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_transform *transform,
|
||||
mbedtls_record *rec,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
mbedtls_ssl_transform *transform,
|
||||
mbedtls_record *rec );
|
||||
|
@ -1276,10 +1308,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
|
||||
|
||||
void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
|
||||
|
@ -1287,6 +1321,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
|
|||
mbedtls_ssl_transform *transform );
|
||||
void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
|
@ -1296,6 +1331,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
|
|||
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
|
@ -1305,4 +1341,12 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
|
|||
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
int mbedtls_ssl_check_dtls_clihlo_cookie(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cli_id, size_t cli_id_len,
|
||||
const unsigned char *in, size_t in_len,
|
||||
unsigned char *obuf, size_t buf_len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#endif /* ssl_internal.h */
|
||||
|
|
|
@ -101,7 +101,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
|
|||
* supported. Usually that means a 256-bit key.
|
||||
*
|
||||
* \note The lifetime of the keys is twice the lifetime of tickets.
|
||||
* It is recommended to pick a reasonnable lifetime so as not
|
||||
* It is recommended to pick a reasonable lifetime so as not
|
||||
* to negate the benefits of forward secrecy.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
|
|
|
@ -38,16 +38,16 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 28
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
#define MBEDTLS_VERSION_PATCH 1
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021C0000
|
||||
#define MBEDTLS_VERSION_STRING "2.28.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021C0100
|
||||
#define MBEDTLS_VERSION_STRING "2.28.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.1"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@
|
|||
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
|
||||
/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
|
||||
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
|
||||
/* \} name */
|
||||
/** \} name X509 Error codes */
|
||||
|
||||
/**
|
||||
* \name X509 Verify codes
|
||||
|
@ -124,8 +124,8 @@
|
|||
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
|
||||
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup x509_module */
|
||||
/** \} name X509 Verify codes */
|
||||
/** \} addtogroup x509_module */
|
||||
|
||||
/*
|
||||
* X.509 v3 Subject Alternative Name types.
|
||||
|
@ -255,7 +255,6 @@ typedef struct mbedtls_x509_time
|
|||
mbedtls_x509_time;
|
||||
|
||||
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
|
||||
/** \} addtogroup x509_module */
|
||||
|
||||
/**
|
||||
* \brief Store the certificate DN in printable form into buf;
|
||||
|
@ -311,6 +310,8 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
|
|||
*/
|
||||
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
|
||||
|
||||
/** \} addtogroup x509_module */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
|
|
|
@ -162,8 +162,8 @@ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
|
|||
*/
|
||||
void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup x509_module */
|
||||
/** \} name Structures and functions for parsing CRLs */
|
||||
/** \} addtogroup x509_module */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -107,7 +107,7 @@ mbedtls_x509_crt;
|
|||
typedef struct mbedtls_x509_san_other_name
|
||||
{
|
||||
/**
|
||||
* The type_id is an OID as deifned in RFC 5280.
|
||||
* The type_id is an OID as defined in RFC 5280.
|
||||
* To check the value of the type id, you should use
|
||||
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
|
||||
*/
|
||||
|
@ -159,7 +159,9 @@ mbedtls_x509_subject_alternative_name;
|
|||
typedef struct mbedtls_x509_crt_profile
|
||||
{
|
||||
uint32_t allowed_mds; /**< MDs for signatures */
|
||||
uint32_t allowed_pks; /**< PK algs for signatures */
|
||||
uint32_t allowed_pks; /**< PK algs for public keys;
|
||||
* this applies to all certificates
|
||||
* in the provided chain. */
|
||||
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
|
||||
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
|
||||
}
|
||||
|
@ -850,8 +852,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
|
|||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup x509_module */
|
||||
/** \} name Structures and functions for parsing and writing X.509 certificates */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C)
|
||||
/**
|
||||
|
@ -862,7 +863,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
|
|||
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set the verion for a Certificate
|
||||
* \brief Set the version for a Certificate
|
||||
* Default: MBEDTLS_X509_CRT_VERSION_3
|
||||
*
|
||||
* \param ctx CRT context to use
|
||||
|
@ -978,7 +979,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
|
|||
* \param is_ca is this a CA certificate
|
||||
* \param max_pathlen maximum length of certificate chains below this
|
||||
* certificate (only for CA certificates, -1 is
|
||||
* inlimited)
|
||||
* unlimited)
|
||||
*
|
||||
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
|
||||
*/
|
||||
|
@ -1087,6 +1088,8 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
|
|||
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
||||
|
||||
/** \} addtogroup x509_module */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -151,8 +151,7 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
|
|||
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
|
||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup x509_module */
|
||||
/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
/**
|
||||
|
@ -182,7 +181,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
|
|||
* private key used to sign the CSR when writing it)
|
||||
*
|
||||
* \param ctx CSR context to use
|
||||
* \param key Asymetric key to include
|
||||
* \param key Asymmetric key to include
|
||||
*/
|
||||
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
|
||||
|
||||
|
@ -298,6 +297,8 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
|||
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||
#endif /* MBEDTLS_X509_CSR_WRITE_C */
|
||||
|
||||
/** \} addtogroup x509_module */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue