Apply clang formatting.
Executed with:
`find . -regextype posix-egrep -regex ".*\.([hc]|fmt|function)" | xargs -L1 clang-format-12 -i`
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 71677e9..622ac3c 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -48,23 +48,23 @@
/* padlock.c and aesni.c rely on these values! */
/** AES encryption. */
-#define MBEDTLS_AES_ENCRYPT 1
+#define MBEDTLS_AES_ENCRYPT 1
/** AES decryption. */
-#define MBEDTLS_AES_DECRYPT 0
+#define MBEDTLS_AES_DECRYPT 0
/* Error codes in range 0x0020-0x0022 */
/** Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
/** Invalid data input length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
/* Error codes in range 0x0021-0x0025 */
/** Invalid input data. */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
+#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+ !defined(__cplusplus)
+# define inline __inline
#endif
#ifdef __cplusplus
@@ -78,36 +78,31 @@
/**
* \brief The AES context-type definition.
*/
-typedef struct mbedtls_aes_context
-{
- int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
- uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
- uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
- hold 32 extra Bytes, which can be used for
- one of the following purposes:
- <ul><li>Alignment if VIA padlock is
- used.</li>
- <li>Simplifying key expansion in the 256-bit
- case by generating an extra round key.
- </li></ul> */
-}
-mbedtls_aes_context;
+typedef struct mbedtls_aes_context {
+ int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
+ uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
+ uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer
+ can hold 32 extra Bytes, which can be used for one of
+ the following purposes: <ul><li>Alignment if VIA
+ padlock is used.</li> <li>Simplifying key expansion
+ in the 256-bit case by generating an extra round key.
+ </li></ul> */
+} mbedtls_aes_context;
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
+# if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
* \brief The AES XTS context-type definition.
*/
-typedef struct mbedtls_aes_xts_context
-{
- mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
- encryption or decryption. */
- mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
- computation. */
+typedef struct mbedtls_aes_xts_context {
+ mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for
+ AES block encryption or decryption. */
+ mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for
+ tweak computation. */
} mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
+# endif /* MBEDTLS_CIPHER_MODE_XTS */
-#else /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
+#else /* MBEDTLS_AES_ALT */
+# include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
/**
@@ -118,7 +113,7 @@
*
* \param ctx The AES context to initialize. This must not be \c NULL.
*/
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
+void mbedtls_aes_init(mbedtls_aes_context *ctx);
/**
* \brief This function releases and clears the specified AES context.
@@ -127,7 +122,7 @@
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
+void mbedtls_aes_free(mbedtls_aes_context *ctx);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -138,7 +133,7 @@
*
* \param ctx The AES XTS context to initialize. This must not be \c NULL.
*/
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
+void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx);
/**
* \brief This function releases and clears the specified AES XTS context.
@@ -147,7 +142,7 @@
* If this is \c NULL, this function does nothing.
* Otherwise, the context must have been at least initialized.
*/
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
+void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -165,8 +160,9 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function sets the decryption key.
@@ -183,8 +179,9 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -203,9 +200,9 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function prepares an XTS context for decryption and
@@ -223,9 +220,9 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -251,10 +248,10 @@
* \return \c 0 on success.
*/
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -298,12 +295,12 @@
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -342,12 +339,12 @@
* smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
- int mode,
- size_t length,
- const unsigned char data_unit[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char data_unit[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -390,13 +387,13 @@
*
* \return \c 0 on success.
*/
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs an AES-CFB8 encryption or decryption
@@ -434,12 +431,12 @@
*
* \return \c 0 on success.
*/
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
@@ -488,12 +485,12 @@
*
* \return \c 0 on success.
*/
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_OFB */
@@ -574,13 +571,13 @@
*
* \return \c 0 on success.
*/
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/**
@@ -594,9 +591,9 @@
*
* \return \c 0 on success.
*/
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
/**
* \brief Internal AES block decryption function. This is only
@@ -609,9 +606,9 @@
*
* \return \c 0 on success.
*/
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -620,7 +617,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_aes_self_test( int verbose );
+int mbedtls_aes_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 903262d..62c4aa4 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -38,14 +38,14 @@
#include "mbedtls/platform_util.h"
/** ARIA encryption. */
-#define MBEDTLS_ARIA_ENCRYPT 1
+#define MBEDTLS_ARIA_ENCRYPT 1
/** ARIA decryption. */
-#define MBEDTLS_ARIA_DECRYPT 0
+#define MBEDTLS_ARIA_DECRYPT 0
/** ARIA block size in bytes. */
-#define MBEDTLS_ARIA_BLOCKSIZE 16
+#define MBEDTLS_ARIA_BLOCKSIZE 16
/** Maxiumum number of rounds in ARIA. */
-#define MBEDTLS_ARIA_MAX_ROUNDS 16
+#define MBEDTLS_ARIA_MAX_ROUNDS 16
/** Maximum size of an ARIA key in bytes. */
#define MBEDTLS_ARIA_MAX_KEYSIZE 32
@@ -66,16 +66,16 @@
/**
* \brief The ARIA context-type definition.
*/
-typedef struct mbedtls_aria_context
-{
- unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
+typedef struct mbedtls_aria_context {
+ unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16)
+ */
/*! The ARIA round keys. */
- uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
-}
-mbedtls_aria_context;
+ uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1]
+ [MBEDTLS_ARIA_BLOCKSIZE / 4];
+} mbedtls_aria_context;
-#else /* MBEDTLS_ARIA_ALT */
-#include "aria_alt.h"
+#else /* MBEDTLS_ARIA_ALT */
+# include "aria_alt.h"
#endif /* MBEDTLS_ARIA_ALT */
/**
@@ -86,7 +86,7 @@
*
* \param ctx The ARIA context to initialize. This must not be \c NULL.
*/
-void mbedtls_aria_init( mbedtls_aria_context *ctx );
+void mbedtls_aria_init(mbedtls_aria_context *ctx);
/**
* \brief This function releases and clears the specified ARIA context.
@@ -95,7 +95,7 @@
* case this function returns immediately. If it is not \c NULL,
* it must point to an initialized ARIA context.
*/
-void mbedtls_aria_free( mbedtls_aria_context *ctx );
+void mbedtls_aria_free(mbedtls_aria_context *ctx);
/**
* \brief This function sets the encryption key.
@@ -112,9 +112,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function sets the decryption key.
@@ -131,9 +131,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function performs an ARIA single-block encryption or
@@ -155,9 +155,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
- const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
+int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
+ const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
+ unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -201,12 +201,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -251,13 +251,13 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -338,13 +338,13 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
- unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
+ unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
@@ -353,7 +353,7 @@
*
* \return \c 0 on success, or \c 1 on failure.
*/
-int mbedtls_aria_self_test( int verbose );
+int mbedtls_aria_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index f45fc17..78c3fed 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -28,7 +28,7 @@
#include <stddef.h>
#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
+# include "mbedtls/bignum.h"
#endif
/**
@@ -44,19 +44,19 @@
* \{
*/
/** Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
/** ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
/** Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
/** Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
/** Data is invalid. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
+#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
/** Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
+#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
/** Buffer too small when writing ASN.1 data structure. */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
/* \} name */
@@ -71,38 +71,37 @@
* Such sequences are typically read into \c ::mbedtls_x509_buf.
* \{
*/
-#define MBEDTLS_ASN1_BOOLEAN 0x01
-#define MBEDTLS_ASN1_INTEGER 0x02
-#define MBEDTLS_ASN1_BIT_STRING 0x03
-#define MBEDTLS_ASN1_OCTET_STRING 0x04
-#define MBEDTLS_ASN1_NULL 0x05
-#define MBEDTLS_ASN1_OID 0x06
-#define MBEDTLS_ASN1_ENUMERATED 0x0A
-#define MBEDTLS_ASN1_UTF8_STRING 0x0C
-#define MBEDTLS_ASN1_SEQUENCE 0x10
-#define MBEDTLS_ASN1_SET 0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
-#define MBEDTLS_ASN1_T61_STRING 0x14
-#define MBEDTLS_ASN1_IA5_STRING 0x16
-#define MBEDTLS_ASN1_UTC_TIME 0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
-#define MBEDTLS_ASN1_BMP_STRING 0x1E
-#define MBEDTLS_ASN1_PRIMITIVE 0x00
-#define MBEDTLS_ASN1_CONSTRUCTED 0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
+#define MBEDTLS_ASN1_BOOLEAN 0x01
+#define MBEDTLS_ASN1_INTEGER 0x02
+#define MBEDTLS_ASN1_BIT_STRING 0x03
+#define MBEDTLS_ASN1_OCTET_STRING 0x04
+#define MBEDTLS_ASN1_NULL 0x05
+#define MBEDTLS_ASN1_OID 0x06
+#define MBEDTLS_ASN1_ENUMERATED 0x0A
+#define MBEDTLS_ASN1_UTF8_STRING 0x0C
+#define MBEDTLS_ASN1_SEQUENCE 0x10
+#define MBEDTLS_ASN1_SET 0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
+#define MBEDTLS_ASN1_T61_STRING 0x14
+#define MBEDTLS_ASN1_IA5_STRING 0x16
+#define MBEDTLS_ASN1_UTC_TIME 0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
+#define MBEDTLS_ASN1_BMP_STRING 0x1E
+#define MBEDTLS_ASN1_PRIMITIVE 0x00
+#define MBEDTLS_ASN1_CONSTRUCTED 0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
/* Slightly smaller way to check if tag is a string tag
* compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \
- ( ( tag ) < 32u && ( \
- ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \
- ( 1u << MBEDTLS_ASN1_T61_STRING ) | \
- ( 1u << MBEDTLS_ASN1_IA5_STRING ) | \
- ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \
- ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \
- ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
+ ((tag) < 32u && \
+ (((1u << (tag)) & \
+ ((1u << MBEDTLS_ASN1_BMP_STRING) | (1u << MBEDTLS_ASN1_UTF8_STRING) | \
+ (1u << MBEDTLS_ASN1_T61_STRING) | (1u << MBEDTLS_ASN1_IA5_STRING) | \
+ (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \
+ (1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \
+ (1u << MBEDTLS_ASN1_BIT_STRING))) != 0))
/*
* Bit masks for each of the components of an ASN.1 tag as specified in
@@ -114,9 +113,9 @@
* | Class | P/C | Tag number |
* +-------+-----+------------+
*/
-#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
+#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
+#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
+#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
/* \} name */
/* \} addtogroup asn1_module */
@@ -127,16 +126,16 @@
/**
* Compares an mbedtls_asn1_buf structure to a reference OID.
*
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot
+ * use a 'unsigned char *oid' here!
*/
-#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
- memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
+ ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \
+ memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0)
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
- ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
- memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
+#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
+ ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len)) || \
+ memcmp((oid_str), (oid_buf), (oid_buf_len)) != 0)
#ifdef __cplusplus
extern "C" {
@@ -150,46 +149,44 @@
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
-typedef struct mbedtls_asn1_buf
-{
- int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
- unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
+typedef struct mbedtls_asn1_buf {
+ int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
+} mbedtls_asn1_buf;
/**
* Container for ASN1 bit strings.
*/
-typedef struct mbedtls_asn1_bitstring
-{
- size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
- unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
- unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
+typedef struct mbedtls_asn1_bitstring {
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at
+ the end of the string */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
+} mbedtls_asn1_bitstring;
/**
* Container for a sequence of ASN.1 items
*/
-typedef struct mbedtls_asn1_sequence
-{
- mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
- struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
-}
-mbedtls_asn1_sequence;
+typedef struct mbedtls_asn1_sequence {
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given
+ ASN.1 item. */
+ struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in
+ the sequence. */
+} mbedtls_asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
-typedef struct mbedtls_asn1_named_data
-{
- mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
- mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
- struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
- unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
-}
-mbedtls_asn1_named_data;
+typedef struct mbedtls_asn1_named_data {
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+ struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry
+ in the sequence.
+ */
+ unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the
+ current one? */
+} mbedtls_asn1_named_data;
/**
* \brief Get the length of an ASN.1 element.
@@ -209,9 +206,9 @@
* would end beyond \p end.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
*/
-int mbedtls_asn1_get_len( unsigned char **p,
- const unsigned char *end,
- size_t *len );
+int mbedtls_asn1_get_len(unsigned char **p,
+ const unsigned char *end,
+ size_t *len);
/**
* \brief Get the tag and length of the element.
@@ -234,9 +231,10 @@
* would end beyond \p end.
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
*/
-int mbedtls_asn1_get_tag( unsigned char **p,
- const unsigned char *end,
- size_t *len, int tag );
+int mbedtls_asn1_get_tag(unsigned char **p,
+ const unsigned char *end,
+ size_t *len,
+ int tag);
/**
* \brief Retrieve a boolean ASN.1 tag and its value.
@@ -253,9 +251,9 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BOOLEAN.
*/
-int mbedtls_asn1_get_bool( unsigned char **p,
- const unsigned char *end,
- int *val );
+int mbedtls_asn1_get_bool(unsigned char **p,
+ const unsigned char *end,
+ int *val);
/**
* \brief Retrieve an integer ASN.1 tag and its value.
@@ -274,9 +272,7 @@
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
-int mbedtls_asn1_get_int( unsigned char **p,
- const unsigned char *end,
- int *val );
+int mbedtls_asn1_get_int(unsigned char **p, const unsigned char *end, int *val);
/**
* \brief Retrieve an enumerated ASN.1 tag and its value.
@@ -295,9 +291,9 @@
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
* not fit in an \c int.
*/
-int mbedtls_asn1_get_enum( unsigned char **p,
- const unsigned char *end,
- int *val );
+int mbedtls_asn1_get_enum(unsigned char **p,
+ const unsigned char *end,
+ int *val);
/**
* \brief Retrieve a bitstring ASN.1 tag and its value.
@@ -316,8 +312,9 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
*/
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
- mbedtls_asn1_bitstring *bs );
+int mbedtls_asn1_get_bitstring(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_bitstring *bs);
/**
* \brief Retrieve a bitstring ASN.1 tag without unused bits and its
@@ -337,9 +334,9 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 BIT STRING.
*/
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
- const unsigned char *end,
- size_t *len );
+int mbedtls_asn1_get_bitstring_null(unsigned char **p,
+ const unsigned char *end,
+ size_t *len);
/**
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>".
@@ -388,10 +385,10 @@
* \return An ASN.1 error code if the input does not start with
* a valid ASN.1 SEQUENCE.
*/
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_sequence *cur,
- int tag );
+int mbedtls_asn1_get_sequence_of(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_sequence *cur,
+ int tag);
/**
* \brief Free a heap-allocated linked list presentation of
* an ASN.1 sequence, including the first element.
@@ -413,7 +410,7 @@
* be \c NULL, in which case this functions returns
* immediately.
*/
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
+void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq);
/**
* \brief Traverse an ASN.1 SEQUENCE container and
@@ -503,11 +500,12 @@
int mbedtls_asn1_traverse_sequence_of(
unsigned char **p,
const unsigned char *end,
- unsigned char tag_must_mask, unsigned char tag_must_val,
- unsigned char tag_may_mask, unsigned char tag_may_val,
- int (*cb)( void *ctx, int tag,
- unsigned char* start, size_t len ),
- void *ctx );
+ unsigned char tag_must_mask,
+ unsigned char tag_must_val,
+ unsigned char tag_may_mask,
+ unsigned char tag_may_val,
+ int (*cb)(void *ctx, int tag, unsigned char *start, size_t len),
+ void *ctx);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -528,9 +526,9 @@
* not fit in an \c int.
* \return An MPI error code if the parsed value is too large.
*/
-int mbedtls_asn1_get_mpi( unsigned char **p,
- const unsigned char *end,
- mbedtls_mpi *X );
+int mbedtls_asn1_get_mpi(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_mpi *X);
#endif /* MBEDTLS_BIGNUM_C */
/**
@@ -549,9 +547,10 @@
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
-int mbedtls_asn1_get_alg( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+int mbedtls_asn1_get_alg(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_buf *alg,
+ mbedtls_asn1_buf *params);
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
@@ -568,9 +567,9 @@
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
-int mbedtls_asn1_get_alg_null( unsigned char **p,
- const unsigned char *end,
- mbedtls_asn1_buf *alg );
+int mbedtls_asn1_get_alg_null(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_asn1_buf *alg);
/**
* \brief Find a specific named_data entry in a sequence or list based on
@@ -582,8 +581,10 @@
*
* \return NULL if not found, or a pointer to the existing entry.
*/
-const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
- const char *oid, size_t len );
+const mbedtls_asn1_named_data *
+mbedtls_asn1_find_named_data(const mbedtls_asn1_named_data *list,
+ const char *oid,
+ size_t len);
/**
* \brief Free a mbedtls_asn1_named_data entry
@@ -592,7 +593,7 @@
* This function calls mbedtls_free() on
* `entry->oid.p` and `entry->val.p`.
*/
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry);
/**
* \brief Free all entries in a mbedtls_asn1_named_data list.
@@ -602,7 +603,7 @@
* mbedtls_free() on each list element and
* sets \c *head to \c NULL.
*/
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 7a57f15..c57831c 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -26,14 +26,13 @@
#include "mbedtls/asn1.h"
-#define MBEDTLS_ASN1_CHK_ADD(g, f) \
- do \
- { \
- if( ( ret = (f) ) < 0 ) \
- return ret ; \
- else \
- (g) += ret; \
- } while( 0 )
+#define MBEDTLS_ASN1_CHK_ADD(g, f) \
+ do { \
+ if ((ret = (f)) < 0) \
+ return ret; \
+ else \
+ (g) += ret; \
+ } while (0)
#ifdef __cplusplus
extern "C" {
@@ -51,8 +50,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
- size_t len );
+int mbedtls_asn1_write_len(unsigned char **p,
+ const unsigned char *start,
+ size_t len);
/**
* \brief Write an ASN.1 tag in ASN.1 format.
*
@@ -65,8 +65,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
- unsigned char tag );
+int mbedtls_asn1_write_tag(unsigned char **p,
+ const unsigned char *start,
+ unsigned char tag);
/**
* \brief Write raw buffer data.
@@ -81,8 +82,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size );
+int mbedtls_asn1_write_raw_buffer(unsigned char **p,
+ const unsigned char *start,
+ const unsigned char *buf,
+ size_t size);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -99,8 +102,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
- const mbedtls_mpi *X );
+int mbedtls_asn1_write_mpi(unsigned char **p,
+ const unsigned char *start,
+ const mbedtls_mpi *X);
#endif /* MBEDTLS_BIGNUM_C */
/**
@@ -115,7 +119,7 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
+int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start);
/**
* \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
@@ -131,8 +135,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
- const char *oid, size_t oid_len );
+int mbedtls_asn1_write_oid(unsigned char **p,
+ const unsigned char *start,
+ const char *oid,
+ size_t oid_len);
/**
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
@@ -149,10 +155,11 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
- const unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len );
+int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
+ const unsigned char *start,
+ const char *oid,
+ size_t oid_len,
+ size_t par_len);
/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
@@ -167,8 +174,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
- int boolean );
+int mbedtls_asn1_write_bool(unsigned char **p,
+ const unsigned char *start,
+ int boolean);
/**
* \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
@@ -184,7 +192,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val );
+int mbedtls_asn1_write_int(unsigned char **p,
+ const unsigned char *start,
+ int val);
/**
* \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
@@ -199,7 +209,9 @@
* \return The number of bytes written to \p p on success.
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val );
+int mbedtls_asn1_write_enum(unsigned char **p,
+ const unsigned char *start,
+ int val);
/**
* \brief Write a string in ASN.1 format using a specific
@@ -218,9 +230,11 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start,
- int tag, const char *text,
- size_t text_len );
+int mbedtls_asn1_write_tagged_string(unsigned char **p,
+ const unsigned char *start,
+ int tag,
+ const char *text,
+ size_t text_len);
/**
* \brief Write a string in ASN.1 format using the PrintableString
@@ -237,9 +251,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_printable_string( unsigned char **p,
- const unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_printable_string(unsigned char **p,
+ const unsigned char *start,
+ const char *text,
+ size_t text_len);
/**
* \brief Write a UTF8 string in ASN.1 format using the UTF8String
@@ -256,8 +271,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_utf8_string(unsigned char **p,
+ const unsigned char *start,
+ const char *text,
+ size_t text_len);
/**
* \brief Write a string in ASN.1 format using the IA5String
@@ -274,8 +291,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_ia5_string(unsigned char **p,
+ const unsigned char *start,
+ const char *text,
+ size_t text_len);
/**
* \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
@@ -291,8 +310,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t bits );
+int mbedtls_asn1_write_bitstring(unsigned char **p,
+ const unsigned char *start,
+ const unsigned char *buf,
+ size_t bits);
/**
* \brief This function writes a named bitstring tag
@@ -311,10 +332,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
- const unsigned char *start,
- const unsigned char *buf,
- size_t bits );
+int mbedtls_asn1_write_named_bitstring(unsigned char **p,
+ const unsigned char *start,
+ const unsigned char *buf,
+ size_t bits);
/**
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
@@ -330,8 +351,10 @@
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
-int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
- const unsigned char *buf, size_t size );
+int mbedtls_asn1_write_octet_string(unsigned char **p,
+ const unsigned char *start,
+ const unsigned char *buf,
+ size_t size);
/**
* \brief Create or find a specific named_data entry for writing in a
@@ -354,10 +377,12 @@
* \return A pointer to the new / existing entry on success.
* \return \c NULL if if there was a memory allocation error.
*/
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
- const char *oid, size_t oid_len,
- const unsigned char *val,
- size_t val_len );
+mbedtls_asn1_named_data *
+mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list,
+ const char *oid,
+ size_t oid_len,
+ const unsigned char *val,
+ size_t val_len);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 8378589..4fab98c 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -27,9 +27,9 @@
#include <stddef.h>
/** Output buffer too small. */
-#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A
/** Invalid character in input. */
-#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C
#ifdef __cplusplus
extern "C" {
@@ -54,8 +54,11 @@
* \note Call this function with dlen = 0 to obtain the
* required buffer size in *olen
*/
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen );
+int mbedtls_base64_encode(unsigned char *dst,
+ size_t dlen,
+ size_t *olen,
+ const unsigned char *src,
+ size_t slen);
/**
* \brief Decode a base64-formatted buffer
@@ -74,8 +77,11 @@
* \note Call this function with *dst = NULL or dlen = 0 to obtain
* the required buffer size in *olen
*/
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
- const unsigned char *src, size_t slen );
+int mbedtls_base64_decode(unsigned char *dst,
+ size_t dlen,
+ size_t *olen,
+ const unsigned char *src,
+ size_t slen);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -83,7 +89,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_base64_self_test( int verbose );
+int mbedtls_base64_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index a02a094..8e64923 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -29,37 +29,36 @@
#include <stdint.h>
#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
+# include <stdio.h>
#endif
/** An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
/** There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
/** The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
/** The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
/** The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
/** Memory allocation failed. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
+#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
-#define MBEDTLS_MPI_CHK(f) \
- do \
- { \
- if( ( ret = (f) ) != 0 ) \
- goto cleanup; \
- } while( 0 )
+#define MBEDTLS_MPI_CHK(f) \
+ do { \
+ if ((ret = (f)) != 0) \
+ goto cleanup; \
+ } while (0)
/*
* Maximum size MPIs are allowed to grow to in number of limbs.
*/
-#define MBEDTLS_MPI_MAX_LIMBS 10000
+#define MBEDTLS_MPI_MAX_LIMBS 10000
#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
/*
@@ -72,7 +71,7 @@
* Reduction in size, reduces speed.
*/
/** Maximum window size used. */
-#define MBEDTLS_MPI_WINDOW_SIZE 6
+# define MBEDTLS_MPI_WINDOW_SIZE 6
#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
#if !defined(MBEDTLS_MPI_MAX_SIZE)
@@ -84,16 +83,16 @@
* of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
*/
/** Maximum number of bytes for usable MPIs. */
-#define MBEDTLS_MPI_MAX_SIZE 1024
+# define MBEDTLS_MPI_MAX_SIZE 1024
#endif /* !MBEDTLS_MPI_MAX_SIZE */
-#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
+#define MBEDTLS_MPI_MAX_BITS \
+ (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */
/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
+ * When reading from files with mbedtls_mpi_read_file() and writing to files
+ * with mbedtls_mpi_write_file() the buffer should have space for a (short)
+ * label, the MPI (in the provided radix), the newline characters and the '\0'.
*
* By default we assume at least a 10 char label, a minimum radix of 10
* (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
@@ -107,9 +106,12 @@
* MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
* LabelSize + 6
*/
-#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS)
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE \
+ (((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
+ MBEDTLS_LN_2_DIV_LN_10_SCALE100) + \
+ 10 + 6)
/*
* Define the base integer type, architecture-wise.
@@ -122,63 +124,61 @@
* disabled by defining MBEDTLS_NO_UDBL_DIVISION.
*/
#if !defined(MBEDTLS_HAVE_INT32)
- #if defined(_MSC_VER) && defined(_M_AMD64)
- /* Always choose 64-bit when using MSC */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #elif defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- ( defined(__sparc__) && defined(__arch64__) ) || \
- defined(__s390x__) || defined(__mips64) || \
- defined(__aarch64__) )
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
- /*
- * __ARMCC_VERSION is defined for both armcc and armclang and
- * __aarch64__ is only defined by armclang when compiling 64-bit code
- */
- #if !defined(MBEDTLS_HAVE_INT64)
- #define MBEDTLS_HAVE_INT64
- #endif /* !MBEDTLS_HAVE_INT64 */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- /* mbedtls_t_udbl defined as 128-bit unsigned int */
- typedef __uint128_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
- #elif defined(MBEDTLS_HAVE_INT64)
- /* Force 64-bit integers with unknown compiler */
- typedef int64_t mbedtls_mpi_sint;
- typedef uint64_t mbedtls_mpi_uint;
- #endif
+# if defined(_MSC_VER) && defined(_M_AMD64)
+/* Always choose 64-bit when using MSC */
+# if !defined(MBEDTLS_HAVE_INT64)
+# define MBEDTLS_HAVE_INT64
+# endif /* !MBEDTLS_HAVE_INT64 */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+# elif defined(__GNUC__) && \
+ (defined(__amd64__) || defined(__x86_64__) || defined(__ppc64__) || \
+ defined(__powerpc64__) || defined(__ia64__) || defined(__alpha__) || \
+ (defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || \
+ defined(__mips64) || defined(__aarch64__))
+# if !defined(MBEDTLS_HAVE_INT64)
+# define MBEDTLS_HAVE_INT64
+# endif /* MBEDTLS_HAVE_INT64 */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+# if !defined(MBEDTLS_NO_UDBL_DIVISION)
+/* mbedtls_t_udbl defined as 128-bit unsigned int */
+typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+# define MBEDTLS_HAVE_UDBL
+# endif /* !MBEDTLS_NO_UDBL_DIVISION */
+# elif defined(__ARMCC_VERSION) && defined(__aarch64__)
+/*
+ * __ARMCC_VERSION is defined for both armcc and armclang and
+ * __aarch64__ is only defined by armclang when compiling 64-bit code
+ */
+# if !defined(MBEDTLS_HAVE_INT64)
+# define MBEDTLS_HAVE_INT64
+# endif /* !MBEDTLS_HAVE_INT64 */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+# if !defined(MBEDTLS_NO_UDBL_DIVISION)
+/* mbedtls_t_udbl defined as 128-bit unsigned int */
+typedef __uint128_t mbedtls_t_udbl;
+# define MBEDTLS_HAVE_UDBL
+# endif /* !MBEDTLS_NO_UDBL_DIVISION */
+# elif defined(MBEDTLS_HAVE_INT64)
+/* Force 64-bit integers with unknown compiler */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+# endif
#endif /* !MBEDTLS_HAVE_INT32 */
#if !defined(MBEDTLS_HAVE_INT64)
- /* Default to 32-bit compilation */
- #if !defined(MBEDTLS_HAVE_INT32)
- #define MBEDTLS_HAVE_INT32
- #endif /* !MBEDTLS_HAVE_INT32 */
- typedef int32_t mbedtls_mpi_sint;
- typedef uint32_t mbedtls_mpi_uint;
- #if !defined(MBEDTLS_NO_UDBL_DIVISION)
- typedef uint64_t mbedtls_t_udbl;
- #define MBEDTLS_HAVE_UDBL
- #endif /* !MBEDTLS_NO_UDBL_DIVISION */
+/* Default to 32-bit compilation */
+# if !defined(MBEDTLS_HAVE_INT32)
+# define MBEDTLS_HAVE_INT32
+# endif /* !MBEDTLS_HAVE_INT32 */
+typedef int32_t mbedtls_mpi_sint;
+typedef uint32_t mbedtls_mpi_uint;
+# if !defined(MBEDTLS_NO_UDBL_DIVISION)
+typedef uint64_t mbedtls_t_udbl;
+# define MBEDTLS_HAVE_UDBL
+# endif /* !MBEDTLS_NO_UDBL_DIVISION */
#endif /* !MBEDTLS_HAVE_INT64 */
#ifdef __cplusplus
@@ -188,13 +188,12 @@
/**
* \brief MPI structure
*/
-typedef struct mbedtls_mpi
-{
- int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
- size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
- mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
-}
-mbedtls_mpi;
+typedef struct mbedtls_mpi {
+ int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise
+ */
+ size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
+ mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
+} mbedtls_mpi;
/**
* \brief Initialize an MPI context.
@@ -204,7 +203,7 @@
*
* \param X The MPI context to initialize. This must not be \c NULL.
*/
-void mbedtls_mpi_init( mbedtls_mpi *X );
+void mbedtls_mpi_init(mbedtls_mpi *X);
/**
* \brief This function frees the components of an MPI context.
@@ -213,7 +212,7 @@
* in which case this function is a no-op. If it is
* not \c NULL, it must point to an initialized MPI.
*/
-void mbedtls_mpi_free( mbedtls_mpi *X );
+void mbedtls_mpi_free(mbedtls_mpi *X);
/**
* \brief Enlarge an MPI to the specified number of limbs.
@@ -228,7 +227,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs);
/**
* \brief This function resizes an MPI downwards, keeping at least the
@@ -245,7 +244,7 @@
* (this can only happen when resizing up).
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs);
/**
* \brief Make a copy of an MPI.
@@ -260,7 +259,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Swap the contents of two MPIs.
@@ -268,7 +267,7 @@
* \param X The first MPI. It must be initialized.
* \param Y The second MPI. It must be initialized.
*/
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y);
/**
* \brief Perform a safe conditional copy of MPI which doesn't
@@ -294,7 +293,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
+ const mbedtls_mpi *Y,
+ unsigned char assign);
/**
* \brief Perform a safe conditional swap which doesn't
@@ -319,7 +320,9 @@
* \return Another negative error code on other kinds of failure.
*
*/
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
+ mbedtls_mpi *Y,
+ unsigned char assign);
/**
* \brief Store integer value in MPI.
@@ -331,7 +334,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z);
/**
* \brief Get a specific bit from an MPI.
@@ -343,7 +346,7 @@
* of \c X is unset or set.
* \return A negative error code on failure.
*/
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos);
/**
* \brief Modify a specific bit in an MPI.
@@ -360,7 +363,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val);
/**
* \brief Return the number of bits of value \c 0 before the
@@ -374,7 +377,7 @@
* \return The number of bits of value \c 0 before the least significant
* bit of value \c 1 in \p X.
*/
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+size_t mbedtls_mpi_lsb(const mbedtls_mpi *X);
/**
* \brief Return the number of bits up to and including the most
@@ -388,7 +391,7 @@
* \return The number of bits up to and including the most
* significant bit of value \c 1.
*/
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X);
/**
* \brief Return the total size of an MPI value in bytes.
@@ -403,7 +406,7 @@
* \return The least number of bytes capable of storing
* the absolute value of \p X.
*/
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+size_t mbedtls_mpi_size(const mbedtls_mpi *X);
/**
* \brief Import an MPI from an ASCII string.
@@ -415,7 +418,7 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s);
/**
* \brief Export an MPI to an ASCII string.
@@ -439,8 +442,11 @@
* size of \p buf required for a successful call.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
- char *buf, size_t buflen, size_t *olen );
+int mbedtls_mpi_write_string(const mbedtls_mpi *X,
+ int radix,
+ char *buf,
+ size_t buflen,
+ size_t *olen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -464,7 +470,7 @@
* is too small.
* \return Another negative error code on failure.
*/
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin);
/**
* \brief Export an MPI into an opened file.
@@ -481,8 +487,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
- int radix, FILE *fout );
+int mbedtls_mpi_write_file(const char *p,
+ const mbedtls_mpi *X,
+ int radix,
+ FILE *fout);
#endif /* MBEDTLS_FS_IO */
/**
@@ -497,8 +505,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
- size_t buflen );
+int mbedtls_mpi_read_binary(mbedtls_mpi *X,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief Import X from unsigned binary data, little endian
@@ -512,8 +521,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
- const unsigned char *buf, size_t buflen );
+int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief Export X into unsigned binary data, big endian.
@@ -530,8 +540,9 @@
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
- size_t buflen );
+int mbedtls_mpi_write_binary(const mbedtls_mpi *X,
+ unsigned char *buf,
+ size_t buflen);
/**
* \brief Export X into unsigned binary data, little endian.
@@ -548,8 +559,9 @@
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
- unsigned char *buf, size_t buflen );
+int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
+ unsigned char *buf,
+ size_t buflen);
/**
* \brief Perform a left-shift on an MPI: X <<= count
@@ -561,7 +573,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count);
/**
* \brief Perform a right-shift on an MPI: X >>= count
@@ -573,7 +585,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count);
/**
* \brief Compare the absolute values of two MPIs.
@@ -585,7 +597,7 @@
* \return \c -1 if `|X|` is lesser than `|Y|`.
* \return \c 0 if `|X|` is equal to `|Y|`.
*/
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Compare two MPIs.
@@ -597,7 +609,7 @@
* \return \c -1 if \p X is lesser than \p Y.
* \return \c 0 if \p X is equal to \p Y.
*/
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y);
/**
* \brief Check if an MPI is less than the other in constant time.
@@ -614,8 +626,9 @@
* \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
* the two input MPIs is not the same.
*/
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
- unsigned *ret );
+int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
+ const mbedtls_mpi *Y,
+ unsigned *ret);
/**
* \brief Compare an MPI with an integer.
@@ -627,7 +640,7 @@
* \return \c -1 if \p X is lesser than \p z.
* \return \c 0 if \p X is equal to \p z.
*/
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z);
/**
* \brief Perform an unsigned addition of MPIs: X = |A| + |B|
@@ -640,8 +653,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_add_abs(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
@@ -655,8 +669,9 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_sub_abs(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a signed addition of MPIs: X = A + B
@@ -669,8 +684,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_add_mpi(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a signed subtraction of MPIs: X = A - B
@@ -683,8 +699,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_sub_mpi(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a signed addition of an MPI and an integer: X = A + b
@@ -697,8 +714,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_add_int(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a signed subtraction of an MPI and an integer:
@@ -712,8 +730,9 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_sub_int(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a multiplication of two MPIs: X = A * B
@@ -727,8 +746,9 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_mul_mpi(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a multiplication of an MPI with an unsigned integer:
@@ -743,8 +763,9 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
- mbedtls_mpi_uint b );
+int mbedtls_mpi_mul_int(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_uint b);
/**
* \brief Perform a division with remainder of two MPIs:
@@ -764,8 +785,10 @@
* \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_div_mpi(mbedtls_mpi *Q,
+ mbedtls_mpi *R,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a division with remainder of an MPI by an integer:
@@ -785,8 +808,10 @@
* \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_div_int(mbedtls_mpi *Q,
+ mbedtls_mpi *R,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a modular reduction. R = A mod B
@@ -805,8 +830,9 @@
* \return Another negative error code on different kinds of failure.
*
*/
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_mod_mpi(mbedtls_mpi *R,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *B);
/**
* \brief Perform a modular reduction with respect to an integer.
@@ -824,8 +850,9 @@
* \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
- mbedtls_mpi_sint b );
+int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_sint b);
/**
* \brief Perform a sliding-window exponentiation: X = A^E mod N
@@ -853,9 +880,11 @@
* \return Another negative error code on different kinds of failures.
*
*/
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *E, const mbedtls_mpi *N,
- mbedtls_mpi *prec_RR );
+int mbedtls_mpi_exp_mod(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *E,
+ const mbedtls_mpi *N,
+ mbedtls_mpi *prec_RR);
/**
* \brief Fill an MPI with a number of random bytes.
@@ -874,9 +903,10 @@
* as a big-endian representation of an MPI; this can
* be relevant in applications like deterministic ECDSA.
*/
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_fill_random(mbedtls_mpi *X,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/** Generate a random number uniformly in a range.
*
@@ -910,11 +940,11 @@
* for all usual cryptographic applications.
* \return Another negative error code on failure.
*/
-int mbedtls_mpi_random( mbedtls_mpi *X,
- mbedtls_mpi_sint min,
- const mbedtls_mpi *N,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_random(mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Compute the greatest common divisor: G = gcd(A, B)
@@ -927,8 +957,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
- const mbedtls_mpi *B );
+int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B);
/**
* \brief Compute the modular inverse: X = A^-1 mod N
@@ -946,8 +975,9 @@
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
* with respect to \p N.
*/
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
- const mbedtls_mpi *N );
+int mbedtls_mpi_inv_mod(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *N);
/**
* \brief Miller-Rabin primality test.
@@ -976,18 +1006,22 @@
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X,
+ int rounds,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Flags for mbedtls_mpi_gen_prime()
*
* Each of these flags is a constraint on the result X returned by
* mbedtls_mpi_gen_prime().
*/
-typedef enum {
- MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
- MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */
+typedef enum
+{
+ MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
+ MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from
+ 2<sup>-80</sup> to
+ 2<sup>-128</sup> */
} mbedtls_mpi_gen_prime_flag_t;
/**
@@ -1009,9 +1043,11 @@
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
* \c 3 and #MBEDTLS_MPI_MAX_BITS.
*/
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_gen_prime(mbedtls_mpi *X,
+ size_t nbits,
+ int flags,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_SELF_TEST)
@@ -1020,7 +1056,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_mpi_self_test( int verbose );
+int mbedtls_mpi_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 23f85ba..63fb976 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -6,22 +6,22 @@
* Include this file if you need to depend on the
* configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
*/
- /*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#ifndef MBEDTLS_BUILD_INFO_H
#define MBEDTLS_BUILD_INFO_H
@@ -36,33 +36,34 @@
* The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel
*/
-#define MBEDTLS_VERSION_MAJOR 3
-#define MBEDTLS_VERSION_MINOR 0
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_MAJOR 3
+#define MBEDTLS_VERSION_MINOR 0
+#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03000000
-#define MBEDTLS_VERSION_STRING "3.0.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0"
+#define MBEDTLS_VERSION_NUMBER 0x03000000
+#define MBEDTLS_VERSION_STRING "3.0.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
+# define _CRT_SECURE_NO_DEPRECATE 1
#endif
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/mbedtls_config.h"
+# include "mbedtls/mbedtls_config.h"
#else
-#include MBEDTLS_CONFIG_FILE
+# include MBEDTLS_CONFIG_FILE
#endif
-#if defined(MBEDTLS_CONFIG_VERSION) && ( \
- MBEDTLS_CONFIG_VERSION < 0x03000000 || \
- MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER )
-#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
+#if defined(MBEDTLS_CONFIG_VERSION) && \
+ (MBEDTLS_CONFIG_VERSION < 0x03000000 || \
+ MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER)
+# error \
+ "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
#endif
/* Target and application specific configurations
@@ -71,11 +72,11 @@
*
*/
#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
+# include MBEDTLS_USER_CONFIG_FILE
#endif
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "mbedtls/config_psa.h"
+# include "mbedtls/config_psa.h"
#endif
#include "mbedtls/check_config.h"
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 6feeaf0..fe5211e 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -30,8 +30,8 @@
#include "mbedtls/platform_util.h"
-#define MBEDTLS_CAMELLIA_ENCRYPT 1
-#define MBEDTLS_CAMELLIA_DECRYPT 0
+#define MBEDTLS_CAMELLIA_ENCRYPT 1
+#define MBEDTLS_CAMELLIA_DECRYPT 0
/** Bad input data. */
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
@@ -50,15 +50,13 @@
/**
* \brief CAMELLIA context structure
*/
-typedef struct mbedtls_camellia_context
-{
- int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
- uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
-}
-mbedtls_camellia_context;
+typedef struct mbedtls_camellia_context {
+ int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
+ uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
+} mbedtls_camellia_context;
-#else /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
+#else /* MBEDTLS_CAMELLIA_ALT */
+# include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
/**
@@ -67,7 +65,7 @@
* \param ctx The CAMELLIA context to be initialized.
* This must not be \c NULL.
*/
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+void mbedtls_camellia_init(mbedtls_camellia_context *ctx);
/**
* \brief Clear a CAMELLIA context.
@@ -76,7 +74,7 @@
* in which case this function returns immediately. If it is not
* \c NULL, it must be initialized.
*/
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+void mbedtls_camellia_free(mbedtls_camellia_context *ctx);
/**
* \brief Perform a CAMELLIA key schedule operation for encryption.
@@ -90,9 +88,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief Perform a CAMELLIA key schedule operation for decryption.
@@ -106,9 +104,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
@@ -125,10 +123,10 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -159,12 +157,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -205,13 +203,13 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- size_t *iv_off,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -289,13 +287,13 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
- size_t length,
- size_t *nc_off,
- unsigned char nonce_counter[16],
- unsigned char stream_block[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[16],
+ unsigned char stream_block[16],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
@@ -305,7 +303,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_camellia_self_test( int verbose );
+int mbedtls_camellia_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index b3adecc..77fc72a 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -52,15 +52,15 @@
#include "mbedtls/cipher.h"
-#define MBEDTLS_CCM_DECRYPT 0
-#define MBEDTLS_CCM_ENCRYPT 1
-#define MBEDTLS_CCM_STAR_DECRYPT 2
-#define MBEDTLS_CCM_STAR_ENCRYPT 3
+#define MBEDTLS_CCM_DECRYPT 0
+#define MBEDTLS_CCM_ENCRYPT 1
+#define MBEDTLS_CCM_STAR_DECRYPT 2
+#define MBEDTLS_CCM_STAR_ENCRYPT 3
/** Bad input parameters to the function. */
-#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D
+#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D
/** Authenticated decryption failed. */
-#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F
+#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F
#ifdef __cplusplus
extern "C" {
@@ -74,14 +74,13 @@
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
-typedef struct mbedtls_ccm_context
-{
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
-}
-mbedtls_ccm_context;
+typedef struct mbedtls_ccm_context {
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
+ context used. */
+} mbedtls_ccm_context;
-#else /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
+#else /* MBEDTLS_CCM_ALT */
+# include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
/**
@@ -91,7 +90,7 @@
*
* \param ctx The CCM context to initialize. This must not be \c NULL.
*/
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+void mbedtls_ccm_init(mbedtls_ccm_context *ctx);
/**
* \brief This function initializes the CCM context set in the
@@ -106,10 +105,10 @@
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function releases and clears the specified CCM context
@@ -118,7 +117,7 @@
* \param ctx The CCM context to clear. If this is \c NULL, the function
* has no effect. Otherwise, this must be initialized.
