diff --git a/ChangeLog b/ChangeLog index ee5d2f69a..493f7fbf1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ PolarSSL ChangeLog (Sorted per branch, date) = PolarSSL 1.3 branch +Changes + * POLARSSL_CONFIG_OPTIONS has been removed. All values are individually + checked and filled in the relevant module headers + Bugfix * Only iterate over actual certificates in ssl_write_certificate_request() (found by Matthew Page) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index ea32c68b2..dbab16b91 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -132,6 +132,24 @@ */ //#define POLARSSL_PLATFORM_MEMORY +/** + * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS + * + * Do not assign standard functions in the platform layer (e.g. malloc() to + * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF) + * + * This makes sure there are no linking errors on platforms that do not support + * these functions. You will HAVE to provide alternatives, either at runtime + * via the platform_set_xxx() functions or at compile time by setting + * the POLARSSL_PLATFORM_STD_XXX defines. + * + * Requires: POLARSSL_PLATFORM_C + * + * Uncomment to prevent default assignment of standard functions in the + * platform layer. + */ +//#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS + /** * \def POLARSSL_PLATFORM_XXX_ALT * @@ -2026,75 +2044,58 @@ * This section allows for the setting of module specific sizes and * configuration options. The default values are already present in the * relevant header files and should suffice for the regular use cases. - * Our advice is to enable POLARSSL_CONFIG_OPTIONS and change values here - * only if you have a good reason and know the consequences. * - * If POLARSSL_CONFIG_OPTIONS is undefined here the options in the module - * header file take precedence. + * Our advice is to enable options and change their values here + * only if you have a good reason and know the consequences. * * Please check the respective header file for documentation on these * parameters (to prevent duplicate documentation). - * - * Uncomment POLARSSL_CONFIG_OPTIONS to enable using the values defined here. * \{ */ -//#define POLARSSL_CONFIG_OPTIONS /**< Enable config.h module value configuration */ -#if defined(POLARSSL_CONFIG_OPTIONS) +/* MPI / BIGNUM options */ +//#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +//#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */ -// MPI / BIGNUM options -// -#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */ +/* CTR_DRBG options */ +//#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +//#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +//#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -// CTR_DRBG options -// -#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +/* HMAC_DRBG options */ +//#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +//#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -// HMAC_DRBG options -// -#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +/* ECP options */ +//#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +//#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +//#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ -// ECP options -// -#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +/* Entropy options */ +//#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ +//#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -// Entropy options -// -#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +/* Memory buffer allocator options */ +//#define MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ -// Memory buffer allocator options -#define MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ +/* Platform options */ +//#define POLARSSL_PLATFORM_STD_MEM_HDR /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ +//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -// Platform options -// -#define POLARSSL_PLATFORM_STD_MEM_HDR /**< Header to include for default allocator. Don't define if no header is needed. */ -#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ -#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +/* SSL Cache options */ +//#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +//#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ -// SSL Cache options -// -#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -// SSL options -// -#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ -#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ - -#endif /* POLARSSL_CONFIG_OPTIONS */ +/* SSL options */ +//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ +//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ /* \} name */ diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h index 3b2b27c08..5673fad3c 100644 --- a/include/polarssl/ctr_drbg.h +++ b/include/polarssl/ctr_drbg.h @@ -42,17 +42,39 @@ #define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE ) /**< The seed length (counter + AES key) */ -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(CTR_DRBG_ENTROPY_LEN) #if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256) #define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ #else #define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ #endif +#endif + +#if !defined(CTR_DRBG_RESEED_INTERVAL) #define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +#endif + +#if !defined(CTR_DRBG_MAX_INPUT) #define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +#endif + +#if !defined(CTR_DRBG_MAX_REQUEST) #define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +#endif + +#if !defined(CTR_DRBG_MAX_SEED_INPUT) #define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -#endif /* !POLARSSL_CONFIG_OPTIONS */ +#endif + +/* \} name SECTION: Module settings */ #define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */ #define CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */ diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 93fbe3d6e..2b56d27c5 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -168,7 +168,15 @@ typedef struct } ecp_keypair; -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(POLARSSL_ECP_MAX_BITS) /** * Maximum size of the groups (that is, of N and P) */ @@ -178,7 +186,7 @@ ecp_keypair; #define POLARSSL_ECP_MAX_BYTES ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 ) #define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 ) -#if !defined(POLARSSL_CONFIG_OPTIONS) +#if !defined(POLARSSL_ECP_WINDOW_SIZE) /* * Maximum "window" size used for point multiplication. * Default: 6. @@ -195,11 +203,14 @@ ecp_keypair; * 521 145 141 135 120 97 * 384 214 209 198 177 146 * 256 320 320 303 262 226 + * 224 475 475 453 398 342 * 192 640 640 633 587 476 */ #define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +#endif +#if !defined(POLARSSL_ECP_FIXED_POINT_OPTIM) /* * Trade memory for speed on fixed-point multiplication. * @@ -214,6 +225,8 @@ ecp_keypair; #define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ #endif +/* \} name SECTION: Module settings */ + /* * Point formats, from RFC 4492's enum ECPointFormat */ diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h index 9a5f4d7eb..4485d3e63 100644 --- a/include/polarssl/entropy.h +++ b/include/polarssl/entropy.h @@ -54,10 +54,23 @@ #define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */ #define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR -0x0058 /**< Read/write error in file. */ -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(ENTROPY_MAX_SOURCES) #define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ +#endif + +#if !defined(ENTROPY_MAX_GATHER) #define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -#endif /* !POLARSSL_CONFIG_OPTIONS */ +#endif + +/* \} name SECTION: Module settings */ #if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR) #define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ diff --git a/include/polarssl/hmac_drbg.h b/include/polarssl/hmac_drbg.h index a9b4cff72..709f25d19 100644 --- a/include/polarssl/hmac_drbg.h +++ b/include/polarssl/hmac_drbg.h @@ -37,12 +37,31 @@ #define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007 /**< Read/write error in file. */ #define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009 /**< The entropy source failed. */ -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(POLARSSL_HMAC_DRBG_RESEED_INTERVAL) #define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +#endif + +#if !defined(POLARSSL_HMAC_DRBG_MAX_INPUT) #define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +#endif + +#if !defined(POLARSSL_HMAC_DRBG_MAX_REQUEST) #define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +#endif + +#if !defined(POLARSSL_HMAC_DRBG_MAX_SEED_INPUT) #define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -#endif /* !POLARSSL_CONFIG_OPTIONS */ +#endif + +/* \} name SECTION: Module settings */ #define POLARSSL_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */ #define POLARSSL_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */ diff --git a/include/polarssl/memory_buffer_alloc.h b/include/polarssl/memory_buffer_alloc.h index ccddc0020..68477a477 100644 --- a/include/polarssl/memory_buffer_alloc.h +++ b/include/polarssl/memory_buffer_alloc.h @@ -31,9 +31,19 @@ #include -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(POLARSSL_MEMORY_ALIGN_MULTIPLE) #define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ -#endif /* POLARSSL_CONFIG_OPTIONS */ +#endif + +/* \} name SECTION: Module settings */ #define MEMORY_VERIFY_NONE 0 #define MEMORY_VERIFY_ALLOC (1 << 0) diff --git a/include/polarssl/platform.h b/include/polarssl/platform.h index a202ac15d..b61aad021 100644 --- a/include/polarssl/platform.h +++ b/include/polarssl/platform.h @@ -35,17 +35,35 @@ extern "C" { #endif -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS) #include +#if !defined(POLARSSL_PLATFORM_STD_PRINTF) #define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use */ +#endif +#if !defined(POLARSSL_PLATFORM_STD_FPRINTF) #define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */ +#endif +#if !defined(POLARSSL_PLATFORM_STD_MALLOC) #define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use */ +#endif +#if !defined(POLARSSL_PLATFORM_STD_FREE) #define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use */ -#else /* POLARSSL_CONFIG_OPTIONS */ +#endif +#else /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */ #if defined(POLARSSL_PLATFORM_STD_MEM_HDR) #include POLARSSL_PLATFORM_STD_MEM_HDR #endif -#endif /* POLARSSL_CONFIG_OPTIONS */ +#endif /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */ + +/* \} name SECTION: Module settings */ /* * The function pointers for malloc and free diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index cb3280505..eb7ac511e 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -228,9 +228,17 @@ #define SSL_SESSION_TICKETS_DISABLED 0 #define SSL_SESSION_TICKETS_ENABLED 1 -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(SSL_DEFAULT_TICKET_LIFETIME) #define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -#endif /* !POLARSSL_CONFIG_OPTIONS */ +#endif /* * Size of the input / output buffer. @@ -239,9 +247,11 @@ * communicate with you anymore. Only change this value if you control * both sides of the connection and have it reduced at both sides! */ -#if !defined(POLARSSL_CONFIG_OPTIONS) +#if !defined(SSL_MAX_CONTENT_LEN) #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ -#endif /* !POLARSSL_CONFIG_OPTIONS */ +#endif + +/* \} name SECTION: Module settings */ /* * Allow an extra 301 bytes for the record header diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h index 16144fee8..918fb608e 100644 --- a/include/polarssl/ssl_cache.h +++ b/include/polarssl/ssl_cache.h @@ -33,10 +33,23 @@ #include "threading.h" #endif -#if !defined(POLARSSL_CONFIG_OPTIONS) +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +#if !defined(SSL_CACHE_DEFAULT_TIMEOUT) #define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ +#endif + +#if !defined(SSL_CACHE_DEFAULT_MAX_ENTRIES) #define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ -#endif /* !POLARSSL_CONFIG_OPTIONS */ +#endif + +/* \} name SECTION: Module settings */ #ifdef __cplusplus extern "C" {