*/
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+void mbedtls_ccm_free(mbedtls_ccm_context *ctx);
/**
* \brief This function encrypts a buffer using CCM.
@@ -156,11 +155,16 @@
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *ad,
+ size_t ad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function encrypts a buffer using CCM*.
@@ -204,11 +208,16 @@
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *ad,
+ size_t ad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function performs a CCM authenticated decryption of a
@@ -241,11 +250,16 @@
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *ad,
+ size_t ad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ const unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function performs a CCM* authenticated decryption of a
@@ -286,11 +300,16 @@
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, unsigned char *output,
- const unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *ad,
+ size_t ad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ const unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function starts a CCM encryption or decryption
@@ -320,10 +339,10 @@
* \p iv_len is invalid (lower than \c 7 or greater than
* \c 13).
*/
-int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
- int mode,
- const unsigned char *iv,
- size_t iv_len );
+int mbedtls_ccm_starts(mbedtls_ccm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len);
/**
* \brief This function declares the lengths of the message
@@ -352,10 +371,10 @@
* \p ctx is in an invalid state,
* \p total_ad_len is greater than \c 0xFF00.
*/
-int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
- size_t total_ad_len,
- size_t plaintext_len,
- size_t tag_len );
+int mbedtls_ccm_set_lengths(mbedtls_ccm_context *ctx,
+ size_t total_ad_len,
+ size_t plaintext_len,
+ size_t tag_len);
/**
* \brief This function feeds an input buffer as associated data
@@ -387,9 +406,9 @@
* \p ctx is in an invalid state,
* total input length too long.
*/
-int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
- const unsigned char *ad,
- size_t ad_len );
+int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
+ const unsigned char *ad,
+ size_t ad_len);
/**
* \brief This function feeds an input buffer into an ongoing CCM
@@ -454,10 +473,12 @@
* total input length too long,
* or \p output_size too small.
*/
-int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
- const unsigned char *input, size_t input_len,
- unsigned char *output, size_t output_size,
- size_t *output_len );
+int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
+ const unsigned char *input,
+ size_t input_len,
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_len);
/**
* \brief This function finishes the CCM operation and generates
@@ -490,8 +511,9 @@
* mbedtls_ccm_update() was lower than the plaintext length
* \c plaintext_len passed to mbedtls_ccm_set_lengths().
*/
-int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
- unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
+ unsigned char *tag,
+ size_t tag_len);
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
@@ -500,7 +522,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_ccm_self_test( int verbose );
+int mbedtls_ccm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 8af16ed..dd5c7bf 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -39,7 +39,7 @@
#include <stddef.h>
/** Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051
+#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051
#ifdef __cplusplus
extern "C" {
@@ -47,16 +47,16 @@
#if !defined(MBEDTLS_CHACHA20_ALT)
-typedef struct mbedtls_chacha20_context
-{
- uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
- uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
- size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
-}
-mbedtls_chacha20_context;
+typedef struct mbedtls_chacha20_context {
+ uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round
+ operations). */
+ uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
+ size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes
+ already used. */
+} mbedtls_chacha20_context;
-#else /* MBEDTLS_CHACHA20_ALT */
-#include "chacha20_alt.h"
+#else /* MBEDTLS_CHACHA20_ALT */
+# include "chacha20_alt.h"
#endif /* MBEDTLS_CHACHA20_ALT */
/**
@@ -74,7 +74,7 @@
* \param ctx The ChaCha20 context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
+void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -85,7 +85,7 @@
* \c NULL, it must point to an initialized context.
*
*/
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
+void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx);
/**
* \brief This function sets the encryption/decryption key.
@@ -103,8 +103,8 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
*/
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
- const unsigned char key[32] );
+int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
+ const unsigned char key[32]);
/**
* \brief This function sets the nonce and initial counter value.
@@ -125,9 +125,9 @@
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
* NULL.
*/
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
- const unsigned char nonce[12],
- uint32_t counter );
+int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
+ const unsigned char nonce[12],
+ uint32_t counter);
/**
* \brief This function encrypts or decrypts data.
@@ -158,10 +158,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
- size_t size,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
+ size_t size,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function encrypts or decrypts data with ChaCha20 and
@@ -191,12 +191,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chacha20_crypt( const unsigned char key[32],
- const unsigned char nonce[12],
- uint32_t counter,
- size_t size,
- const unsigned char* input,
- unsigned char* output );
+int mbedtls_chacha20_crypt(const unsigned char key[32],
+ const unsigned char nonce[12],
+ uint32_t counter,
+ size_t size,
+ const unsigned char *input,
+ unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -205,7 +205,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_chacha20_self_test( int verbose );
+int mbedtls_chacha20_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 3f4318f..30fc91b 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -39,9 +39,9 @@
#include "mbedtls/poly1305.h"
/** The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054
/** Authenticated decryption failed: data was not authentic. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056
+#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056
#ifdef __cplusplus
extern "C" {
@@ -49,28 +49,31 @@
typedef enum
{
- MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */
- MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
-}
-mbedtls_chachapoly_mode_t;
+ MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption.
+ */
+ MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
+} mbedtls_chachapoly_mode_t;
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-#include "mbedtls/chacha20.h"
+# include "mbedtls/chacha20.h"
-typedef struct mbedtls_chachapoly_context
-{
- mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
- mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
- uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
- uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
- int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
- mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
-}
-mbedtls_chachapoly_context;
+typedef struct mbedtls_chachapoly_context {
+ mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20
+ context. */
+ mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305
+ context. */
+ uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional
+ Authenticated Data. */
+ uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the
+ ciphertext. */
+ int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
+ mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt
+ or decrypt). */
+} mbedtls_chachapoly_context;
#else /* !MBEDTLS_CHACHAPOLY_ALT */
-#include "chachapoly_alt.h"
+# include "chachapoly_alt.h"
#endif /* !MBEDTLS_CHACHAPOLY_ALT */
/**
@@ -115,7 +118,7 @@
*
* \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
*/
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
+void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -124,7 +127,7 @@
* \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
* case this function is a no-op.
*/
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
+void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx);
/**
* \brief This function sets the ChaCha20-Poly1305
@@ -137,8 +140,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
- const unsigned char key[32] );
+int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
+ const unsigned char key[32]);
/**
* \brief This function starts a ChaCha20-Poly1305 encryption or
@@ -165,9 +168,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
- const unsigned char nonce[12],
- mbedtls_chachapoly_mode_t mode );
+int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
+ const unsigned char nonce[12],
+ mbedtls_chachapoly_mode_t mode);
/**
* \brief This function feeds additional data to be authenticated
@@ -208,9 +211,9 @@
* if the operations has not been started or has been
* finished, or if the AAD has been finished.
*/
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
- const unsigned char *aad,
- size_t aad_len );
+int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
+ const unsigned char *aad,
+ size_t aad_len);
/**
* \brief Thus function feeds data to be encrypted or decrypted
@@ -243,10 +246,10 @@
* finished.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
- size_t len,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
+ size_t len,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function finished the ChaCha20-Poly1305 operation and
@@ -264,8 +267,8 @@
* finished.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
- unsigned char mac[16] );
+int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
+ unsigned char mac[16]);
/**
* \brief This function performs a complete ChaCha20-Poly1305
@@ -296,14 +299,14 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char *input,
- unsigned char *output,
- unsigned char tag[16] );
+int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned char tag[16]);
/**
* \brief This function performs a complete ChaCha20-Poly1305
@@ -330,14 +333,14 @@
* if the data was not authentic.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
- size_t length,
- const unsigned char nonce[12],
- const unsigned char *aad,
- size_t aad_len,
- const unsigned char tag[16],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
+ size_t length,
+ const unsigned char nonce[12],
+ const unsigned char *aad,
+ size_t aad_len,
+ const unsigned char tag[16],
+ const unsigned char *input,
+ unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -346,7 +349,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_chachapoly_self_test( int verbose );
+int mbedtls_chachapoly_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 84afcf0..f873d5a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -29,791 +29,830 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+# error "mbed TLS requires a platform with 8-bit chars"
#endif
#if defined(_WIN32)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
+# if !defined(MBEDTLS_PLATFORM_C)
+# error "MBEDTLS_PLATFORM_C is required on Windows"
+# endif
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
- * it would confuse config.py. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
- !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in
+ * mbedtls_config.h as it would confuse config.py. */
+# if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+ !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+# define MBEDTLS_PLATFORM_SNPRINTF_ALT
+# endif
-#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
- !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-#endif
+# if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
+ !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+# define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+# endif
#endif /* _WIN32 */
#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
-#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
+# error \
+ "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
#endif
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
- !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(__GNUC__) && \
+ !defined(__clang__)
+# error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
-#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+# error \
+ "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
+# error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+# error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+# error "MBEDTLS_DHM_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_CMAC_C) && \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
+#if defined(MBEDTLS_CMAC_C) && !defined(MBEDTLS_AES_C) && \
+ !defined(MBEDTLS_DES_C)
+# error "MBEDTLS_CMAC_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_NIST_KW_C) && \
- ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
-#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
+ (!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C))
+# error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+# error "MBEDTLS_ECDH_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECDSA_C) && \
- ( !defined(MBEDTLS_ECP_C) || \
- !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
- !defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECDSA_C) && \
+ (!defined(MBEDTLS_ECP_C) || \
+ !(defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)) || \
+ !defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_ASN1_WRITE_C))
+# error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECJPAKE_C) && \
- ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECJPAKE_C) && \
+ (!defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C))
+# error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_RESTARTABLE) && \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) || \
- defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
- defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
- defined(MBEDTLS_ECDSA_SIGN_ALT) || \
- defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
- defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
- defined(MBEDTLS_ECP_INTERNAL_ALT) || \
- defined(MBEDTLS_ECP_ALT) )
-#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
+#if defined(MBEDTLS_ECP_RESTARTABLE) && \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) || \
+ defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
+ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
+ defined(MBEDTLS_ECDSA_SIGN_ALT) || defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
+ defined(MBEDTLS_ECDSA_GENKEY_ALT) || defined(MBEDTLS_ECP_INTERNAL_ALT) || \
+ defined(MBEDTLS_ECP_ALT))
+# error \
+ "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+# error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
- !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_C) && (!defined(MBEDTLS_BIGNUM_C) || \
+ (!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)))
+# error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+# error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
#endif
-#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
- !defined(MBEDTLS_SHA256_C))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_C) && \
+ (!defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA256_C))
+# error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \
- defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \
+ defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && \
+ (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+# error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
- && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+ (!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256)) && \
+ defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && \
+ (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+# error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_FORCE_SHA256) && \
+ !defined(MBEDTLS_SHA256_C)
+# error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN
+# if __has_feature(memory_sanitizer)
+# define MBEDTLS_HAS_MEMSAN
+# endif
#endif
-#endif
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
-#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
+# error \
+ "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
#endif
#undef MBEDTLS_HAS_MEMSAN
-#if defined(MBEDTLS_GCM_C) && ( \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#if defined(MBEDTLS_GCM_C) && \
+ (!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && \
+ !defined(MBEDTLS_ARIA_C))
+# error "MBEDTLS_GCM_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
+# error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
+# error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
+# error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && \
+ !defined(MBEDTLS_ECP_INTERNAL_ALT)
+# error \
+ "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
+# error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && \
+ !defined(MBEDTLS_ECP_INTERNAL_ALT)
+# error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
+# error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
+# error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
+# error \
+ "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
#endif
#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
+# error "MBEDTLS_HKDF_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+# error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
+ (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
+ (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+# error \
+ "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
- !defined(MBEDTLS_ECDH_C)
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && !defined(MBEDTLS_ECDH_C)
+# error \
+ "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
+ (!defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+ (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
- ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
+ (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
+ (!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_PKCS1_V15))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
+ (!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_PKCS1_V15))
+# error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ (!defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED))
+# error \
+ "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
- ( !defined(MBEDTLS_SHA256_C) && \
- !defined(MBEDTLS_SHA512_C) && \
- !defined(MBEDTLS_SHA1_C) )
-#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
+ (!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) && \
+ !defined(MBEDTLS_SHA1_C))
+# error \
+ "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
#endif
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY))
+# error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+# error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
#endif
#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+# error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
#endif
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+# error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+# error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+# error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_C) && \
- ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
+ (!defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C))
+# error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+# error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+# error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
- defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_EXIT) || defined(MBEDTLS_PLATFORM_EXIT_ALT))
+# error \
+ "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_TIME_ALT) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME))
+# error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME))
+# error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME))
+# error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
- defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_TIME) || defined(MBEDTLS_PLATFORM_TIME_ALT))
+# error \
+ "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
- defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_TIME) || defined(MBEDTLS_PLATFORM_TIME_ALT))
+# error \
+ "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
- defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_FPRINTF) || \
+ defined(MBEDTLS_PLATFORM_FPRINTF_ALT))
+# error \
+ "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY))
+# error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
- defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && defined(MBEDTLS_PLATFORM_STD_FREE)
+# error \
+ "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+ !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+# error \
+ "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
#endif
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY))
+# error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+# error \
+ "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+ !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+# error \
+ "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
#endif
#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
- defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_PRINTF) || \
+ defined(MBEDTLS_PLATFORM_PRINTF_ALT))
+# error \
+ "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
- defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_SNPRINTF) || \
+ defined(MBEDTLS_PLATFORM_SNPRINTF_ALT))
+# error \
+ "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) && \
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
- !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) && !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+# error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
- ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_TIME) && \
+ (!defined(MBEDTLS_PLATFORM_TIME_ALT) || !defined(MBEDTLS_HAVE_TIME))
+# error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) && \
!defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) && \
!defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) && \
!defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+# error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
+ (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C))
+# error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
- !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) && !defined(MBEDTLS_ENTROPY_NV_SEED)
+# error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) && \
!defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
+# error \
+ "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) && \
!defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
+# error \
+ "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
- defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) || \
+ defined(MBEDTLS_PLATFORM_NV_SEED_ALT))
+# error \
+ "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
#endif
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
- defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) && \
+ (defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) || \
+ defined(MBEDTLS_PLATFORM_NV_SEED_ALT))
+# error \
+ "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
- !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
- defined(MBEDTLS_ENTROPY_C) ) || \
- defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
+ !(((defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C)) && \
+ defined(MBEDTLS_ENTROPY_C)) || \
+ defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG))
+# error \
+ "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
+# error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
- ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
- defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
-#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
+ !(defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_C))
+# error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- ! defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && !defined(MBEDTLS_PSA_CRYPTO_C)
+# error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- defined(MBEDTLS_ENTROPY_NV_SEED) )
-#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !(defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+ defined(MBEDTLS_ENTROPY_NV_SEED))
+# error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
!defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
+# error \
+ "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
#endif
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
+# error \
+ "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
#endif
-#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
- !defined(MBEDTLS_FS_IO)
-#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_ITS_FILE_C) && !defined(MBEDTLS_FS_IO)
+# error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
-#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
+# error \
+ "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
#endif
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#if defined(MBEDTLS_RSA_C) && \
+ (!defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_OID_C))
+# error "MBEDTLS_RSA_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
+#if defined(MBEDTLS_RSA_C) && \
+ (!defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_PKCS1_V15))
+# error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
#endif
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
-#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
+ (!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21))
+# error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
+# error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
#endif
#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
+# error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
#endif
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)
-#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
+# error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
- !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ (!defined(MBEDTLS_SHA1_C) && !defined(MBEDTLS_SHA256_C) && \
+ !defined(MBEDTLS_SHA512_C))
+# error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) && \
- !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
+ (!defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_SHA256_C) && \
+ !defined(MBEDTLS_SHA512_C))
+# error \
+ "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
-#error "One or more versions of the TLS protocol are enabled " \
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
+# error "One or more versions of the TLS protocol are enabled " \
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
#endif
-#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+# error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
+# error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \
- !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_TLS_C) && \
+ (!defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C))
+# error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
+# error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+# error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
-#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
+# error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
!defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
+# error \
+ "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
- ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
+ (!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS))
+# error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
- ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ (!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS))
+# error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
- defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
- MBEDTLS_SSL_CID_IN_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && MBEDTLS_SSL_CID_IN_LEN_MAX > 255
+# error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
#endif
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
- defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
- MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
+# error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+# error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+# error \
+ "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
#endif
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+# error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
- !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+ !defined(MBEDTLS_X509_CRT_PARSE_C)
+# error \
+ "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
+# if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+# error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+# endif
+# define MBEDTLS_THREADING_IMPL
#endif
#if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
+# if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+# error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+# endif
+# define MBEDTLS_THREADING_IMPL
#endif
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+# error \
+ "MBEDTLS_THREADING_C defined, single threading implementation required"
#endif
#undef MBEDTLS_THREADING_IMPL
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
+# error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
-#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
+# error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_PK_PARSE_C) )
-#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_USE_C) && \
+ (!defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_OID_C) || \
+ !defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_PK_PARSE_C))
+# error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
- !defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CREATE_C) && \
+ (!defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_OID_C) || \
+ !defined(MBEDTLS_ASN1_WRITE_C) || !defined(MBEDTLS_PK_WRITE_C))
+# error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && (!defined(MBEDTLS_X509_USE_C))
+# error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && (!defined(MBEDTLS_X509_USE_C))
+# error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && (!defined(MBEDTLS_X509_USE_C))
+# error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && (!defined(MBEDTLS_X509_CREATE_C))
+# error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && (!defined(MBEDTLS_X509_CREATE_C))
+# error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
+# error \
+ "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
+#if (defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64)) && \
defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
+# error \
+ "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_SRTP) && (!defined(MBEDTLS_SSL_PROTO_DTLS))
+# error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
-#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \
+ (!defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH))
+# error \
+ "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
#endif
-
-
/* Reject attempts to enable options that have been removed and that could
* cause a build to succeed but with features removed. */
#if defined(MBEDTLS_HAVEGE_C) //no-check-names
-#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
+# error \
+ "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
#endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+# error \
+ "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
-#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+# error \
+ "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+# error \
+ "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+# error \
+ "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
-#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
+# error \
+ "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
#endif
#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
-#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+# error \
+ "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
-#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
+# error \
+ "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
#endif
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+# error \
+ "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+# error \
+ "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
+# error \
+ "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
#endif
/*
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index d432830..4dbfa9d 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -33,43 +33,43 @@
#include <stddef.h>
#include "mbedtls/platform_util.h"
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
+# define MBEDTLS_CIPHER_MODE_AEAD
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
+# define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || defined(MBEDTLS_CHACHA20_C)
+# define MBEDTLS_CIPHER_MODE_STREAM
#endif
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+ !defined(__cplusplus)
+# define inline __inline
#endif
/** The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
/** Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
/** Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
/** Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
/** Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
/** The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
+#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
/** Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
/** Cipher accepts keys of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
#ifdef __cplusplus
extern "C" {
@@ -82,15 +82,18 @@
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
-typedef enum {
- MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
- MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
- MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
- MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
- MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
- MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
- MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
- MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
+typedef enum
+{
+ MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID
+ lists. */
+ MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream
+ cipher. */
+ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
+ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
+ MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
+ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
+ MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
+ MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
} mbedtls_cipher_id_t;
/**
@@ -100,122 +103,164 @@
* constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
-typedef enum {
- MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
- MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
- MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
- MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
- MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
- MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
- MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
- MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
- MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
- MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
- MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
- MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
- MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
- MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
- MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
- MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
- MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
- MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
- MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
+typedef enum
+{
+ MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair
+ lists. */
+ MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
+ MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
+ MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
+ MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
+ MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
+ MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
+ MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
+ MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
+ MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
+ MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
+ MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
+ MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
+ MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
+ MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
+ MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
+ MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128
+ mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128
+ mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128
+ mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode.
+ */
+ MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
+ MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
+ MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
+ MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
+ MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
+ MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
+ MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
+ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
+ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode.
+ */
+ MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode.
+ */
+ MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode.
+ */
+ MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode.
+ */
+ MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode.
+ */
+ MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode.
+ */
+ MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode.
+ */
+ MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode.
+ */
+ MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and
+ CFB-128 mode. */
+ MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and
+ CFB-128 mode. */
+ MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and
+ CFB-128 mode. */
+ MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode.
+ */
+ MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode.
+ */
+ MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode.
+ */
+ MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode.
+ */
+ MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode.
+ */
+ MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode.
+ */
+ MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode.
+ */
+ MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode.
+ */
+ MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode.
+ */
+ MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
+ MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
+ MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
+ MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
+ MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
+ MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
+ MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
+ MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
+ MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
+ MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
+ MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
+ MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
+ MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
} mbedtls_cipher_type_t;
/** Supported cipher modes. */
-typedef enum {
- MBEDTLS_MODE_NONE = 0, /**< None. */
- MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
- MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
- MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
- MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
- MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
- MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
- MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
- MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
- MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
- MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
- MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
- MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
+typedef enum
+{
+ MBEDTLS_MODE_NONE = 0, /**< None. */
+ MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
+ MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
+ MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
+ MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
+ MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
+ MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
+ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
+ MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
+ MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
+ MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
+ MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
+ MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
} mbedtls_cipher_mode_t;
/** Supported cipher padding types. */
-typedef enum {
- MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
+typedef enum
+{
+ MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
- MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
- MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
+ MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
+ MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
} mbedtls_cipher_padding_t;
/** Type of operation. */
-typedef enum {
+typedef enum
+{
MBEDTLS_OPERATION_NONE = -1,
MBEDTLS_DECRYPT = 0,
MBEDTLS_ENCRYPT,
} mbedtls_operation_t;
-enum {
+enum
+{
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE = 0,
/** Key length, in bits (including parity), for DES keys. */
- MBEDTLS_KEY_LENGTH_DES = 64,
+ MBEDTLS_KEY_LENGTH_DES = 64,
/** Key length in bits, including parity, for DES in two-key EDE. */
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
/** Key length in bits, including parity, for DES in three-key EDE. */
@@ -226,13 +271,13 @@
/* This should ideally be derived automatically from list of ciphers.
* This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
* in library/ssl_misc.h. */
-#define MBEDTLS_MAX_IV_LENGTH 16
+#define MBEDTLS_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in Bytes. */
/* This should ideally be derived automatically from list of ciphers.
* This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
* in library/ssl_misc.h. */
-#define MBEDTLS_MAX_BLOCK_LENGTH 16
+#define MBEDTLS_MAX_BLOCK_LENGTH 16
/** Maximum key length, in Bytes. */
/* This should ideally be derived automatically from list of ciphers.
@@ -242,9 +287,9 @@
* in library/ssl_misc.h, which however deliberately ignores the case of XTS
* since the latter isn't used in SSL/TLS. */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_MAX_KEY_LENGTH 64
+# define MBEDTLS_MAX_KEY_LENGTH 64
#else
-#define MBEDTLS_MAX_KEY_LENGTH 32
+# define MBEDTLS_MAX_KEY_LENGTH 32
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/**
@@ -261,8 +306,7 @@
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
-typedef struct mbedtls_cipher_info_t
-{
+typedef struct mbedtls_cipher_info_t {
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@@ -278,7 +322,7 @@
unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */
- const char * MBEDTLS_PRIVATE(name);
+ const char *MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
@@ -303,8 +347,7 @@
/**
* Generic cipher context.
*/
-typedef struct mbedtls_cipher_context_t
-{
+typedef struct mbedtls_cipher_context_t {
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
@@ -320,8 +363,12 @@
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
- void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
- int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
+ void (*MBEDTLS_PRIVATE(add_padding))(unsigned char *output,
+ size_t olen,
+ size_t data_len);
+ int (*MBEDTLS_PRIVATE(get_padding))(unsigned char *input,
+ size_t ilen,
+ size_t *data_len);
#endif
/** Buffer for input that has not been processed yet. */
@@ -371,7 +418,7 @@
* \return A statically-allocated array of cipher identifiers
* of type cipher_type_t. The last entry is zero.
*/
-const int *mbedtls_cipher_list( void );
+const int *mbedtls_cipher_list(void);
/**
* \brief This function retrieves the cipher-information
@@ -384,7 +431,8 @@
* given \p cipher_name.
* \return \c NULL if the associated cipher information is not found.
*/
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+const mbedtls_cipher_info_t *
+mbedtls_cipher_info_from_string(const char *cipher_name);
/**
* \brief This function retrieves the cipher-information
@@ -396,7 +444,8 @@
* given \p cipher_type.
* \return \c NULL if the associated cipher information is not found.
*/
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+const mbedtls_cipher_info_t *
+mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type);
/**
* \brief This function retrieves the cipher-information
@@ -412,16 +461,17 @@
* given \p cipher_id.
* \return \c NULL if the associated cipher information is not found.
*/
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
- int key_bitlen,
- const mbedtls_cipher_mode_t mode );
+const mbedtls_cipher_info_t *
+mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id,
+ int key_bitlen,
+ const mbedtls_cipher_mode_t mode);
/**
* \brief This function initializes a \p cipher_context as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx);
/**
* \brief This function frees and clears the cipher-specific
@@ -432,8 +482,7 @@
* function has no effect, otherwise this must point to an
* initialized context.
*/
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
+void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);
/**
* \brief This function prepares a cipher context for
@@ -461,8 +510,8 @@
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info );
+int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -486,9 +535,9 @@
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*/
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
- const mbedtls_cipher_info_t *cipher_info,
- size_t taglen );
+int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info,
+ size_t taglen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
@@ -499,11 +548,11 @@
* \return The block size of the underlying cipher.
* \return \c 0 if \p ctx has not been initialized.
*/
-static inline unsigned int mbedtls_cipher_get_block_size(
- const mbedtls_cipher_context_t *ctx )
+static inline unsigned int
+mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return 0;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
@@ -518,11 +567,11 @@
* \return The mode of operation.
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
- const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_cipher_mode_t
+mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_MODE_NONE;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
@@ -538,17 +587,17 @@
* \return \c 0 for ciphers not using an IV or a nonce.
* \return The actual size if an IV has been set.
*/
-static inline int mbedtls_cipher_get_iv_size(
- const mbedtls_cipher_context_t *ctx )
+static inline int
+mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return 0;
- if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
- return (int) ctx->MBEDTLS_PRIVATE(iv_size);
+ if (ctx->MBEDTLS_PRIVATE(iv_size) != 0)
+ return (int)ctx->MBEDTLS_PRIVATE(iv_size);
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
+ return (int)ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
}
/**
@@ -559,12 +608,11 @@
* \return The type of the cipher.
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
- const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_cipher_type_t
+mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_CIPHER_NONE);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_CIPHER_NONE;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
@@ -579,11 +627,11 @@
* \return The name of the cipher.
* \return NULL if \p ctx has not been not initialized.
*/
-static inline const char *mbedtls_cipher_get_name(
- const mbedtls_cipher_context_t *ctx )
+static inline const char *
+mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return 0;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
@@ -598,15 +646,14 @@
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized.
*/
-static inline int mbedtls_cipher_get_key_bitlen(
- const mbedtls_cipher_context_t *ctx )
+static inline int
+mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_KEY_LENGTH_NONE;
- return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
+ return (int)ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
}
/**
@@ -617,12 +664,11 @@
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
- const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_operation_t
+mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+ MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_OPERATION_NONE);
+ if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
return MBEDTLS_OPERATION_NONE;
return ctx->MBEDTLS_PRIVATE(operation);
@@ -644,10 +690,10 @@
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
- const unsigned char *key,
- int key_bitlen,
- const mbedtls_operation_t operation );
+int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
+ const unsigned char *key,
+ int key_bitlen,
+ const mbedtls_operation_t operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/**
@@ -666,8 +712,8 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
- mbedtls_cipher_padding_t mode );
+int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
+ mbedtls_cipher_padding_t mode);
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
/**
@@ -688,9 +734,9 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv,
- size_t iv_len );
+int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv,
+ size_t iv_len);
/**
* \brief This function resets the cipher state.
@@ -724,7 +770,7 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
@@ -739,8 +785,9 @@
* \return \c 0 on success.
* \return A specific error code on failure.
*/
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
- const unsigned char *ad, size_t ad_len );
+int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
+ const unsigned char *ad,
+ size_t ad_len);
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
@@ -772,10 +819,11 @@
* unsupported mode for a cipher.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input,
- size_t ilen, unsigned char *output,
- size_t *olen );
+int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t *olen);
/**
* \brief The generic cipher finalization function. If data still
@@ -799,8 +847,9 @@
* while decrypting.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output, size_t *olen );
+int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
+ unsigned char *output,
+ size_t *olen);
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/**
@@ -819,8 +868,9 @@
* \return \c 0 on success.
* \return A specific error code on failure.
*/
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
- unsigned char *tag, size_t tag_len );
+int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
+ unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function checks the tag for AEAD ciphers.
@@ -835,8 +885,9 @@
* \return \c 0 on success.
* \return A specific error code on failure.
*/
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
- const unsigned char *tag, size_t tag_len );
+int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
+ const unsigned char *tag,
+ size_t tag_len);
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
/**
@@ -872,10 +923,13 @@
* while decrypting.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen );
+int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t *olen);
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/**
@@ -922,12 +976,17 @@
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
+int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *ad,
+ size_t ad_len,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t output_len,
+ size_t *olen,
+ size_t tag_len);
/**
* \brief The authenticated encryption (AEAD/NIST_KW) function.
@@ -978,12 +1037,17 @@
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t output_len,
- size_t *olen, size_t tag_len );
+int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *ad,
+ size_t ad_len,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t output_len,
+ size_t *olen,
+ size_t tag_len);
#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
#ifdef __cplusplus
}
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 887c7cc..938b6b4 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -35,15 +35,15 @@
extern "C" {
#endif
-#define MBEDTLS_AES_BLOCK_SIZE 16
-#define MBEDTLS_DES3_BLOCK_SIZE 8
+#define MBEDTLS_AES_BLOCK_SIZE 16
+#define MBEDTLS_DES3_BLOCK_SIZE 8
#if defined(MBEDTLS_AES_C)
/** The longest block used by CMAC is that of AES. */
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 16
+# define MBEDTLS_CIPHER_BLKSIZE_MAX 16
#else
/** The longest block used by CMAC is that of 3DES. */
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 8
+# define MBEDTLS_CIPHER_BLKSIZE_MAX 8
#endif
#if !defined(MBEDTLS_CMAC_ALT)
@@ -51,21 +51,20 @@
/**
* The CMAC context structure.
*/
-struct mbedtls_cmac_context_t
-{
+struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
- unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
- unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
- size_t MBEDTLS_PRIVATE(unprocessed_len);
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
};
-#else /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
+#else /* !MBEDTLS_CMAC_ALT */
+# include "cmac_alt.h"
#endif /* !MBEDTLS_CMAC_ALT */
/**
@@ -90,8 +89,9 @@
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
- const unsigned char *key, size_t keybits );
+int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
+ const unsigned char *key,
+ size_t keybits);
/**
* \brief This function feeds an input buffer into an ongoing CMAC
@@ -109,8 +109,9 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
- const unsigned char *input, size_t ilen );
+int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the CMAC operation, and writes
@@ -127,8 +128,8 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
- unsigned char *output );
+int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
+ unsigned char *output);
/**
* \brief This function prepares the authentication of another
@@ -144,7 +145,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
+int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx);
/**
* \brief This function calculates the full generic CMAC
@@ -173,10 +174,12 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
- const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
+int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
+ const unsigned char *key,
+ size_t keylen,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output);
#if defined(MBEDTLS_AES_C)
/**
@@ -196,12 +199,15 @@
*
* \return \c 0 on success.
*/
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
- const unsigned char *input, size_t in_len,
- unsigned char output[16] );
+int mbedtls_aes_cmac_prf_128(const unsigned char *key,
+ size_t key_len,
+ const unsigned char *input,
+ size_t in_len,
+ unsigned char output[16]);
#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
+#if defined(MBEDTLS_SELF_TEST) && \
+ (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C))
/**
* \brief The CMAC checkup routine.
*
@@ -215,7 +221,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_cmac_self_test( int verbose );
+int mbedtls_cmac_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#ifdef __cplusplus
diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h
index cdf81dc..72c8383 100644
--- a/include/mbedtls/compat-2.x.h
+++ b/include/mbedtls/compat-2.x.h
@@ -23,36 +23,36 @@
*/
#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Including compat-2.x.h is deprecated"
+# warning "Including compat-2.x.h is deprecated"
#endif
#ifndef MBEDTLS_COMPAT2X_H
-#define MBEDTLS_COMPAT2X_H
+# define MBEDTLS_COMPAT2X_H
/*
* Macros for renamed functions
*/
-#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
-#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
-#define mbedtls_md5_starts_ret mbedtls_md5_starts
-#define mbedtls_md5_update_ret mbedtls_md5_update
-#define mbedtls_md5_finish_ret mbedtls_md5_finish
-#define mbedtls_md5_ret mbedtls_md5
-#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
-#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
-#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
-#define mbedtls_ripemd160_ret mbedtls_ripemd160
-#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
-#define mbedtls_sha1_update_ret mbedtls_sha1_update
-#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
-#define mbedtls_sha1_ret mbedtls_sha1
-#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
-#define mbedtls_sha256_update_ret mbedtls_sha256_update
-#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
-#define mbedtls_sha256_ret mbedtls_sha256
-#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
-#define mbedtls_sha512_update_ret mbedtls_sha512_update
-#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
-#define mbedtls_sha512_ret mbedtls_sha512
+# define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
+# define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
+# define mbedtls_md5_starts_ret mbedtls_md5_starts
+# define mbedtls_md5_update_ret mbedtls_md5_update
+# define mbedtls_md5_finish_ret mbedtls_md5_finish
+# define mbedtls_md5_ret mbedtls_md5
+# define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
+# define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
+# define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
+# define mbedtls_ripemd160_ret mbedtls_ripemd160
+# define mbedtls_sha1_starts_ret mbedtls_sha1_starts
+# define mbedtls_sha1_update_ret mbedtls_sha1_update
+# define mbedtls_sha1_finish_ret mbedtls_sha1_finish
+# define mbedtls_sha1_ret mbedtls_sha1
+# define mbedtls_sha256_starts_ret mbedtls_sha256_starts
+# define mbedtls_sha256_update_ret mbedtls_sha256_update
+# define mbedtls_sha256_finish_ret mbedtls_sha256_finish
+# define mbedtls_sha256_ret mbedtls_sha256
+# define mbedtls_sha512_starts_ret mbedtls_sha512_starts
+# define mbedtls_sha512_update_ret mbedtls_sha512_update
+# define mbedtls_sha512_finish_ret mbedtls_sha512_finish
+# define mbedtls_sha512_ret mbedtls_sha512
#endif /* MBEDTLS_COMPAT2X_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 9080cd1..c50bf0d 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -31,475 +31,473 @@
#define MBEDTLS_CONFIG_PSA_H
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "psa/crypto_config.h"
+# include "psa/crypto_config.h"
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
#ifdef __cplusplus
extern "C" {
#endif
-
-
/****************************************************************/
/* De facto synonyms */
/****************************************************************/
#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+# define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+# define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
#endif
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && \
+ !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+# define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && \
+ defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+# define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
#endif
-
-
/****************************************************************/
/* Require built-in implementations based on PSA requirements */
/****************************************************************/
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+# if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+# define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+# define MBEDTLS_ECDSA_DETERMINISTIC
+# define MBEDTLS_ECDSA_C
+# define MBEDTLS_HMAC_DRBG_C
+# define MBEDTLS_MD_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
+# endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
+# if defined(PSA_WANT_ALG_ECDH)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
+# define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+# define MBEDTLS_ECDH_C
+# define MBEDTLS_ECP_C
+# define MBEDTLS_BIGNUM_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
+# endif /* PSA_WANT_ALG_ECDH */
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
+# if defined(PSA_WANT_ALG_ECDSA)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
+# define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+# define MBEDTLS_ECDSA_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
+# endif /* PSA_WANT_ALG_ECDSA */
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
+# if defined(PSA_WANT_ALG_HKDF)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+# define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+# define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
+# endif /* PSA_WANT_ALG_HKDF */
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
+# if defined(PSA_WANT_ALG_HMAC)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+# define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+# endif /* PSA_WANT_ALG_HMAC */
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
+# if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+# define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+# define MBEDTLS_MD5_C
+# endif
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
+# if defined(PSA_WANT_ALG_RIPEMD160) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+# define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+# define MBEDTLS_RIPEMD160_C
+# endif
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
+# if defined(PSA_WANT_ALG_RSA_OAEP)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+# define MBEDTLS_RSA_C
+# define MBEDTLS_BIGNUM_C
+# define MBEDTLS_OID_C
+# define MBEDTLS_PKCS1_V21
+# define MBEDTLS_MD_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
+# endif /* PSA_WANT_ALG_RSA_OAEP */
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
+# if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+# define MBEDTLS_RSA_C
+# define MBEDTLS_BIGNUM_C
+# define MBEDTLS_OID_C
+# define MBEDTLS_PKCS1_V15
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
+# endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
+# if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+# define MBEDTLS_RSA_C
+# define MBEDTLS_BIGNUM_C
+# define MBEDTLS_OID_C
+# define MBEDTLS_PKCS1_V15
+# define MBEDTLS_MD_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
+# endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
+# if defined(PSA_WANT_ALG_RSA_PSS)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+# define MBEDTLS_RSA_C
+# define MBEDTLS_BIGNUM_C
+# define MBEDTLS_OID_C
+# define MBEDTLS_PKCS1_V21
+# define MBEDTLS_MD_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
+# endif /* PSA_WANT_ALG_RSA_PSS */
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
+# if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+# define MBEDTLS_SHA1_C
+# endif
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA224_C
-#endif
+# if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+# define MBEDTLS_SHA224_C
+# endif
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
+# if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+# define MBEDTLS_SHA256_C
+# endif
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA384_C
-#endif
+# if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+# define MBEDTLS_SHA384_C
+# endif
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
+# if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+# define MBEDTLS_SHA512_C
+# endif
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
+# if defined(PSA_WANT_ALG_TLS12_PRF)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
+# define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
+# endif /* PSA_WANT_ALG_TLS12_PRF */
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+# if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
+# define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
+# endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+# if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
+# define MBEDTLS_ECP_C
+# define MBEDTLS_BIGNUM_C
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
+# endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+# if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+# define MBEDTLS_ECP_C
+# define MBEDTLS_BIGNUM_C
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
+# endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_GENPRIME
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+# if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
+# define MBEDTLS_RSA_C
+# define MBEDTLS_BIGNUM_C
+# define MBEDTLS_OID_C
+# define MBEDTLS_GENPRIME
+# define MBEDTLS_PK_PARSE_C
+# define MBEDTLS_PK_WRITE_C
+# define MBEDTLS_PK_C
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
+# endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
+# if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+# define MBEDTLS_RSA_C
+# define MBEDTLS_BIGNUM_C
+# define MBEDTLS_OID_C
+# define MBEDTLS_PK_PARSE_C
+# define MBEDTLS_PK_WRITE_C
+# define MBEDTLS_PK_C
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
+# endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
/* If any of the block modes are requested that don't have an
* associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
* in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
- (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
- (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
- (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
- defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
- (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
- (defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
- (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
+# if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
+ (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
+ (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
+ (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
+ defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
+ (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
+ (defined(PSA_WANT_ALG_CBC_PKCS7) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
+ (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
+# define PSA_HAVE_SOFT_BLOCK_MODE 1
+# endif
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
- (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
+# if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
+ (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
+# define PSA_HAVE_SOFT_BLOCK_AEAD 1
+# endif
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
+# if defined(PSA_WANT_KEY_TYPE_AES)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+# define PSA_HAVE_SOFT_KEY_TYPE_AES 1
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
+# if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+# define MBEDTLS_AES_C
+# endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
+# endif /* PSA_WANT_KEY_TYPE_AES */
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
+# if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
+# define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
+# if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+# define MBEDTLS_CAMELLIA_C
+# endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE \
+ */
+# endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
+# if defined(PSA_WANT_KEY_TYPE_DES)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
+# define PSA_HAVE_SOFT_KEY_TYPE_DES 1
+# endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
+# if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+# define MBEDTLS_DES_C
+# endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
+# endif /* PSA_WANT_KEY_TYPE_DES */
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+# if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+# if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+# define MBEDTLS_CHACHA20_C
+# endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
+# endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
/* If any of the software block ciphers are selected, define
* PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
* situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
+# if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+# define PSA_HAVE_SOFT_BLOCK_CIPHER 1
+# endif
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+# if defined(PSA_WANT_ALG_STREAM_CIPHER)
+# define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+# endif /* PSA_WANT_ALG_STREAM_CIPHER */
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
+# if defined(PSA_WANT_ALG_CBC_MAC)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
+# error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
+# define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
+# endif /* PSA_WANT_ALG_CBC_MAC */
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
+# if defined(PSA_WANT_ALG_CMAC)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+# define MBEDTLS_CMAC_C
+# endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
+# endif /* PSA_WANT_ALG_CMAC */
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
+# if defined(PSA_WANT_ALG_CTR)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+# define MBEDTLS_CIPHER_MODE_CTR
+# endif
+# endif /* PSA_WANT_ALG_CTR */
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
+# if defined(PSA_WANT_ALG_CFB)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+# define MBEDTLS_CIPHER_MODE_CFB
+# endif
+# endif /* PSA_WANT_ALG_CFB */
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
+# if defined(PSA_WANT_ALG_OFB)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+# define MBEDTLS_CIPHER_MODE_OFB
+# endif
+# endif /* PSA_WANT_ALG_OFB */
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
+# if defined(PSA_WANT_ALG_XTS)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
+# define MBEDTLS_CIPHER_MODE_XTS
+# endif
+# endif /* PSA_WANT_ALG_XTS */
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
+# if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+# define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+# endif
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
+# if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_CIPHER_MODE_CBC
+# define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+# endif
+# endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
+# if defined(PSA_WANT_ALG_CBC_PKCS7)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+# define MBEDTLS_CIPHER_MODE_CBC
+# define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+# define MBEDTLS_CIPHER_PADDING_PKCS7
+# endif
+# endif /* PSA_WANT_ALG_CBC_PKCS7 */
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
+# if defined(PSA_WANT_ALG_CCM)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+# define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+# define MBEDTLS_CCM_C
+# endif
+# endif /* PSA_WANT_ALG_CCM */
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
+# if defined(PSA_WANT_ALG_GCM)
+# if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+# define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+# define MBEDTLS_GCM_C
+# endif
+# endif /* PSA_WANT_ALG_GCM */
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+# if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+# if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+# define MBEDTLS_CHACHAPOLY_C
+# define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+# endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+# endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+# if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+# define MBEDTLS_ECP_DP_BP256R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
+# endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+# if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+# define MBEDTLS_ECP_DP_BP384R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
+# endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+# if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
+# define MBEDTLS_ECP_DP_BP512R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
+# endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+# if defined(PSA_WANT_ECC_MONTGOMERY_255)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
+# define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
+# endif /* PSA_WANT_ECC_MONTGOMERY_255 */
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+# if defined(PSA_WANT_ECC_MONTGOMERY_448)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
+# define MBEDTLS_ECP_DP_CURVE448_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
+# endif /* PSA_WANT_ECC_MONTGOMERY_448 */
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
+# if defined(PSA_WANT_ECC_SECP_R1_192)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
+# define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
+# endif /* PSA_WANT_ECC_SECP_R1_192 */
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
+# if defined(PSA_WANT_ECC_SECP_R1_224)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
+# define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
+# endif /* PSA_WANT_ECC_SECP_R1_224 */
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
+# if defined(PSA_WANT_ECC_SECP_R1_256)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
+# define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
+# endif /* PSA_WANT_ECC_SECP_R1_256 */
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
+# if defined(PSA_WANT_ECC_SECP_R1_384)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
+# define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
+# endif /* PSA_WANT_ECC_SECP_R1_384 */
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
+# if defined(PSA_WANT_ECC_SECP_R1_521)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+# define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
+# endif /* PSA_WANT_ECC_SECP_R1_521 */
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
+# if defined(PSA_WANT_ECC_SECP_K1_192)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
+# define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
+# endif /* PSA_WANT_ECC_SECP_K1_192 */
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
+# if defined(PSA_WANT_ECC_SECP_K1_224)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
/*
* SECP224K1 is buggy via the PSA API in Mbed TLS
* (https://github.com/ARMmbed/mbedtls/issues/3541).
*/
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
+# error "SECP224K1 is buggy via the PSA API in Mbed TLS."
+# define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
+# endif /* PSA_WANT_ECC_SECP_K1_224 */
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
+# if defined(PSA_WANT_ECC_SECP_K1_256)
+# if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
+# define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+# endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
+# endif /* PSA_WANT_ECC_SECP_K1_256 */
/****************************************************************/
/* Infer PSA requirements from Mbed TLS capabilities */
@@ -512,249 +510,250 @@
* is not defined
*/
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define PSA_WANT_ALG_CCM 1
-#endif /* MBEDTLS_CCM_C */
+# if defined(MBEDTLS_CCM_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+# define PSA_WANT_ALG_CCM 1
+# endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
+# if defined(MBEDTLS_CMAC_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+# define PSA_WANT_ALG_CMAC 1
+# endif /* MBEDTLS_CMAC_C */
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
+# if defined(MBEDTLS_ECDH_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+# define PSA_WANT_ALG_ECDH 1
+# endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
+# if defined(MBEDTLS_ECDSA_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+# define PSA_WANT_ALG_ECDSA 1
+# define PSA_WANT_ALG_ECDSA_ANY 1
// Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+# if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+# define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+# define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
+# endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#endif /* MBEDTLS_ECDSA_C */
+# endif /* MBEDTLS_ECDSA_C */
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
+# if defined(MBEDTLS_ECP_C)
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
+# define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+# define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+# endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
+# if defined(MBEDTLS_GCM_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+# define PSA_WANT_ALG_GCM 1
+# endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#endif /* MBEDTLS_HKDF_C */
+# if defined(MBEDTLS_HKDF_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+# define PSA_WANT_ALG_HMAC 1
+# define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+# define PSA_WANT_ALG_HKDF 1
+# endif /* MBEDTLS_HKDF_C */
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
+# if defined(MBEDTLS_MD_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+# define PSA_WANT_ALG_HMAC 1
+# define PSA_WANT_KEY_TYPE_HMAC
+# define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+# define PSA_WANT_ALG_TLS12_PRF 1
+# define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+# define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+# endif /* MBEDTLS_MD_C */
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
+# if defined(MBEDTLS_MD5_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+# define PSA_WANT_ALG_MD5 1
+# endif
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
+# if defined(MBEDTLS_RIPEMD160_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+# define PSA_WANT_ALG_RIPEMD160 1
+# endif
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLSS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
+# if defined(MBEDTLS_RSA_C)
+# if defined(MBEDTLS_PKCS1_V15)
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+# define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+# define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
+# define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
+# endif /* MBEDTLSS_PKCS1_V15 */
+# if defined(MBEDTLS_PKCS1_V21)
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+# define PSA_WANT_ALG_RSA_OAEP 1
+# define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+# define PSA_WANT_ALG_RSA_PSS 1
+# endif /* MBEDTLS_PKCS1_V21 */
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
+# define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+# define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+# endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
+# if defined(MBEDTLS_SHA1_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+# define PSA_WANT_ALG_SHA_1 1
+# endif
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_224 1
-#endif
+# if defined(MBEDTLS_SHA224_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+# define PSA_WANT_ALG_SHA_224 1
+# endif
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
+# if defined(MBEDTLS_SHA256_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+# define PSA_WANT_ALG_SHA_256 1
+# endif
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
+# if defined(MBEDTLS_SHA384_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+# define PSA_WANT_ALG_SHA_384 1
+# endif
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
+# if defined(MBEDTLS_SHA512_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+# define PSA_WANT_ALG_SHA_512 1
+# endif
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
+# if defined(MBEDTLS_AES_C)
+# define PSA_WANT_KEY_TYPE_AES 1
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+# endif
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
+# if defined(MBEDTLS_CAMELLIA_C)
+# define PSA_WANT_KEY_TYPE_CAMELLIA 1
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+# endif
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
+# if defined(MBEDTLS_DES_C)
+# define PSA_WANT_KEY_TYPE_DES 1
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+# endif
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
+# if defined(MBEDTLS_CHACHA20_C)
+# define PSA_WANT_KEY_TYPE_CHACHA20 1
+# define PSA_WANT_ALG_STREAM_CIPHER 1
+# define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+# define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+# if defined(MBEDTLS_CHACHAPOLY_C)
+# define PSA_WANT_ALG_CHACHA20_POLY1305 1
+# define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+# endif
+# endif
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
+# if defined(MBEDTLS_CIPHER_MODE_CBC)
+# define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+# define PSA_WANT_ALG_CBC_NO_PADDING 1
+# if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+# define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+# define PSA_WANT_ALG_CBC_PKCS7 1
+# endif
+# endif
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
- defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
+# if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
+ defined(MBEDTLS_CAMELLIA_C)
+# define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+# define PSA_WANT_ALG_ECB_NO_PADDING 1
+# endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
+# if defined(MBEDTLS_CIPHER_MODE_CFB)
+# define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+# define PSA_WANT_ALG_CFB 1
+# endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
+# if defined(MBEDTLS_CIPHER_MODE_CTR)
+# define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+# define PSA_WANT_ALG_CTR 1
+# endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
+# if defined(MBEDTLS_CIPHER_MODE_OFB)
+# define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+# define PSA_WANT_ALG_OFB 1
+# endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
+# if defined(MBEDTLS_CIPHER_MODE_XTS)
+# define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
+# define PSA_WANT_ALG_XTS 1
+# endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
+# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+# define PSA_WANT_ECC_BRAINPOOL_P_R1_256
+# endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
+# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+# define PSA_WANT_ECC_BRAINPOOL_P_R1_384
+# endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
+# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+# define PSA_WANT_ECC_BRAINPOOL_P_R1_512
+# endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
+# if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+# define PSA_WANT_ECC_MONTGOMERY_255
+# endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
+# if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+# define PSA_WANT_ECC_MONTGOMERY_448
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+# define PSA_WANT_ECC_SECP_R1_192
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+# define PSA_WANT_ECC_SECP_R1_224
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+# define PSA_WANT_ECC_SECP_R1_256
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+# define PSA_WANT_ECC_SECP_R1_384
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+# define PSA_WANT_ECC_SECP_R1_521
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+# define PSA_WANT_ECC_SECP_K1_192
+# endif
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
+/* SECP224K1 is buggy via the PSA API
+ * (https://github.com/ARMmbed/mbedtls/issues/3541) */
+# if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+# define PSA_WANT_ECC_SECP_K1_224
+# endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
+# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+# define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+# define PSA_WANT_ECC_SECP_K1_256
+# endif
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
/* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#ifdef __cplusplus
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 4c24c04..151a899 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -16,10 +16,9 @@
* The security strength as defined in NIST SP 800-90A is
* 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
* and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in mbedtls_config.h) and that the
- * DRBG instance is set up with default parameters.
- * See the documentation of mbedtls_ctr_drbg_seed() for more
- * information.
+ * kept at its default value (and not overridden in mbedtls_config.h) and that
+ * the DRBG instance is set up with default parameters. See the documentation of
+ * mbedtls_ctr_drbg_seed() for more information.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -47,30 +46,30 @@
#include "mbedtls/aes.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
/** The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
/** The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
/** The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
/** Read or write error in file. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
/** The block size used by the cipher. */
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE 16
+# define MBEDTLS_CTR_DRBG_KEYSIZE 16
/**< The key size in bytes used by the cipher.
*
* Compile-time choice: 16 bytes (128 bits)
* because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
*/
#else
-#define MBEDTLS_CTR_DRBG_KEYSIZE 32
+# define MBEDTLS_CTR_DRBG_KEYSIZE 32
/**< The key size in bytes used by the cipher.
*
* Compile-time choice: 32 bytes (256 bits)
@@ -78,15 +77,22 @@
*/
#endif
-#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
+#define MBEDTLS_CTR_DRBG_KEYBITS \
+ (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, \
+ in bits. */
+#define MBEDTLS_CTR_DRBG_SEEDLEN \
+ (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed \
+ length, \
+ calculated as \
+ (counter + AES \
+ key). */
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them using the compiler command
- * line.
+ * Either change them in mbedtls_config.h or define them using the compiler
+ * command line.
* \{
*/
@@ -95,52 +101,54 @@
* \brief The amount of entropy used per seed by default, in bytes.
*/
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+# if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
/** This is 48 bytes because the entropy module uses SHA-512
* (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
*/
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
+# define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
-#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
+# else /* defined(MBEDTLS_SHA512_C) && \
+ !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
/** This is 32 bytes because the entropy module uses SHA-256
* (the SHA512 module is disabled or
* \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
*/
-#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+# if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
/** \warning To achieve a 256-bit security strength, you must pass a nonce
* to mbedtls_ctr_drbg_seed().
*/
-#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
-#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
+# endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
+# define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
+# endif /* defined(MBEDTLS_SHA512_C) && \
+ !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
+# define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
/**< The interval before reseed is performed by default. */
#endif
#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
+# define MBEDTLS_CTR_DRBG_MAX_INPUT 256
/**< The maximum number of additional input Bytes. */
#endif
#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
+# define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
/**< The maximum number of requested Bytes per call. */
#endif
#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
+# define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
/**< The maximum size of seed or reseed buffer in bytes. */
#endif
/* \} name SECTION: Module settings */
-#define MBEDTLS_CTR_DRBG_PR_OFF 0
+#define MBEDTLS_CTR_DRBG_PR_OFF 0
/**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON 1
+#define MBEDTLS_CTR_DRBG_PR_ON 1
/**< Prediction resistance is enabled. */
#ifdef __cplusplus
@@ -154,7 +162,7 @@
* to include a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
+# define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
#else
/** The default length of the nonce read from the entropy source.
*
@@ -162,44 +170,47 @@
* the entropy source does not provide enough material to form a nonce.
* See the documentation of mbedtls_ctr_drbg_seed() for more information.
*/
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
+# define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN \
+ (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif
/**
* \brief The CTR_DRBG context structure.
*/
-typedef struct mbedtls_ctr_drbg_context
-{
- unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
- int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
- * This is the number of requests that have
- * been made since the last (re)seeding,
- * minus one.
- * Before the initial seeding, this field
- * contains the amount of entropy in bytes
- * to use as a nonce for the initial seeding,
- * or -1 if no nonce length has been explicitly
- * set (see mbedtls_ctr_drbg_set_nonce_len()).
- */
- int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
- resistance is enabled, that is
- whether to systematically reseed before
- each random generation. */
- size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
- seed or reseed operation, in bytes. */
- int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
- * This is the maximum number of requests
- * that can be made between reseedings. */
+typedef struct mbedtls_ctr_drbg_context {
+ unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
+ * This is the number of requests that
+ * have been made since the last
+ * (re)seeding, minus one. Before the
+ * initial seeding, this field contains
+ * the amount of entropy in bytes to
+ * use as a nonce for the initial
+ * seeding, or -1 if no nonce length
+ * has been explicitly set (see
+ * mbedtls_ctr_drbg_set_nonce_len()).
+ */
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether
+ prediction resistance is enabled, that is
+ whether to systematically reseed before
+ each random generation. */
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on
+ each seed or reseed operation, in bytes. */
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
+ * This is the maximum number of
+ * requests that can be made between
+ * reseedings. */
- mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/*
* Callbacks (Entropy)
*/
int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
- /*!< The entropy callback function. */
+ /*!< The entropy callback function. */
- void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function.
+ */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -211,8 +222,7 @@
*/
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
-}
-mbedtls_ctr_drbg_context;
+} mbedtls_ctr_drbg_context;
/**
* \brief This function initializes the CTR_DRBG context,
@@ -226,7 +236,7 @@
*
* \param ctx The CTR_DRBG context to initialize.
*/
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx);
/**
* \brief This function seeds and sets up the CTR_DRBG
@@ -327,11 +337,11 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
+int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len);
/**
* \brief This function resets CTR_DRBG context to the state immediately
@@ -339,7 +349,7 @@
*
* \param ctx The CTR_DRBG context to clear.
*/
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx);
/**
* \brief This function turns prediction resistance on or off.
@@ -354,8 +364,8 @@
* \param ctx The CTR_DRBG context.
* \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
*/
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
- int resistance );
+void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
+ int resistance);
/**
* \brief This function sets the amount of entropy grabbed on each
@@ -381,8 +391,8 @@
* and at most the maximum length accepted by the
* entropy function that is set in the context.
*/
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
+void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
+ size_t len);
/**
* \brief This function sets the amount of entropy grabbed
@@ -403,8 +413,7 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
* if the initial seeding has already taken place.
*/
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
- size_t len );
+int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, size_t len);
/**
* \brief This function sets the reseed interval.
@@ -418,8 +427,8 @@
* \param ctx The CTR_DRBG context.
* \param interval The reseed interval.
*/
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
- int interval );
+void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
+ int interval);
/**
* \brief This function reseeds the CTR_DRBG context, that is
@@ -441,8 +450,9 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len );
+int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t len);
/**
* \brief This function updates the state of the CTR_DRBG context.
@@ -464,9 +474,9 @@
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* \return An error from the underlying AES cipher on failure.
*/
-int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
+int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len);
/**
* \brief This function updates a CTR_DRBG instance with additional
@@ -499,9 +509,11 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional, size_t add_len );
+int mbedtls_ctr_drbg_random_with_add(void *p_rng,
+ unsigned char *output,
+ size_t output_len,
+ const unsigned char *additional,
+ size_t add_len);
/**
* \brief This function uses CTR_DRBG to generate random data.
@@ -527,8 +539,9 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
-int mbedtls_ctr_drbg_random( void *p_rng,
- unsigned char *output, size_t output_len );
+int mbedtls_ctr_drbg_random(void *p_rng,
+ unsigned char *output,
+ size_t output_len);
#if defined(MBEDTLS_FS_IO)
/**
@@ -542,7 +555,8 @@
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,
+ const char *path);
/**
* \brief This function reads and updates a seed file. The seed
@@ -558,7 +572,8 @@
* \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
* seed file is too large.
*/
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
+ const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
@@ -569,7 +584,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_ctr_drbg_self_test( int verbose );
+int mbedtls_ctr_drbg_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 0aed596..ea6d35c 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -27,56 +27,74 @@
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
+# include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_DEBUG_C)
-#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__
+# define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
-#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \
- mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \
- MBEDTLS_DEBUG_STRIP_PARENS args )
+# define MBEDTLS_SSL_DEBUG_MSG(level, args) \
+ mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \
+ MBEDTLS_DEBUG_STRIP_PARENS args)
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \
- mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+# define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
+ mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret)
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \
- mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+# define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
+ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
-#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \
- mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
-#endif
+# if defined(MBEDTLS_BIGNUM_C)
+# define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
+ mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
+# endif
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \
- mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
-#endif
+# if defined(MBEDTLS_ECP_C)
+# define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
+ mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
+# endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \
- mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
-#else
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
-#endif /* MBEDTLS_X509_REMOVE_INFO */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+# if defined(MBEDTLS_X509_CRT_PARSE_C)
+# if !defined(MBEDTLS_X509_REMOVE_INFO)
+# define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+ mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, \
+ crt)
+# else
+# define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+ do { \
+ } while (0)
+# endif /* MBEDTLS_X509_REMOVE_INFO */
+# endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
- mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
-#endif
+# if defined(MBEDTLS_ECDH_C)
+# define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
+ mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, \
+ attr)
+# endif
#else /* MBEDTLS_DEBUG_C */
-#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 )
+# define MBEDTLS_SSL_DEBUG_MSG(level, args) \
+ do { \
+ } while (0)
+# define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
+ do { \
+ } while (0)
+# define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
+ do { \
+ } while (0)
+# define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
+ do { \
+ } while (0)
+# define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
+ do { \
+ } while (0)
+# define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+ do { \
+ } while (0)
+# define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
+ do { \
+ } while (0)
#endif /* MBEDTLS_DEBUG_C */
@@ -93,19 +111,20 @@
* This module provides debugging functions.
*/
#if defined(__has_attribute)
-#if __has_attribute(format)
-#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((__format__ (gnu_printf, string_index, first_to_check)))
-#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((format(printf, string_index, first_to_check)))
-#endif
-#else /* __has_attribute(format) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif /* __has_attribute(format) */
+# if __has_attribute(format)
+# if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
+# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+ __attribute__(( \
+ __format__(gnu_printf, string_index, first_to_check)))
+# else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
+# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+ __attribute__((format(printf, string_index, first_to_check)))
+# endif
+# else /* __has_attribute(format) */
+# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+# endif /* __has_attribute(format) */
#else /* defined(__has_attribute) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+# define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
#endif
/**
@@ -120,14 +139,17 @@
*
* This module provides debugging functions.
*/
-#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
- #include <inttypes.h>
- #define MBEDTLS_PRINTF_SIZET PRIuPTR
- #define MBEDTLS_PRINTF_LONGLONG "I64d"
-#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
- #define MBEDTLS_PRINTF_SIZET "zu"
- #define MBEDTLS_PRINTF_LONGLONG "lld"
-#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
+ (defined(_MSC_VER) && _MSC_VER < 1800)
+# include <inttypes.h>
+# define MBEDTLS_PRINTF_SIZET PRIuPTR
+# define MBEDTLS_PRINTF_LONGLONG "I64d"
+#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
+ (defined(_MSC_VER) && _MSC_VER < 1800) */
+# define MBEDTLS_PRINTF_SIZET "zu"
+# define MBEDTLS_PRINTF_LONGLONG "lld"
+#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
+ (defined(_MSC_VER) && _MSC_VER < 1800) */
#ifdef __cplusplus
extern "C" {
@@ -148,7 +170,7 @@
* - 3 Informational
* - 4 Verbose
*/
-void mbedtls_debug_set_threshold( int threshold );
+void mbedtls_debug_set_threshold(int threshold);
/**
* \brief Print a message to the debug output. This function is always used
@@ -165,9 +187,12 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const char *format,
+ ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
/**
* \brief Print the return value of a function to the debug output. This
@@ -184,9 +209,12 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, int ret );
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const char *text,
+ int ret);
/**
* \brief Output a buffer of size len bytes to the debug output. This function
@@ -205,9 +233,13 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text,
- const unsigned char *buf, size_t len );
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const char *text,
+ const unsigned char *buf,
+ size_t len);
#if defined(MBEDTLS_BIGNUM_C)
/**
@@ -226,9 +258,12 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X );
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const char *text,
+ const mbedtls_mpi *X);
#endif
#if defined(MBEDTLS_ECP_C)
@@ -248,9 +283,12 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X );
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const char *text,
+ const mbedtls_ecp_point *X);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -269,9 +307,12 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_x509_crt *crt );
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const char *text,
+ const mbedtls_x509_crt *crt);
#endif
#if defined(MBEDTLS_ECDH_C)
@@ -298,10 +339,12 @@
* \attention This function is intended for INTERNAL usage within the
* library only.
*/
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr );
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl,
+ int level,
+ const char *file,
+ int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 63a8e00..b1c2eea 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -33,13 +33,13 @@
#include <stddef.h>
#include <stdint.h>
-#define MBEDTLS_DES_ENCRYPT 1
-#define MBEDTLS_DES_DECRYPT 0
+#define MBEDTLS_DES_ENCRYPT 1
+#define MBEDTLS_DES_DECRYPT 0
/** The data input has an invalid length. */
-#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
-#define MBEDTLS_DES_KEY_SIZE 8
+#define MBEDTLS_DES_KEY_SIZE 8
#ifdef __cplusplus
extern "C" {
@@ -56,23 +56,19 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-typedef struct mbedtls_des_context
-{
- uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
-}
-mbedtls_des_context;
+typedef struct mbedtls_des_context {
+ uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
+} mbedtls_des_context;
/**
* \brief Triple-DES context structure
*/
-typedef struct mbedtls_des3_context
-{
- uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
-}
-mbedtls_des3_context;
+typedef struct mbedtls_des3_context {
+ uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
+} mbedtls_des3_context;
-#else /* MBEDTLS_DES_ALT */
-#include "des_alt.h"
+#else /* MBEDTLS_DES_ALT */
+# include "des_alt.h"
#endif /* MBEDTLS_DES_ALT */
/**
@@ -84,7 +80,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_init( mbedtls_des_context *ctx );
+void mbedtls_des_init(mbedtls_des_context *ctx);
/**
* \brief Clear DES context
@@ -95,21 +91,21 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_free( mbedtls_des_context *ctx );
+void mbedtls_des_free(mbedtls_des_context *ctx);
/**
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
*/
-void mbedtls_des3_init( mbedtls_des3_context *ctx );
+void mbedtls_des3_init(mbedtls_des3_context *ctx);
/**
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
*/
-void mbedtls_des3_free( mbedtls_des3_context *ctx );
+void mbedtls_des3_free(mbedtls_des3_context *ctx);
/**
* \brief Set key parity on the given key to odd.
@@ -123,7 +119,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Check that key parity on the given key is odd.
@@ -139,7 +135,8 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_key_check_key_parity(
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Check that key is not a weak or semi-weak DES key
@@ -152,7 +149,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief DES key schedule (56-bit, encryption)
@@ -166,7 +163,8 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_setkey_enc(mbedtls_des_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief DES key schedule (56-bit, decryption)
@@ -180,7 +178,8 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_setkey_dec(mbedtls_des_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
/**
* \brief Triple-DES key schedule (112-bit, encryption)
@@ -190,8 +189,8 @@
*
* \return 0
*/
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
/**
* \brief Triple-DES key schedule (112-bit, decryption)
@@ -201,8 +200,8 @@
*
* \return 0
*/
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
/**
* \brief Triple-DES key schedule (168-bit, encryption)
@@ -212,8 +211,8 @@
*
* \return 0
*/
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
/**
* \brief Triple-DES key schedule (168-bit, decryption)
@@ -223,8 +222,8 @@
*
* \return 0
*/
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
- const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
/**
* \brief DES-ECB block encryption/decryption
@@ -239,9 +238,9 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
+int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -266,12 +265,12 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
/**
@@ -283,9 +282,9 @@
*
* \return 0 if successful
*/
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
- const unsigned char input[8],
- unsigned char output[8] );
+int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
+ const unsigned char input[8],
+ unsigned char output[8]);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
@@ -308,12 +307,12 @@
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*/
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[8],
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
/**
@@ -328,8 +327,8 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-void mbedtls_des_setkey( uint32_t SK[32],
- const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+void mbedtls_des_setkey(uint32_t SK[32],
+ const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
#if defined(MBEDTLS_SELF_TEST)
@@ -338,7 +337,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_des_self_test( int verbose );
+int mbedtls_des_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 32a957d..906f1c8 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -71,35 +71,35 @@
* DHM Error codes
*/
/** Bad input parameters. */
-#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080
/** Reading of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100
/** Making of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180
/** Reading of the public values failed. */
-#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200
/** Making of the public value failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280
/** Calculation of the DHM secret failed. */
-#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300
/** The ASN.1 data is not formatted correctly. */
-#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380
/** Allocation of memory failed. */
-#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400
+#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400
/** Read or write of file failed. */
-#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480
/** Setting the modulus and generator failed. */
-#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580
+#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580
/** Which parameter to access in mbedtls_dhm_get_value(). */
typedef enum
{
- MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */
- MBEDTLS_DHM_PARAM_G, /*!< The generator. */
- MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */
+ MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */
+ MBEDTLS_DHM_PARAM_G, /*!< The generator. */
+ MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */
MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */
MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */
- MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */
+ MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */
} mbedtls_dhm_parameter;
#ifdef __cplusplus
@@ -111,23 +111,24 @@
/**
* \brief The DHM context structure.
*/
-typedef struct mbedtls_dhm_context
-{
- mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
- mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
- mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
- mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
-}
-mbedtls_dhm_context;
+typedef struct mbedtls_dhm_context {
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y
+ mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c
+ P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P.
+ */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
+} mbedtls_dhm_context;
#else /* MBEDTLS_DHM_ALT */
-#include "dhm_alt.h"
+# include "dhm_alt.h"
#endif /* MBEDTLS_DHM_ALT */
/**
@@ -135,7 +136,7 @@
*
* \param ctx The DHM context to initialize.
*/
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+void mbedtls_dhm_init(mbedtls_dhm_context *ctx);
/**
* \brief This function parses the DHM parameters in a
@@ -159,9 +160,9 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
- unsigned char **p,
- const unsigned char *end );
+int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx,
+ unsigned char **p,
+ const unsigned char *end);
/**
* \brief This function generates a DHM key pair and exports its
@@ -195,10 +196,12 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx,
+ int x_size,
+ unsigned char *output,
+ size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function sets the prime modulus and generator.
@@ -215,9 +218,9 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
- const mbedtls_mpi *P,
- const mbedtls_mpi *G );
+int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx,
+ const mbedtls_mpi *P,
+ const mbedtls_mpi *G);
/**
* \brief This function imports the raw public value of the peer.
@@ -235,8 +238,9 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
- const unsigned char *input, size_t ilen );
+int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function creates a DHM key pair and exports
@@ -262,10 +266,12 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx,
+ int x_size,
+ unsigned char *output,
+ size_t olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function derives and exports the shared secret
@@ -293,10 +299,12 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
- unsigned char *output, size_t output_size, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
+ unsigned char *output,
+ size_t output_size,
+ size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function returns the size of the prime modulus in bits.
@@ -306,7 +314,7 @@
* \return The size of the prime modulus in bits,
* i.e. the number n such that 2^(n-1) <= P < 2^n.
*/
-size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx );
+size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx);
/**
* \brief This function returns the size of the prime modulus in bytes.
@@ -316,7 +324,7 @@
* \return The size of the prime modulus in bytes,
* i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
*/
-size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx );
+size_t mbedtls_dhm_get_len(const mbedtls_dhm_context *ctx);
/**
* \brief This function copies a parameter of a DHM key.
@@ -330,9 +338,9 @@
* \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
* \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
*/
-int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
- mbedtls_dhm_parameter param,
- mbedtls_mpi *dest );
+int mbedtls_dhm_get_value(const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ mbedtls_mpi *dest);
/**
* \brief This function frees and clears the components
@@ -342,7 +350,7 @@
* in which case this function is a no-op. If it is not \c NULL,
* it must point to an initialized DHM context.
*/
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+void mbedtls_dhm_free(mbedtls_dhm_context *ctx);
#if defined(MBEDTLS_ASN1_PARSE_C)
/**
@@ -359,10 +367,11 @@
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
* code on failure.
*/
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
- size_t dhminlen );
+int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm,
+ const unsigned char *dhmin,
+ size_t dhminlen);
-#if defined(MBEDTLS_FS_IO)
+# if defined(MBEDTLS_FS_IO)
/**
* \brief This function loads and parses DHM parameters from a file.
*
@@ -375,8 +384,8 @@
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
* error code on failure.
*/
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
-#endif /* MBEDTLS_FS_IO */
+int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path);
+# endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_SELF_TEST)
@@ -387,7 +396,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_dhm_self_test( int verbose );
+int mbedtls_dhm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
@@ -402,7 +411,8 @@
* through \c mbedtls_ssl_conf_dh_param.
*
* The following lists the source of the above groups in the standards:
- * - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup
+ * - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order
+ * Subgroup
* - RFC 3526 section 3: 2048-bit MODP Group
* - RFC 3526 section 4: 3072-bit MODP Group
* - RFC 3526 section 5: 4096-bit MODP Group
@@ -439,548 +449,452 @@
* Trustworthy DHM parameters in binary form
*/
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, \
+ 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, \
+ 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, \
+ 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, \
+ 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, \
+ 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, \
+ 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, \
+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, \
+ 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, \
+ 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, \
+ 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, \
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, \
+ 0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, \
+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, \
+ 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, \
+ 0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, \
+ 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, \
+ 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, \
+ 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, \
+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, \
+ 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xFF, 0xFF, 0xFF \
+ }
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, \
+ 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, \
+ 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, \
+ 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, \
+ 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, \
+ 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, \
+ 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, \
+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, \
+ 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, \
+ 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, \
+ 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, \
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, \
+ 0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, \
+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, \
+ 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, \
+ 0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, \
+ 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, \
+ 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, \
+ 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, \
+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, \
+ 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, \
+ 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, \
+ 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, \
+ 0xE4, 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, \
+ 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, \
+ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, \
+ 0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, \
+ 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, \
+ 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, \
+ 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, \
+ 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF \
+ }
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \
- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \
- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \
- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \
- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \
- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \
- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \
- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \
- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \
- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \
- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \
- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \
- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \
- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \
- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \
- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, \
+ 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, \
+ 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, \
+ 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, \
+ 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, \
+ 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, \
+ 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, \
+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, \
+ 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, \
+ 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, \
+ 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, \
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, \
+ 0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, \
+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, \
+ 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, \
+ 0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, \
+ 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, \
+ 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, \
+ 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, \
+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, \
+ 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, \
+ 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, \
+ 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, \
+ 0xE4, 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, \
+ 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, \
+ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, \
+ 0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, \
+ 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, \
+ 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, \
+ 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, \
+ 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, \
+ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, \
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, \
+ 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, \
+ 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, \
+ 0xBE, 0xCA, 0xA6, 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, \
+ 0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, \
+ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, \
+ 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, 0x98, \
+ 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, \
+ 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF \
+ }
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
+#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, \
+ 0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+ 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+ 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+ 0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+ 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+ 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+ 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+ 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+ 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+ 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+ 0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+ 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+ 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+ 0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+ 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+ 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+ 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+ 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+ 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xFF, 0xFF, 0xFF, \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, \
+ 0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+ 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+ 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+ 0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+ 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+ 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+ 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+ 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+ 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+ 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+ 0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+ 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+ 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+ 0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+ 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+ 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+ 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+ 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+ 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+ 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+ 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+ 0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+ 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+ 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+ 0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+ 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+ 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+ 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, \
+ 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, \
+ 0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+ 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+ 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+ 0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+ 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+ 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+ 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+ 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+ 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+ 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+ 0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+ 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+ 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+ 0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+ 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+ 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+ 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+ 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+ 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+ 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+ 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+ 0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+ 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+ 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+ 0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+ 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+ 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+ 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, \
+ 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79, \
+ 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, \
+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, \
+ 0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, \
+ 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, \
+ 0x9E, 0x68, 0x32, 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, \
+ 0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, \
+ 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, \
+ 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5, 0x5A, \
+ 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, \
+ 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, 0xFF, 0xFF, \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
- 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
- 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
- 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
- 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
- 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
- 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
- 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
- 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
- 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
- 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
- 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
- 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
- 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
- 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
- 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
- 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
- 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
- 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
- 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
- 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
- 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
- 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
- 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
- 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
- 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
- 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
- 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
- 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
- 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
- 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
- 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
- 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, \
+ 0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+ 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+ 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+ 0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+ 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+ 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+ 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+ 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+ 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+ 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+ 0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+ 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+ 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+ 0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+ 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+ 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+ 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+ 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+ 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+ 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+ 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+ 0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+ 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+ 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+ 0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+ 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+ 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+ 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, \
+ 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79, \
+ 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, \
+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, \
+ 0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, \
+ 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, \
+ 0x9E, 0x68, 0x32, 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, \
+ 0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, \
+ 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, \
+ 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5, 0x5A, \
+ 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, \
+ 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, 0x0B, 0xFD, \
+ 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, 0x38, \
+ 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, \
+ 0x64, 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, \
+ 0x1C, 0x3A, 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, \
+ 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, \
+ 0x4C, 0xFD, 0xB4, 0x77, 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, \
+ 0x10, 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, \
+ 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, \
+ 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, 0x76, 0x3E, 0x4E, \
+ 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, \
+ 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, 0xB3, \
+ 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, \
+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, \
+ 0x8C, 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, \
+ 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, \
+ 0x54, 0x33, 0x8A, 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, \
+ 0x10, 0xC6, 0x27, 0x2B, 0x04, 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, \
+ 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, 0x62, \
+ 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, 0xA4, 0x1D, 0x57, 0x0D, \
+ 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, \
+ 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN \
+ { \
+ 0x02 \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
- 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
- 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
- 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
- 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
- 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
- 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
- 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
- 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
- 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
- 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
- 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
- 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
- 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
- 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
- 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
- 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
- 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
- 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
- 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
- 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
- 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
- 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
- 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
- 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
- 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
- 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
- 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
- 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
- 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
- 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
- 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
- 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
- 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
- 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
- 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
- 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
- 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
- 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
- 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
- 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
- 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
- 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
- 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
- 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
- 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
- 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
- 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
- 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
- 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
- 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
- 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
- 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
- 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
- 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
- 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
- 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
- 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
- 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
- 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
- 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
- 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
- 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
- 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
- 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
- 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
- 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
- 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
- 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
- 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
- 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
- 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
- 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
- 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
- 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
- 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
- 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
- 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
- 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
- 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
- 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
- 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
- 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
- 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
- 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
- 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
- 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
- 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
- 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
- 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
- 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
- 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
- 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
- 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
- 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
- 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
- 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
- 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
- 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
- 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
- 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
- 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
- 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
- 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
- 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
- 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
- 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
- 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
- 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
- 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
- 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
- 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
- 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
- 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
- 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
- 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
- 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
- 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
- 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
- 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
- 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
- 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
- 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
- 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
- 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
- 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
- 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN \
+ { \
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, \
+ 0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+ 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+ 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+ 0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+ 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+ 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+ 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+ 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+ 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+ 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+ 0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+ 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+ 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+ 0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+ 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+ 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+ 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+ 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+ 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+ 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+ 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+ 0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+ 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+ 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+ 0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+ 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+ 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+ 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, \
+ 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79, \
+ 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, \
+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, \
+ 0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, \
+ 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, \
+ 0x9E, 0x68, 0x32, 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, \
+ 0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, \
+ 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, \
+ 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5, 0x5A, \
+ 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, \
+ 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, 0x0B, 0xFD, \
+ 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, 0x38, \
+ 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, \
+ 0x64, 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, \
+ 0x1C, 0x3A, 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, \
+ 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, \
+ 0x4C, 0xFD, 0xB4, 0x77, 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, \
+ 0x10, 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, \
+ 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, \
+ 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, 0x76, 0x3E, 0x4E, \
+ 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, \
+ 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, 0xB3, \
+ 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, \
+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, \
+ 0x8C, 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, \
+ 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, \
+ 0x54, 0x33, 0x8A, 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, \
+ 0x10, 0xC6, 0x27, 0x2B, 0x04, 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, \
+ 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, 0x62, \
+ 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, 0xA4, 0x1D, 0x57, 0x0D, \
+ 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, \
+ 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, 0x1E, 0x42, \
+ 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, \
+ 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, \
+ 0x42, 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, \
+ 0x26, 0x65, 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, \
+ 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, \
+ 0x8B, 0x75, 0x82, 0x82, 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, \
+ 0x5C, 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, \
+ 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, 0xBB, 0x70, 0x99, 0x87, 0x6A, \
+ 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
+ 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, 0x51, 0xAA, 0x69, \
+ 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, \
+ 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, 0xD5, \
+ 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75, \
+ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, \
+ 0x57, 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, \
+ 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, \
+ 0xE5, 0x8A, 0x30, 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
+ 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, \
+ 0xE5, 0x30, 0x67, 0x7F, 0x0D, 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, \
+ 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, 0x01, \
+ 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, 0xD6, 0x8C, 0x8B, 0xB7, \
+ 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+ 0xFF \
+ }
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN \
+ { \
+ 0x02 \
+ }
#endif /* dhm.h */
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 7fa7440..d1d8484 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -51,14 +51,14 @@
*/
#if defined(MBEDTLS_ECP_RESTARTABLE)
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
+# define MBEDTLS_ECDH_LEGACY_CONTEXT
#else
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
+# undef MBEDTLS_ECDH_LEGACY_CONTEXT
#endif
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
-#include "everest/everest.h"
+# undef MBEDTLS_ECDH_LEGACY_CONTEXT
+# include "everest/everest.h"
#endif
#ifdef __cplusplus
@@ -70,7 +70,7 @@
*/
typedef enum
{
- MBEDTLS_ECDH_OURS, /**< Our key. */
+ MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
@@ -83,11 +83,12 @@
*/
typedef enum
{
- MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
- MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
-#endif
+ MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
+ MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0, /*!< The default Mbed TLS implementation
+ */
+# if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
+# endif
} mbedtls_ecdh_variant;
/**
@@ -97,16 +98,17 @@
* should not make any assumptions about the structure of
* mbedtls_ecdh_context_mbed.
*/
-typedef struct mbedtls_ecdh_context_mbed
-{
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
- mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
-#endif
+typedef struct mbedtls_ecdh_context_mbed {
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of
+ the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+# if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC
+ computations. */
+# endif
} mbedtls_ecdh_context_mbed;
#endif
@@ -117,46 +119,49 @@
* should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
-typedef struct mbedtls_ecdh_context
-{
+typedef struct mbedtls_ecdh_context {
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
- mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
- int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of
+ the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+ int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS
+ messages. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
+# if defined(MBEDTLS_ECP_RESTARTABLE)
+ int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC
+ computations. */
+# endif /* MBEDTLS_ECP_RESTARTABLE */
#else
- uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
- as defined in RFC 4492. */
- mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
- mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
- union
- {
- mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in
+ TLS messages as defined in RFC 4492. */
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< The elliptic curve used.
+ */
+ mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH
+ implementation/structure used.
+ */
+ union {
+ mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
+# if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
-#endif
- } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
- context in use is specified by the \c var
- field. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
- an alternative implementation not supporting
- restartable mode must return
- MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
- if this flag is set. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
+# endif
+ } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
+ context in use is specified by the \c var
+ field. */
+# if defined(MBEDTLS_ECP_RESTARTABLE)
+ uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable
+ mode. Functions of an alternative implementation
+ not supporting restartable mode must return
+ MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
+ if this flag is set. */
+# endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
-}
-mbedtls_ecdh_context;
+} mbedtls_ecdh_context;
/**
* \brief Check whether a given group can be used for ECDH.
@@ -165,7 +170,7 @@
*
* \return \c 1 if the group can be used, \c 0 otherwise
*/
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
+int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid);
/**
* \brief This function generates an ECDH keypair on an elliptic
@@ -192,9 +197,11 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
+ mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function computes the shared secret.
@@ -227,17 +234,19 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp,
+ mbedtls_mpi *z,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function initializes an ECDH context.
*
* \param ctx The ECDH context to initialize. This must not be \c NULL.
*/
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx);
/**
* \brief This function sets up the ECDH context with the information
@@ -255,8 +264,7 @@
*
* \return \c 0 on success.
*/
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
- mbedtls_ecp_group_id grp_id );
+int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id);
/**
* \brief This function frees a context.
@@ -265,7 +273,7 @@
* case this function does nothing. If it is not \c NULL,
* it must point to an initialized ECDH context.
*/
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx);
/**
* \brief This function generates an EC key pair and exports its
@@ -292,10 +300,12 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx,
+ size_t *olen,
+ unsigned char *buf,
+ size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function parses the ECDHE parameters in a
@@ -321,9 +331,9 @@
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
- const unsigned char **buf,
- const unsigned char *end );
+int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
+ const unsigned char **buf,
+ const unsigned char *end);
/**
* \brief This function sets up an ECDH context from an EC key.
@@ -344,9 +354,9 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
- const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side );
+int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side);
/**
* \brief This function generates a public key and exports it
@@ -374,10 +384,12 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx,
+ size_t *olen,
+ unsigned char *buf,
+ size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function parses and processes the ECDHE payload of a
@@ -398,8 +410,9 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf, size_t blen );
+int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
+ const unsigned char *buf,
+ size_t blen);
/**
* \brief This function derives and exports the shared secret.
@@ -430,10 +443,12 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx,
+ size_t *olen,
+ unsigned char *buf,
+ size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -448,7 +463,7 @@
*
* \param ctx The ECDH context to use. This must be initialized.
*/
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
#ifdef __cplusplus
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 71b73ee..f5f2207 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -53,13 +53,13 @@
*
* For each of r and s, the value (V) may include an extra initial "0" bit.
*/
-#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
- ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
- /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
- /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
+#define MBEDTLS_ECDSA_MAX_SIG_LEN(bits) \
+ (/*T,L of SEQUENCE*/ ((bits) >= 61 * 8 ? 3 : 2) + \
+ /*T,L of r,s*/ 2 * \
+ (((bits) >= 127 * 8 ? 3 : 2) + /*V of r,s*/ ((bits) + 8) / 8))
/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
+#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN(MBEDTLS_ECP_MAX_BITS)
#ifdef __cplusplus
extern "C" {
@@ -90,27 +90,29 @@
*/
typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+# if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
* \brief Internal restart context for ecdsa_sign_det()
*
* \note Opaque struct, defined in ecdsa.c
*/
typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
-#endif
+# endif
/**
* \brief General context for resuming ECDSA operations
*/
-typedef struct
-{
- mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
- shared administrative info */
- mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
- mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
-#endif
+typedef struct {
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP
+ restart and shared administrative info */
+ mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify()
+ sub-context */
+ mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign()
+ sub-context */
+# if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det()
+ sub-context */
+# endif
} mbedtls_ecdsa_restart_ctx;
#else /* MBEDTLS_ECP_RESTARTABLE */
@@ -128,7 +130,7 @@
*
* \return \c 1 if the group can be used, \c 0 otherwise
*/
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
/**
* \brief This function computes the ECDSA signature of a
@@ -166,9 +168,14 @@
* \return An \c MBEDTLS_ERR_ECP_XXX
* or \c MBEDTLS_MPI_XXX error code on failure.
*/
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp,
+ mbedtls_mpi *r,
+ mbedtls_mpi *s,
+ const mbedtls_mpi *d,
+ const unsigned char *buf,
+ size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
@@ -210,12 +217,17 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*/
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
- mbedtls_mpi *s, const mbedtls_mpi *d,
- const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg,
- int (*f_rng_blind)(void *, unsigned char *, size_t),
- void *p_rng_blind );
+int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp,
+ mbedtls_mpi *r,
+ mbedtls_mpi *s,
+ const mbedtls_mpi *d,
+ const unsigned char *buf,
+ size_t blen,
+ mbedtls_md_type_t md_alg,
+ int (*f_rng_blind)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng_blind);
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/**
@@ -250,10 +262,12 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure for any other reason.
*/
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
- const mbedtls_mpi *s);
+int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
+ const unsigned char *buf,
+ size_t blen,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *r,
+ const mbedtls_mpi *s);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -304,12 +318,15 @@
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hlen,
+ unsigned char *sig,
+ size_t sig_size,
+ size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -351,13 +368,17 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hlen,
- unsigned char *sig, size_t sig_size, size_t *slen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
+int mbedtls_ecdsa_write_signature_restartable(
+ mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hlen,
+ unsigned char *sig,
+ size_t sig_size,
+ size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecdsa_restart_ctx *rs_ctx);
/**
* \brief This function reads and verifies an ECDSA signature.
@@ -386,9 +407,11 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen );
+int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash,
+ size_t hlen,
+ const unsigned char *sig,
+ size_t slen);
/**
* \brief This function reads and verifies an ECDSA signature,
@@ -421,10 +444,12 @@
* \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
- const unsigned char *hash, size_t hlen,
- const unsigned char *sig, size_t slen,
- mbedtls_ecdsa_restart_ctx *rs_ctx );
+int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash,
+ size_t hlen,
+ const unsigned char *sig,
+ size_t slen,
+ mbedtls_ecdsa_restart_ctx *rs_ctx);
/**
* \brief This function generates an ECDSA keypair on the given curve.
@@ -442,8 +467,10 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx,
+ mbedtls_ecp_group_id gid,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function sets up an ECDSA context from an EC key pair.
@@ -460,8 +487,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
- const mbedtls_ecp_keypair *key );
+int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx,
+ const mbedtls_ecp_keypair *key);
/**
* \brief This function initializes an ECDSA context.
@@ -469,7 +496,7 @@
* \param ctx The ECDSA context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
/**
* \brief This function frees an ECDSA context.
@@ -478,7 +505,7 @@
* in which case this function does nothing. If it
* is not \c NULL, it must be initialized.
*/
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -487,7 +514,7 @@
* \param ctx The restart context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
+void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx);
/**
* \brief Free the components of a restart context.
@@ -496,7 +523,7 @@
* in which case this function does nothing. If it
* is not \c NULL, it must be initialized.
*/
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
+void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
#ifdef __cplusplus
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index a73f624..60998c9 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -51,9 +51,10 @@
/**
* Roles in the EC J-PAKE exchange
*/
-typedef enum {
- MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
- MBEDTLS_ECJPAKE_SERVER, /**< Server */
+typedef enum
+{
+ MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
+ MBEDTLS_ECJPAKE_SERVER, /**< Server */
} mbedtls_ecjpake_role;
#if !defined(MBEDTLS_ECJPAKE_ALT)
@@ -68,27 +69,31 @@
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
* description as a pair C: client name, S: server name
*/
-typedef struct mbedtls_ecjpake_context
-{
- const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
- mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
- int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
+typedef struct mbedtls_ecjpake_context {
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
+ mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
+ int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3
+ */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4
+ */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1
+ */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2
+ */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc
+ */
- mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
- mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
- mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
+ mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
-#else /* MBEDTLS_ECJPAKE_ALT */
-#include "ecjpake_alt.h"
+#else /* MBEDTLS_ECJPAKE_ALT */
+# include "ecjpake_alt.h"
#endif /* MBEDTLS_ECJPAKE_ALT */
/**
@@ -97,7 +102,7 @@
* \param ctx The ECJPAKE context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
+void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx);
/**
* \brief Set up an ECJPAKE context for use.
@@ -120,12 +125,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
- mbedtls_ecjpake_role role,
- mbedtls_md_type_t hash,
- mbedtls_ecp_group_id curve,
- const unsigned char *secret,
- size_t len );
+int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
+ mbedtls_ecjpake_role role,
+ mbedtls_md_type_t hash,
+ mbedtls_ecp_group_id curve,
+ const unsigned char *secret,
+ size_t len);
/**
* \brief Set the point format for future reads and writes.
@@ -139,8 +144,8 @@
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
* is invalid.
*/
-int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
- int point_format );
+int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx,
+ int point_format);
/**
* \brief Check if an ECJPAKE context is ready for use.
@@ -151,7 +156,7 @@
* \return \c 0 if the context is ready for use.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
*/
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
+int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx);
/**
* \brief Generate and write the first round message
@@ -172,10 +177,14 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf,
+ size_t len,
+ size_t *olen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng);
/**
* \brief Read and process the first round message
@@ -191,9 +200,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Generate and write the second round message
@@ -213,10 +222,14 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf,
+ size_t len,
+ size_t *olen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng);
/**
* \brief Read and process the second round message
@@ -231,9 +244,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Derive the shared secret
@@ -253,10 +266,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
- unsigned char *buf, size_t len, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
+ unsigned char *buf,
+ size_t len,
+ size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This clears an ECJPAKE context and frees any
@@ -266,7 +281,7 @@
* in which case this function does nothing. If it is not
* \c NULL, it must point to an initialized ECJPAKE context.
*/
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
+void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -275,7 +290,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_ecjpake_self_test( int verbose );
+int mbedtls_ecjpake_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
@@ -283,5 +298,4 @@
}
#endif
-
#endif /* ecjpake.h */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 1e5eba1..849b515 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -43,23 +43,24 @@
* ECP error codes
*/
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
-/** The requested feature is not available, for example, the requested curve is not supported. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
+/** The requested feature is not available, for example, the requested curve is
+ * not supported. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
/** The signature is not valid. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
/** Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
+#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
/** Generation of random value, such as ephemeral key, failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
/** Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
+#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
/** Operation in progress, call again with the same parameters to continue. */
-#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
+#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
/* Flags indicating whether to include code that is specific to certain
* types of curves. These flags are for internal library use only. */
@@ -68,17 +69,17 @@
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
+# define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MONTGOMERY_ENABLED
+# define MBEDTLS_ECP_MONTGOMERY_ENABLED
#endif
#ifdef __cplusplus
@@ -112,20 +113,31 @@
*/
typedef enum
{
- MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
- MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
- MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
- MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
- MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
- MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
- MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
+ MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
+ MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve
+ defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve
+ defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve
+ defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve
+ defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve
+ defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve.
+ */
+ MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve.
+ */
+ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve.
+ */
+ MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
+ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz"
+ curve. */
+ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz"
+ curve. */
+ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz"
+ curve. */
+ MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
} mbedtls_ecp_group_id;
/**
@@ -133,7 +145,7 @@
*
* \note Montgomery curves are currently excluded.
*/
-#define MBEDTLS_ECP_DP_MAX 12
+#define MBEDTLS_ECP_DP_MAX 12
/*
* Curve types
@@ -141,19 +153,19 @@
typedef enum
{
MBEDTLS_ECP_TYPE_NONE = 0,
- MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
- MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
+ MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
+ MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
} mbedtls_ecp_curve_type;
/**
* Curve information, for use by other modules.
*/
-typedef struct mbedtls_ecp_curve_info
-{
- mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
- uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
- uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
- const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
+typedef struct mbedtls_ecp_curve_info {
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier.
+ */
+ uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
+ uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
+ const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**
@@ -167,13 +179,11 @@
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
-typedef struct mbedtls_ecp_point
-{
- mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
-}
-mbedtls_ecp_point;
+typedef struct mbedtls_ecp_point {
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
+} mbedtls_ecp_point;
#if !defined(MBEDTLS_ECP_ALT)
/*
@@ -204,12 +214,12 @@
* not the size of \p N but the required size for private keys.
*
* If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
- * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
- * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
- * reduction. It must return 0 on success and non-zero on failure.
+ * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in
+ * the range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an
+ * integer which is congruent mod \p P to the given MPI, and is close enough to
+ * \p pbits in size, so that it may be efficiently brought in the 0..P-1 range
+ * by a few additions or subtractions. Therefore, it is only an approximative
+ * modular reduction. It must return 0 on success and non-zero on failure.
*
* \note Alternative implementations of the ECP module must obey the
* following constraints.
@@ -222,42 +232,44 @@
* of these fields does not need to be supported.
* They do not need to be at the same offset in the structure.
*/
-typedef struct mbedtls_ecp_group
-{
- mbedtls_ecp_group_id id; /*!< An internal group identifier. */
- mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
- Montgomery curves: <code>(A + 2) / 4</code>. */
- mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
- For Montgomery curves: unused. */
- mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
- mbedtls_mpi N; /*!< The order of \p G. */
- size_t pbits; /*!< The number of bits in \p P.*/
- size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
- For Montgomery curves: the number of bits in the
- private keys. */
+typedef struct mbedtls_ecp_group {
+ mbedtls_ecp_group_id id; /*!< An internal group identifier. */
+ mbedtls_mpi P; /*!< The prime modulus of the base field. */
+ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
+ Montgomery curves: <code>(A + 2) / 4</code>. */
+ mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
+ For Montgomery curves: unused. */
+ mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
+ mbedtls_mpi N; /*!< The order of \p G. */
+ size_t pbits; /*!< The number of bits in \p P.*/
+ size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
+ For Montgomery curves: the number of bits in the
+ private keys. */
/* End of public fields */
- unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
- int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
- mod \p P (see above).*/
- int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are
+ static. */
+ int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast
+ pseudo-reduction mod \p P (see above).*/
+ int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
- mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
- size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
-}
-mbedtls_ecp_group;
+ void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
+ mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for
+ ecp_mul_comb(). */
+ size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated
+ pre-computed points. */
+} mbedtls_ecp_group;
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h, or define them using the compiler command line.
+ * Either change them in mbedtls_config.h, or define them using the compiler
+ * command line.
* \{
*/
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+# if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
* Maximum "window" size used for point multiplication.
* Default: a point where higher memory usage yields disminishing performance
@@ -279,10 +291,10 @@
* 192 640 640 633 587 476
*/
/** The maximum window size used. */
-#define MBEDTLS_ECP_WINDOW_SIZE 4
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+# define MBEDTLS_ECP_WINDOW_SIZE 4
+# endif /* MBEDTLS_ECP_WINDOW_SIZE */
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+# if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
/*
* Trade code size for speed on fixed-point multiplication.
*
@@ -296,13 +308,13 @@
* Change this value to 0 to reduce code size.
*/
/** Enable fixed-point speed-up. */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+# define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
+# endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
/* \} name SECTION: Module settings */
-#else /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
+#else /* MBEDTLS_ECP_ALT */
+# include "ecp_alt.h"
#endif /* MBEDTLS_ECP_ALT */
/**
@@ -311,40 +323,40 @@
#if !defined(MBEDTLS_ECP_C)
/* Dummy definition to help code that has optional ECP support and
* defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
-#define MBEDTLS_ECP_MAX_BITS 1
+# define MBEDTLS_ECP_MAX_BITS 1
/* Note: the curves must be listed in DECREASING size! */
#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 521
+# define MBEDTLS_ECP_MAX_BITS 521
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 512
+# define MBEDTLS_ECP_MAX_BITS 512
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 448
+# define MBEDTLS_ECP_MAX_BITS 448
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
+# define MBEDTLS_ECP_MAX_BITS 384
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
+# define MBEDTLS_ECP_MAX_BITS 384
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
+# define MBEDTLS_ECP_MAX_BITS 256
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
+# define MBEDTLS_ECP_MAX_BITS 256
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
+# define MBEDTLS_ECP_MAX_BITS 256
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 255
+# define MBEDTLS_ECP_MAX_BITS 255
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
+# define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 224
+# define MBEDTLS_ECP_MAX_BITS 224
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
+# define MBEDTLS_ECP_MAX_BITS 192
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
+# define MBEDTLS_ECP_MAX_BITS 192
#else
-#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
+# error "Missing definition of MBEDTLS_ECP_MAX_BITS"
#endif
-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+#define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8)
+#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1)
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -365,21 +377,26 @@
/**
* \brief General context for resuming ECC operations
*/
-typedef struct
-{
- unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
- unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
- mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
- mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
+typedef struct {
+ unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
+ unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
+ mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb()
+ sub-context */
+ mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd()
+ sub-context */
} mbedtls_ecp_restart_ctx;
/*
* Operation counts for restartable functions
*/
-#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */
-#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */
-#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */
-#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */
+# define MBEDTLS_ECP_OPS_CHK \
+ 3 /*!< basic ops count for ecp_check_pubkey() */
+# define MBEDTLS_ECP_OPS_DBL \
+ 8 /*!< basic ops count for ecp_double_jac() */
+# define MBEDTLS_ECP_OPS_ADD \
+ 11 /*!< basic ops count for see ecp_add_mixed() */
+# define MBEDTLS_ECP_OPS_INV \
+ 120 /*!< empirical equivalent for mpi_mod_inv() */
/**
* \brief Internal; for restartable functions in other modules.
@@ -392,18 +409,17 @@
* \return \c 0 if doing \p ops basic ops is still allowed,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
*/
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
- mbedtls_ecp_restart_ctx *rs_ctx,
- unsigned ops );
+int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_restart_ctx *rs_ctx,
+ unsigned ops);
/* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops ) \
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
- (unsigned) (ops) ) );
+# define MBEDTLS_ECP_BUDGET(ops) \
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, (unsigned)(ops)));
#else /* MBEDTLS_ECP_RESTARTABLE */
-#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
+# define MBEDTLS_ECP_BUDGET(ops) /* no-op; for compatibility */
/* We want to declare restartable versions of existing functions anyway */
typedef void mbedtls_ecp_restart_ctx;
@@ -418,27 +434,26 @@
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
-typedef struct mbedtls_ecp_keypair
-{
- mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
- mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
- mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
-}
-mbedtls_ecp_keypair;
+typedef struct mbedtls_ecp_keypair {
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point
+ */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
+} mbedtls_ecp_keypair;
/*
* Point formats, from RFC 4492's enum ECPointFormat
*/
/** Uncompressed point format. */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
+#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
/** Compressed point format. */
-#define MBEDTLS_ECP_PF_COMPRESSED 1
+#define MBEDTLS_ECP_PF_COMPRESSED 1
/*
* Some other constants from RFC 4492
*/
/** The named_curve of ECCurveType. */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE 3
+#define MBEDTLS_ECP_TLS_NAMED_CURVE 3
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -498,7 +513,7 @@
*
* \note This setting is currently ignored by Curve25519.
*/
-void mbedtls_ecp_set_max_ops( unsigned max_ops );
+void mbedtls_ecp_set_max_ops(unsigned max_ops);
/**
* \brief Check if restart is enabled (max_ops != 0)
@@ -506,13 +521,13 @@
* \return \c 0 if \c max_ops == 0 (restart disabled)
* \return \c 1 otherwise (restart enabled)
*/
-int mbedtls_ecp_restart_is_enabled( void );
+int mbedtls_ecp_restart_is_enabled(void);
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Get the type of a curve
*/
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
+mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp);
/**
* \brief This function retrieves the information defined in
@@ -526,7 +541,7 @@
*
* \return A statically allocated array. The last entry is 0.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void);
/**
* \brief This function retrieves the list of internal group
@@ -542,7 +557,7 @@
* \return A statically allocated array,
* terminated with MBEDTLS_ECP_DP_NONE.
*/
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void);
/**
* \brief This function retrieves curve information from an internal
@@ -553,7 +568,8 @@
* \return The associated curve information on success.
* \return NULL on failure.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+const mbedtls_ecp_curve_info *
+mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id);
/**
* \brief This function retrieves curve information from a TLS
@@ -564,7 +580,8 @@
* \return The associated curve information on success.
* \return NULL on failure.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+const mbedtls_ecp_curve_info *
+mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id);
/**
* \brief This function retrieves curve information from a
@@ -575,14 +592,15 @@
* \return The associated curve information on success.
* \return NULL on failure.
*/
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+const mbedtls_ecp_curve_info *
+mbedtls_ecp_curve_info_from_name(const char *name);
/**
* \brief This function initializes a point as zero.
*
* \param pt The point to initialize.
*/
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+void mbedtls_ecp_point_init(mbedtls_ecp_point *pt);
/**
* \brief This function initializes an ECP group context
@@ -593,21 +611,21 @@
* mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions.
*/
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+void mbedtls_ecp_group_init(mbedtls_ecp_group *grp);
/**
* \brief This function initializes a key pair as an invalid one.
*
* \param key The key pair to initialize.
*/
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key);
/**
* \brief This function frees the components of a point.
*
* \param pt The point to free.
*/
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+void mbedtls_ecp_point_free(mbedtls_ecp_point *pt);
/**
* \brief This function frees the components of an ECP group.
@@ -616,7 +634,7 @@
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized ECP group.
*/
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+void mbedtls_ecp_group_free(mbedtls_ecp_group *grp);
/**
* \brief This function frees the components of a key pair.
@@ -625,7 +643,7 @@
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized ECP key pair.
*/
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key);
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -634,7 +652,7 @@
* \param ctx The restart context to initialize. This must
* not be \c NULL.
*/
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
+void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx);
/**
* \brief Free the components of a restart context.
@@ -643,7 +661,7 @@
* case this function returns immediately. If it is not
* \c NULL, it must point to an initialized restart context.
*/
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
+void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx);
#endif /* MBEDTLS_ECP_RESTARTABLE */
/**
@@ -657,7 +675,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code for other kinds of failure.
*/
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
/**
* \brief This function copies the contents of group \p src into
@@ -670,8 +688,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
- const mbedtls_ecp_group *src );
+int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst,
+ const mbedtls_ecp_group *src);
/**
* \brief This function sets a point to the point at infinity.
@@ -682,7 +700,7 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt);
/**
* \brief This function checks if a point is the point at infinity.
@@ -693,7 +711,7 @@
* \return \c 0 if the point is non-zero.
* \return A negative error code on failure.
*/
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt);
/**
* \brief This function compares two points.
@@ -707,8 +725,8 @@
* \return \c 0 if the points are equal.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
*/
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
- const mbedtls_ecp_point *Q );
+int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q);
/**
* \brief This function imports a non-zero point from two ASCII
@@ -722,8 +740,10 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
*/
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
- const char *x, const char *y );
+int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P,
+ int radix,
+ const char *x,
+ const char *y);
/**
* \brief This function exports a point into unsigned binary data.
@@ -750,10 +770,12 @@
* or the export for the given group is not implemented.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen );
+int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *P,
+ int format,
+ size_t *olen,
+ unsigned char *buf,
+ size_t buflen);
/**
* \brief This function imports a point from unsigned binary data.
@@ -777,9 +799,10 @@
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
* given group is not implemented.
*/
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *P,
- const unsigned char *buf, size_t ilen );
+int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P,
+ const unsigned char *buf,
+ size_t ilen);
/**
* \brief This function imports a point from a TLS ECPoint record.
@@ -799,9 +822,10 @@
* failure.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
*/
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char **buf,
+ size_t len);
/**
* \brief This function exports a point as a TLS ECPoint record
@@ -825,10 +849,12 @@
* is too small to hold the exported point.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt,
+ int format,
+ size_t *olen,
+ unsigned char *buf,
+ size_t blen);
/**
* \brief This function sets up an ECP group context
@@ -847,7 +873,7 @@
* correspond to a known group.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
+int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id);
/**
* \brief This function sets up an ECP group context from a TLS
@@ -866,8 +892,9 @@
* recognized.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
- const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
+ const unsigned char **buf,
+ size_t len);
/**
* \brief This function extracts an elliptic curve group ID from a
@@ -887,9 +914,9 @@
* recognized.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
- const unsigned char **buf,
- size_t len );
+int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
+ const unsigned char **buf,
+ size_t len);
/**
* \brief This function exports an elliptic curve as a TLS
* ECParameters record as defined in RFC 4492, Section 5.4.
@@ -908,9 +935,10 @@
* buffer is too small to hold the exported group.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
- size_t *olen,
- unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp,
+ size_t *olen,
+ unsigned char *buf,
+ size_t blen);
/**
* \brief This function performs a scalar multiplication of a point
@@ -941,9 +969,12 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecp_mul(mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function performs multiplication of a point by
@@ -975,10 +1006,13 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_ecp_restart_ctx *rs_ctx );
+int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx);
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/**
@@ -1016,9 +1050,12 @@
* designate a short Weierstrass curve.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+int mbedtls_ecp_muladd(mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n,
+ const mbedtls_ecp_point *Q);
/**
* \brief This function performs multiplication and addition of two
@@ -1060,11 +1097,13 @@
* operations was reached: see \c mbedtls_ecp_set_max_ops().
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_muladd_restartable(
- mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
- mbedtls_ecp_restart_ctx *rs_ctx );
+int mbedtls_ecp_muladd_restartable(mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n,
+ const mbedtls_ecp_point *Q,
+ mbedtls_ecp_restart_ctx *rs_ctx);
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
/**
@@ -1094,8 +1133,8 @@
* a valid public key for the given curve.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *pt );
+int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt);
/**
* \brief This function checks that an \p mbedtls_mpi is a
@@ -1116,8 +1155,8 @@
* private key for the given curve.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
- const mbedtls_mpi *d );
+int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *d);
/**
* \brief This function generates a private key.
@@ -1134,10 +1173,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
- mbedtls_mpi *d,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function generates a keypair with a configurable base
@@ -1166,11 +1205,12 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *d,
+ mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function generates an ECP keypair.
@@ -1195,10 +1235,11 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
- mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
+ mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function generates an ECP key.
@@ -1213,9 +1254,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id,
+ mbedtls_ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief This function reads an elliptic curve private key.
@@ -1235,8 +1277,10 @@
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- const unsigned char *buf, size_t buflen );
+int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id,
+ mbedtls_ecp_keypair *key,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief This function exports an elliptic curve private key.
@@ -1254,8 +1298,9 @@
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen );
+int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+ unsigned char *buf,
+ size_t buflen);
/**
* \brief This function checks that the keypair objects
@@ -1277,9 +1322,10 @@
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
* error code on calculation failure.
*/
-int mbedtls_ecp_check_pub_priv(
- const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub,
+ const mbedtls_ecp_keypair *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
#if defined(MBEDTLS_SELF_TEST)
@@ -1289,7 +1335,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_ecp_self_test( int verbose );
+int mbedtls_ecp_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 38373c2..514aa28 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -28,67 +28,67 @@
#include <stddef.h>
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "mbedtls/sha512.h"
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+# include "mbedtls/sha512.h"
+# define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#else
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "mbedtls/sha256.h"
-#endif
+# if defined(MBEDTLS_SHA256_C)
+# define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+# include "mbedtls/sha256.h"
+# endif
#endif
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
-
/** Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
/** No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
/** No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
/** No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
/** Read/write error in file. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
/** Maximum number of sources supported */
-#define MBEDTLS_ENTROPY_MAX_SOURCES 20
+# define MBEDTLS_ENTROPY_MAX_SOURCES 20
#endif
#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
/** Maximum amount requested from entropy sources */
-#define MBEDTLS_ENTROPY_MAX_GATHER 128
+# define MBEDTLS_ENTROPY_MAX_GATHER 128
#endif
/* \} name SECTION: Module settings */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
/** Block size of entropy accumulator (SHA-512) */
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 64
+# define MBEDTLS_ENTROPY_BLOCK_SIZE 64
#else
/** Block size of entropy accumulator (SHA-256) */
-#define MBEDTLS_ENTROPY_BLOCK_SIZE 32
+# define MBEDTLS_ENTROPY_BLOCK_SIZE 32
#endif
/** Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
/** Entropy source is strong */
-#define MBEDTLS_ENTROPY_SOURCE_STRONG 1
+#define MBEDTLS_ENTROPY_SOURCE_STRONG 1
/** Entropy source is weak */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK 0
+#define MBEDTLS_ENTROPY_SOURCE_WEAK 0
#ifdef __cplusplus
extern "C" {
@@ -105,52 +105,56 @@
* \return 0 if no critical failures occurred,
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
*/
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
- size_t *olen);
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data,
+ unsigned char *output,
+ size_t len,
+ size_t *olen);
/**
* \brief Entropy source state
*/
-typedef struct mbedtls_entropy_source_state
-{
- mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
- void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
- size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
- size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
- int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
+typedef struct mbedtls_entropy_source_state {
+ mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy
+ source callback
+ */
+ void *MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
+ size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
+ size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before
+ release */
+ int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
+} mbedtls_entropy_source_state;
/**
* \brief Entropy context structure
*/
-typedef struct mbedtls_entropy_context
-{
+typedef struct mbedtls_entropy_context {
int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
- * 1 after the first update.
- * -1 after free. */
+ * 1 after the first update.
+ * -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
+ mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else
- mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
+ mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
#endif
- int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
- mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
+ int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
+ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)
+ [MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
int MBEDTLS_PRIVATE(initial_entropy_run);
#endif
-}
-mbedtls_entropy_context;
+} mbedtls_entropy_context;
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
/**
* \brief Platform-specific entropy poll callback
*/
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen );
+int mbedtls_platform_entropy_poll(void *data,
+ unsigned char *output,
+ size_t len,
+ size_t *olen);
#endif
/**
@@ -158,14 +162,14 @@
*
* \param ctx Entropy context to initialize
*/
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+void mbedtls_entropy_init(mbedtls_entropy_context *ctx);
/**
* \brief Free the data in the context
*
* \param ctx Entropy context to free
*/
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+void mbedtls_entropy_free(mbedtls_entropy_context *ctx);
/**
* \brief Adds an entropy source to poll
@@ -184,9 +188,11 @@
*
* \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
*/
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
- mbedtls_entropy_f_source_ptr f_source, void *p_source,
- size_t threshold, int strong );
+int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
+ mbedtls_entropy_f_source_ptr f_source,
+ void *p_source,
+ size_t threshold,
+ int strong);
/**
* \brief Trigger an extra gather poll for the accumulator
@@ -196,7 +202,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+int mbedtls_entropy_gather(mbedtls_entropy_context *ctx);
/**
* \brief Retrieve entropy from the accumulator
@@ -209,7 +215,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+int mbedtls_entropy_func(void *data, unsigned char *output, size_t len);
/**
* \brief Add data to the accumulator manually
@@ -221,8 +227,9 @@
*
* \return 0 if successful
*/
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
- const unsigned char *data, size_t len );
+int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
+ const unsigned char *data,
+ size_t len);
#if defined(MBEDTLS_ENTROPY_NV_SEED)
/**
@@ -233,7 +240,7 @@
*
* \return 0 if successful
*/
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
+int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx);
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_FS_IO)
@@ -247,7 +254,8 @@
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx,
+ const char *path);
/**
* \brief Read and update a seed file. Seed is added to this
@@ -261,7 +269,8 @@
* MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
* MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
*/
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx,
+ const char *path);
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_SELF_TEST)
@@ -273,9 +282,9 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_entropy_self_test( int verbose );
+int mbedtls_entropy_self_test(int verbose);
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+# if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
/**
* \brief Checkup routine
*
@@ -289,8 +298,8 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_entropy_source_self_test( int verbose );
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+int mbedtls_entropy_source_self_test(int verbose);
+# endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index b546d4d..5ff4366 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -26,9 +26,9 @@
#include <stddef.h>
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+ !defined(__cplusplus)
+# define inline __inline
#endif
/**
@@ -109,12 +109,12 @@
#endif
/** Generic error */
-#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
+#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
/** This is a bug in the library */
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
/** Hardware accelerator failed */
-#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
+#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
/** The requested feature is not supported by the platform */
#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
@@ -124,15 +124,15 @@
* Wrapper macro for mbedtls_error_add(). See that function for
* more details.
*/
-#define MBEDTLS_ERROR_ADD( high, low ) \
- mbedtls_error_add( high, low, __FILE__, __LINE__ )
+#define MBEDTLS_ERROR_ADD(high, low) \
+ mbedtls_error_add(high, low, __FILE__, __LINE__)
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief Testing hook called before adding/combining two error codes together.
* Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
*/
-extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
+extern void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
#endif
/**
@@ -153,17 +153,17 @@
* \param file file where this error code addition occurred.
* \param line line where this error code addition occurred.
*/
-static inline int mbedtls_error_add( int high, int low,
- const char *file, int line )
+static inline int
+mbedtls_error_add(int high, int low, const char *file, int line)
{
#if defined(MBEDTLS_TEST_HOOKS)
- if( *mbedtls_test_hook_error_add != NULL )
- ( *mbedtls_test_hook_error_add )( high, low, file, line );
+ if (*mbedtls_test_hook_error_add != NULL)
+ (*mbedtls_test_hook_error_add)(high, low, file, line);
#endif
(void)file;
(void)line;
- return high + low ;
+ return high + low;
}
/**
@@ -175,7 +175,7 @@
* \param buffer buffer to place representation in
* \param buflen length of the buffer
*/
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
/**
* \brief Translate the high-level part of an Mbed TLS error code into a string
@@ -190,7 +190,7 @@
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
-const char * mbedtls_high_level_strerr( int error_code );
+const char *mbedtls_high_level_strerr(int error_code);
/**
* \brief Translate the low-level part of an Mbed TLS error code into a string
@@ -205,7 +205,7 @@
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
-const char * mbedtls_low_level_strerr( int error_code );
+const char *mbedtls_low_level_strerr(int error_code);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 9d9155f..338f938 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -38,13 +38,13 @@
#include <stdint.h>
-#define MBEDTLS_GCM_ENCRYPT 1
-#define MBEDTLS_GCM_DECRYPT 0
+#define MBEDTLS_GCM_ENCRYPT 1
+#define MBEDTLS_GCM_DECRYPT 0
/** Authenticated decryption failed. */
-#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
+#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
+#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
#ifdef __cplusplus
extern "C" {
@@ -55,24 +55,26 @@
/**
* \brief The GCM context structure.
*/
-typedef struct mbedtls_gcm_context
-{
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
- uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
- uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
- uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
- uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
- unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
- unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
- unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
- int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
- #MBEDTLS_GCM_ENCRYPT or
- #MBEDTLS_GCM_DECRYPT. */
-}
-mbedtls_gcm_context;
+typedef struct mbedtls_gcm_context {
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
+ context used. */
+ uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
+ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
+ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data.
+ */
+ uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional
+ data. */
+ unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag.
+ */
+ unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
+ unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
+ int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
+ #MBEDTLS_GCM_ENCRYPT or
+ #MBEDTLS_GCM_DECRYPT. */
+} mbedtls_gcm_context;
-#else /* !MBEDTLS_GCM_ALT */
-#include "gcm_alt.h"
+#else /* !MBEDTLS_GCM_ALT */
+# include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
/**
@@ -86,7 +88,7 @@
*
* \param ctx The GCM context to initialize. This must not be \c NULL.
*/
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+void mbedtls_gcm_init(mbedtls_gcm_context *ctx);
/**
* \brief This function associates a GCM context with a
@@ -104,10 +106,10 @@
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits );
+int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits);
/**
* \brief This function performs GCM encryption or decryption of a buffer.
@@ -160,17 +162,17 @@
* not valid or a cipher-specific error code if the encryption
* or decryption failed.
*/
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
- int mode,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *input,
- unsigned char *output,
- size_t tag_len,
- unsigned char *tag );
+int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
+ int mode,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t tag_len,
+ unsigned char *tag);
/**
* \brief This function performs a GCM authenticated decryption of a
@@ -205,16 +207,16 @@
* not valid or a cipher-specific error code if the decryption
* failed.
*/
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *iv,
- size_t iv_len,
- const unsigned char *add,
- size_t add_len,
- const unsigned char *tag,
- size_t tag_len,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
+ size_t length,
+ const unsigned char *iv,
+ size_t iv_len,
+ const unsigned char *add,
+ size_t add_len,
+ const unsigned char *tag,
+ size_t tag_len,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function starts a GCM encryption or decryption
@@ -229,10 +231,10 @@
*
* \return \c 0 on success.
*/
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
- int mode,
- const unsigned char *iv,
- size_t iv_len );
+int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len);
/**
* \brief This function feeds an input buffer as associated data
@@ -254,9 +256,9 @@
*
* \return \c 0 on success.
*/
-int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
- const unsigned char *add,
- size_t add_len );
+int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
+ const unsigned char *add,
+ size_t add_len);
/**
* \brief This function feeds an input buffer into an ongoing GCM
@@ -309,10 +311,12 @@
* unsupported input/output buffer overlap detected,
* or \p output_size too small.
*/
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
- const unsigned char *input, size_t input_length,
- unsigned char *output, size_t output_size,
- size_t *output_length );
+int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
+ const unsigned char *input,
+ size_t input_length,
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_length);
/**
* \brief This function finishes the GCM operation and generates
@@ -347,10 +351,12 @@
* invalid value of \p tag_len,
* or \p output_size too small.
*/
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
- unsigned char *output, size_t output_size,
- size_t *output_length,
- unsigned char *tag, size_t tag_len );
+int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_length,
+ unsigned char *tag,
+ size_t tag_len);
/**
* \brief This function clears a GCM context and the underlying
@@ -359,7 +365,7 @@
* \param ctx The GCM context to clear. If this is \c NULL, the call has
* no effect. Otherwise, this must be initialized.
*/
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+void mbedtls_gcm_free(mbedtls_gcm_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -369,7 +375,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_gcm_self_test( int verbose );
+int mbedtls_gcm_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
@@ -377,5 +383,4 @@
}
#endif
-
#endif /* gcm.h */
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index e6bfe05..0e75b71 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -34,7 +34,7 @@
* \{
*/
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
+#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
/* \} name */
#ifdef __cplusplus
@@ -65,10 +65,15 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
- size_t salt_len, const unsigned char *ikm, size_t ikm_len,
- const unsigned char *info, size_t info_len,
- unsigned char *okm, size_t okm_len );
+int mbedtls_hkdf(const mbedtls_md_info_t *md,
+ const unsigned char *salt,
+ size_t salt_len,
+ const unsigned char *ikm,
+ size_t ikm_len,
+ const unsigned char *info,
+ size_t info_len,
+ unsigned char *okm,
+ size_t okm_len);
/**
* \brief Take the input keying material \p ikm and extract from it a
@@ -94,10 +99,12 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
- const unsigned char *salt, size_t salt_len,
- const unsigned char *ikm, size_t ikm_len,
- unsigned char *prk );
+int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
+ const unsigned char *salt,
+ size_t salt_len,
+ const unsigned char *ikm,
+ size_t ikm_len,
+ unsigned char *prk);
/**
* \brief Expand the supplied \p prk into several additional pseudorandom
@@ -125,9 +132,13 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
- size_t prk_len, const unsigned char *info,
- size_t info_len, unsigned char *okm, size_t okm_len );
+int mbedtls_hkdf_expand(const mbedtls_md_info_t *md,
+ const unsigned char *prk,
+ size_t prk_len,
+ const unsigned char *info,
+ size_t info_len,
+ unsigned char *okm,
+ size_t okm_len);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 8c0e72d..39401cb 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -32,55 +32,56 @@
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
/*
* Error codes
*/
/** Too many random requested in single call. */
-#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
/** Input too large (Entropy + additional). */
-#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
/** Read/write error in file. */
-#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
/** The entropy source failed. */
-#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
/** Interval before reseed is performed by default */
-#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
+# define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
#endif
#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
/** Maximum number of additional input bytes */
-#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
+# define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
#endif
#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
/** Maximum number of requested bytes per call */
-#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
+# define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
#endif
#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
/** Maximum size of (re)seed buffer */
-#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
+# define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
#endif
/* \} name SECTION: Module settings */
/** No prediction resistance */
-#define MBEDTLS_HMAC_DRBG_PR_OFF 0
+#define MBEDTLS_HMAC_DRBG_PR_OFF 0
/** Prediction resistance enabled */
-#define MBEDTLS_HMAC_DRBG_PR_ON 1
+#define MBEDTLS_HMAC_DRBG_PR_ON 1
#ifdef __cplusplus
extern "C" {
@@ -89,23 +90,29 @@
/**
* HMAC_DRBG context.
*/
-typedef struct mbedtls_hmac_drbg_context
-{
+typedef struct mbedtls_hmac_drbg_context {
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
- mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
- unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
- int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
+ unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */
- size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
- int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
- reseed before every random generation) */
- int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each
+ (re)seed */
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction
+ resistance (Automatic reseed before every
+ random generation) */
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */
- int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
- void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *,
+ unsigned char *,
+ size_t); /*!<
+ entropy
+ function
+ */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if
@@ -126,13 +133,14 @@
* This function makes the context ready for mbedtls_hmac_drbg_seed(),
* mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
*
- * \note The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+ * \note The reseed interval is
+ * #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
* by default. Override this value by calling
* mbedtls_hmac_drbg_set_reseed_interval().
*
* \param ctx HMAC_DRBG context to be initialized.
*/
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx);
/**
* \brief HMAC_DRBG initial seeding.
@@ -202,12 +210,12 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
* if the call to \p f_entropy failed.
*/
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len );
+int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,
+ const mbedtls_md_info_t *md_info,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len);
/**
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
@@ -237,9 +245,10 @@
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
* memory to allocate context data.
*/
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
- const unsigned char *data, size_t data_len );
+int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
+ const mbedtls_md_info_t *md_info,
+ const unsigned char *data,
+ size_t data_len);
/**
* \brief This function turns prediction resistance on or off.
@@ -254,8 +263,8 @@
* \param ctx The HMAC_DRBG context.
* \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
*/
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
- int resistance );
+void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
+ int resistance);
/**
* \brief This function sets the amount of entropy grabbed on each
@@ -266,8 +275,8 @@
* \param ctx The HMAC_DRBG context.
* \param len The amount of entropy to grab, in bytes.
*/
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
- size_t len );
+void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx,
+ size_t len);
/**
* \brief Set the reseed interval.
@@ -281,8 +290,8 @@
* \param ctx The HMAC_DRBG context.
* \param interval The reseed interval.
*/
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
- int interval );
+void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx,
+ int interval);
/**
* \brief This function updates the state of the HMAC_DRBG context.
@@ -301,8 +310,9 @@
* \return \c 0 on success, or an error from the underlying
* hash calculation.
*/
-int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
+int mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len);
/**
* \brief This function reseeds the HMAC_DRBG context, that is
@@ -328,8 +338,9 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
* if a call to the entropy function failed.
*/
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t len );
+int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t len);
/**
* \brief This function updates an HMAC_DRBG instance with additional
@@ -362,10 +373,11 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
* \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
*/
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
- unsigned char *output, size_t output_len,
- const unsigned char *additional,
- size_t add_len );
+int mbedtls_hmac_drbg_random_with_add(void *p_rng,
+ unsigned char *output,
+ size_t output_len,
+ const unsigned char *additional,
+ size_t add_len);
/**
* \brief This function uses HMAC_DRBG to generate random data.
@@ -394,7 +406,9 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
* \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
*/
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+int mbedtls_hmac_drbg_random(void *p_rng,
+ unsigned char *output,
+ size_t out_len);
/**
* \brief This function resets HMAC_DRBG context to the state immediately
@@ -402,7 +416,7 @@
*
* \param ctx The HMAC_DRBG context to free.
*/
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx);
#if defined(MBEDTLS_FS_IO)
/**
@@ -416,7 +430,8 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx,
+ const char *path);
/**
* \brief This function reads and updates a seed file. The seed
@@ -432,10 +447,10 @@
* \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
* seed file is too large.
*/
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx,
+ const char *path);
#endif /* MBEDTLS_FS_IO */
-
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief The HMAC_DRBG Checkup routine.
@@ -443,7 +458,7 @@
* \return \c 0 if successful.
* \return \c 1 if the test failed.
*/
-int mbedtls_hmac_drbg_self_test( int verbose );
+int mbedtls_hmac_drbg_self_test(int verbose);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 9e48f80..b5b57f1 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -165,8 +165,8 @@
*
* Enabling MBEDTLS_PLATFORM_MEMORY without the
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative
+ * calloc() and free() function pointer at runtime.
*
* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
@@ -346,14 +346,14 @@
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
* Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
+ * no longer provide the mbedtls_sha1_process() function, but it will still
+ * provide the other function (using your mbedtls_sha1_process() function) and
+ * the definition of mbedtls_sha1_context, so your implementation of
+ * mbedtls_sha1_process must be compatible with this definition.
*
* \note If you use the AES_xxx_ALT macros, then it is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the
+ * AES tables.
*
* Uncomment a macro to enable alternate implementation of the corresponding
* function.
@@ -3020,7 +3020,8 @@
//#define MBEDTLS_MPI_MAX_SIZE 1024
/* CTR_DRBG options */
-/** Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+/** Amount of entropy used per seed by default (48 with SHA-512, 32 with
+ * SHA-256) */
//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
/** Interval before reseed is performed by default */
//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
@@ -3052,7 +3053,8 @@
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20
/** Maximum amount requested from entropy sources */
//#define MBEDTLS_ENTROPY_MAX_GATHER 128
-/** Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+/** Default minimum number of bytes required for the hardware entropy source
+ * mbedtls_hardware_poll() before entropy is released */
//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32
/* Memory buffer allocator options */
@@ -3060,7 +3062,9 @@
//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if
+// MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is
+// needed. */
/** Default allocator to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
/** Default free to use, can be undefined */
@@ -3084,19 +3088,23 @@
//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
/** Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to
+// read/write with default implementation */
/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be
+ * defined */
/** Default allocator macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc
/** Default free macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FREE_MACRO free
/** Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit
-/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be
+ * enabled */
//#define MBEDTLS_PLATFORM_TIME_MACRO time
-/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be
+ * enabled */
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t
/** Default fprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf
@@ -3108,9 +3116,10 @@
/** Default vsnprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf
/** Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read
/** Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+// mbedtls_platform_std_nv_seed_write
/* PSA options */
/**
@@ -3234,7 +3243,8 @@
/** Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_PSK_MAX_LEN 32
-/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in
+ * number of cookies issued */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60
/**
@@ -3249,12 +3259,14 @@
*
* The value below is only an example, not the default.
*/
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+//#define MBEDTLS_SSL_CIPHERSUITES
+// MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/* X509 options */
/** Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
-/** Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+/** Maximum length of a path/filename string in bytes including the null
+ * terminator character ('\0'). */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
/**
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index fa2b152..56d9082 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -1,4 +1,4 @@
- /**
+/**
* \file md.h
*
* \brief This file contains the generic message-digest wrapper.
@@ -31,13 +31,13 @@
#include "mbedtls/build_info.h"
/** The selected feature is not available. */
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
/** Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
+#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
/** Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
#ifdef __cplusplus
extern "C" {
@@ -51,27 +51,28 @@
* stronger message digests instead.
*
*/
-typedef enum {
- MBEDTLS_MD_NONE=0, /**< None. */
- MBEDTLS_MD_MD5, /**< The MD5 message digest. */
- MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
- MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
- MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
- MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
- MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
+typedef enum
+{
+ MBEDTLS_MD_NONE = 0, /**< None. */
+ MBEDTLS_MD_MD5, /**< The MD5 message digest. */
+ MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
+ MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
+ MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
+ MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
+ MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
} mbedtls_md_type_t;
#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
+# define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
#else
-#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
+# define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#endif
#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
+# define MBEDTLS_MD_MAX_BLOCK_SIZE 128
#else
-#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
+# define MBEDTLS_MD_MAX_BLOCK_SIZE 64
#endif
/**
@@ -89,8 +90,7 @@
/**
* The generic message-digest context.
*/
-typedef struct mbedtls_md_context_t
-{
+typedef struct mbedtls_md_context_t {
/** Information about the associated message digest. */
const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
@@ -112,7 +112,7 @@
* message-digest enumeration #mbedtls_md_type_t.
* The last entry is 0.
*/
-const int *mbedtls_md_list( void );
+const int *mbedtls_md_list(void);
/**
* \brief This function returns the message-digest information
@@ -123,7 +123,7 @@
* \return The message-digest information associated with \p md_name.
* \return NULL if the associated message-digest information is not found.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name);
/**
* \brief This function returns the message-digest information
@@ -134,7 +134,7 @@
* \return The message-digest information associated with \p md_type.
* \return NULL if the associated message-digest information is not found.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type);
/**
* \brief This function initializes a message-digest context without
@@ -144,7 +144,7 @@
* context for mbedtls_md_setup() for binding it to a
* message-digest algorithm.
*/
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
+void mbedtls_md_init(mbedtls_md_context_t *ctx);
/**
* \brief This function clears the internal structure of \p ctx and
@@ -159,8 +159,7 @@
* You must not call this function if you have not called
* mbedtls_md_init().
*/
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
+void mbedtls_md_free(mbedtls_md_context_t *ctx);
/**
* \brief This function selects the message digest algorithm to use,
@@ -181,7 +180,9 @@
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+int mbedtls_md_setup(mbedtls_md_context_t *ctx,
+ const mbedtls_md_info_t *md_info,
+ int hmac);
/**
* \brief This function clones the state of an message-digest
@@ -202,8 +203,8 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
*/
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
- const mbedtls_md_context_t *src );
+int mbedtls_md_clone(mbedtls_md_context_t *dst,
+ const mbedtls_md_context_t *src);
/**
* \brief This function extracts the message-digest size from the
@@ -214,7 +215,7 @@
*
* \return The size of the message-digest output in Bytes.
*/
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
/**
* \brief This function extracts the message-digest type from the
@@ -225,7 +226,7 @@
*
* \return The type of the message digest.
*/
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info);
/**
* \brief This function extracts the message-digest name from the
@@ -236,7 +237,7 @@
*
* \return The name of the message digest.
*/
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info);
/**
* \brief This function starts a message-digest computation.
@@ -251,7 +252,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+int mbedtls_md_starts(mbedtls_md_context_t *ctx);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -269,7 +270,9 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+int mbedtls_md_update(mbedtls_md_context_t *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the digest operation,
@@ -289,7 +292,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief This function calculates the message-digest of a buffer,
@@ -309,8 +312,10 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
- unsigned char *output );
+int mbedtls_md(const mbedtls_md_info_t *md_info,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output);
#if defined(MBEDTLS_FS_IO)
/**
@@ -330,8 +335,9 @@
* the file pointed by \p path.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
- unsigned char *output );
+int mbedtls_md_file(const mbedtls_md_info_t *md_info,
+ const char *path,
+ unsigned char *output);
#endif /* MBEDTLS_FS_IO */
/**
@@ -352,8 +358,9 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
- size_t keylen );
+int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx,
+ const unsigned char *key,
+ size_t keylen);
/**
* \brief This function feeds an input buffer into an ongoing HMAC
@@ -374,8 +381,9 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
- size_t ilen );
+int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the HMAC operation, and writes
@@ -395,7 +403,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief This function prepares to authenticate a new message with
@@ -412,7 +420,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx);
/**
* \brief This function calculates the full generic HMAC
@@ -436,12 +444,15 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
- const unsigned char *input, size_t ilen,
- unsigned char *output );
+int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
+ const unsigned char *key,
+ size_t keylen,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output);
/* Internal use */
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index e7befc3..26e191a 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -48,16 +48,15 @@
* stronger message digests instead.
*
*/
-typedef struct mbedtls_md5_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
- uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
-}
-mbedtls_md5_context;
+typedef struct mbedtls_md5_context {
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed
+ */
+} mbedtls_md5_context;
-#else /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
+#else /* MBEDTLS_MD5_ALT */
+# include "md5_alt.h"
#endif /* MBEDTLS_MD5_ALT */
/**
@@ -70,7 +69,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md5_init( mbedtls_md5_context *ctx );
+void mbedtls_md5_init(mbedtls_md5_context *ctx);
/**
* \brief Clear MD5 context
@@ -82,7 +81,7 @@
* stronger message digests instead.
*
*/
-void mbedtls_md5_free( mbedtls_md5_context *ctx );
+void mbedtls_md5_free(mbedtls_md5_context *ctx);
/**
* \brief Clone (the state of) an MD5 context
@@ -95,8 +94,8 @@
* stronger message digests instead.
*
*/
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
- const mbedtls_md5_context *src );
+void mbedtls_md5_clone(mbedtls_md5_context *dst,
+ const mbedtls_md5_context *src);
/**
* \brief MD5 context setup
@@ -110,7 +109,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_starts( mbedtls_md5_context *ctx );
+int mbedtls_md5_starts(mbedtls_md5_context *ctx);
/**
* \brief MD5 process buffer
@@ -126,9 +125,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_update( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md5_update(mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief MD5 final digest
@@ -143,8 +142,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_finish( mbedtls_md5_context *ctx,
- unsigned char output[16] );
+int mbedtls_md5_finish(mbedtls_md5_context *ctx, unsigned char output[16]);
/**
* \brief MD5 process data block (internal use only)
@@ -159,8 +157,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
+ const unsigned char data[64]);
/**
* \brief Output = MD5( input buffer )
@@ -176,9 +174,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md5(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16]);
#if defined(MBEDTLS_SELF_TEST)
@@ -192,7 +190,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_self_test( int verbose );
+int mbedtls_md5_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 67ba4f1..72caf1b 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -30,21 +30,23 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
/** Align on multiples of this value */
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
+# define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
#endif
/* \} name SECTION: Module settings */
-#define MBEDTLS_MEMORY_VERIFY_NONE 0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+#define MBEDTLS_MEMORY_VERIFY_NONE 0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS \
+ (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {
@@ -65,12 +67,12 @@
* \param buf buffer to use as heap
* \param len size of the buffer
*/
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len);
/**
* \brief Free the mutex for thread-safety and clear remaining memory
*/
-void mbedtls_memory_buffer_alloc_free( void );
+void mbedtls_memory_buffer_alloc_free(void);
/**
* \brief Determine when the allocator should automatically verify the state
@@ -80,7 +82,7 @@
* \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
* MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
*/
-void mbedtls_memory_buffer_set_verify( int verify );
+void mbedtls_memory_buffer_set_verify(int verify);
#if defined(MBEDTLS_MEMORY_DEBUG)
/**
@@ -89,7 +91,7 @@
* Prints out a list of 'still allocated' blocks and their stack
* trace if MBEDTLS_MEMORY_BACKTRACE is defined.
*/
-void mbedtls_memory_buffer_alloc_status( void );
+void mbedtls_memory_buffer_alloc_status(void);
/**
* \brief Get the peak heap usage so far
@@ -99,12 +101,12 @@
* into smaller blocks but larger than the requested size.
* \param max_blocks Peak number of blocks in use, including free and used
*/
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks);
/**
* \brief Reset peak statistics
*/
-void mbedtls_memory_buffer_alloc_max_reset( void );
+void mbedtls_memory_buffer_alloc_max_reset(void);
/**
* \brief Get the current heap usage
@@ -114,7 +116,7 @@
* into smaller blocks but larger than the requested size.
* \param cur_blocks Current number of blocks in use, including free and used
*/
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks);
#endif /* MBEDTLS_MEMORY_DEBUG */
/**
@@ -128,7 +130,7 @@
*
* \return 0 if verified, 1 otherwise
*/
-int mbedtls_memory_buffer_alloc_verify( void );
+int mbedtls_memory_buffer_alloc_verify(void);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -136,7 +138,7 @@
*
* \return 0 if successful, or 1 if a test failed
*/
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
+int mbedtls_memory_buffer_alloc_self_test(int verbose);
#endif
#ifdef __cplusplus
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 1a0f790..5aa57d4 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -47,34 +47,34 @@
#include <stdint.h>
/** Failed to open a socket. */
-#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042
+#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042
/** The connection to the given server / port failed. */
-#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044
+#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044
/** Binding of the socket failed. */
-#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046
+#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046
/** Could not listen on the socket. */
-#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048
+#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048
/** Could not accept the incoming connection. */
-#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A
/** Reading information from the socket failed. */
-#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C
+#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C
/** Sending information through the socket failed. */
-#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E
+#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E
/** Connection was reset by peer. */
-#define MBEDTLS_ERR_NET_CONN_RESET -0x0050
+#define MBEDTLS_ERR_NET_CONN_RESET -0x0050
/** Failed to get an IP address for the given hostname. */
-#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
/** Buffer is too small to hold the data. */
-#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
/** The context is invalid, eg because it was free()ed. */
-#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
+#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
/** Polling the net context failed. */
-#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047
+#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047
/** Input invalid. */
-#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049
+#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049
/** The backlog that listen() should use. */
-#define MBEDTLS_NET_LISTEN_BACKLOG 10
+#define MBEDTLS_NET_LISTEN_BACKLOG 10
/** The TCP transport protocol */
#define MBEDTLS_NET_PROTO_TCP 0
@@ -82,7 +82,7 @@
#define MBEDTLS_NET_PROTO_UDP 1
/** Used in \c mbedtls_net_poll to check for pending data */
-#define MBEDTLS_NET_POLL_READ 1
+#define MBEDTLS_NET_POLL_READ 1
/** Used in \c mbedtls_net_poll to check if write possible */
#define MBEDTLS_NET_POLL_WRITE 2
@@ -97,11 +97,9 @@
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
-typedef struct mbedtls_net_context
-{
- int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
-}
-mbedtls_net_context;
+typedef struct mbedtls_net_context {
+ int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
+} mbedtls_net_context;
/**
* \brief Initialize a context
@@ -109,7 +107,7 @@
*
* \param ctx Context to initialize
*/
-void mbedtls_net_init( mbedtls_net_context *ctx );
+void mbedtls_net_init(mbedtls_net_context *ctx);
/**
* \brief Initiate a connection with host:port in the given protocol
@@ -126,7 +124,10 @@
*
* \note Sets the socket in connected mode even with UDP.
*/
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+int mbedtls_net_connect(mbedtls_net_context *ctx,
+ const char *host,
+ const char *port,
+ int proto);
/**
* \brief Create a receiving socket on bind_ip:port in the chosen
@@ -146,7 +147,10 @@
* \note Regardless of the protocol, opens the sockets and binds it.
* In addition, make the socket listening if protocol is TCP.
*/
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+int mbedtls_net_bind(mbedtls_net_context *ctx,
+ const char *bind_ip,
+ const char *port,
+ int proto);
/**
* \brief Accept a connection from a remote client
@@ -166,9 +170,11 @@
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
* non-blocking and accept() would block.
*/
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
- mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len );
+int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
+ mbedtls_net_context *client_ctx,
+ void *client_ip,
+ size_t buf_size,
+ size_t *ip_len);
/**
* \brief Check and wait for the context to be ready for read/write
@@ -195,7 +201,7 @@
* \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
* on success or timeout, or a negative return code otherwise.
*/
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
+int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout);
/**
* \brief Set the socket blocking
@@ -204,7 +210,7 @@
*
* \return 0 if successful, or a non-zero error code
*/
-int mbedtls_net_set_block( mbedtls_net_context *ctx );
+int mbedtls_net_set_block(mbedtls_net_context *ctx);
/**
* \brief Set the socket non-blocking
@@ -213,7 +219,7 @@
*
* \return 0 if successful, or a non-zero error code
*/
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+int mbedtls_net_set_nonblock(mbedtls_net_context *ctx);
/**
* \brief Portable usleep helper
@@ -223,7 +229,7 @@
* \note Real amount of time slept will not be less than
* select()'s timeout granularity (typically, 10ms).
*/
-void mbedtls_net_usleep( unsigned long usec );
+void mbedtls_net_usleep(unsigned long usec);
/**
* \brief Read at most 'len' characters. If no error occurs,
@@ -237,7 +243,7 @@
* or a non-zero error code; with a non-blocking socket,
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
*/
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len);
/**
* \brief Write at most 'len' characters. If no error occurs,
@@ -251,7 +257,7 @@
* or a non-zero error code; with a non-blocking socket,
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
*/
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len);
/**
* \brief Read at most 'len' characters, blocking for at most
@@ -279,22 +285,24 @@
* non-blocking. Handling timeouts with non-blocking reads
* requires a different strategy.
*/
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout );
+int mbedtls_net_recv_timeout(void *ctx,
+ unsigned char *buf,
+ size_t len,
+ uint32_t timeout);
/**
* \brief Closes down the connection and free associated data
*
* \param ctx The context to close
*/
-void mbedtls_net_close( mbedtls_net_context *ctx );
+void mbedtls_net_close(mbedtls_net_context *ctx);
/**
* \brief Gracefully shutdown the connection and free associated data
*
* \param ctx The context to free
*/
-void mbedtls_net_free( mbedtls_net_context *ctx );
+void mbedtls_net_free(mbedtls_net_context *ctx);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index bd6c658..0e30319 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -62,11 +62,12 @@
* Don't make any assumptions on this context!
*/
typedef struct {
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
+ context used. */
} mbedtls_nist_kw_context;
-#else /* MBEDTLS_NIST_key wrapping_ALT */
-#include "nist_kw_alt.h"
+#else /* MBEDTLS_NIST_key wrapping_ALT */
+# include "nist_kw_alt.h"
#endif /* MBEDTLS_NIST_KW_ALT */
/**
@@ -77,7 +78,7 @@
* \param ctx The key wrapping context to initialize.
*
*/
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
+void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx);
/**
* \brief This function initializes the key wrapping context set in the
@@ -95,11 +96,11 @@
* which are not supported.
* \return cipher-specific error code on failure of the underlying cipher.
*/
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
- mbedtls_cipher_id_t cipher,
- const unsigned char *key,
- unsigned int keybits,
- const int is_wrap );
+int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
+ mbedtls_cipher_id_t cipher,
+ const unsigned char *key,
+ unsigned int keybits,
+ const int is_wrap);
/**
* \brief This function releases and clears the specified key wrapping context
@@ -107,7 +108,7 @@
*
* \param ctx The key wrapping context to clear.
*/
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
+void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx);
/**
* \brief This function encrypts a buffer using key wrapping.
@@ -130,9 +131,13 @@
* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
* \return cipher-specific error code on failure of the underlying cipher.
*/
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t* out_len, size_t out_size );
+int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx,
+ mbedtls_nist_kw_mode_t mode,
+ const unsigned char *input,
+ size_t in_len,
+ unsigned char *output,
+ size_t *out_len,
+ size_t out_size);
/**
* \brief This function decrypts a buffer using key wrapping.
@@ -157,10 +162,13 @@
* \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
* \return cipher-specific error code on failure of the underlying cipher.
*/
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
- const unsigned char *input, size_t in_len,
- unsigned char *output, size_t* out_len, size_t out_size);
-
+int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
+ mbedtls_nist_kw_mode_t mode,
+ const unsigned char *input,
+ size_t in_len,
+ unsigned char *output,
+ size_t *out_len,
+ size_t out_size);
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
@@ -169,7 +177,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_nist_kw_self_test( int verbose );
+int mbedtls_nist_kw_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 836e455..df4b44a 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -31,249 +31,395 @@
#include <stddef.h>
#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
+# include "mbedtls/cipher.h"
#endif
#if defined(MBEDTLS_MD_C)
-#include "mbedtls/md.h"
+# include "mbedtls/md.h"
#endif
/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
+#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
/** output buffer is too small */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
/* This is for the benefit of X.509, but defined here in order to avoid
* having a "backwards" include of x.509.h here */
/*
* X.509 extension types (internal, arbitrary values for bitsets)
*/
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
+#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
+#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
+#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
+#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
+#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
+#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
+#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
+#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
+#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
+#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
+#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
+#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
+#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
/*
* Top level OID tuples
*/
-#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ "\x2b" /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY \
+ "\x60" /* {joint-iso-itu-t(2) country(16)} */
/*
* ISO Member bodies OID parts
*/
-#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
- MBEDTLS_OID_ORG_ANSI_X9_62
+#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY \
+ MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+ MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62 \
+ MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+ MBEDTLS_OID_ORG_ANSI_X9_62
/*
* ISO Identified organization OID parts
*/
-#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM \
+ MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST \
+ MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
/*
* ISO ITU OID parts
*/
-#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG \
+ MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
+ MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
-#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
+#define MBEDTLS_OID_GOV \
+ MBEDTLS_OID_ISO_ITU_US_ORG \
+ MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE \
+ MBEDTLS_OID_ISO_ITU_US_ORG \
+ MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
+#define MBEDTLS_OID_ID_CE \
+ MBEDTLS_OID_ISO_CCITT_DS \
+ "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
-#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
+#define MBEDTLS_OID_NIST_ALG \
+ MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) \
+ organization(1) gov(101) csor(3) \
+ nistAlgorithm(4) */
/**
* Private Internet Extensions
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
-#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
-#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
+#define MBEDTLS_OID_INTERNET \
+ MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
+#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
/*
* Arc for standard naming attributes
*/
-#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+#define MBEDTLS_OID_AT \
+ MBEDTLS_OID_ISO_CCITT_DS \
+ "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN \
+ MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME \
+ MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER \
+ MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY \
+ MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY \
+ MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE \
+ MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION \
+ MBEDTLS_OID_AT \
+ "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT \
+ MBEDTLS_OID_AT \
+ "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE \
+ MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS \
+ MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE \
+ MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME \
+ MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS \
+ MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER \
+ MBEDTLS_OID_AT \
+ "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER \
+ MBEDTLS_OID_AT \
+ "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER \
+ MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM \
+ MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
-#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+#define MBEDTLS_OID_UID \
+ "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
+#define MBEDTLS_OID_DOMAIN_COMPONENT \
+ "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
*/
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER \
+ MBEDTLS_OID_ID_CE \
+ "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER \
+ MBEDTLS_OID_ID_CE \
+ "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE \
+ MBEDTLS_OID_ID_CE \
+ "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES \
+ MBEDTLS_OID_ID_CE \
+ "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS \
+ MBEDTLS_OID_ID_CE \
+ "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME \
+ MBEDTLS_OID_ID_CE \
+ "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME \
+ MBEDTLS_OID_ID_CE \
+ "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS \
+ MBEDTLS_OID_ID_CE \
+ "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS \
+ MBEDTLS_OID_ID_CE \
+ "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS \
+ MBEDTLS_OID_ID_CE \
+ "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS \
+ MBEDTLS_OID_ID_CE \
+ "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE \
+ MBEDTLS_OID_ID_CE \
+ "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS \
+ MBEDTLS_OID_ID_CE \
+ "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY \
+ MBEDTLS_OID_ID_CE \
+ "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL \
+ MBEDTLS_OID_ID_CE \
+ "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* Certificate policies
*/
-#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
+#define MBEDTLS_OID_ANY_POLICY \
+ MBEDTLS_OID_CERTIFICATE_POLICIES \
+ "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
/*
* Netscape certificate extensions
*/
-#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
-#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
-#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
+#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
+#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
+#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
/*
* OIDs for CRL extensions
*/
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER \
+ MBEDTLS_OID_ID_CE \
+ "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
/*
* X.509 v3 Extended key usage OIDs
*/
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE \
+ MBEDTLS_OID_EXTENDED_KEY_USAGE \
+ "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+#define MBEDTLS_OID_KP \
+ MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH \
+ MBEDTLS_OID_KP \
+ "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH \
+ MBEDTLS_OID_KP \
+ "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING \
+ MBEDTLS_OID_KP \
+ "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION \
+ MBEDTLS_OID_KP \
+ "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING \
+ MBEDTLS_OID_KP \
+ "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING \
+ MBEDTLS_OID_KP \
+ "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
/**
* Wi-SUN Alliance Field Area Network
* { iso(1) identified-organization(3) dod(6) internet(1)
* private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
*/
-#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
+#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
-#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
-#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
+#define MBEDTLS_OID_ON \
+ MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
+#define MBEDTLS_OID_ON_HW_MODULE_NAME \
+ MBEDTLS_OID_ON \
+ "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
/*
* PKCS definition OIDs
*/
-#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+#define MBEDTLS_OID_PKCS \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1 \
+ MBEDTLS_OID_PKCS \
+ "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5 \
+ MBEDTLS_OID_PKCS \
+ "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9 \
+ MBEDTLS_OID_PKCS \
+ "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12 \
+ MBEDTLS_OID_PKCS \
+ "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
/*
* PKCS#1 OIDs
*/
-#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+#define MBEDTLS_OID_PKCS1_RSA \
+ MBEDTLS_OID_PKCS1 \
+ "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD5 \
+ MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1 \
+ MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224 \
+ MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256 \
+ MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384 \
+ MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512 \
+ MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
+#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
-#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+#define MBEDTLS_OID_PKCS9_EMAIL \
+ MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+#define MBEDTLS_OID_RSASSA_PSS \
+ MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1 \
+ MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
/*
* Digest algorithms
*/
-#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5 \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1 \
+ MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224 \
+ MBEDTLS_OID_NIST_ALG \
+ "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256 \
+ MBEDTLS_OID_NIST_ALG \
+ "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA384 \
+ MBEDTLS_OID_NIST_ALG \
+ "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA512 \
+ MBEDTLS_OID_NIST_ALG \
+ "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
+#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 \
+ MBEDTLS_OID_TELETRUST \
+ "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
-#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+#define MBEDTLS_OID_HMAC_SHA1 \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
+#define MBEDTLS_OID_HMAC_SHA224 \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
-#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
+#define MBEDTLS_OID_HMAC_SHA256 \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
-#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
+#define MBEDTLS_OID_HMAC_SHA384 \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
-#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+#define MBEDTLS_OID_HMAC_SHA512 \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
/*
* Encryption algorithms
*/
-#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
+#define MBEDTLS_OID_DES_CBC \
+ MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG \
+ "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC \
+ MBEDTLS_OID_RSA_COMPANY \
+ "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+#define MBEDTLS_OID_AES \
+ MBEDTLS_OID_NIST_ALG \
+ "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
/*
* Key Wrapping algorithms
@@ -281,41 +427,76 @@
/*
* RFC 5649
*/
-#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
-#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
-#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
-#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
-#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
-#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
+#define MBEDTLS_OID_AES128_KW \
+ MBEDTLS_OID_AES \
+ "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */
+#define MBEDTLS_OID_AES128_KWP \
+ MBEDTLS_OID_AES \
+ "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
+#define MBEDTLS_OID_AES192_KW \
+ MBEDTLS_OID_AES \
+ "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */
+#define MBEDTLS_OID_AES192_KWP \
+ MBEDTLS_OID_AES \
+ "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
+#define MBEDTLS_OID_AES256_KW \
+ MBEDTLS_OID_AES \
+ "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */
+#define MBEDTLS_OID_AES256_KWP \
+ MBEDTLS_OID_AES \
+ "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
/*
* PKCS#5 OIDs
*/
-#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+#define MBEDTLS_OID_PKCS5_PBKDF2 \
+ MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2 \
+ MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1 \
+ MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
/*
* PKCS#5 PBES1 algorithms
*/
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC \
+ MBEDTLS_OID_PKCS5 \
+ "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC \
+ MBEDTLS_OID_PKCS5 \
+ "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC \
+ MBEDTLS_OID_PKCS5 \
+ "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC \
+ MBEDTLS_OID_PKCS5 \
+ "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
/*
* PKCS#8 OIDs
*/
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ \
+ MBEDTLS_OID_PKCS9 \
+ "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
/*
* PKCS#12 PBE OIDs
*/
-#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+#define MBEDTLS_OID_PKCS12_PBE \
+ MBEDTLS_OID_PKCS12 \
+ "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC \
+ MBEDTLS_OID_PKCS12_PBE \
+ "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC \
+ MBEDTLS_OID_PKCS12_PBE \
+ "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC \
+ MBEDTLS_OID_PKCS12_PBE \
+ "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC \
+ MBEDTLS_OID_PKCS12_PBE \
+ "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
/*
* EC key algorithms from RFC 5480
@@ -323,12 +504,12 @@
/* id-ecPublicKey OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
/* id-ecDH OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132)
* schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
+#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
/*
* ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
@@ -336,35 +517,35 @@
/* secp192r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
+#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
/* secp224r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
+#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
/* secp256r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
+#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
/* secp384r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
+#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
/* secp521r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
+#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
/* secp192k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
+#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
/* secp224k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
+#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
/* secp256k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
+#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
/* RFC 5639 4.1
* ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
@@ -372,16 +553,17 @@
* algorithm(3) ecSign(2) 8}
* ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
* versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+#define MBEDTLS_OID_EC_BRAINPOOL_V1 \
+ MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
+#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
+#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
+#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
/*
* SEC1 C.1
@@ -389,38 +571,41 @@
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
* id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
*/
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD \
+ MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
/*
* ECDSA signature identifiers, from RFC 5480
*/
-#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG \
+ MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 \
+ MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
+#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
+#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
+#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
+#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
#ifdef __cplusplus
extern "C" {
@@ -429,13 +614,12 @@
/**
* \brief Base OID descriptor structure
*/
-typedef struct mbedtls_oid_descriptor_t
-{
- const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
- size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
+typedef struct mbedtls_oid_descriptor_t {
+ const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
+ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
- const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
+ const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
+ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;
@@ -450,7 +634,9 @@
* \return Length of the string written (excluding final NULL) or
* MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
*/
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+int mbedtls_oid_get_numeric_string(char *buf,
+ size_t size,
+ const mbedtls_asn1_buf *oid);
/**
* \brief Translate an X.509 extension OID into local values
@@ -460,7 +646,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
/**
* \brief Translate an X.509 attribute type OID into the short name
@@ -471,7 +657,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid,
+ const char **short_name);
/**
* \brief Translate PublicKeyAlgorithm OID into pk_type
@@ -481,7 +668,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid,
+ mbedtls_pk_type_t *pk_alg);
/**
* \brief Translate pk_type into PublicKeyAlgorithm OID
@@ -492,8 +680,9 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
- const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
+ const char **oid,
+ size_t *olen);
#if defined(MBEDTLS_ECP_C)
/**
@@ -504,7 +693,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid,
+ mbedtls_ecp_group_id *grp_id);
/**
* \brief Translate EC group identifier into NamedCurve OID
@@ -515,8 +705,9 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
- const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
+ const char **oid,
+ size_t *olen);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
@@ -529,8 +720,9 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg);
/**
* \brief Translate SignatureAlgorithm OID into description
@@ -540,7 +732,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid,
+ const char **desc);
/**
* \brief Translate md_type and pk_type into SignatureAlgorithm OID
@@ -552,8 +745,10 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg,
+ mbedtls_md_type_t md_alg,
+ const char **oid,
+ size_t *olen);
/**
* \brief Translate hash algorithm OID into md_type
@@ -563,7 +758,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid,
+ mbedtls_md_type_t *md_alg);
/**
* \brief Translate hmac algorithm OID into md_type
@@ -573,7 +769,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
+int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid,
+ mbedtls_md_type_t *md_hmac);
#endif /* MBEDTLS_MD_C */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -585,7 +782,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid,
+ const char **desc);
#endif
/**
@@ -596,7 +794,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid,
+ const char **desc);
/**
* \brief Translate md_type into hash algorithm OID
@@ -607,7 +806,9 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg,
+ const char **oid,
+ size_t *olen);
#if defined(MBEDTLS_CIPHER_C)
/**
@@ -618,7 +819,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid,
+ mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_PKCS12_C)
@@ -632,8 +834,9 @@
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
- mbedtls_cipher_type_t *cipher_alg );
+int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_PKCS12_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index baceb07..ec7fe03 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -34,23 +34,23 @@
* \{
*/
/** No PEM header or footer found. */
-#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
/** PEM string is not as expected. */
-#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
+#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
/** Failed to allocate memory. */
-#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
+#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
/** RSA IV is not in hex-format. */
-#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
/** Unsupported key encryption algorithm. */
-#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
/** Unavailable feature, e.g. hashing/encryption combination. */
-#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
/* \} name */
#ifdef __cplusplus
@@ -61,20 +61,19 @@
/**
* \brief PEM context structure
*/
-typedef struct mbedtls_pem_context
-{
- unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
- size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
- unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
-}
-mbedtls_pem_context;
+typedef struct mbedtls_pem_context {
+ unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
+ size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
+ unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header
+ information */
+} mbedtls_pem_context;
/**
* \brief PEM context setup
*
* \param ctx context to be initialized
*/
-void mbedtls_pem_init( mbedtls_pem_context *ctx );
+void mbedtls_pem_init(mbedtls_pem_context *ctx);
/**
* \brief Read a buffer for PEM information and store the resulting
@@ -98,17 +97,20 @@
*
* \return 0 on success, or a specific PEM error code
*/
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
- const unsigned char *data,
- const unsigned char *pwd,
- size_t pwdlen, size_t *use_len );
+int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx,
+ const char *header,
+ const char *footer,
+ const unsigned char *data,
+ const unsigned char *pwd,
+ size_t pwdlen,
+ size_t *use_len);
/**
* \brief PEM context memory freeing
*
* \param ctx context to be freed
*/
-void mbedtls_pem_free( mbedtls_pem_context *ctx );
+void mbedtls_pem_free(mbedtls_pem_context *ctx);
#endif /* MBEDTLS_PEM_PARSE_C */
#if defined(MBEDTLS_PEM_WRITE_C)
@@ -138,9 +140,13 @@
* the required minimum size of \p buf.
* \return Another PEM or BASE64 error code on other kinds of failure.
*/
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
- const unsigned char *der_data, size_t der_len,
- unsigned char *buf, size_t buf_len, size_t *olen );
+int mbedtls_pem_write_buffer(const char *header,
+ const char *footer,
+ const unsigned char *der_data,
+ size_t der_len,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
#endif /* MBEDTLS_PEM_WRITE_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 15d1a39..a78ba23 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -29,56 +29,56 @@
#include "mbedtls/md.h"
#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
+# include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
+# include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
+# include "mbedtls/ecdsa.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+# include "psa/crypto.h"
#endif
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+ !defined(__cplusplus)
+# define inline __inline
#endif
/** Memory allocation failed. */
-#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
+#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
/** Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
/** Read/write of file failed. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
/** Unsupported key version */
#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
/** Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
/** Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
/** The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
+#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
/** Elliptic curve is unsupported (only NIST curves are supported). */
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
/** Unavailable feature, e.g. RSA disabled for RSA key. */
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
/** The output buffer is too small. */
-#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
+#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
#ifdef __cplusplus
extern "C" {
@@ -87,8 +87,9 @@
/**
* \brief Public key types
*/
-typedef enum {
- MBEDTLS_PK_NONE=0,
+typedef enum
+{
+ MBEDTLS_PK_NONE = 0,
MBEDTLS_PK_RSA,
MBEDTLS_PK_ECKEY,
MBEDTLS_PK_ECKEY_DH,
@@ -102,8 +103,7 @@
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
-typedef struct mbedtls_pk_rsassa_pss_options
-{
+typedef struct mbedtls_pk_rsassa_pss_options {
mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
int MBEDTLS_PRIVATE(expected_salt_len);
@@ -123,42 +123,43 @@
*/
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
-#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
+#if (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)) && \
MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For RSA, the signature can be as large as the bignum module allows.
* For RSA_ALT, the signature size is not necessarily tied to what the
* bignum module can do, but in the absence of any specific setting,
* we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+# define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
-#if defined(MBEDTLS_ECDSA_C) && \
+#if defined(MBEDTLS_ECDSA_C) && \
MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* For ECDSA, the ecdsa module exports a constant for the maximum
* signature size. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+# define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+# if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
* through the PSA API in the PSA representation. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
-#endif
+# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+# define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
+# endif
-#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+# if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
/* The Mbed TLS representation is different for ECDSA signatures:
* PSA uses the raw concatenation of r and s,
* whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
* Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
* types, lengths (represented by up to 2 bytes), and potential leading
* zeros of the INTEGERs and the SEQUENCE. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
-#endif
+# undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+# define MBEDTLS_PK_SIGNATURE_MAX_SIZE \
+ (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11)
+# endif
#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
/**
@@ -174,8 +175,7 @@
/**
* \brief Item to send to the debug module
*/
-typedef struct mbedtls_pk_debug_item
-{
+typedef struct mbedtls_pk_debug_item {
mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
const char *MBEDTLS_PRIVATE(name);
void *MBEDTLS_PRIVATE(value);
@@ -192,20 +192,20 @@
/**
* \brief Public key container
*/
-typedef struct mbedtls_pk_context
-{
- const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
+typedef struct mbedtls_pk_context {
+ const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key
+ information */
+ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Context for resuming operations
*/
-typedef struct
-{
- const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
- void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
+typedef struct {
+ const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key
+ information */
+ void *MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */
@@ -219,9 +219,9 @@
* \warning You must make sure the PK context actually holds an RSA context
* before using this function!
*/
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
{
- return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
+ return ((mbedtls_rsa_context *)(pk).MBEDTLS_PRIVATE(pk_ctx));
}
#endif /* MBEDTLS_RSA_C */
@@ -232,9 +232,9 @@
* \warning You must make sure the PK context actually holds an EC context
* before using this function!
*/
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
{
- return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
+ return ((mbedtls_ecp_keypair *)(pk).MBEDTLS_PRIVATE(pk_ctx));
}
#endif /* MBEDTLS_ECP_C */
@@ -242,14 +242,21 @@
/**
* \brief Types for RSA-alt abstraction
*/
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_md_type_t md_alg, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
+typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
@@ -259,7 +266,7 @@
*
* \return The PK info associated with the type or NULL if not found.
*/
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type);
/**
* \brief Initialize a #mbedtls_pk_context (as NONE).
@@ -267,7 +274,7 @@
* \param ctx The context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
+void mbedtls_pk_init(mbedtls_pk_context *ctx);
/**
* \brief Free the components of a #mbedtls_pk_context.
@@ -280,7 +287,7 @@
* PSA key and you still need to call psa_destroy_key()
* independently if you want to destroy that key.
*/
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
+void mbedtls_pk_free(mbedtls_pk_context *ctx);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -289,7 +296,7 @@
* \param ctx The context to initialize.
* This must not be \c NULL.
*/
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
+void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
@@ -297,7 +304,7 @@
* \param ctx The context to clear. It must have been initialized.
* If this is \c NULL, this function does nothing.
*/
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
+void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/**
@@ -315,7 +322,7 @@
* \note For contexts holding an RSA-alt key, use
* \c mbedtls_pk_setup_rsa_alt() instead.
*/
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -346,8 +353,7 @@
* ECC key pair.
* \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
- const psa_key_id_t key );
+int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const psa_key_id_t key);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -366,10 +372,11 @@
*
* \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
*/
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
- mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
- mbedtls_pk_rsa_alt_sign_func sign_func,
- mbedtls_pk_rsa_alt_key_len_func key_len_func );
+int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx,
+ void *key,
+ mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+ mbedtls_pk_rsa_alt_sign_func sign_func,
+ mbedtls_pk_rsa_alt_key_len_func key_len_func);
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
@@ -379,7 +386,7 @@
*
* \return Key size in bits, or 0 on error
*/
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx);
/**
* \brief Get the length in bytes of the underlying key
@@ -388,9 +395,9 @@
*
* \return Key length in bytes, or 0 on error
*/
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
{
- return ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ;
+ return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
}
/**
@@ -405,7 +412,7 @@
* been initialized but not set up, or that has been
* cleared with mbedtls_pk_free().
*/
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
/**
* \brief Verify signature (including padding if relevant).
@@ -434,9 +441,12 @@
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
*/
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
+int mbedtls_pk_verify(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len,
+ const unsigned char *sig,
+ size_t sig_len);
/**
* \brief Restartable version of \c mbedtls_pk_verify()
@@ -458,11 +468,13 @@
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len,
- mbedtls_pk_restart_ctx *rs_ctx );
+int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len,
+ const unsigned char *sig,
+ size_t sig_len,
+ mbedtls_pk_restart_ctx *rs_ctx);
/**
* \brief Verify signature, with options.
@@ -493,10 +505,14 @@
* to a mbedtls_pk_rsassa_pss_options structure,
* otherwise it must be NULL.
*/
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- const unsigned char *sig, size_t sig_len );
+int mbedtls_pk_verify_ext(mbedtls_pk_type_t type,
+ const void *options,
+ mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len,
+ const unsigned char *sig,
+ size_t sig_len);
/**
* \brief Make signature, including padding if relevant.
@@ -526,10 +542,15 @@
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
*/
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_sign(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len,
+ unsigned char *sig,
+ size_t sig_size,
+ size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Restartable version of \c mbedtls_pk_sign()
@@ -560,12 +581,16 @@
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_pk_restart_ctx *rs_ctx );
+int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len,
+ unsigned char *sig,
+ size_t sig_size,
+ size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_pk_restart_ctx *rs_ctx);
/**
* \brief Decrypt message (including padding if relevant).
@@ -584,10 +609,14 @@
*
* \return 0 on success, or a specific error code.
*/
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t *olen,
+ size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Encrypt message (including padding if relevant).
@@ -607,10 +636,14 @@
*
* \return 0 on success, or a specific error code.
*/
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
- const unsigned char *input, size_t ilen,
- unsigned char *output, size_t *olen, size_t osize,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t *olen,
+ size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Check if a public-private pair of keys matches.
@@ -626,10 +659,10 @@
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
* \return Another non-zero value if the keys do not match.
*/
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
- const mbedtls_pk_context *prv,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
+ const mbedtls_pk_context *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Export debug information
@@ -639,7 +672,8 @@
*
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
*/
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+int mbedtls_pk_debug(const mbedtls_pk_context *ctx,
+ mbedtls_pk_debug_item *items);
/**
* \brief Access the type name
@@ -648,7 +682,7 @@
*
* \return Type name on success, or "invalid PK"
*/
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx);
/**
* \brief Get the key type
@@ -658,7 +692,7 @@
* \return Type on success.
* \return #MBEDTLS_PK_NONE for a context that has not been set up.
*/
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx);
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
@@ -692,10 +726,13 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen,
- const unsigned char *pwd, size_t pwdlen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
+ const unsigned char *key,
+ size_t keylen,
+ const unsigned char *pwd,
+ size_t pwdlen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/** \ingroup pk_module */
/**
@@ -719,10 +756,11 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
- const unsigned char *key, size_t keylen );
+int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
+ const unsigned char *key,
+ size_t keylen);
-#if defined(MBEDTLS_FS_IO)
+# if defined(MBEDTLS_FS_IO)
/** \ingroup pk_module */
/**
* \brief Load and parse a private key
@@ -746,9 +784,11 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
- const char *path, const char *password,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
+ const char *path,
+ const char *password,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/** \ingroup pk_module */
/**
@@ -767,8 +807,8 @@
*
* \return 0 if successful, or a specific PK or PEM error code
*/
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
+int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path);
+# endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
@@ -785,7 +825,9 @@
* \return length of data written if successful, or a specific
* error code
*/
-int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_der(const mbedtls_pk_context *ctx,
+ unsigned char *buf,
+ size_t size);
/**
* \brief Write a public key to a SubjectPublicKeyInfo DER structure
@@ -800,9 +842,11 @@
* \return length of data written if successful, or a specific
* error code
*/
-int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *ctx,
+ unsigned char *buf,
+ size_t size);
-#if defined(MBEDTLS_PEM_WRITE_C)
+# if defined(MBEDTLS_PEM_WRITE_C)
/**
* \brief Write a public key to a PEM string
*
@@ -813,7 +857,9 @@
*
* \return 0 if successful, or a specific error code
*/
-int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *ctx,
+ unsigned char *buf,
+ size_t size);
/**
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
@@ -825,8 +871,10 @@
*
* \return 0 if successful, or a specific error code
*/
-int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
+int mbedtls_pk_write_key_pem(const mbedtls_pk_context *ctx,
+ unsigned char *buf,
+ size_t size);
+# endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_WRITE_C */
/*
@@ -845,8 +893,9 @@
*
* \return 0 if successful, or a specific PK error code
*/
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk );
+int mbedtls_pk_parse_subpubkey(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_pk_context *pk);
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
@@ -860,8 +909,9 @@
*
* \return the length written or a negative error code
*/
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key );
+int mbedtls_pk_write_pubkey(unsigned char **p,
+ unsigned char *start,
+ const mbedtls_pk_context *key);
#endif /* MBEDTLS_PK_WRITE_C */
/*
@@ -869,7 +919,7 @@
* know you do.
*/
#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -893,9 +943,9 @@
* \return \c 0 if successful.
* \return An Mbed TLS error code otherwise.
*/
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
- psa_key_id_t *key,
- psa_algorithm_t hash_alg );
+int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+ psa_key_id_t *key,
+ psa_algorithm_t hash_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#ifdef __cplusplus
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index f78ea3c..d472d90 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -31,23 +31,23 @@
#include <stddef.h>
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
+#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
/** Feature not available, e.g. unsupported encryption scheme. */
-#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
+#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
/** PBE ASN.1 data not as expected. */
-#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
+#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
+#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
/** encryption/decryption key */
-#define MBEDTLS_PKCS12_DERIVE_KEY 1
+#define MBEDTLS_PKCS12_DERIVE_KEY 1
/** initialization vector */
-#define MBEDTLS_PKCS12_DERIVE_IV 2
+#define MBEDTLS_PKCS12_DERIVE_IV 2
/** integrity / MAC key */
-#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3
+#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3
-#define MBEDTLS_PKCS12_PBE_DECRYPT 0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
+#define MBEDTLS_PKCS12_PBE_DECRYPT 0
+#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
#ifdef __cplusplus
extern "C" {
@@ -71,11 +71,15 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
- mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
- unsigned char *output );
+int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params,
+ int mode,
+ mbedtls_cipher_type_t cipher_type,
+ mbedtls_md_type_t md_type,
+ const unsigned char *pwd,
+ size_t pwdlen,
+ const unsigned char *input,
+ size_t len,
+ unsigned char *output);
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -100,10 +104,15 @@
*
* \return 0 if successful, or a MD, BIGNUM type error.
*/
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *salt, size_t saltlen,
- mbedtls_md_type_t mbedtls_md, int id, int iterations );
+int mbedtls_pkcs12_derivation(unsigned char *data,
+ size_t datalen,
+ const unsigned char *pwd,
+ size_t pwdlen,
+ const unsigned char *salt,
+ size_t saltlen,
+ mbedtls_md_type_t mbedtls_md,
+ int id,
+ int iterations);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 71d716b..9578279 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -33,16 +33,16 @@
#include <stdint.h>
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80
+#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80
/** Unexpected ASN.1 data. */
-#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00
+#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00
/** Requested encryption or digest alg not available. */
-#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80
+#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80
/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
+#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
-#define MBEDTLS_PKCS5_DECRYPT 0
-#define MBEDTLS_PKCS5_ENCRYPT 1
+#define MBEDTLS_PKCS5_DECRYPT 0
+#define MBEDTLS_PKCS5_ENCRYPT 1
#ifdef __cplusplus
extern "C" {
@@ -63,10 +63,13 @@
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t datalen,
- unsigned char *output );
+int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params,
+ int mode,
+ const unsigned char *pwd,
+ size_t pwdlen,
+ const unsigned char *data,
+ size_t datalen,
+ unsigned char *output);
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -84,10 +87,14 @@
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
- size_t plen, const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output );
+int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
+ const unsigned char *password,
+ size_t plen,
+ const unsigned char *salt,
+ size_t slen,
+ unsigned int iteration_count,
+ uint32_t key_length,
+ unsigned char *output);
#if defined(MBEDTLS_SELF_TEST)
@@ -96,7 +103,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_pkcs5_self_test( int verbose );
+int mbedtls_pkcs5_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 81f981d..a626fc0 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -35,7 +35,7 @@
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+# include "mbedtls/platform_time.h"
#endif
#ifdef __cplusplus
@@ -46,7 +46,8 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
@@ -55,97 +56,100 @@
* and vsnprintf. This affects MSVC and MinGW builds.
*/
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
+# define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
+# define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
#endif
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+# if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
/** The default \c snprintf function to use. */
-#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf
-#else
+# define MBEDTLS_PLATFORM_STD_SNPRINTF \
+ mbedtls_platform_win32_snprintf
+# else
/** The default \c snprintf function to use. */
-#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+# define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf
+# endif
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
+# if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
/** The default \c vsnprintf function to use. */
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf
-#else
+# define MBEDTLS_PLATFORM_STD_VSNPRINTF \
+ mbedtls_platform_win32_vsnprintf
+# else
/** The default \c vsnprintf function to use. */
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+# define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf
+# endif
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
/** The default \c printf function to use. */
-#define MBEDTLS_PLATFORM_STD_PRINTF printf
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+# define MBEDTLS_PLATFORM_STD_PRINTF printf
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
/** The default \c fprintf function to use. */
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+# define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
/** The default \c calloc function to use. */
-#define MBEDTLS_PLATFORM_STD_CALLOC calloc
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+# define MBEDTLS_PLATFORM_STD_CALLOC calloc
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_FREE)
/** The default \c free function to use. */
-#define MBEDTLS_PLATFORM_STD_FREE free
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+# define MBEDTLS_PLATFORM_STD_FREE free
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_EXIT)
/** The default \c exit function to use. */
-#define MBEDTLS_PLATFORM_STD_EXIT exit
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
+# define MBEDTLS_PLATFORM_STD_EXIT exit
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_TIME)
/** The default \c time function to use. */
-#define MBEDTLS_PLATFORM_STD_TIME time
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+# define MBEDTLS_PLATFORM_STD_TIME time
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
/** The default exit value to use. */
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+# define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
/** The default exit value to use. */
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
+# define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
+# endif
+# if defined(MBEDTLS_FS_IO)
+# if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+# define MBEDTLS_PLATFORM_STD_NV_SEED_READ \
+ mbedtls_platform_std_nv_seed_read
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+# define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE \
+ mbedtls_platform_std_nv_seed_write
+# endif
+# if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+# define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
+# endif
+# endif /* MBEDTLS_FS_IO */
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
+# if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+# include MBEDTLS_PLATFORM_STD_MEM_HDR
+# endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
/* \} name SECTION: Module settings */
/*
* The function pointers for calloc and free.
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
- defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
+# if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+ defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+# define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
+# define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
+# else
/* For size_t */
-#include <stddef.h>
-extern void *mbedtls_calloc( size_t n, size_t size );
-extern void mbedtls_free( void *ptr );
+# include <stddef.h>
+extern void *mbedtls_calloc(size_t n, size_t size);
+extern void mbedtls_free(void *ptr);
/**
* \brief This function dynamically sets the memory-management
@@ -156,12 +160,12 @@
*
* \return \c 0.
*/
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
- void (*free_func)( void * ) );
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
+int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
+ void (*free_func)(void *));
+# endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
-#define mbedtls_free free
-#define mbedtls_calloc calloc
+# define mbedtls_free free
+# define mbedtls_calloc calloc
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
/*
@@ -169,8 +173,8 @@
*/
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
/* We need FILE * */
-#include <stdio.h>
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
+# include <stdio.h>
+extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...);
/**
* \brief This function dynamically configures the fprintf
@@ -181,21 +185,22 @@
*
* \return \c 0.
*/
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
- ... ) );
+int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream,
+ const char *,
+ ...));
#else
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+# if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+# define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
+# else
+# define mbedtls_fprintf fprintf
+# endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
/*
* The function pointers for printf
*/
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
+extern int (*mbedtls_printf)(const char *format, ...);
/**
* \brief This function dynamically configures the snprintf
@@ -206,13 +211,13 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+# if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+# define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
+# else
+# define mbedtls_printf printf
+# endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
/*
@@ -226,11 +231,11 @@
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
+int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...);
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
+extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...);
/**
* \brief This function allows configuring a custom
@@ -240,14 +245,14 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
- const char * format, ... ) );
+int mbedtls_platform_set_snprintf(
+ int (*snprintf_func)(char *s, size_t n, const char *format, ...));
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+# if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+# define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
+# else
+# define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
+# endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
/*
@@ -260,14 +265,20 @@
* the destination buffer is too short.
*/
#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include <stdarg.h>
+# include <stdarg.h>
/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
+int mbedtls_platform_win32_vsnprintf(char *s,
+ size_t n,
+ const char *fmt,
+ va_list arg);
#endif
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#include <stdarg.h>
-extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
+# include <stdarg.h>
+extern int (*mbedtls_vsnprintf)(char *s,
+ size_t n,
+ const char *format,
+ va_list arg);
/**
* \brief Set your own snprintf function pointer
@@ -276,21 +287,21 @@
*
* \return \c 0
*/
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
- const char * format, va_list arg ) );
+int mbedtls_platform_set_vsnprintf(
+ int (*vsnprintf_func)(char *s, size_t n, const char *format, va_list arg));
#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
-#else
-#define mbedtls_vsnprintf vsnprintf
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+# if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+# define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
+# else
+# define mbedtls_vsnprintf vsnprintf
+# endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
/*
* The function pointers for exit
*/
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
+extern void (*mbedtls_exit)(int status);
/**
* \brief This function dynamically configures the exit
@@ -301,27 +312,27 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+int mbedtls_platform_set_exit(void (*exit_func)(int status));
#else
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+# if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+# define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
+# else
+# define mbedtls_exit exit
+# endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
/*
* The default exit values
*/
#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
+# define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
#else
-#define MBEDTLS_EXIT_SUCCESS 0
+# define MBEDTLS_EXIT_SUCCESS 0
#endif
#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
+# define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
#else
-#define MBEDTLS_EXIT_FAILURE 1
+# define MBEDTLS_EXIT_FAILURE 1
#endif
/*
@@ -331,15 +342,15 @@
* Only enabled when the NV seed entropy source is enabled
*/
#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
+# if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
-#endif
+int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len);
+int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len);
+# endif
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
+# if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len);
+extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len);
/**
* \brief This function allows configuring custom seed file writing and
@@ -350,20 +361,20 @@
*
* \return \c 0 on success.
*/
-int mbedtls_platform_set_nv_seed(
- int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
- int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
- );
-#else
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
- defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+int mbedtls_platform_set_nv_seed(int (*nv_seed_read_func)(unsigned char *buf,
+ size_t buf_len),
+ int (*nv_seed_write_func)(unsigned char *buf,
+ size_t buf_len));
+# else
+# if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
+ defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+# define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+# define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+# else
+# define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
+# define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
+# endif
+# endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
@@ -374,14 +385,13 @@
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
-typedef struct mbedtls_platform_context
-{
- char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
+typedef struct mbedtls_platform_context {
+ char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are
+ not portable. */
+} mbedtls_platform_context;
#else
-#include "platform_alt.h"
+# include "platform_alt.h"
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
/**
@@ -393,13 +403,14 @@
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
- * \note The usage and necessity of this function is dependent on the platform.
+ * \note The usage and necessity of this function is dependent on the
+ * platform.
*
* \param ctx The platform context.
*
* \return \c 0 on success.
*/
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
+int mbedtls_platform_setup(mbedtls_platform_context *ctx);
/**
* \brief This function performs any platform teardown operations.
*
@@ -409,12 +420,13 @@
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
- * \note The usage and necessity of this function is dependent on the platform.
+ * \note The usage and necessity of this function is dependent on the
+ * platform.
*
* \param ctx The platform context.
*
*/
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
+void mbedtls_platform_teardown(mbedtls_platform_context *ctx);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 8d4b95d..7e70c67 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -32,7 +32,8 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
@@ -43,7 +44,7 @@
typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
#else
/* For time_t */
-#include <time.h>
+# include <time.h>
typedef time_t mbedtls_time_t;
#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
@@ -51,7 +52,7 @@
* The function pointers for time
*/
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
+extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time);
/**
* \brief Set your own time function pointer
@@ -60,13 +61,13 @@
*
* \return 0
*/
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
+int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time));
#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+# if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+# define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
+# else
+# define mbedtls_time time
+# endif /* MBEDTLS_PLATFORM_TIME_MACRO */
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
#ifdef __cplusplus
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 1a0a135..2269f7f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -27,8 +27,8 @@
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
-#include <time.h>
+# include "mbedtls/platform_time.h"
+# include <time.h>
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
@@ -36,28 +36,32 @@
#endif
/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
+#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) \
+ do { \
+ } while (0)
+#define MBEDTLS_INTERNAL_VALIDATE(cond) \
+ do { \
+ } while (0)
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
+# if defined(MBEDTLS_DEPRECATED_WARNING)
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
* to avoid conflict with other headers which define and use
* it, too. We might want to move all these definitions here at
* some point for uniformity. */
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
+# define MBEDTLS_DEPRECATED __attribute__((deprecated))
+MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t;
+# define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) \
+ ((mbedtls_deprecated_string_constant_t)(VAL))
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#undef MBEDTLS_DEPRECATED
-#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
-#endif /* MBEDTLS_DEPRECATED_WARNING */
+# define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) \
+ ((mbedtls_deprecated_numeric_constant_t)(VAL))
+# undef MBEDTLS_DEPRECATED
+# else /* MBEDTLS_DEPRECATED_WARNING */
+# define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) VAL
+# define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) VAL
+# endif /* MBEDTLS_DEPRECATED_WARNING */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
@@ -82,7 +86,7 @@
* \param len Length of the buffer in bytes
*
*/
-void mbedtls_platform_zeroize( void *buf, size_t len );
+void mbedtls_platform_zeroize(void *buf, size_t len);
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
@@ -111,8 +115,8 @@
* \return Pointer to an object of type struct tm on success, otherwise
* NULL
*/
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
- struct tm *tm_buf );
+struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
+ struct tm *tm_buf);
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 6657aa2..fe7fe9e 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -39,7 +39,7 @@
#include <stddef.h>
/** Invalid input parameter(s). */
-#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057
+#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057
#ifdef __cplusplus
extern "C" {
@@ -47,18 +47,20 @@
#if !defined(MBEDTLS_POLY1305_ALT)
-typedef struct mbedtls_poly1305_context
-{
- uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
- uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
- uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
- uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
- size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
-}
-mbedtls_poly1305_context;
+typedef struct mbedtls_poly1305_context {
+ uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the
+ key). */
+ uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the
+ key). */
+ uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
+ uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data.
+ */
+ size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in
+ 'queue'. */
+} mbedtls_poly1305_context;
-#else /* MBEDTLS_POLY1305_ALT */
-#include "poly1305_alt.h"
+#else /* MBEDTLS_POLY1305_ALT */
+# include "poly1305_alt.h"
#endif /* MBEDTLS_POLY1305_ALT */
/**
@@ -76,7 +78,7 @@
* \param ctx The Poly1305 context to initialize. This must
* not be \c NULL.
*/
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
+void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx);
/**
* \brief This function releases and clears the specified
@@ -86,7 +88,7 @@
* case this function is a no-op. If it is not \c NULL, it must
* point to an initialized Poly1305 context.
*/
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
+void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx);
/**
* \brief This function sets the one-time authentication key.
@@ -101,8 +103,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
- const unsigned char key[32] );
+int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
+ const unsigned char key[32]);
/**
* \brief This functions feeds an input buffer into an ongoing
@@ -122,9 +124,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function generates the Poly1305 Message
@@ -138,8 +140,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
- unsigned char mac[16] );
+int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
+ unsigned char mac[16]);
/**
* \brief This function calculates the Poly1305 MAC of the input
@@ -159,10 +161,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_poly1305_mac( const unsigned char key[32],
- const unsigned char *input,
- size_t ilen,
- unsigned char mac[16] );
+int mbedtls_poly1305_mac(const unsigned char key[32],
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char mac[16]);
#if defined(MBEDTLS_SELF_TEST)
/**
@@ -171,7 +173,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_poly1305_self_test( int verbose );
+int mbedtls_poly1305_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
index 98d3419..c1db5ed 100644
--- a/include/mbedtls/private_access.h
+++ b/include/mbedtls/private_access.h
@@ -1,4 +1,4 @@
- /**
+/**
* \file private_access.h
*
* \brief Macro wrapper for struct's memebrs.
@@ -24,9 +24,9 @@
#define MBEDTLS_PRIVATE_ACCESS_H
#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
-#define MBEDTLS_PRIVATE(member) private_##member
+# define MBEDTLS_PRIVATE(member) private_##member
#else
-#define MBEDTLS_PRIVATE(member) member
+# define MBEDTLS_PRIVATE(member) member
#endif
#endif /* MBEDTLS_PRIVATE_ACCESS_H */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 1584ef2..71dadca 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -31,23 +31,22 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+# include "psa/crypto.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/error.h"
+# include "mbedtls/ecp.h"
+# include "mbedtls/md.h"
+# include "mbedtls/pk.h"
+# include "mbedtls/oid.h"
+# include "mbedtls/error.h"
-#include <string.h>
+# include <string.h>
/* Translations for symmetric crypto. */
-static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
- mbedtls_cipher_type_t cipher )
+static inline psa_key_type_t
+mbedtls_psa_translate_cipher_type(mbedtls_cipher_type_t cipher)
{
- switch( cipher )
- {
+ switch (cipher) {
case MBEDTLS_CIPHER_AES_128_CCM:
case MBEDTLS_CIPHER_AES_192_CCM:
case MBEDTLS_CIPHER_AES_256_CCM:
@@ -57,301 +56,293 @@
case MBEDTLS_CIPHER_AES_128_CBC:
case MBEDTLS_CIPHER_AES_192_CBC:
case MBEDTLS_CIPHER_AES_256_CBC:
- return PSA_KEY_TYPE_AES ;
+ return PSA_KEY_TYPE_AES;
- /* ARIA not yet supported in PSA. */
- /* case MBEDTLS_CIPHER_ARIA_128_CCM:
- case MBEDTLS_CIPHER_ARIA_192_CCM:
- case MBEDTLS_CIPHER_ARIA_256_CCM:
- case MBEDTLS_CIPHER_ARIA_128_GCM:
- case MBEDTLS_CIPHER_ARIA_192_GCM:
- case MBEDTLS_CIPHER_ARIA_256_GCM:
- case MBEDTLS_CIPHER_ARIA_128_CBC:
- case MBEDTLS_CIPHER_ARIA_192_CBC:
- case MBEDTLS_CIPHER_ARIA_256_CBC:
- return PSA_KEY_TYPE_ARIA ; */
+ /* ARIA not yet supported in PSA. */
+ /* case MBEDTLS_CIPHER_ARIA_128_CCM:
+ case MBEDTLS_CIPHER_ARIA_192_CCM:
+ case MBEDTLS_CIPHER_ARIA_256_CCM:
+ case MBEDTLS_CIPHER_ARIA_128_GCM:
+ case MBEDTLS_CIPHER_ARIA_192_GCM:
+ case MBEDTLS_CIPHER_ARIA_256_GCM:
+ case MBEDTLS_CIPHER_ARIA_128_CBC:
+ case MBEDTLS_CIPHER_ARIA_192_CBC:
+ case MBEDTLS_CIPHER_ARIA_256_CBC:
+ return PSA_KEY_TYPE_ARIA ; */
default:
- return 0 ;
+ return 0;
}
}
-static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
- mbedtls_cipher_mode_t mode, size_t taglen )
+static inline psa_algorithm_t
+mbedtls_psa_translate_cipher_mode(mbedtls_cipher_mode_t mode, size_t taglen)
{
- switch( mode )
- {
+ switch (mode) {
case MBEDTLS_MODE_ECB:
- return PSA_ALG_ECB_NO_PADDING ;
+ return PSA_ALG_ECB_NO_PADDING;
case MBEDTLS_MODE_GCM:
- return PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) ;
+ return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
case MBEDTLS_MODE_CCM:
- return PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) ;
+ return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
case MBEDTLS_MODE_CBC:
- if( taglen == 0 )
- return PSA_ALG_CBC_NO_PADDING ;
+ if (taglen == 0)
+ return PSA_ALG_CBC_NO_PADDING;
else
- return 0 ;
+ return 0;
default:
- return 0 ;
+ return 0;
}
}
-static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
- mbedtls_operation_t op )
+static inline psa_key_usage_t
+mbedtls_psa_translate_cipher_operation(mbedtls_operation_t op)
{
- switch( op )
- {
+ switch (op) {
case MBEDTLS_ENCRYPT:
- return PSA_KEY_USAGE_ENCRYPT ;
+ return PSA_KEY_USAGE_ENCRYPT;
case MBEDTLS_DECRYPT:
- return PSA_KEY_USAGE_DECRYPT ;
+ return PSA_KEY_USAGE_DECRYPT;
default:
- return 0 ;
+ return 0;
}
}
/* Translations for hashing. */
-static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
+static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
{
- switch( md_alg )
- {
-#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_MD_MD5:
- return PSA_ALG_MD5 ;
-#endif
-#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_MD_SHA1:
- return PSA_ALG_SHA_1 ;
-#endif
-#if defined(MBEDTLS_SHA224_C)
- case MBEDTLS_MD_SHA224:
- return PSA_ALG_SHA_224 ;
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_SHA256:
- return PSA_ALG_SHA_256 ;
-#endif
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_MD_SHA384:
- return PSA_ALG_SHA_384 ;
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA512:
- return PSA_ALG_SHA_512 ;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
- case MBEDTLS_MD_RIPEMD160:
- return PSA_ALG_RIPEMD160 ;
-#endif
- case MBEDTLS_MD_NONE:
- return 0 ;
- default:
- return 0 ;
+ switch (md_alg) {
+# if defined(MBEDTLS_MD5_C)
+ case MBEDTLS_MD_MD5:
+ return PSA_ALG_MD5;
+# endif
+# if defined(MBEDTLS_SHA1_C)
+ case MBEDTLS_MD_SHA1:
+ return PSA_ALG_SHA_1;
+# endif
+# if defined(MBEDTLS_SHA224_C)
+ case MBEDTLS_MD_SHA224:
+ return PSA_ALG_SHA_224;
+# endif
+# if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA256:
+ return PSA_ALG_SHA_256;
+# endif
+# if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_MD_SHA384:
+ return PSA_ALG_SHA_384;
+# endif
+# if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_MD_SHA512:
+ return PSA_ALG_SHA_512;
+# endif
+# if defined(MBEDTLS_RIPEMD160_C)
+ case MBEDTLS_MD_RIPEMD160:
+ return PSA_ALG_RIPEMD160;
+# endif
+ case MBEDTLS_MD_NONE:
+ return 0;
+ default:
+ return 0;
}
}
/* Translations for ECC. */
-static inline int mbedtls_psa_get_ecc_oid_from_id(
- psa_ecc_family_t curve, size_t bits,
- char const **oid, size_t *oid_len )
+static inline int mbedtls_psa_get_ecc_oid_from_id(psa_ecc_family_t curve,
+ size_t bits,
+ char const **oid,
+ size_t *oid_len)
{
- switch( curve )
- {
+ switch (curve) {
case PSA_ECC_FAMILY_SECP_R1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ switch (bits) {
+# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case 521:
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
}
break;
case PSA_ECC_FAMILY_SECP_K1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ switch (bits) {
+# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case 192:
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case 224:
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch( bits )
- {
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ switch (bits) {
+# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case 256:
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case 384:
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case 512:
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
- *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
- return 0 ;
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
+ return 0;
+# endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
}
break;
}
- (void) oid;
- (void) oid_len;
- return -1 ;
+ (void)oid;
+ (void)oid_len;
+ return -1;
}
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((521 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((521 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
+# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+# if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((512 + 7) / 8) + 1)
+# undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+# define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((512 + 7) / 8) + 1)
+# endif
+# endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
/* Translations for PK layer */
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
+static inline int mbedtls_psa_err_translate_pk(psa_status_t status)
{
- switch( status )
- {
+ switch (status) {
case PSA_SUCCESS:
- return 0 ;
+ return 0;
case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ;
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_PK_ALLOC_FAILED ;
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return MBEDTLS_ERR_ECP_RANDOM_FAILED ;
+ return MBEDTLS_ERR_ECP_RANDOM_FAILED;
case PSA_ERROR_BAD_STATE:
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA ;
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
/* All other failures */
case PSA_ERROR_COMMUNICATION_FAILURE:
case PSA_ERROR_HARDWARE_FAILURE:
case PSA_ERROR_CORRUPTION_DETECTED:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ;
+ return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
default: /* We return the same as for the 'other failures',
* but list them separately nonetheless to indicate
* which failure conditions we have considered. */
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ;
+ return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
}
@@ -360,18 +351,18 @@
/* This function transforms an ECC group identifier from
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* into a PSA ECC group identifier. */
-#if defined(MBEDTLS_ECP_C)
-static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
- uint16_t tls_ecc_grp_reg_id, size_t *bits )
+# if defined(MBEDTLS_ECP_C)
+static inline psa_key_type_t
+mbedtls_psa_parse_tls_ecc_group(uint16_t tls_ecc_grp_reg_id, size_t *bits)
{
const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
- if( curve_info == NULL )
- return 0 ;
- return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
+ mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id);
+ if (curve_info == NULL)
+ return 0;
+ return (PSA_KEY_TYPE_ECC_KEY_PAIR(
+ mbedtls_ecc_group_to_psa(curve_info->MBEDTLS_PRIVATE(grp_id), bits)));
}
-#endif /* MBEDTLS_ECP_C */
+# endif /* MBEDTLS_ECP_C */
/* This function takes a buffer holding an EC public key
* exported through psa_export_public_key(), and converts
@@ -383,14 +374,14 @@
* as a subbuffer, and the function merely selects this subbuffer instead
* of making a copy.
*/
-static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
- size_t srclen,
- unsigned char **dst,
- size_t *dstlen )
+static inline int mbedtls_psa_tls_psa_ec_to_ecpoint(unsigned char *src,
+ size_t srclen,
+ unsigned char **dst,
+ size_t *dstlen)
{
*dst = src;
*dstlen = srclen;
- return 0 ;
+ return 0;
}
/* This function takes a buffer holding an ECPoint structure
@@ -398,18 +389,18 @@
* exchanges) and converts it into a format that the PSA key
* agreement API understands.
*/
-static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
- size_t srclen,
- unsigned char *dst,
- size_t dstlen,
- size_t *olen )
+static inline int mbedtls_psa_tls_ecpoint_to_psa_ec(unsigned char const *src,
+ size_t srclen,
+ unsigned char *dst,
+ size_t dstlen,
+ size_t *olen)
{
- if( srclen > dstlen )
- return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ;
+ if (srclen > dstlen)
+ return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
- memcpy( dst, src, srclen );
+ memcpy(dst, src, srclen);
*olen = srclen;
- return 0 ;
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -426,9 +417,10 @@
* This type name is not part of the Mbed TLS stable API. It may be renamed
* or moved without warning.
*/
-typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
+typedef int
+mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+# if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** The random generator function for the PSA subsystem.
*
@@ -465,9 +457,9 @@
* `MBEDTLS_ERR_CTR_DRBG_xxx` or
* `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
*/
-int mbedtls_psa_get_random( void *p_rng,
- unsigned char *output,
- size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size);
/** The random generator state for the PSA subsystem.
*
@@ -479,24 +471,24 @@
* The implementation of this macro depends on the configuration of the
* library. Do not make any assumption on its nature.
*/
-#define MBEDTLS_PSA_RANDOM_STATE NULL
+# define MBEDTLS_PSA_RANDOM_STATE NULL
-#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
+# else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
+# if defined(MBEDTLS_CTR_DRBG_C)
+# include "mbedtls/ctr_drbg.h"
typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
+# elif defined(MBEDTLS_HMAC_DRBG_C)
+# include "mbedtls/hmac_drbg.h"
typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
-#endif
+# endif
extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
+# define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
+# endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 9132a83..b55abfc 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -39,16 +39,15 @@
/**
* \brief RIPEMD-160 context structure
*/
-typedef struct mbedtls_ripemd160_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
- uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
-}
-mbedtls_ripemd160_context;
+typedef struct mbedtls_ripemd160_context {
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed
+ */
+} mbedtls_ripemd160_context;
-#else /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
+#else /* MBEDTLS_RIPEMD160_ALT */
+# include "ripemd160_alt.h"
#endif /* MBEDTLS_RIPEMD160_ALT */
/**
@@ -56,14 +55,14 @@
*
* \param ctx RIPEMD-160 context to be initialized
*/
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
+void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx);
/**
* \brief Clear RIPEMD-160 context
*
* \param ctx RIPEMD-160 context to be cleared
*/
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
+void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx);
/**
* \brief Clone (the state of) an RIPEMD-160 context
@@ -71,8 +70,8 @@
* \param dst The destination context
* \param src The context to be cloned
*/
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
- const mbedtls_ripemd160_context *src );
+void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
+ const mbedtls_ripemd160_context *src);
/**
* \brief RIPEMD-160 context setup
@@ -81,7 +80,7 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
+int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx);
/**
* \brief RIPEMD-160 process buffer
@@ -92,9 +91,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief RIPEMD-160 final digest
@@ -104,8 +103,8 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
+int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
+ unsigned char output[20]);
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -115,8 +114,8 @@
*
* \return 0 if successful
*/
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
+ const unsigned char data[64]);
/**
* \brief Output = RIPEMD-160( input buffer )
@@ -127,9 +126,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_ripemd160(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20]);
#if defined(MBEDTLS_SELF_TEST)
@@ -138,7 +137,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
-int mbedtls_ripemd160_self_test( int verbose );
+int mbedtls_ripemd160_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index fe29548..9fb2810 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -35,46 +35,46 @@
#include "mbedtls/md.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
/*
* RSA Error codes
*/
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
+#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
+#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
/** Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
+#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
/** Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
+#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
/** The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
+#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
/** The private key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
+#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
/** The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
+#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
/** The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
+#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
/** The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
+#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
/*
* RSA constants
*/
/** Use PKCS#1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V15 0
+#define MBEDTLS_RSA_PKCS_V15 0
/** Use PKCS#1 v2.1 encoding. */
-#define MBEDTLS_RSA_PKCS_V21 1
+#define MBEDTLS_RSA_PKCS_V21 1
/** Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_SIGN 1
+#define MBEDTLS_RSA_SIGN 1
/** Identifier for RSA encryption and decryption operations. */
-#define MBEDTLS_RSA_CRYPT 2
+#define MBEDTLS_RSA_CRYPT 2
-#define MBEDTLS_RSA_SALT_LEN_ANY -1
+#define MBEDTLS_RSA_SALT_LEN_ANY -1
/*
* The above constants may be used even if the RSA module is compile out,
@@ -92,49 +92,48 @@
/**
* \brief The RSA context structure.
*/
-typedef struct mbedtls_rsa_context
-{
- int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
- * Do not set this field in application
- * code. Its meaning might change without
- * notice. */
- size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
+typedef struct mbedtls_rsa_context {
+ int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
+ * Do not set this field in application
+ * code. Its meaning might change without
+ * notice. */
+ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
- mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
- mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
- mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
- mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
- mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
- mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
- mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
- mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
- mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
- mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
- mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
- mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
- int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
- #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
- #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
- as specified in md.h for use in the MGF
- mask generating function used in the
- EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
+ int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
+ #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+ #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
+ int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t
+ type, as specified in md.h for use in the MGF mask
+ generating function used in the EME-OAEP and EMSA-PSS
+ encodings. */
+# if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex.
+ */
+# endif
+} mbedtls_rsa_context;
-#else /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
+#else /* MBEDTLS_RSA_ALT */
+# include "rsa_alt.h"
#endif /* MBEDTLS_RSA_ALT */
/**
@@ -147,7 +146,7 @@
*
* \param ctx The RSA context to initialize. This must not be \c NULL.
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
+void mbedtls_rsa_init(mbedtls_rsa_context *ctx);
/**
* \brief This function sets padding for an already initialized RSA
@@ -183,8 +182,9 @@
* \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
* \p padding or \p hash_id is invalid.
*/
-int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- mbedtls_md_type_t hash_id );
+int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx,
+ int padding,
+ mbedtls_md_type_t hash_id);
/**
* \brief This function imports a set of core parameters into an
@@ -215,10 +215,12 @@
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
- const mbedtls_mpi *N,
- const mbedtls_mpi *P, const mbedtls_mpi *Q,
- const mbedtls_mpi *D, const mbedtls_mpi *E );
+int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
+ const mbedtls_mpi *N,
+ const mbedtls_mpi *P,
+ const mbedtls_mpi *Q,
+ const mbedtls_mpi *D,
+ const mbedtls_mpi *E);
/**
* \brief This function imports core RSA parameters, in raw big-endian
@@ -254,12 +256,17 @@
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
- unsigned char const *N, size_t N_len,
- unsigned char const *P, size_t P_len,
- unsigned char const *Q, size_t Q_len,
- unsigned char const *D, size_t D_len,
- unsigned char const *E, size_t E_len );
+int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
+ unsigned char const *N,
+ size_t N_len,
+ unsigned char const *P,
+ size_t P_len,
+ unsigned char const *Q,
+ size_t Q_len,
+ unsigned char const *D,
+ size_t D_len,
+ unsigned char const *E,
+ size_t E_len);
/**
* \brief This function completes an RSA context from
@@ -293,7 +300,7 @@
* failed.
*
*/
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
+int mbedtls_rsa_complete(mbedtls_rsa_context *ctx);
/**
* \brief This function exports the core parameters of an RSA key.
@@ -335,9 +342,12 @@
* \return A non-zero return code on any other failure.
*
*/
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
- mbedtls_mpi *D, mbedtls_mpi *E );
+int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
+ mbedtls_mpi *N,
+ mbedtls_mpi *P,
+ mbedtls_mpi *Q,
+ mbedtls_mpi *D,
+ mbedtls_mpi *E);
/**
* \brief This function exports core parameters of an RSA key
@@ -386,12 +396,17 @@
* functionality or because of security policies.
* \return A non-zero return code on any other failure.
*/
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
- unsigned char *N, size_t N_len,
- unsigned char *P, size_t P_len,
- unsigned char *Q, size_t Q_len,
- unsigned char *D, size_t D_len,
- unsigned char *E, size_t E_len );
+int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
+ unsigned char *N,
+ size_t N_len,
+ unsigned char *P,
+ size_t P_len,
+ unsigned char *Q,
+ size_t Q_len,
+ unsigned char *D,
+ size_t D_len,
+ unsigned char *E,
+ size_t E_len);
/**
* \brief This function exports CRT parameters of a private RSA key.
@@ -412,8 +427,10 @@
* \return A non-zero error code on failure.
*
*/
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
+int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
+ mbedtls_mpi *DP,
+ mbedtls_mpi *DQ,
+ mbedtls_mpi *QP);
/**
* \brief This function retrieves the length of RSA modulus in Bytes.
@@ -423,7 +440,7 @@
* \return The length of the RSA modulus in Bytes.
*
*/
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
+size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx);
/**
* \brief This function generates an RSA keypair.
@@ -443,10 +460,11 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- unsigned int nbits, int exponent );
+int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ unsigned int nbits,
+ int exponent);
/**
* \brief This function checks if a context contains at least an RSA
@@ -462,7 +480,7 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
+int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx);
/**
* \brief This function checks if a context contains an RSA private key
@@ -500,7 +518,7 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
+int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx);
/**
* \brief This function checks a public-private RSA key pair.
@@ -513,8 +531,8 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
- const mbedtls_rsa_context *prv );
+int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
+ const mbedtls_rsa_context *prv);
/**
* \brief This function performs an RSA public key operation.
@@ -535,9 +553,9 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs an RSA private key operation.
@@ -568,11 +586,11 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function adds the message padding, then performs an RSA
@@ -597,12 +615,12 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs a PKCS#1 v1.5 encryption operation
@@ -624,12 +642,14 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs a PKCS#1 v2.1 OAEP encryption
@@ -658,13 +678,14 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t ilen,
- const unsigned char *input,
- unsigned char *output );
+int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *label,
+ size_t label_len,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output);
/**
* \brief This function performs an RSA operation, then removes the
@@ -697,13 +718,13 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief This function performs a PKCS#1 v1.5 decryption
@@ -734,13 +755,15 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief This function performs a PKCS#1 v2.1 OAEP decryption
@@ -775,14 +798,15 @@
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- const unsigned char *label, size_t label_len,
- size_t *olen,
- const unsigned char *input,
- unsigned char *output,
- size_t output_max_len );
+int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ const unsigned char *label,
+ size_t label_len,
+ size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ size_t output_max_len);
/**
* \brief This function performs a private RSA operation to sign
@@ -818,13 +842,13 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v1.5 signature
@@ -850,13 +874,15 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
@@ -901,14 +927,16 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ int saltlen,
+ unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
@@ -951,13 +979,13 @@
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
/**
* \brief This function performs a public RSA operation and checks
@@ -985,11 +1013,11 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
+int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v1.5 verification
@@ -1010,11 +1038,11 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
+int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS verification
@@ -1045,11 +1073,11 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- const unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ const unsigned char *sig);
/**
* \brief This function performs a PKCS#1 v2.1 PSS verification
@@ -1085,13 +1113,13 @@
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- mbedtls_md_type_t mgf1_hash_id,
- int expected_salt_len,
- const unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ mbedtls_md_type_t mgf1_hash_id,
+ int expected_salt_len,
+ const unsigned char *sig);
/**
* \brief This function copies the components of an RSA context.
@@ -1102,7 +1130,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
*/
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
+int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src);
/**
* \brief This function frees the components of an RSA key.
@@ -1111,7 +1139,7 @@
* this function is a no-op. If it is not \c NULL, it must
* point to an initialized RSA context.
*/
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+void mbedtls_rsa_free(mbedtls_rsa_context *ctx);
#if defined(MBEDTLS_SELF_TEST)
@@ -1121,7 +1149,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_rsa_self_test( int verbose );
+int mbedtls_rsa_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 6b55174..ec9ace5 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -36,7 +36,7 @@
#include <stdint.h>
/** SHA-1 input data was malformed. */
-#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073
+#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073
#ifdef __cplusplus
extern "C" {
@@ -54,16 +54,15 @@
* stronger message digests instead.
*
*/
-typedef struct mbedtls_sha1_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
-}
-mbedtls_sha1_context;
+typedef struct mbedtls_sha1_context {
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being
+ processed. */
+} mbedtls_sha1_context;
-#else /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
+#else /* MBEDTLS_SHA1_ALT */
+# include "sha1_alt.h"
#endif /* MBEDTLS_SHA1_ALT */
/**
@@ -77,7 +76,7 @@
* This must not be \c NULL.
*
*/
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+void mbedtls_sha1_init(mbedtls_sha1_context *ctx);
/**
* \brief This function clears a SHA-1 context.
@@ -92,7 +91,7 @@
* SHA-1 context.
*
*/
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+void mbedtls_sha1_free(mbedtls_sha1_context *ctx);
/**
* \brief This function clones the state of a SHA-1 context.
@@ -105,8 +104,8 @@
* \param src The SHA-1 context to clone from. This must be initialized.
*
*/
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
- const mbedtls_sha1_context *src );
+void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
+ const mbedtls_sha1_context *src);
/**
* \brief This function starts a SHA-1 checksum calculation.
@@ -121,7 +120,7 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
+int mbedtls_sha1_starts(mbedtls_sha1_context *ctx);
/**
* \brief This function feeds an input buffer into an ongoing SHA-1
@@ -140,9 +139,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha1_update(mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-1 operation, and writes
@@ -160,8 +159,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
+int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, unsigned char output[20]);
/**
* \brief SHA-1 process data block (internal use only).
@@ -178,8 +176,8 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
+ const unsigned char data[64]);
/**
* \brief This function calculates the SHA-1 checksum of a buffer.
@@ -204,9 +202,9 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_sha1(const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20]);
#if defined(MBEDTLS_SELF_TEST)
@@ -221,7 +219,7 @@
* \return \c 1 on failure.
*
*/
-int mbedtls_sha1_self_test( int verbose );
+int mbedtls_sha1_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 9e6f59d..5a80cd6 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -4,7 +4,8 @@
* \brief This file contains SHA-224 and SHA-256 definitions and functions.
*
* The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
- * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
+ * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard
+ * (SHS)</em>.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -32,7 +33,7 @@
#include <stdint.h>
/** SHA-256 input data was malformed. */
-#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
+#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
#ifdef __cplusplus
extern "C" {
@@ -49,18 +50,17 @@
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha256_starts().
*/
-typedef struct mbedtls_sha256_context
-{
- uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
- int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
- 0: Use SHA-256, or 1: Use SHA-224. */
-}
-mbedtls_sha256_context;
+typedef struct mbedtls_sha256_context {
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being
+ processed. */
+ int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
+ 0: Use SHA-256, or 1: Use SHA-224. */
+} mbedtls_sha256_context;
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
+#else /* MBEDTLS_SHA256_ALT */
+# include "sha256_alt.h"
#endif /* MBEDTLS_SHA256_ALT */
/**
@@ -68,7 +68,7 @@
*
* \param ctx The SHA-256 context to initialize. This must not be \c NULL.
*/
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
+void mbedtls_sha256_init(mbedtls_sha256_context *ctx);
/**
* \brief This function clears a SHA-256 context.
@@ -77,7 +77,7 @@
* case this function returns immediately. If it is not \c NULL,
* it must point to an initialized SHA-256 context.
*/
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
+void mbedtls_sha256_free(mbedtls_sha256_context *ctx);
/**
* \brief This function clones the state of a SHA-256 context.
@@ -85,8 +85,8 @@
* \param dst The destination context. This must be initialized.
* \param src The context to clone. This must be initialized.
*/
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
- const mbedtls_sha256_context *src );
+void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
+ const mbedtls_sha256_context *src);
/**
* \brief This function starts a SHA-224 or SHA-256 checksum
@@ -99,7 +99,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
+int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -114,9 +114,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha256_update(mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -131,8 +131,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
- unsigned char *output );
+int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char *output);
/**
* \brief This function processes a single data block within
@@ -146,8 +145,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
- const unsigned char data[64] );
+int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
+ const unsigned char data[64]);
/**
* \brief This function calculates the SHA-224 or SHA-256
@@ -168,10 +167,10 @@
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
-int mbedtls_sha256( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is224 );
+int mbedtls_sha256(const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ int is224);
#if defined(MBEDTLS_SELF_TEST)
@@ -181,7 +180,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_sha256_self_test( int verbose );
+int mbedtls_sha256_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 48901cc..9df1476 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -3,7 +3,8 @@
* \brief This file contains SHA-384 and SHA-512 definitions and functions.
*
* The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
- * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
+ * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard
+ * (SHS)</em>.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -31,7 +32,7 @@
#include <stdint.h>
/** SHA-512 input data was malformed. */
-#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
+#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
#ifdef __cplusplus
extern "C" {
@@ -48,20 +49,19 @@
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha512_starts().
*/
-typedef struct mbedtls_sha512_context
-{
- uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
- uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
-#if defined(MBEDTLS_SHA384_C)
- int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
-#endif
-}
-mbedtls_sha512_context;
+typedef struct mbedtls_sha512_context {
+ uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being
+ processed. */
+# if defined(MBEDTLS_SHA384_C)
+ int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
+ 0: Use SHA-512, or 1: Use SHA-384. */
+# endif
+} mbedtls_sha512_context;
-#else /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
+#else /* MBEDTLS_SHA512_ALT */
+# include "sha512_alt.h"
#endif /* MBEDTLS_SHA512_ALT */
/**
@@ -70,7 +70,7 @@
* \param ctx The SHA-512 context to initialize. This must
* not be \c NULL.
*/
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
+void mbedtls_sha512_init(mbedtls_sha512_context *ctx);
/**
* \brief This function clears a SHA-512 context.
@@ -80,7 +80,7 @@
* is not \c NULL, it must point to an initialized
* SHA-512 context.
*/
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
+void mbedtls_sha512_free(mbedtls_sha512_context *ctx);
/**
* \brief This function clones the state of a SHA-512 context.
@@ -88,8 +88,8 @@
* \param dst The destination context. This must be initialized.
* \param src The context to clone. This must be initialized.
*/
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
- const mbedtls_sha512_context *src );
+void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
+ const mbedtls_sha512_context *src);
/**
* \brief This function starts a SHA-384 or SHA-512 checksum
@@ -106,7 +106,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
+int mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384);
/**
* \brief This function feeds an input buffer into an ongoing
@@ -121,9 +121,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha512_update(mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen);
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -138,8 +138,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
- unsigned char *output );
+int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char *output);
/**
* \brief This function processes a single data block within
@@ -153,8 +152,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] );
+int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
+ const unsigned char data[128]);
/**
* \brief This function calculates the SHA-512 or SHA-384
@@ -182,20 +181,20 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is384 );
+int mbedtls_sha512(const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ int is384);
#if defined(MBEDTLS_SELF_TEST)
- /**
+/**
* \brief The SHA-384 or SHA-512 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
-int mbedtls_sha512_self_test( int verbose );
+int mbedtls_sha512_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa0e1f2..41a29ce 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -31,12 +31,12 @@
#include "mbedtls/ssl_ciphersuites.h"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
+# include "mbedtls/x509_crt.h"
+# include "mbedtls/x509_crl.h"
#endif
#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
+# include "mbedtls/dhm.h"
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
@@ -45,59 +45,61 @@
* MBEDTLS_ECDSA_C which does not seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdh.h"
+# include "mbedtls/ecdh.h"
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+# include "mbedtls/platform_time.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+# include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* SSL Error codes
*/
/** A cryptographic operation is in progress. Try again later. */
-#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
+#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
/** The requested feature is not available. */
-#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
+#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
/** Verification of the message MAC failed. */
-#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
+#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
/** An invalid SSL record was received. */
-#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
+#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
/** The connection indicated an EOF. */
-#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
+#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
/** A message could not be parsed due to a syntactic error. */
-#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
+#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
/* Error space gap */
/** No RNG was provided to the SSL module. */
-#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
-/** No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
-/** Client received an extended server hello containing an unsupported extension */
-#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500
+#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
+/** No client certification received from the client, but required by the
+ * authentication mode. */
+#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
+/** Client received an extended server hello containing an unsupported extension
+ */
+#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500
/** No ALPN protocols supported that the client advertises */
-#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580
+#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580
/** The own private key or pre-shared key is not set, but needed. */
-#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
+#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
/** No CA Chain is set, but required to operate. */
-#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
+#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
/** An unexpected message was received from our peer. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
/** A fatal alert message was received from our peer. */
-#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
+#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
/** No server could be identified matching the client's SNI. */
-#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800
+#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800
/** The peer notified us that the connection is going to be closed. */
-#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
+#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
/* Error space gap */
/* Error space gap */
/** Processing of the Certificate handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
+#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
/* Error space gap */
/* Error space gap */
/* Error space gap */
@@ -108,52 +110,54 @@
/* Error space gap */
/* Error space gap */
/** Memory allocation failed */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
/** Hardware acceleration function returned with error */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
/** Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
/** Handshake protocol not within min/max boundaries */
-#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80
+#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80
/** The handshake negotiation failed. */
-#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00
+#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00
/** Session ticket has expired. */
-#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
-/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
-#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
+#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
+/** Public key type mismatch (eg, asked for RSA key exchange and presented EC
+ * key) */
+#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
/** Unknown identity received (eg, PSK identity) */
-#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
+#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
/** Internal error (eg, unexpected failure in lower-level module) */
-#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
+#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
/** A counter would wrap (eg, too many messages exchanged). */
-#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
+#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
/** Unexpected message at ServerHello in renegotiation. */
-#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
+#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
/** DTLS client must retry for hello verification */
-#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
+#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
/** A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
/* Error space gap */
/** No data of requested type currently available on underlying transport. */
-#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
+#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
/** Connection requires a write call. */
-#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
+#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
/** The operation timed out. */
-#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
+#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
/** The client initiated a reconnect from the same port. */
-#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
/** Record header looks valid but is not expected. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
+#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
/** The alert message received indicates a non-fatal error. */
-#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
+#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
/** A field in a message was incorrect or inconsistent with other fields. */
-#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600
-/** Internal-only message signaling that further message-processing should be done */
-#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
+#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600
+/** Internal-only message signaling that further message-processing should be
+ * done */
+#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
/** The asynchronous operation is not completed yet. */
-#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
+#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
/** Internal-only message signaling that a message arrived early. */
-#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
+#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
/* Error space gap */
/* Error space gap */
/* Error space gap */
@@ -163,11 +167,11 @@
/* Error space gap */
/* Error space gap */
/** An encrypted DTLS-frame with an unexpected CID was received. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000
+#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000
/** An operation failed due to an unexpected version or configuration. */
-#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
+#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
/** Invalid value in SSL config */
-#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
+#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
/*
* Various constants
@@ -177,93 +181,98 @@
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1
*/
-#define MBEDTLS_SSL_MAJOR_VERSION_3 3
-#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
-#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
+#define MBEDTLS_SSL_MAJOR_VERSION_3 3
+#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
+#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
-#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
-#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
+#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
+#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
-#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
-#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN \
+ 255 /*!< Maximum host name defined in RFC 1035 */
+#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN \
+ 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 \
+ */
-#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
+#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN \
+ 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
-#define MBEDTLS_SSL_IS_CLIENT 0
-#define MBEDTLS_SSL_IS_SERVER 1
+#define MBEDTLS_SSL_IS_CLIENT 0
+#define MBEDTLS_SSL_IS_SERVER 1
-#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
-#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
+#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
+#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
-#define MBEDTLS_SSL_CID_DISABLED 0
-#define MBEDTLS_SSL_CID_ENABLED 1
+#define MBEDTLS_SSL_CID_DISABLED 0
+#define MBEDTLS_SSL_CID_ENABLED 1
-#define MBEDTLS_SSL_ETM_DISABLED 0
-#define MBEDTLS_SSL_ETM_ENABLED 1
+#define MBEDTLS_SSL_ETM_DISABLED 0
+#define MBEDTLS_SSL_ETM_ENABLED 1
-#define MBEDTLS_SSL_COMPRESS_NULL 0
+#define MBEDTLS_SSL_COMPRESS_NULL 0
-#define MBEDTLS_SSL_VERIFY_NONE 0
-#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
-#define MBEDTLS_SSL_VERIFY_REQUIRED 2
-#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
+#define MBEDTLS_SSL_VERIFY_NONE 0
+#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
+#define MBEDTLS_SSL_VERIFY_REQUIRED 2
+#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
-#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
-#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
+#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
+#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
-#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
-#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
+#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
+#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
-#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
-#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
+#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
+#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
-#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
-#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
+#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
+#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
-#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
-#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
-#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
+#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
+#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
+#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
-#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
-#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
-#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
+#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
+#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
+#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
-#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
-#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
+#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
+#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
-#define MBEDTLS_SSL_PRESET_DEFAULT 0
-#define MBEDTLS_SSL_PRESET_SUITEB 2
+#define MBEDTLS_SSL_PRESET_DEFAULT 0
+#define MBEDTLS_SSL_PRESET_SUITEB 2
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
+#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
+#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
*/
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
@@ -279,11 +288,11 @@
* peers are using it too!
*/
#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
-#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+# define MBEDTLS_SSL_IN_CONTENT_LEN 16384
#endif
#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
-#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+# define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
#endif
/*
@@ -291,22 +300,22 @@
* DTLS handshake message reassembly and future message buffering.
*/
#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
-#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+# define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
#endif
/*
* Maximum length of CIDs for incoming and outgoing messages.
*/
#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
-#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+# define MBEDTLS_SSL_CID_IN_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
-#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+# define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+# define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
/* \} name SECTION: Module settings */
@@ -320,161 +329,160 @@
* Signaling ciphersuite values (SCSV)
*/
/** renegotiation info ext */
-#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
+#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
/*
* Supported Signature and Hash algorithms (For TLS 1.2)
* RFC 5246 section 7.4.1.4.1
*/
-#define MBEDTLS_SSL_HASH_NONE 0
-#define MBEDTLS_SSL_HASH_MD5 1
-#define MBEDTLS_SSL_HASH_SHA1 2
-#define MBEDTLS_SSL_HASH_SHA224 3
-#define MBEDTLS_SSL_HASH_SHA256 4
-#define MBEDTLS_SSL_HASH_SHA384 5
-#define MBEDTLS_SSL_HASH_SHA512 6
+#define MBEDTLS_SSL_HASH_NONE 0
+#define MBEDTLS_SSL_HASH_MD5 1
+#define MBEDTLS_SSL_HASH_SHA1 2
+#define MBEDTLS_SSL_HASH_SHA224 3
+#define MBEDTLS_SSL_HASH_SHA256 4
+#define MBEDTLS_SSL_HASH_SHA384 5
+#define MBEDTLS_SSL_HASH_SHA512 6
-#define MBEDTLS_SSL_SIG_ANON 0
-#define MBEDTLS_SSL_SIG_RSA 1
-#define MBEDTLS_SSL_SIG_ECDSA 3
+#define MBEDTLS_SSL_SIG_ANON 0
+#define MBEDTLS_SSL_SIG_RSA 1
+#define MBEDTLS_SSL_SIG_ECDSA 3
/*
* Client Certificate Types
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
*/
-#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
-#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
+#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
+#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
/*
* Message, alert and handshake types
*/
-#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
-#define MBEDTLS_SSL_MSG_ALERT 21
-#define MBEDTLS_SSL_MSG_HANDSHAKE 22
-#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
-#define MBEDTLS_SSL_MSG_CID 25
+#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
+#define MBEDTLS_SSL_MSG_ALERT 21
+#define MBEDTLS_SSL_MSG_HANDSHAKE 22
+#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
+#define MBEDTLS_SSL_MSG_CID 25
-#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
-#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
+#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
+#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
-#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
-#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
-#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
-#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
-#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
-#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
-#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
-#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
-#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
-#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
-#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
-#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
-#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
-#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
-#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
-#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
+#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
+#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
+#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
+#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
+#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
+#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
+#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
+#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
+#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
+#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
+#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
+#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
+#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
+#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
+#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
+#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
-#define MBEDTLS_SSL_HS_HELLO_REQUEST 0
-#define MBEDTLS_SSL_HS_CLIENT_HELLO 1
-#define MBEDTLS_SSL_HS_SERVER_HELLO 2
-#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
-#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
-#define MBEDTLS_SSL_HS_CERTIFICATE 11
-#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
-#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
-#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
-#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
-#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
-#define MBEDTLS_SSL_HS_FINISHED 20
+#define MBEDTLS_SSL_HS_HELLO_REQUEST 0
+#define MBEDTLS_SSL_HS_CLIENT_HELLO 1
+#define MBEDTLS_SSL_HS_SERVER_HELLO 2
+#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
+#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
+#define MBEDTLS_SSL_HS_CERTIFICATE 11
+#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
+#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
+#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
+#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
+#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
+#define MBEDTLS_SSL_HS_FINISHED 20
/*
* TLS extensions
*/
-#define MBEDTLS_TLS_EXT_SERVERNAME 0
-#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
+#define MBEDTLS_TLS_EXT_SERVERNAME 0
+#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
-#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
+#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
-#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
+#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
-#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
+#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
-#define MBEDTLS_TLS_EXT_SIG_ALG 13
+#define MBEDTLS_TLS_EXT_SIG_ALG 13
-#define MBEDTLS_TLS_EXT_USE_SRTP 14
+#define MBEDTLS_TLS_EXT_USE_SRTP 14
-#define MBEDTLS_TLS_EXT_ALPN 16
+#define MBEDTLS_TLS_EXT_ALPN 16
-#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
-#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
+#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
+#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
-#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
+#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
/* The value of the CID extension is still TBD as of
* draft-ietf-tls-dtls-connection-id-05
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
-#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
+#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
+#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
-#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
+#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
* Size defines
*/
#if !defined(MBEDTLS_PSK_MAX_LEN)
-#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
+# define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
#endif
/* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
+union mbedtls_ssl_premaster_secret {
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
+ unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
+ unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
+ unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
+ unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
+ unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE +
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
+ unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
+ unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES +
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
+ unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
#endif
};
-#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
+#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret)
#ifdef __cplusplus
extern "C" {
@@ -504,8 +512,7 @@
MBEDTLS_SSL_HANDSHAKE_OVER,
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-}
-mbedtls_ssl_states;
+} mbedtls_ssl_states;
/**
* \brief Callback type: send data on the network.
@@ -524,9 +531,7 @@
* \note The callback is allowed to send fewer bytes than requested.
* It must always return the number of bytes actually sent.
*/
-typedef int mbedtls_ssl_send_t( void *ctx,
- const unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len);
/**
* \brief Callback type: receive data from the network.
@@ -547,9 +552,7 @@
* buffer. It must always return the number of bytes actually
* received and written to the buffer.
*/
-typedef int mbedtls_ssl_recv_t( void *ctx,
- unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len);
/**
* \brief Callback type: receive data from the network, with timeout
@@ -573,10 +576,10 @@
* buffer. It must always return the number of bytes actually
* received and written to the buffer.
*/
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
- unsigned char *buf,
- size_t len,
- uint32_t timeout );
+typedef int mbedtls_ssl_recv_timeout_t(void *ctx,
+ unsigned char *buf,
+ size_t len,
+ uint32_t timeout);
/**
* \brief Callback type: set a pair of timers/delays to watch
*
@@ -599,9 +602,8 @@
* function while a timer is running must cancel it. Cancelled
* timers must not generate any event.
*/
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
- uint32_t int_ms,
- uint32_t fin_ms );
+typedef void
+mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms);
/**
* \brief Callback type: get status of timers/delays
@@ -614,12 +616,12 @@
* 1 if only the intermediate delay has passed,
* 2 if the final delay has passed.
*/
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
+typedef int mbedtls_ssl_get_timer_t(void *ctx);
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_config mbedtls_ssl_config;
+typedef struct mbedtls_ssl_config mbedtls_ssl_config;
/* Defined in library/ssl_misc.h */
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
@@ -655,10 +657,10 @@
* \return A non-zero return value on failure.
*
*/
-typedef int mbedtls_ssl_cache_get_t( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_get_t(void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ mbedtls_ssl_session *session);
/**
* \brief Callback type: server-side session cache setter
*
@@ -677,13 +679,13 @@
* \return \c 0 on success
* \return A non-zero return value on failure.
*/
-typedef int mbedtls_ssl_cache_set_t( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- const mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_set_t(void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ const mbedtls_ssl_session *session);
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+# if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Callback type: start external signature operation.
*
@@ -755,11 +757,11 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash,
- size_t hash_len );
+typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len);
/**
* \brief Callback type: start external decryption operation.
@@ -821,11 +823,11 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ const unsigned char *input,
+ size_t input_len);
+# endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
* \brief Callback type: resume external operation.
@@ -869,10 +871,10 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
- unsigned char *output,
- size_t *output_len,
- size_t output_size );
+typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ size_t *output_len,
+ size_t output_size);
/**
* \brief Callback type: cancel external operation.
@@ -891,32 +893,33 @@
* \param ssl The SSL connection instance. It should not be
* modified.
*/
-typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
+typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
-#elif defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
-#elif defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
-#else
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
+# if defined(MBEDTLS_SHA256_C)
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
+# elif defined(MBEDTLS_SHA384_C)
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
+# elif defined(MBEDTLS_SHA1_C)
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
+# else
/* This is already checked in check_config.h, but be sure. */
-#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
+# error \
+ "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
+# endif
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && \
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
-#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4
+# define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
+# define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4
/*
* For code readability use a typedef for DTLS-SRTP profiles
*
@@ -926,25 +929,23 @@
* Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value
* must be updated too.
*/
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001)
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006)
+# define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t)0x0001)
+# define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t)0x0002)
+# define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ((uint16_t)0x0005)
+# define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ((uint16_t)0x0006)
/* This one is not iana defined, but for code readability. */
-#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000)
+# define MBEDTLS_TLS_SRTP_UNSET ((uint16_t)0x0000)
typedef uint16_t mbedtls_ssl_srtp_profile;
-typedef struct mbedtls_dtls_srtp_info_t
-{
+typedef struct mbedtls_dtls_srtp_info_t {
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
-}
-mbedtls_dtls_srtp_info;
+} mbedtls_dtls_srtp_info;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -959,49 +960,50 @@
* mbedtls_ssl_session_save() and ssl_session_load()
* ssl_session_copy()
*/
-struct mbedtls_ssl_session
-{
+struct mbedtls_ssl_session {
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
- int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
- int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
- size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
- unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
- unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
+ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
+ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
unsigned char MBEDTLS_PRIVATE(exported);
/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
- unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
+ unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the
+ session. */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+# if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
+# else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+# endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
+ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
- size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
- uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
+ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
+ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated
+ by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
+ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@@ -1010,26 +1012,25 @@
*/
typedef enum
{
- MBEDTLS_SSL_TLS_PRF_NONE,
- MBEDTLS_SSL_TLS_PRF_SHA384,
- MBEDTLS_SSL_TLS_PRF_SHA256,
- MBEDTLS_SSL_HKDF_EXPAND_SHA384,
- MBEDTLS_SSL_HKDF_EXPAND_SHA256
-}
-mbedtls_tls_prf_types;
+ MBEDTLS_SSL_TLS_PRF_NONE,
+ MBEDTLS_SSL_TLS_PRF_SHA384,
+ MBEDTLS_SSL_TLS_PRF_SHA256,
+ MBEDTLS_SSL_HKDF_EXPAND_SHA384,
+ MBEDTLS_SSL_HKDF_EXPAND_SHA256
+} mbedtls_tls_prf_types;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
typedef enum
{
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+# if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+# endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
} mbedtls_ssl_key_export_type;
/**
@@ -1047,20 +1048,19 @@
* \param tls_prf_type The identifier for the PRF used in the handshake
* to which the key belongs.
*/
-typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
- mbedtls_ssl_key_export_type type,
- const unsigned char *secret,
- size_t secret_len,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type );
+typedef void mbedtls_ssl_export_keys_t(void *p_expkey,
+ mbedtls_ssl_key_export_type type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type);
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
-struct mbedtls_ssl_config
-{
+struct mbedtls_ssl_config {
/* Group items by size (largest first) to minimize padding overhead */
/*
@@ -1072,129 +1072,174 @@
/** Callback for printing debug output */
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
- void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
+ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
- int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
- void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
+ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
- int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
+ int (*MBEDTLS_PRIVATE(f_sni))(void *,
+ mbedtls_ssl_context *,
+ const unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
- int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
+ int (*MBEDTLS_PRIVATE(f_psk))(void *,
+ mbedtls_ssl_context *,
+ const unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
- int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
- const unsigned char *, size_t );
+ int (*MBEDTLS_PRIVATE(f_cookie_write))(void *,
+ unsigned char **,
+ unsigned char *,
+ const unsigned char *,
+ size_t);
/** Callback to verify validity of a ClientHello cookie */
- int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
- const unsigned char *, size_t );
- void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
+ int (*MBEDTLS_PRIVATE(f_cookie_check))(void *,
+ const unsigned char *,
+ size_t,
+ const unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
- unsigned char *, const unsigned char *, size_t *, uint32_t * );
+ int (*MBEDTLS_PRIVATE(f_ticket_write))(void *,
+ const mbedtls_ssl_session *,
+ unsigned char *,
+ const unsigned char *,
+ size_t *,
+ uint32_t *);
/** Callback to parse a session ticket into a session structure */
- int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
+ int (*MBEDTLS_PRIVATE(f_ticket_parse))(void *,
+ mbedtls_ssl_session *,
+ unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
+ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS
+ records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
- mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
- mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!<
+ verification
+ profile */
+ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key
+ pair(s) */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
+# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
void *MBEDTLS_PRIVATE(p_ca_cb);
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
- void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+# if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start
+ asynchronous
+ signature
+ operation
+ */
+ mbedtls_ssl_async_decrypt_t
+ *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!<
+ start
+ asynchronous
+ decryption
+ operation
+ */
+# endif /* MBEDTLS_X509_CRT_PARSE_C */
+ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume
+ asynchronous
+ operation */
+ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel
+ asynchronous
+ operation */
+ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by
+ mbedtls_ssl_conf_async_private_cb().
+ */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
+ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves
+ */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
- * should only be set via
- * mbedtls_ssl_conf_psk_opaque().
- * If either no PSK or a raw PSK have been
- * configured, this has value \c 0.
- */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque
+ * PSK. This field should only be
+ * set via
+ * mbedtls_ssl_conf_psk_opaque().
+ * If either no PSK or a raw PSK
+ * have been configured, this has
+ * value \c 0.
+ */
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
- * only be set via mbedtls_ssl_conf_psk().
- * If either no PSK or an opaque PSK
- * have been configured, this has value NULL. */
- size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * Its value is non-zero if and only if
- * \c psk is not \c NULL. */
+ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field
+ * should only be set via
+ * mbedtls_ssl_conf_psk(). If either no
+ * PSK or an opaque PSK have been
+ * configured, this has value NULL. */
+ size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
+ * This field should only be set via
+ * mbedtls_ssl_conf_psk().
+ * Its value is non-zero if and only if
+ * \c psk is not \c NULL. */
- unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * This is set if and only if either
- * \c psk or \c psk_opaque are set. */
- size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * Its value is non-zero if and only if
- * \c psk is not \c NULL or \c psk_opaque
- * is not \c 0. */
+ unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK
+ * negotiation. This field
+ * should only be set via
+ * mbedtls_ssl_conf_psk().
+ * This is set if and only
+ * if either \c psk or \c
+ * psk_opaque are set. */
+ size_t MBEDTLS_PRIVATE(psk_identity_len); /*!< The length of PSK identity.
+ * This field should only be set
+ * via mbedtls_ssl_conf_psk(). Its
+ * value is non-zero if and only
+ * if \c psk is not \c NULL or \c
+ * psk_opaque is not \c 0. */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
+ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1208,227 +1253,283 @@
* Numerical settings (int then char)
*/
- uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
+ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read
+ (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
- retransmission timeout (ms) */
- uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
- retransmission timeout (ms) */
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the
+ handshake retransmission timeout (ms) */
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the
+ handshake retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
- unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
- that triggers renegotiation */
+ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation
+ */
+ unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record
+ counters that triggers renegotiation */
#endif
- unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
+ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad
+ MAC */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
+ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the
+ DHM prime */
#endif
- unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
- unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
- unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
- unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
+ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used
+ */
+ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used
+ */
+ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used
+ */
+ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used
+ */
/*
* Flags (bitfields)
*/
- unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
- unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
- unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
+ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram
+ (DTLS) */
+ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2; /*!<
+ MBEDTLS_LEGACY_XXX
+ */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
+ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
+ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1; /*!< negotiate
+ encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
+ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended
+ master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
+ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent
+ replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
+ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable
+ renegotiation?
+ */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
+ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets?
+ */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
- Certificate Request messages? */
- unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the ciphersuite according to
- the client's preferences rather
- than ours */
+ unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA
+ list in Certificate Request messages?
+ */
+ unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the
+ ciphersuite according to the client's
+ preferences rather than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
- * record with unexpected CID
- * should lead to failure. */
+ unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines
+ * whether DTLS
+ * record with
+ * unexpected CID
+ * should lead to
+ * failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
- in the use_srtp extension */
+ unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having
+ mki_value in the use_srtp
+ extension */
#endif
};
-struct mbedtls_ssl_context
-{
- const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
+struct mbedtls_ssl_context {
+ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration
+ information */
/*
* Miscellaneous
*/
- int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
+ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
- int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
- number of retransmissions of request if
- renego_max_records is < 0 */
+ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
+ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request,
+ or with DTLS, number of retransmissions of
+ request if renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3
+ */
/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
- int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
- unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
+ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x
+ macros */
+ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received
+ */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
- mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
- mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send
+ */
+ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network
+ receive */
mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
- /*!< Callback for network receive with timeout */
+ /*!< Callback for network receive with timeout */
- void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
+ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data
+ (in) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session
+ data (out) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data
+ */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data
+ in negotiation
+ */
- mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
- the handshake process */
+ mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params
+ required only during the handshake
+ process */
/*
* Record layer transformations
*/
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current
+ transform params
+ (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current
+ transform params
+ (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated
+ transform params */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform
+ params in
+ negotiation
+ */
/*
* Timers
*/
- void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
+ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
- mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
- mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
+ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer
+ callback */
+ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer
+ callback */
/*
* Record layer (incoming data)
*/
- unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
- unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
- TLS: maintained by us
- DTLS: read from peer */
- unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+ unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
+ TLS: maintained by us
+ DTLS: read from peer */
+ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
- * (the end is marked by in_len). */
+ unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
+ * (the end is marked by in_len).
+ */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
- unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
- unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
- unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
+ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field
+ */
+ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen)
+ */
+ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application
+ data */
- int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
- size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
- size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
+ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
+ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
- size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
- (equal to in_left if none) */
+ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
+ size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record
+ in datagram (equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
- uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
+ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num
+ */
+ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
- size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
- including the handshake header */
- int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
+ size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
+ including the handshake header */
+ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
- int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
- on next call to record layer? */
+ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current
+ message on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
- * within a single datagram. */
+ uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing
+ * multiple records
+ * within a single
+ * datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
- unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
- unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
- unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message
+ counter */
+ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
- * (the end is marked by in_len). */
+ unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
+ * (the end is marked by in_len).
+ */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
- unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
- unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field
+ */
+ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents
+ (out_iv+ivlen) */
- int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
- size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
- size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
+ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
+ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
- unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
+ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record
+ sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
+ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing
+ messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* PKI layer
*/
- int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
+ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
- (and SNI if available) */
+ char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
+ (and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
- const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
+ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1442,20 +1543,26 @@
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
- size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
+ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the
+ client */
+ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
- int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
- secure renegotiation */
+ int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
+ secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
- char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored
+ */
+ char MBEDTLS_PRIVATE(own_verify_data)
+ [MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data
+ */
+ char MBEDTLS_PRIVATE(peer_verify_data)
+ [MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data
+ */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1465,18 +1572,21 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
- uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
- * be negotiated in the next handshake or not.
- * Possible values are #MBEDTLS_SSL_CID_ENABLED
- * and #MBEDTLS_SSL_CID_DISABLED. */
+ unsigned char MBEDTLS_PRIVATE(own_cid)[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+ uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID
+ * extension should be negotiated in
+ * the next handshake or not.
+ * Possible values are
+ * #MBEDTLS_SSL_CID_ENABLED and
+ * #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
- void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
+ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback
+ */
#endif
};
@@ -1488,7 +1598,7 @@
*
* \return a string containing the ciphersuite name
*/
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id);
/**
* \brief Return the ID of the ciphersuite associated with the
@@ -1498,7 +1608,7 @@
*
* \return the ID with the ciphersuite or 0 if not found
*/
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name);
/**
* \brief Initialize an SSL context
@@ -1507,7 +1617,7 @@
*
* \param ssl SSL context
*/
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
/**
* \brief Set up an SSL context for use
@@ -1529,8 +1639,7 @@
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
* memory allocation failed
*/
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_config *conf );
+int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf);
/**
* \brief Reset an already initialized SSL context for re-use
@@ -1541,7 +1650,7 @@
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
*/
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl);
/**
* \brief Set the current endpoint type
@@ -1549,7 +1658,7 @@
* \param conf SSL configuration
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
*/
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint);
/**
* \brief Set the transport type (TLS or DTLS).
@@ -1565,7 +1674,7 @@
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
*/
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport);
/**
* \brief Set the certificate verification mode
@@ -1588,12 +1697,13 @@
* (default on client)
*
* \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
- * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
- * the right time(s), which may not be obvious, while REQUIRED always perform
- * the verification as soon as possible. For example, REQUIRED was protecting
- * against the "triple handshake" attack even before it was found.
+ * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call
+ * mbedtls_ssl_get_verify_result() at the right time(s), which may not be
+ * obvious, while REQUIRED always perform the verification as soon as possible.
+ * For example, REQUIRED was protecting against the "triple handshake" attack
+ * even before it was found.
*/
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -1611,9 +1721,10 @@
* \param f_vrfy The verification callback to use during CRT verification.
* \param p_vrfy The opaque context to be passed to the callback.
*/
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+void mbedtls_ssl_conf_verify(
+ mbedtls_ssl_config *conf,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1623,9 +1734,9 @@
* \param f_rng RNG function (mandatory)
* \param p_rng RNG parameter
*/
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Set the debug callback
@@ -1641,9 +1752,10 @@
* \param f_dbg debug function
* \param p_dbg debug parameter
*/
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
- void (*f_dbg)(void *, int, const char *, int, const char *),
- void *p_dbg );
+void mbedtls_ssl_conf_dbg(
+ mbedtls_ssl_config *conf,
+ void (*f_dbg)(void *, int, const char *, int, const char *),
+ void *p_dbg);
/**
* \brief Set the underlying BIO callbacks for write, read and
@@ -1675,16 +1787,15 @@
* \c mbedtls_net_recv_timeout() that are suitable to be used
* here.
*/
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- mbedtls_ssl_send_t *f_send,
- mbedtls_ssl_recv_t *f_recv,
- mbedtls_ssl_recv_timeout_t *f_recv_timeout );
+void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
+ void *p_bio,
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
+# if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/**
* \brief Configure the use of the Connection ID (CID)
@@ -1769,10 +1880,10 @@
* applies to the next handshake.
* \return A negative error code on failure.
*/
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
- int enable,
- unsigned char const *own_cid,
- size_t own_cid_len );
+int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len);
/**
* \brief Get information about the use of the CID extension
@@ -1811,12 +1922,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
- int *enabled,
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
- size_t *peer_cid_len );
+int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *peer_cid_len);
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+# endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
* \brief Set the Maximum Tranport Unit (MTU).
@@ -1857,7 +1968,7 @@
* \param ssl SSL context
* \param mtu Value of the path MTU in bytes
*/
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
+void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1879,9 +1990,10 @@
* \param f_vrfy The verification callback to use during CRT verification.
* \param p_vrfy The opaque context to be passed to the callback.
*/
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+void mbedtls_ssl_set_verify(
+ mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1900,7 +2012,7 @@
* \note With non-blocking I/O, you may also skip this function
* altogether and handle timeouts at the application layer.
*/
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout);
/**
* \brief Check whether a buffer contains a valid and authentic record
@@ -1946,9 +2058,9 @@
* In this case, the SSL context becomes unusable and needs
* to be freed or reset before reuse.
*/
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t buflen );
+int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t buflen);
/**
* \brief Set the timer callbacks (Mandatory for DTLS.)
@@ -1970,10 +2082,10 @@
* \note See also the "DTLS tutorial" article in our knowledge base.
* https://tls.mbed.org/kb/how-to/dtls-tutorial
*/
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
- void *p_timer,
- mbedtls_ssl_set_timer_t *f_set_timer,
- mbedtls_ssl_get_timer_t *f_get_timer );
+void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
+ void *p_timer,
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer);
/**
* \brief Callback type: generate and write session ticket
@@ -1994,12 +2106,12 @@
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
- const mbedtls_ssl_session *session,
- unsigned char *start,
- const unsigned char *end,
- size_t *tlen,
- uint32_t *lifetime );
+typedef int mbedtls_ssl_ticket_write_t(void *p_ticket,
+ const mbedtls_ssl_session *session,
+ unsigned char *start,
+ const unsigned char *end,
+ size_t *tlen,
+ uint32_t *lifetime);
/**
* \brief Callback type: parse and load session ticket
@@ -2024,10 +2136,10 @@
* MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
* any other non-zero code for other failures.
*/
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
- mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket,
+ mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t len);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2044,10 +2156,11 @@
* \param f_ticket_parse Callback for parsing a ticket
* \param p_ticket Context shared by the two callbacks
*/
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_ticket_write_t *f_ticket_write,
- mbedtls_ssl_ticket_parse_t *f_ticket_parse,
- void *p_ticket );
+void mbedtls_ssl_conf_session_tickets_cb(
+ mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
@@ -2069,9 +2182,9 @@
* \param p_export_keys The opaque context pointer to be passed to the
* callback \p f_export_keys.
*/
-void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys );
+void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys);
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -2105,12 +2218,13 @@
* mbedtls_ssl_conf_get_async_config_data(). The
* library stores this value without dereferencing it.
*/
-void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
- mbedtls_ssl_async_resume_t *f_async_resume,
- mbedtls_ssl_async_cancel_t *f_async_cancel,
- void *config_data );
+void mbedtls_ssl_conf_async_private_cb(
+ mbedtls_ssl_config *conf,
+ mbedtls_ssl_async_sign_t *f_async_sign,
+ mbedtls_ssl_async_decrypt_t *f_async_decrypt,
+ mbedtls_ssl_async_resume_t *f_async_resume,
+ mbedtls_ssl_async_cancel_t *f_async_cancel,
+ void *config_data);
/**
* \brief Retrieve the configuration data set by
@@ -2120,7 +2234,7 @@
* \return The configuration data set by
* mbedtls_ssl_conf_async_private_cb().
*/
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
+void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf);
/**
* \brief Retrieve the asynchronous operation user context.
@@ -2136,7 +2250,7 @@
* called during the current handshake, this function returns
* \c NULL.
*/
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
+void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl);
/**
* \brief Retrieve the asynchronous operation user context.
@@ -2149,8 +2263,7 @@
* Call mbedtls_ssl_get_async_operation_data() later during the
* same handshake to retrieve this value.
*/
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
- void *ctx );
+void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, void *ctx);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/**
@@ -2167,9 +2280,11 @@
* \return The callback must return 0 on success,
* or a negative error code.
*/
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_write_t(void *ctx,
+ unsigned char **p,
+ unsigned char *end,
+ const unsigned char *info,
+ size_t ilen);
/**
* \brief Callback type: verify a cookie
@@ -2184,9 +2299,11 @@
* \return The callback must return 0 if cookie is valid,
* or a negative error code.
*/
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
- const unsigned char *cookie, size_t clen,
- const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_check_t(void *ctx,
+ const unsigned char *cookie,
+ size_t clen,
+ const unsigned char *info,
+ size_t ilen);
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2217,10 +2334,10 @@
* \param f_cookie_check Cookie check callback
* \param p_cookie Context for both callbacks
*/
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
- mbedtls_ssl_cookie_write_t *f_cookie_write,
- mbedtls_ssl_cookie_check_t *f_cookie_check,
- void *p_cookie );
+void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
+ mbedtls_ssl_cookie_write_t *f_cookie_write,
+ mbedtls_ssl_cookie_check_t *f_cookie_check,
+ void *p_cookie);
/**
* \brief Set client's transport-level identification info.
@@ -2241,9 +2358,9 @@
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
*/
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
- const unsigned char *info,
- size_t ilen );
+int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
+ const unsigned char *info,
+ size_t ilen);
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
@@ -2263,7 +2380,7 @@
* packets and needs information about them to adjust its
* transmission strategy, then you'll want to disable this.
*/
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode);
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
/**
@@ -2289,7 +2406,8 @@
* might make us waste resources checking authentication on
* many bogus packets.
*/
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf,
+ unsigned limit);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2321,8 +2439,8 @@
* are currently always sent in separate datagrams.
*
*/
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
- unsigned allow_packing );
+void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
+ unsigned allow_packing);
/**
* \brief Set retransmit timeout values for the DTLS handshake.
@@ -2355,7 +2473,9 @@
* goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
* resend ... 5s -> give up and return a timeout error.
*/
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf,
+ uint32_t min,
+ uint32_t max);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -2396,10 +2516,10 @@
* \param f_get_cache session get callback
* \param f_set_cache session set callback
*/
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
- void *p_cache,
- mbedtls_ssl_cache_get_t *f_get_cache,
- mbedtls_ssl_cache_set_t *f_set_cache );
+void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
+ void *p_cache,
+ mbedtls_ssl_cache_get_t *f_get_cache,
+ mbedtls_ssl_cache_set_t *f_set_cache);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -2448,7 +2568,8 @@
* \sa mbedtls_ssl_get_session()
* \sa mbedtls_ssl_session_load()
*/
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_session *session);
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -2483,9 +2604,9 @@
* \return Another negative value for other kinds of errors (for
* example, unsupported features in the embedded certificate).
*/
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Save session structure as serialized data in a buffer.
@@ -2512,10 +2633,10 @@
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
*/
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
+int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
/**
* \brief Set the list of allowed ciphersuites and the preference
@@ -2535,12 +2656,12 @@
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
- const int *ciphersuites );
+void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf,
+ const int *ciphersuites);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
-#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
+# define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
+# define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
/**
* \brief Specify the length of Connection IDs for incoming
* encrypted DTLS records, as well as the behaviour
@@ -2573,8 +2694,9 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
* is too large.
*/
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
- int ignore_other_cids );
+int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf,
+ size_t len,
+ int ignore_other_cids);
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -2588,8 +2710,8 @@
* \param conf SSL configuration
* \param profile Profile to use
*/
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
- const mbedtls_x509_crt_profile *profile );
+void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf,
+ const mbedtls_x509_crt_profile *profile);
/**
* \brief Set the data required to verify peer certificate
@@ -2602,11 +2724,11 @@
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
*/
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf,
mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
+ mbedtls_x509_crl *ca_crl);
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
* \brief Set the trusted certificate callback.
*
@@ -2658,10 +2780,10 @@
* to guarantee this (for example through a mutex
* contained in the callback context pointed to by \p p_ca_cb).
*/
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb );
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb);
+# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/**
* \brief Set own certificate chain and private key
@@ -2699,9 +2821,9 @@
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
*/
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
+ mbedtls_pk_context *pk_key);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -2737,11 +2859,13 @@
* can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len );
+int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
+ const unsigned char *psk,
+ size_t psk_len,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Configure one or more opaque pre-shared keys (PSKs) and
* their identities to be used in PSK-based ciphersuites.
@@ -2779,11 +2903,11 @@
* can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
- const unsigned char *psk_identity,
- size_t psk_identity_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
+ psa_key_id_t psk,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len);
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief Set the pre-shared Key (PSK) for the current handshake.
@@ -2801,10 +2925,11 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
- const unsigned char *psk, size_t psk_len );
+int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
+ const unsigned char *psk,
+ size_t psk_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Set an opaque pre-shared Key (PSK) for the current handshake.
*
@@ -2821,13 +2946,12 @@
* PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
* use for the key derivation algorithm
* applied in the handshake.
- *
+ *
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, psa_key_id_t psk);
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief Set the PSK callback (server-side only).
@@ -2867,10 +2991,10 @@
* \param p_psk A pointer to an opaque structure to be passed to
* the callback, for example a PSK store.
*/
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_psk );
+void mbedtls_ssl_conf_psk_cb(
+ mbedtls_ssl_config *conf,
+ int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
+ void *p_psk);
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@@ -2887,9 +3011,11 @@
*
* \return 0 if successful
*/
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len );
+int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
+ const unsigned char *dhm_P,
+ size_t P_len,
+ const unsigned char *dhm_G,
+ size_t G_len);
/**
* \brief Set the Diffie-Hellman public P and G values,
@@ -2900,7 +3026,8 @@
*
* \return 0 if successful
*/
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf,
+ mbedtls_dhm_context *dhm_ctx);
#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -2912,8 +3039,8 @@
* \param conf SSL configuration
* \param bitlen Minimum bit length of the DHM prime
*/
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
- unsigned int bitlen );
+void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
+ unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
@@ -2956,8 +3083,8 @@
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves );
+void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curves);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -2990,8 +3117,7 @@
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
*/
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes );
+void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, const int *hashes);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -3013,7 +3139,7 @@
* when NULL). On allocation failure hostname is cleared.
* On too long input failure, old hostname is unchanged.
*/
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -3029,9 +3155,9 @@
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
*/
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
+int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *own_cert,
+ mbedtls_pk_context *pk_key);
/**
* \brief Set the data required to verify peer certificate for the
@@ -3044,9 +3170,9 @@
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
*/
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
+void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl);
/**
* \brief Set authmode for the current handshake.
@@ -3058,8 +3184,7 @@
* \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
* MBEDTLS_SSL_VERIFY_REQUIRED
*/
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
- int authmode );
+void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, int authmode);
/**
* \brief Set server side ServerName TLS extension callback
@@ -3084,10 +3209,10 @@
* \param f_sni verification function
* \param p_sni verification parameter
*/
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_sni );
+void mbedtls_ssl_conf_sni(
+ mbedtls_ssl_config *conf,
+ int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
+ void *p_sni);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -3108,9 +3233,9 @@
*
* \return 0 on success, or a negative error code.
*/
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len );
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+ const unsigned char *pw,
+ size_t pw_len);
#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
@@ -3126,7 +3251,8 @@
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+ const char **protos);
/**
* \brief Get the name of the negotiated Application Layer Protocol.
@@ -3137,28 +3263,29 @@
*
* \return Protcol name, or NULL if no protocol was negotiated.
*/
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
+# if defined(MBEDTLS_DEBUG_C)
+static inline const char *
+mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
{
- switch( profile )
- {
+ switch (profile) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
- return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ;
+ return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
- return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ;
+ return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
- return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ;
+ return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
- return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ;
- default: break;
+ return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
+ default:
+ break;
}
- return "" ;
+ return "";
}
-#endif /* MBEDTLS_DEBUG_C */
+# endif /* MBEDTLS_DEBUG_C */
/**
* \brief Manage support for mki(master key id) value
* in use_srtp extension.
@@ -3172,8 +3299,8 @@
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
* or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
*/
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
- int support_mki_value );
+void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
+ int support_mki_value);
/**
* \brief Set the supported DTLS-SRTP protection profiles.
@@ -3194,9 +3321,9 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
* protection profiles is incorrect.
*/
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles
- ( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles );
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles(
+ mbedtls_ssl_config *conf,
+ const mbedtls_ssl_srtp_profile *profiles);
/**
* \brief Set the mki_value for the current DTLS-SRTP session.
@@ -3214,29 +3341,33 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
*/
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
- unsigned char *mki_value,
- uint16_t mki_len );
+int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
+ unsigned char *mki_value,
+ uint16_t mki_len);
/**
* \brief Get the negotiated DTLS-SRTP informations:
* Protection profile and MKI value.
*
* \warning This function must be called after the handshake is
* completed. The value returned by this function must
- * not be trusted or acted upon before the handshake completes.
+ * not be trusted or acted upon before the handshake
+ completes.
*
* \param ssl The SSL context to query.
* \param dtls_srtp_info The negotiated DTLS-SRTP informations:
* - Protection profile in use.
- * A direct mapping of the iana defined value for protection
+ * A direct mapping of the iana defined value for
+ protection
* profile on an uint16_t.
http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
+ * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not
+ negotiated
* or peer's Hello packet was not parsed yet.
* - mki size and value( if size is > 0 ).
*/
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
- mbedtls_dtls_srtp_info *dtls_srtp_info );
+void mbedtls_ssl_get_dtls_srtp_negotiation_result(
+ const mbedtls_ssl_context *ssl,
+ mbedtls_dtls_srtp_info *dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/**
@@ -3252,7 +3383,9 @@
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf,
+ int major,
+ int minor);
/**
* \brief Set the minimum accepted SSL/TLS protocol version
@@ -3267,7 +3400,9 @@
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf,
+ int major,
+ int minor);
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/**
@@ -3281,7 +3416,7 @@
* \param conf SSL configuration
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
*/
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm);
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@@ -3296,7 +3431,8 @@
* \param conf SSL configuration
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf,
+ char ems);
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -3309,8 +3445,8 @@
* \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
* MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
*/
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
- char cert_req_ca_list );
+void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
+ char cert_req_ca_list);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -3348,7 +3484,8 @@
*
* \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
*/
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf,
+ unsigned char mfl_code);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -3361,7 +3498,7 @@
* \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
* or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
*/
-void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
+void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -3375,7 +3512,8 @@
* \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
*/
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf,
+ int use_tickets);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3396,7 +3534,8 @@
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*/
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf,
+ int renegotiation);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3426,7 +3565,8 @@
* SSL_ALLOW_LEGACY_RENEGOTIATION or
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
*/
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf,
+ int allow_legacy);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -3466,7 +3606,8 @@
* enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records.
*/
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf,
+ int max_records);
/**
* \brief Set record counter threshold for periodic renegotiation.
@@ -3493,8 +3634,8 @@
* \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
*/
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
- const unsigned char period[8] );
+void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
+ const unsigned char period[8]);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3535,7 +3676,7 @@
* that all internal data has been processed.
*
*/
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl);
/**
* \brief Return the number of application data bytes
@@ -3552,7 +3693,7 @@
* amount of data fitting into the input buffer.
*
*/
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl);
/**
* \brief Return the result of the certificate verification
@@ -3566,7 +3707,7 @@
* \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
* and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
*/
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl);
/**
* \brief Return the name of the current ciphersuite
@@ -3575,7 +3716,7 @@
*
* \return a string containing the ciphersuite name
*/
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current TLS version
@@ -3584,7 +3725,7 @@
*
* \return a string containing the TLS version
*/
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl);
/**
* \brief Return the (maximum) number of bytes added by the record
@@ -3594,7 +3735,7 @@
*
* \return Current maximum record expansion in bytes
*/
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current maximum outgoing record payload in bytes.
@@ -3621,7 +3762,7 @@
* \return Current maximum payload for an outgoing record,
* or a negative error code.
*/
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current maximum incoming record payload in bytes.
@@ -3641,7 +3782,7 @@
* \return Current maximum payload for an outgoing record,
* or a negative error code.
*/
-int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -3674,7 +3815,8 @@
* If you want to use the certificate across API calls,
* you must make a copy.
*/
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+const mbedtls_x509_crt *
+mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -3712,8 +3854,8 @@
* \sa mbedtls_ssl_set_session()
* \sa mbedtls_ssl_session_save()
*/
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
- mbedtls_ssl_session *session );
+int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
+ mbedtls_ssl_session *session);
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -3766,7 +3908,7 @@
* currently being processed might or might not contain further
* DTLS records.
*/
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
/**
* \brief Perform a single step of the SSL handshake
@@ -3788,7 +3930,7 @@
* re-using it for a new connection; the current connection
* must be closed.
*/
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -3814,7 +3956,7 @@
* must be closed.
*
*/
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3894,7 +4036,7 @@
* \c mbedtls_ssl_check_pending to check for remaining records.
*
*/
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
/**
* \brief Try to write exactly 'len' application data bytes
@@ -3956,7 +4098,9 @@
* \note Attempting to write 0 bytes will result in an empty TLS
* application record being sent.
*/
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+int mbedtls_ssl_write(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Send an alert message
@@ -3974,9 +4118,9 @@
* call \c mbedtls_ssl_session_reset() on it before re-using it
* for a new connection; the current connection must be closed.
*/
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
- unsigned char level,
- unsigned char message );
+int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
+ unsigned char level,
+ unsigned char message);
/**
* \brief Notify the peer that the connection is being closed
*
@@ -3990,14 +4134,14 @@
* call \c mbedtls_ssl_session_reset() on it before re-using it
* for a new connection; the current connection must be closed.
*/
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
/**
* \brief Free referenced items in an SSL context and clear memory
*
* \param ssl SSL context
*/
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
/**
@@ -4048,10 +4192,10 @@
* or the connection does not use DTLS 1.2 with an AEAD
* ciphersuite, or renegotiation is enabled.
*/
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
+int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
/**
* \brief Load serialized connection data to an SSL context.
@@ -4118,9 +4262,9 @@
* comes from a different Mbed TLS version or build.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
*/
-int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len);
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
/**
@@ -4133,7 +4277,7 @@
*
* \param conf SSL configuration context
*/
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_init(mbedtls_ssl_config *conf);
/**
* \brief Load reasonnable default SSL configuration values.
@@ -4150,22 +4294,24 @@
* \return 0 if successful, or
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
*/
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
- int endpoint, int transport, int preset );
+int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
+ int endpoint,
+ int transport,
+ int preset);
/**
* \brief Free an SSL configuration context
*
* \param conf SSL configuration context
*/
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_free(mbedtls_ssl_config *conf);
/**
* \brief Initialize SSL session structure
*
* \param session SSL session
*/
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_init(mbedtls_ssl_session *session);
/**
* \brief Free referenced items in an SSL session including the
@@ -4176,7 +4322,7 @@
*
* \param session SSL session
*/
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_free(mbedtls_ssl_session *session);
/**
* \brief TLS-PRF function for key derivation.
@@ -4193,11 +4339,14 @@
*
* \return 0 on success. An SSL specific error on failure.
*/
-int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
+int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
+ const unsigned char *secret,
+ size_t slen,
+ const char *label,
+ const unsigned char *random,
+ size_t rlen,
+ unsigned char *dstbuf,
+ size_t dlen);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 6a81ac9..9635809 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -28,23 +28,25 @@
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
-#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
+# define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
#endif
#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
-#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
+# define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES \
+ 50 /*!< Maximum entries in cache */
#endif
/* \} name SECTION: Module settings */
@@ -59,31 +61,29 @@
/**
* \brief This structure is used for storing cache entries
*/
-struct mbedtls_ssl_cache_entry
-{
+struct mbedtls_ssl_cache_entry {
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
+ mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif
- unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
+ unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
size_t MBEDTLS_PRIVATE(session_id_len);
- unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
+ unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
size_t MBEDTLS_PRIVATE(session_len);
- mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
};
/**
* \brief Cache context
*/
-struct mbedtls_ssl_cache_context
-{
- mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
- int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
- int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
+struct mbedtls_ssl_cache_context {
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
+ int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
+ int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
};
@@ -92,7 +92,7 @@
*
* \param cache SSL cache context
*/
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
/**
* \brief Cache get callback implementation
@@ -105,10 +105,10 @@
* \param session The address at which to store the session
* associated with \p session_id, if present.
*/
-int mbedtls_ssl_cache_get( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_get(void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ mbedtls_ssl_session *session);
/**
* \brief Cache set callback implementation
@@ -120,10 +120,10 @@
* \param session_id_len The length of \p session_id in bytes.
* \param session The session to store.
*/
-int mbedtls_ssl_cache_set( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- const mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_set(void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ const mbedtls_ssl_session *session);
#if defined(MBEDTLS_HAVE_TIME)
/**
@@ -135,7 +135,8 @@
* \param cache SSL cache context
* \param timeout cache entry timeout in seconds
*/
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache,
+ int timeout);
#endif /* MBEDTLS_HAVE_TIME */
/**
@@ -145,14 +146,15 @@
* \param cache SSL cache context
* \param max cache entry maximum
*/
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache,
+ int max);
/**
* \brief Free referenced items in a cache context and clear memory
*
* \param cache SSL cache context
*/
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 20e3307..5122e8c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -37,240 +37,240 @@
* Supported ciphersuites (Official IANA names)
*/
/** Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
+#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
/** Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
/** Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
/** Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
/** Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
/** Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
+#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
+#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
+#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
+#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
/** Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
/** Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
/** Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
/** Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
/** Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
/** Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
/** TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
/** Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
/** Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
/** Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
+#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
/** Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
+#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
+#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
+#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
+#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
+#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
+#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
+#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
+#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
@@ -282,42 +282,42 @@
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
@@ -329,71 +329,72 @@
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
/** experimental */
-#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
+#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
/* RFC 7905 */
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
/** TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
+#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
/** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
+#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
/** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
/** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
+#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
/** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
+#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
*/
-typedef enum {
+typedef enum
+{
MBEDTLS_KEY_EXCHANGE_NONE = 0,
MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -409,94 +410,93 @@
} mbedtls_key_exchange_type_t;
/* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
#endif
/* Key exchanges allowing client certificate requests */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
#endif
/* Key exchanges involving server signature in ServerKeyExchange */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
#endif
/* Key exchanges using ECDH */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
#endif
/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
#endif
/* Key exchanges that involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
#endif
/* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
#endif
/* Key exchanges using DHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
#endif
/* Key exchanges using ECDHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
+# define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
#endif
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
/** Weak ciphersuite flag */
-#define MBEDTLS_CIPHERSUITE_WEAK 0x01
+#define MBEDTLS_CIPHERSUITE_WEAK 0x01
/** Short authentication tag, eg for CCM_8 */
-#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
+#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
/** Can't be used with DTLS */
-#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
+#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
/**
* \brief This structure is used for storing ciphersuite information
*/
-struct mbedtls_ssl_ciphersuite_t
-{
+struct mbedtls_ssl_ciphersuite_t {
int MBEDTLS_PRIVATE(id);
- const char * MBEDTLS_PRIVATE(name);
+ const char *MBEDTLS_PRIVATE(name);
mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
@@ -510,92 +510,96 @@
unsigned char MBEDTLS_PRIVATE(flags);
};
-const int *mbedtls_ssl_list_ciphersuites( void );
+const int *mbedtls_ssl_list_ciphersuites(void);
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
+const mbedtls_ssl_ciphersuite_t *
+mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
+const mbedtls_ssl_ciphersuite_t *
+mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
+mbedtls_pk_type_t
+mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
+mbedtls_pk_type_t
+mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
#endif
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -603,56 +607,56 @@
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
+ const mbedtls_ssl_ciphersuite_t *info)
{
- switch( info->MBEDTLS_PRIVATE(key_exchange) )
- {
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1 ;
+ return 1;
default:
- return 0 ;
+ return 0;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index a5ece81..ca338f4 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -28,19 +28,21 @@
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
-/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-#define MBEDTLS_SSL_COOKIE_TIMEOUT 60
+/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in
+ * number of cookies issued */
+# define MBEDTLS_SSL_COOKIE_TIMEOUT 60
#endif
/* \} name SECTION: Module settings */
@@ -52,14 +54,14 @@
/**
* \brief Context for the default cookie functions.
*/
-typedef struct mbedtls_ssl_cookie_ctx
-{
- mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
+typedef struct mbedtls_ssl_cookie_ctx {
+ mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC
+ portion */
#if !defined(MBEDTLS_HAVE_TIME)
- unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
+ unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
- unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
- or in number of tickets issued */
+ unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if
+ HAVE_TIME, or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
@@ -69,14 +71,14 @@
/**
* \brief Initialize cookie context
*/
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
+void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Setup cookie context (generate keys)
*/
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Set expiration delay for cookies
@@ -87,12 +89,13 @@
* issued in the meantime.
* 0 to disable expiration (NOT recommended)
*/
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
+void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx,
+ unsigned long delay);
/**
* \brief Free cookie context
*/
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
+void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 0f4117d..0f36b77 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -35,7 +35,7 @@
#include "mbedtls/cipher.h"
#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+# include "mbedtls/threading.h"
#endif
#ifdef __cplusplus
@@ -45,33 +45,34 @@
/**
* \brief Information for session ticket protection
*/
-typedef struct mbedtls_ssl_ticket_key
-{
- unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
- uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
-}
-mbedtls_ssl_ticket_key;
+typedef struct mbedtls_ssl_ticket_key {
+ unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp
+ (seconds) */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth
+ enc/decryption */
+} mbedtls_ssl_ticket_key;
/**
* \brief Context for session ticket handling functions
*/
-typedef struct mbedtls_ssl_ticket_context
-{
- mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
- unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
+typedef struct mbedtls_ssl_ticket_context {
+ mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys
+ */
+ unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active
+ key */
- uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in
+ seconds */
/** Callback for getting (pseudo-)random numbers */
- int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
-}
-mbedtls_ssl_ticket_context;
+} mbedtls_ssl_ticket_context;
/**
* \brief Initialize a ticket context.
@@ -80,7 +81,7 @@
*
* \param ctx Context to be initialized
*/
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx);
/**
* \brief Prepare context to be actually used
@@ -104,10 +105,11 @@
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- mbedtls_cipher_type_t cipher,
- uint32_t lifetime );
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_cipher_type_t cipher,
+ uint32_t lifetime);
/**
* \brief Implementation of the ticket write callback
@@ -128,7 +130,7 @@
*
* \param ctx Context to be cleaned up
*/
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
+void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index fbc7374..a56b3ff 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -32,14 +32,13 @@
#endif
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
+#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
/** Locking / unlocking / free failed with error code. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
+#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
#if defined(MBEDTLS_THREADING_PTHREAD)
-#include <pthread.h>
-typedef struct mbedtls_threading_mutex_t
-{
+# include <pthread.h>
+typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
@@ -50,7 +49,7 @@
#if defined(MBEDTLS_THREADING_ALT)
/* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
+# include "threading_alt.h"
/**
* \brief Set your alternate threading implementation function
@@ -70,15 +69,15 @@
* \param mutex_lock the lock function implementation
* \param mutex_unlock the unlock function implementation
*/
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
- void (*mutex_free)( mbedtls_threading_mutex_t * ),
- int (*mutex_lock)( mbedtls_threading_mutex_t * ),
- int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
+void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
+ void (*mutex_free)(mbedtls_threading_mutex_t *),
+ int (*mutex_lock)(mbedtls_threading_mutex_t *),
+ int (*mutex_unlock)(mbedtls_threading_mutex_t *));
/**
* \brief Free global mutexes.
*/
-void mbedtls_threading_free_alt( void );
+void mbedtls_threading_free_alt(void);
#endif /* MBEDTLS_THREADING_ALT */
#if defined(MBEDTLS_THREADING_C)
@@ -87,19 +86,20 @@
*
* All these functions are expected to work or the result will be undefined.
*/
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
+extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex);
+extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex);
+extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex);
+extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex);
/*
* Global mutexes
*/
-#if defined(MBEDTLS_FS_IO)
+# if defined(MBEDTLS_FS_IO)
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-#endif
+# endif
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+# if defined(MBEDTLS_HAVE_TIME_DATE) && \
+ !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
/* This mutex may or may not be used in the default definition of
* mbedtls_platform_gmtime_r(), but in order to determine that,
* we need to check POSIX features, hence modify _POSIX_C_SOURCE.
@@ -107,7 +107,7 @@
* an accompanying definition, in case mbedtls_platform_gmtime_r()
* doesn't need it, but that's not a problem. */
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
+# endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
#endif /* MBEDTLS_THREADING_C */
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 25db1c6..5549209 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -38,27 +38,26 @@
/**
* \brief timer structure
*/
-struct mbedtls_timing_hr_time
-{
+struct mbedtls_timing_hr_time {
unsigned char MBEDTLS_PRIVATE(opaque)[32];
};
/**
* \brief Context for mbedtls_timing_set/get_delay()
*/
-typedef struct mbedtls_timing_delay_context
-{
- struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
- uint32_t MBEDTLS_PRIVATE(int_ms);
- uint32_t MBEDTLS_PRIVATE(fin_ms);
+typedef struct mbedtls_timing_delay_context {
+ struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
+ uint32_t MBEDTLS_PRIVATE(int_ms);
+ uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context;
-#else /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
+#else /* MBEDTLS_TIMING_ALT */
+# include "timing_alt.h"
#endif /* MBEDTLS_TIMING_ALT */
/* Internal use */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val,
+ int reset);
/**
* \brief Set a pair of delays to watch
@@ -74,7 +73,7 @@
* \note To set a single delay, either use \c mbedtls_timing_set_timer
* directly or use this function with int_ms == fin_ms.
*/
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms);
/**
* \brief Get the status of delays
@@ -88,7 +87,7 @@
* 1 if only the intermediate delay is passed,
* 2 if the final delay is passed.
*/
-int mbedtls_timing_get_delay( void *data );
+int mbedtls_timing_get_delay(void *data);
#ifdef __cplusplus
}
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 773da4a..ebebc5d 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -31,9 +31,9 @@
#if defined(MBEDTLS_VERSION_C)
-#ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-#endif
+# endif
/**
* Get the version number.
@@ -41,7 +41,7 @@
* \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch).
*/
-unsigned int mbedtls_version_get_number( void );
+unsigned int mbedtls_version_get_number(void);
/**
* Get the version string ("x.y.z").
@@ -49,7 +49,7 @@
* \param string The string that will receive the value.
* (Should be at least 9 bytes in size)
*/
-void mbedtls_version_get_string( char *string );
+void mbedtls_version_get_string(char *string);
/**
* Get the full version string ("mbed TLS x.y.z").
@@ -60,7 +60,7 @@
* (So the buffer should be at least 18 bytes to receive this
* version string).
*/
-void mbedtls_version_get_string_full( char *string );
+void mbedtls_version_get_string_full(char *string);
/**
* \brief Check if support for a feature was compiled into this
@@ -79,11 +79,11 @@
* -2 if support for feature checking as a whole was not
* compiled in.
*/
-int mbedtls_version_check_feature( const char *feature );
+int mbedtls_version_check_feature(const char *feature);
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif /* MBEDTLS_VERSION_C */
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 1adbd22..f916a83 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -29,7 +29,7 @@
#include "mbedtls/pk.h"
#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
+# include "mbedtls/rsa.h"
#endif
/**
@@ -46,7 +46,7 @@
* Set this to a low value to prevent an adversary from making you waste
* resources verifying an overlong certificate chain.
*/
-#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
+# define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
#endif
/**
@@ -54,45 +54,46 @@
* \{
*/
/** Unavailable feature, e.g. RSA hashing/encryption combination. */
-#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
+#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
/** Requested OID is unknown. */
-#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
+#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
/** The CRT/CRL/CSR format is invalid, e.g. different type expected. */
-#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
+#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
/** The CRT/CRL/CSR version element is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
+#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
/** The serial tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
+#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
+#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
/** The name tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
+#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
/** The date tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
+#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
/** The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
/** The extension tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
+#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
/** CRT/CRL/CSR has an unsupported version number. */
-#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
+#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
/** Signature algorithm (oid) is unsupported. */
-#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
+#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
-#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
+#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
/** Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
/** Format not recognized as DER or PEM. */
-#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
+#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
/** Input invalid. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
/** Allocation of memory failed. */
-#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
+#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
/** Read/write of file failed. */
-#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
+#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
/** Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
-/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
+#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
+/** A fatal error occurred, eg the chain is too long or the vrfy callback
+ * failed. */
+#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
/* \} name */
/**
@@ -101,45 +102,46 @@
*/
/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
/** The certificate validity has expired. */
-#define MBEDTLS_X509_BADCERT_EXPIRED 0x01
+#define MBEDTLS_X509_BADCERT_EXPIRED 0x01
/** The certificate has been revoked (is on a CRL). */
-#define MBEDTLS_X509_BADCERT_REVOKED 0x02
+#define MBEDTLS_X509_BADCERT_REVOKED 0x02
/** The certificate Common Name (CN) does not match with the expected CN. */
-#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
+#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
/** The certificate is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
+#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
/** The CRL is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
+#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
/** The CRL is expired. */
-#define MBEDTLS_X509_BADCRL_EXPIRED 0x20
+#define MBEDTLS_X509_BADCRL_EXPIRED 0x20
/** Certificate was missing. */
-#define MBEDTLS_X509_BADCERT_MISSING 0x40
+#define MBEDTLS_X509_BADCERT_MISSING 0x40
/** Certificate verification was skipped. */
-#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
+#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
/** Other reason (can be used by verify callback) */
-#define MBEDTLS_X509_BADCERT_OTHER 0x0100
+#define MBEDTLS_X509_BADCERT_OTHER 0x0100
/** The certificate validity starts in the future. */
-#define MBEDTLS_X509_BADCERT_FUTURE 0x0200
+#define MBEDTLS_X509_BADCERT_FUTURE 0x0200
/** The CRL is from the future */
-#define MBEDTLS_X509_BADCRL_FUTURE 0x0400
+#define MBEDTLS_X509_BADCRL_FUTURE 0x0400
/** Usage does not match the keyUsage extension. */
-#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
+#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
/** Usage does not match the extendedKeyUsage extension. */
-#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
+#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
/** Usage does not match the nsCertType extension. */
-#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
+#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
/** The certificate is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
+#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
/** The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
-/** The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
+#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
+/** The certificate is signed with an unacceptable key (eg bad curve, RSA too
+ * short). */
+#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
/** The CRL is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
+#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
/** The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
+#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
/** The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
+#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
/* \} name */
/* \} addtogroup x509_module */
@@ -156,43 +158,43 @@
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
*/
-#define MBEDTLS_X509_SAN_OTHER_NAME 0
-#define MBEDTLS_X509_SAN_RFC822_NAME 1
-#define MBEDTLS_X509_SAN_DNS_NAME 2
-#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
-#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
-#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
-#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
-#define MBEDTLS_X509_SAN_IP_ADDRESS 7
-#define MBEDTLS_X509_SAN_REGISTERED_ID 8
+#define MBEDTLS_X509_SAN_OTHER_NAME 0
+#define MBEDTLS_X509_SAN_RFC822_NAME 1
+#define MBEDTLS_X509_SAN_DNS_NAME 2
+#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
+#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
+#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
+#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
+#define MBEDTLS_X509_SAN_IP_ADDRESS 7
+#define MBEDTLS_X509_SAN_REGISTERED_ID 8
/*
* X.509 v3 Key Usage Extension flags
* Reminder: update x509_info_key_usage() when adding new flags.
*/
-#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
-#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
-#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
-#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
-#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
-#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
-#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
-#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */
-#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */
+#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
+#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
+#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
+#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
+#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
+#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
+#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
+#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */
+#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */
/*
* Netscape certificate types
* (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
*/
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
-#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
+#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
/*
* X.509 extension types
@@ -203,32 +205,42 @@
* Those are defined in oid.h as oid.c needs them in a data structure. Since
* these were previously defined here, let's have aliases for compatibility.
*/
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
-#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER \
+ MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER \
+ MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES \
+ MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME \
+ MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS \
+ MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS \
+ MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS \
+ MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE \
+ MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS \
+ MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY \
+ MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
+#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
/*
* Storage format identifiers
* Recognized formats: PEM and DER
*/
-#define MBEDTLS_X509_FORMAT_DER 1
-#define MBEDTLS_X509_FORMAT_PEM 2
+#define MBEDTLS_X509_FORMAT_DER 1
+#define MBEDTLS_X509_FORMAT_PEM 2
/** Maximum value size of a DN entry */
-#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
+#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
#ifdef __cplusplus
extern "C" {
@@ -265,12 +277,16 @@
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
-{
- int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
- int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
-}
-mbedtls_x509_time;
+typedef struct mbedtls_x509_time {
+ int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon),
+ MBEDTLS_PRIVATE(day); /**<
+ Date.
+ */
+ int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min),
+ MBEDTLS_PRIVATE(sec); /**<
+ Time.
+ */
+} mbedtls_x509_time;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
/** \} addtogroup x509_module */
@@ -286,7 +302,7 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
+int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
/**
* \brief Store the certificate serial in printable form into buf;
@@ -299,7 +315,9 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+int mbedtls_x509_serial_gets(char *buf,
+ size_t size,
+ const mbedtls_x509_buf *serial);
/**
* \brief Check a given mbedtls_x509_time against the system time
@@ -313,7 +331,7 @@
* \return 1 if the given time is in the past or an error occurred,
* 0 otherwise.
*/
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
/**
* \brief Check a given mbedtls_x509_time against the system time
@@ -327,59 +345,84 @@
* \return 1 if the given time is in the future or an error occurred,
* 0 otherwise.
*/
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
/*
* Internal module functions. You probably do not want to use these unless you
* know you do.
*/
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
- mbedtls_x509_name *cur );
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg );
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
+int mbedtls_x509_get_name(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_name *cur);
+int mbedtls_x509_get_alg_null(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *alg);
+int mbedtls_x509_get_alg(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *alg,
+ mbedtls_x509_buf *params);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
- mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
- int *salt_len );
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_md_type_t *mgf_md,
+ int *salt_len);
#endif
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
- void **sig_opts );
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
- mbedtls_x509_time *t );
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *serial );
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag );
+int mbedtls_x509_get_sig(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *sig);
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+ const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
+int mbedtls_x509_get_time(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_time *t);
+int mbedtls_x509_get_serial(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *serial);
+int mbedtls_x509_get_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *ext,
+ int tag);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
- mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const void *sig_opts );
+int mbedtls_x509_sig_alg_gets(char *buf,
+ size_t size,
+ const mbedtls_x509_buf *sig_oid,
+ mbedtls_pk_type_t pk_alg,
+ mbedtls_md_type_t md_alg,
+ const void *sig_opts);
#endif
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
- int critical, const unsigned char *val,
- size_t val_len );
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- unsigned char *sig, size_t size );
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
+int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head,
+ const char *name);
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head,
+ const char *oid,
+ size_t oid_len,
+ int critical,
+ const unsigned char *val,
+ size_t val_len);
+int mbedtls_x509_write_extensions(unsigned char **p,
+ unsigned char *start,
+ mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_names(unsigned char **p,
+ unsigned char *start,
+ mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_sig(unsigned char **p,
+ unsigned char *start,
+ const char *oid,
+ size_t oid_len,
+ unsigned char *sig,
+ size_t size);
-#define MBEDTLS_X509_SAFE_SNPRINTF \
- do { \
- if( ret < 0 || (size_t) ret >= n ) \
- return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ; \
- \
- n -= (size_t) ret; \
- p += (size_t) ret; \
- } while( 0 )
+#define MBEDTLS_X509_SAFE_SNPRINTF \
+ do { \
+ if (ret < 0 || (size_t)ret >= n) \
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \
+ \
+ n -= (size_t)ret; \
+ p += (size_t)ret; \
+ } while (0)
#ifdef __cplusplus
}
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 9331827..da32e01 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -44,8 +44,7 @@
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
-typedef struct mbedtls_x509_crl_entry
-{
+typedef struct mbedtls_x509_crl_entry {
mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
@@ -55,41 +54,54 @@
mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
-}
-mbedtls_x509_crl_entry;
+} mbedtls_x509_crl_entry;
/**
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
-typedef struct mbedtls_x509_crl
-{
- mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
- mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
+typedef struct mbedtls_x509_crl {
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER).
+ */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER).
+ The part that is To Be Signed. */
- int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
+ int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type
+ identifier */
- mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data
+ (DER). */
- mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data
+ (named information object). */
mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
- mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
+ mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries
+ containing the certificate
+ revocation times for this
+ CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
- mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
+ the MD algorithm of the
+ signature algorithm, e.g.
+ MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
+ the Public Key algorithm of
+ the signature algorithm, e.g.
+ MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
+ mbedtls_pk_verify_ext(), e.g. for
+ RSASSA-PSS */
struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
-}
-mbedtls_x509_crl;
+} mbedtls_x509_crl;
/**
* \brief Parse a DER-encoded CRL and append it to the chained list
@@ -101,8 +113,9 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
- const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief Parse one or more CRLs and append them to the chained list
*
@@ -115,7 +128,9 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain,
+ const unsigned char *buf,
+ size_t buflen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -128,7 +143,7 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
+int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -143,8 +158,10 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crl *crl );
+int mbedtls_x509_crl_info(char *buf,
+ size_t size,
+ const char *prefix,
+ const mbedtls_x509_crl *crl);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
/**
@@ -152,14 +169,14 @@
*
* \param crl CRL chain to initialize
*/
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
+void mbedtls_x509_crl_init(mbedtls_x509_crl *crl);
/**
* \brief Unallocate all CRL data
*
* \param crl CRL chain to free
*/
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
+void mbedtls_x509_crl_free(mbedtls_x509_crl *crl);
/* \} name */
/* \} addtogroup x509_module */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 49211a9..63f2b40 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -46,54 +46,114 @@
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
-typedef struct mbedtls_x509_crt
-{
- int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
- * by the structure or not. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
- mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
+typedef struct mbedtls_x509_crt {
+ int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
+ * by the structure or not. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER).
+ */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER).
+ The part that is To Be Signed. */
- int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
- mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
+ int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate
+ issued by a specific CA. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g.
+ sha1RSA */
- mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data
+ (DER). Used for quick
+ comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data
+ (DER). Used for quick
+ comparison. */
- mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
- mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data
+ (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data
+ (named information object).
+ */
- mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
- mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of
+ certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate
+ validity. */
mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
- mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key
+ context. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3
+ issuer unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3
+ subject unique identifier.
+ */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions.
+ */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list
+ of raw entries
+ of Subject
+ Alternative
+ Names extension
+ (currently only
+ dNSName and
+ OtherName are
+ listed). */
- mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional
+ list of
+ certificate
+ policies
+ (Only
+ anyPolicy is
+ printed and
+ enforced,
+ however the
+ rest of the
+ policies are
+ still
+ listed). */
- int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
- int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
- int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and
+ parsed extensions */
+ int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension
+ value: 1 if this certificate belongs to a
+ CA, 0 otherwise. */
+ int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension
+ value: The maximum path length to the
+ root certificate. Path length is 1
+ higher than RFC 5280 'meaning', so 1+
+ */
- unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
+ unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension
+ value: See the values in x509.h
+ */
- mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of
+ extended key usage
+ OIDs. */
- unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
+ unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape
+ certificate type extension
+ value: See the values in
+ x509.h */
- mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
- mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part
+ signed with the private key. */
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
+ the MD algorithm of the
+ signature algorithm, e.g.
+ MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
+ the Public Key algorithm of
+ the signature algorithm, e.g.
+ MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
+ mbedtls_pk_verify_ext(), e.g. for
+ RSASSA-PSS */
- struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
-}
-mbedtls_x509_crt;
+ struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the
+ CA-chain. */
+} mbedtls_x509_crt;
/**
* From RFC 5280 section 4.2.1.6:
@@ -101,52 +161,55 @@
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*/
-typedef struct mbedtls_x509_san_other_name
-{
+typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as deifned in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
- mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
- union
- {
+ mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
+ union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
- struct
- {
- mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
- }
- MBEDTLS_PRIVATE(hardware_module_name);
- }
- MBEDTLS_PRIVATE(value);
-}
-mbedtls_x509_san_other_name;
+ struct {
+ mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier.
+ */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+ } MBEDTLS_PRIVATE(hardware_module_name);
+ } MBEDTLS_PRIVATE(value);
+} mbedtls_x509_san_other_name;
/**
- * A structure for holding the parsed Subject Alternative Name, according to type
+ * A structure for holding the parsed Subject Alternative Name, according to
+ * type
*/
-typedef struct mbedtls_x509_subject_alternative_name
-{
- int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+typedef struct mbedtls_x509_subject_alternative_name {
+ int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX.
+ */
union {
- mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
- mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
- }
- MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
-}
-mbedtls_x509_subject_alternative_name;
+ mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The
+ otherName
+ supported
+ type. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for
+ the un
+ constructed
+ types. Only
+ dnsName
+ currently
+ supported */
+ } MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
+} mbedtls_x509_subject_alternative_name;
/**
* Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it.
*/
-#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
+#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id)-1))
/**
* Security profile for certificate verification.
@@ -173,24 +236,22 @@
* my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
* my_profile.rsa_min_bitlen = 3072;
*/
-typedef struct mbedtls_x509_crt_profile
-{
- uint32_t allowed_mds; /**< MDs for signatures */
- uint32_t allowed_pks; /**< PK algs for signatures */
- uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
- uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
-}
-mbedtls_x509_crt_profile;
+typedef struct mbedtls_x509_crt_profile {
+ uint32_t allowed_mds; /**< MDs for signatures */
+ uint32_t allowed_pks; /**< PK algs for signatures */
+ uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
+ uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
+} mbedtls_x509_crt_profile;
-#define MBEDTLS_X509_CRT_VERSION_1 0
-#define MBEDTLS_X509_CRT_VERSION_2 1
-#define MBEDTLS_X509_CRT_VERSION_3 2
+#define MBEDTLS_X509_CRT_VERSION_1 0
+#define MBEDTLS_X509_CRT_VERSION_2 1
+#define MBEDTLS_X509_CRT_VERSION_3 2
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
-#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
-#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
+#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
+# define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
#endif
/* This macro unfolds to the concatenation of macro invocations
@@ -199,73 +260,71 @@
* human readable description )
* where X509_CRT_ERROR_INFO is defined by the user.
* See x509_crt.c for an example of how to use this. */
-#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \
- "MBEDTLS_X509_BADCERT_EXPIRED", \
- "The certificate validity has expired" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \
- "MBEDTLS_X509_BADCERT_REVOKED", \
- "The certificate has been revoked (is on a CRL)" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \
- "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
- "The certificate Common Name (CN) does not match with the expected CN" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
- "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
- "The certificate is not correctly signed by the trusted CA" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
- "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
- "The CRL is not correctly signed by the trusted CA" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \
- "MBEDTLS_X509_BADCRL_EXPIRED", \
- "The CRL is expired" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \
- "MBEDTLS_X509_BADCERT_MISSING", \
- "Certificate was missing" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
- "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
- "Certificate verification was skipped" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \
- "MBEDTLS_X509_BADCERT_OTHER", \
- "Other reason (can be used by verify callback)" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \
- "MBEDTLS_X509_BADCERT_FUTURE", \
- "The certificate validity starts in the future" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \
- "MBEDTLS_X509_BADCRL_FUTURE", \
- "The CRL is from the future" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \
- "MBEDTLS_X509_BADCERT_KEY_USAGE", \
- "Usage does not match the keyUsage extension" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
- "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
- "Usage does not match the extendedKeyUsage extension" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
- "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
- "Usage does not match the nsCertType extension" ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \
- "MBEDTLS_X509_BADCERT_BAD_MD", \
- "The certificate is signed with an unacceptable hash." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \
- "MBEDTLS_X509_BADCERT_BAD_PK", \
- "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \
- "MBEDTLS_X509_BADCERT_BAD_KEY", \
- "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \
- "MBEDTLS_X509_BADCRL_BAD_MD", \
- "The CRL is signed with an unacceptable hash." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \
- "MBEDTLS_X509_BADCRL_BAD_PK", \
- "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
- X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \
- "MBEDTLS_X509_BADCRL_BAD_KEY", \
- "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." )
+#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \
+ "MBEDTLS_X509_BADCERT_EXPIRED", \
+ "The certificate validity has expired") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \
+ "MBEDTLS_X509_BADCERT_REVOKED", \
+ "The certificate has been revoked (is on a CRL)") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCERT_CN_MISMATCH, "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
+ "The certificate Common Name (CN) does not match with the expected CN") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
+ "The certificate is not correctly signed by the trusted CA") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
+ "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
+ "The CRL is not correctly signed by the trusted CA") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \
+ "MBEDTLS_X509_BADCRL_EXPIRED", "The CRL is expired") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \
+ "MBEDTLS_X509_BADCERT_MISSING", \
+ "Certificate was missing") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
+ "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
+ "Certificate verification was skipped") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \
+ "MBEDTLS_X509_BADCERT_OTHER", \
+ "Other reason (can be used by verify callback)") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \
+ "MBEDTLS_X509_BADCERT_FUTURE", \
+ "The certificate validity starts in the future") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \
+ "MBEDTLS_X509_BADCRL_FUTURE", \
+ "The CRL is from the future") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \
+ "MBEDTLS_X509_BADCERT_KEY_USAGE", \
+ "Usage does not match the keyUsage extension") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
+ "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
+ "Usage does not match the extendedKeyUsage extension") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
+ "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
+ "Usage does not match the nsCertType extension") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCERT_BAD_MD, "MBEDTLS_X509_BADCERT_BAD_MD", \
+ "The certificate is signed with an unacceptable hash.") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCERT_BAD_PK, "MBEDTLS_X509_BADCERT_BAD_PK", \
+ "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCERT_BAD_KEY, "MBEDTLS_X509_BADCERT_BAD_KEY", \
+ "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \
+ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \
+ "MBEDTLS_X509_BADCRL_BAD_MD", \
+ "The CRL is signed with an unacceptable hash.") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCRL_BAD_PK, "MBEDTLS_X509_BADCRL_BAD_PK", \
+ "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
+ X509_CRT_ERROR_INFO( \
+ MBEDTLS_X509_BADCRL_BAD_KEY, "MBEDTLS_X509_BADCRL_BAD_KEY", \
+ "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
/**
* Container for writing a certificate (CRT)
*/
-typedef struct mbedtls_x509write_cert
-{
+typedef struct mbedtls_x509write_cert {
int MBEDTLS_PRIVATE(version);
mbedtls_mpi MBEDTLS_PRIVATE(serial);
mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
@@ -276,8 +335,7 @@
char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
-}
-mbedtls_x509write_cert;
+} mbedtls_x509write_cert;
/**
* Item in a verification chain: cert and flags for it
@@ -290,14 +348,15 @@
/**
* Max size of verification chain: end-entity + intermediates + trusted root
*/
-#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
+#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE \
+ (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
/**
* Verification chain as built by \c mbedtls_crt_verify_chain()
*/
-typedef struct
-{
- mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
+typedef struct {
+ mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)
+ [MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@@ -314,24 +373,26 @@
/**
* \brief Context for resuming X.509 verify operations
*/
-typedef struct
-{
+typedef struct {
/* for check_signature() */
mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
/* for find_parent_in() */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in
+ progress */
mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
int MBEDTLS_PRIVATE(fallback_signature_is_good);
/* for find_parent() */
- int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
+ int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in
+ progress */
/* for verify_chain() */
- enum {
+ enum
+ {
x509_crt_rs_none,
x509_crt_rs_find_parent,
- } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
+ } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
int MBEDTLS_PRIVATE(self_cnt);
mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
@@ -398,9 +459,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen );
+int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief The type of certificate extension callbacks.
@@ -432,12 +493,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
- mbedtls_x509_crt const *crt,
- mbedtls_x509_buf const *oid,
- int critical,
- const unsigned char *p,
- const unsigned char *end );
+typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
+ mbedtls_x509_crt const *crt,
+ mbedtls_x509_buf const *oid,
+ int critical,
+ const unsigned char *p,
+ const unsigned char *end);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -479,12 +540,12 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen,
- int make_copy,
- mbedtls_x509_crt_ext_cb_t cb,
- void *p_ctx );
+int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy,
+ mbedtls_x509_crt_ext_cb_t cb,
+ void *p_ctx);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -513,9 +574,9 @@
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
- const unsigned char *buf,
- size_t buflen );
+int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded
@@ -547,9 +608,11 @@
* \return A negative X509 or PEM error code otherwise.
*
*/
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen);
-#if defined(MBEDTLS_FS_IO)
+# if defined(MBEDTLS_FS_IO)
/**
* \brief Load one or more certificates and add them
* to the chained list. Parses permissively. If some
@@ -563,7 +626,7 @@
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
+int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
/**
* \brief Load one or more certificate files from a path and add them
@@ -578,9 +641,9 @@
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
+int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
-#endif /* MBEDTLS_FS_IO */
+# endif /* MBEDTLS_FS_IO */
/**
* \brief This function parses an item in the SubjectAlternativeNames
* extension.
@@ -608,10 +671,11 @@
* SAN type.
* \return Another negative value for any other failure.
*/
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
- mbedtls_x509_subject_alternative_name *san );
+int mbedtls_x509_parse_subject_alt_name(
+ const mbedtls_x509_buf *san_buf,
+ mbedtls_x509_subject_alternative_name *san);
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
+# if !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Returns an informational string about the
* certificate.
@@ -624,8 +688,10 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_crt *crt );
+int mbedtls_x509_crt_info(char *buf,
+ size_t size,
+ const char *prefix,
+ const mbedtls_x509_crt *crt);
/**
* \brief Returns an informational string about the
@@ -639,9 +705,11 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
- uint32_t flags );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
+int mbedtls_x509_crt_verify_info(char *buf,
+ size_t size,
+ const char *prefix,
+ uint32_t flags);
+# endif /* !MBEDTLS_X509_REMOVE_INFO */
/**
* \brief Verify a chain of certificates.
@@ -709,12 +777,14 @@
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+int mbedtls_x509_crt_verify(
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const char *cn,
+ uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
/**
* \brief Verify a chain of certificates with respect to
@@ -750,13 +820,15 @@
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+int mbedtls_x509_crt_verify_with_profile(
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn,
+ uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
/**
* \brief Restartable version of \c mbedtls_crt_verify_with_profile()
@@ -784,14 +856,16 @@
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy,
- mbedtls_x509_crt_restart_ctx *rs_ctx );
+int mbedtls_x509_crt_verify_restartable(
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn,
+ uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx);
/**
* \brief The type of trusted certificate callbacks.
@@ -823,11 +897,11 @@
* to the caller.
* \return A negative error code on failure.
*/
-typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
- mbedtls_x509_crt const *child,
- mbedtls_x509_crt **candidate_cas );
+typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
+ mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidate_cas);
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
* \brief Version of \c mbedtls_x509_crt_verify_with_profile() which
* uses a callback to acquire the list of trusted CA
@@ -850,15 +924,17 @@
*
* \return See \c mbedtls_crt_verify_with_profile().
*/
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb,
- const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+int mbedtls_x509_crt_verify_with_ca_cb(
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn,
+ uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/**
* \brief Check usage of certificate against keyUsage extension.
@@ -881,8 +957,8 @@
* (intermediate) CAs the keyUsage extension is automatically
* checked by \c mbedtls_x509_crt_verify().
*/
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
- unsigned int usage );
+int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
+ unsigned int usage);
/**
* \brief Check usage of certificate against extendedKeyUsage.
@@ -897,11 +973,11 @@
*
* \note Usually only makes sense on leaf certificates.
*/
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
- const char *usage_oid,
- size_t usage_len );
+int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
+ const char *usage_oid,
+ size_t usage_len);
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
+# if defined(MBEDTLS_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate revocation status
*
@@ -911,34 +987,35 @@
* \return 1 if the certificate is revoked, 0 otherwise
*
*/
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
+int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt,
+ const mbedtls_x509_crl *crl);
+# endif /* MBEDTLS_X509_CRL_PARSE_C */
/**
* \brief Initialize a certificate (chain)
*
* \param crt Certificate chain to initialize
*/
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
+void mbedtls_x509_crt_init(mbedtls_x509_crt *crt);
/**
* \brief Unallocate all certificate data
*
* \param crt Certificate chain to free
*/
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+void mbedtls_x509_crt_free(mbedtls_x509_crt *crt);
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+# if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Initialize a restart context
*/
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
+void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
*/
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
+# endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* \} name */
@@ -950,7 +1027,7 @@
*
* \param ctx CRT context to initialize
*/
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
+void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx);
/**
* \brief Set the verion for a Certificate
@@ -960,7 +1037,8 @@
* \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
* MBEDTLS_X509_CRT_VERSION_3)
*/
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
+void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
+ int version);
/**
* \brief Set the serial number for a Certificate.
@@ -970,7 +1048,8 @@
*
* \return 0 if successful
*/
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
+int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
+ const mbedtls_mpi *serial);
/**
* \brief Set the validity period for a Certificate
@@ -986,8 +1065,9 @@
* \return 0 if timestamp was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
- const char *not_after );
+int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
+ const char *not_before,
+ const char *not_after);
/**
* \brief Set the issuer name for a Certificate
@@ -1001,8 +1081,8 @@
* \return 0 if issuer name was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
- const char *issuer_name );
+int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
+ const char *issuer_name);
/**
* \brief Set the subject name for a Certificate
@@ -1016,8 +1096,8 @@
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
- const char *subject_name );
+int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
+ const char *subject_name);
/**
* \brief Set the subject public key for the certificate
@@ -1025,7 +1105,8 @@
* \param ctx CRT context to use
* \param key public key to include
*/
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key);
/**
* \brief Set the issuer key used for signing the certificate
@@ -1033,7 +1114,8 @@
* \param ctx CRT context to use
* \param key private key to sign with
*/
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -1042,7 +1124,8 @@
* \param ctx CRT context to use
* \param md_alg MD algorithm to use
*/
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
+void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
+ mbedtls_md_type_t md_alg);
/**
* \brief Generic function to add to or replace an extension in the
@@ -1057,10 +1140,12 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
- const char *oid, size_t oid_len,
- int critical,
- const unsigned char *val, size_t val_len );
+int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
+ const char *oid,
+ size_t oid_len,
+ int critical,
+ const unsigned char *val,
+ size_t val_len);
/**
* \brief Set the basicConstraints extension for a CRT
@@ -1073,10 +1158,11 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
- int is_ca, int max_pathlen );
+int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
+ int is_ca,
+ int max_pathlen);
-#if defined(MBEDTLS_SHA1_C)
+# if defined(MBEDTLS_SHA1_C)
/**
* \brief Set the subjectKeyIdentifier extension for a CRT
* Requires that mbedtls_x509write_crt_set_subject_key() has been
@@ -1086,7 +1172,8 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
+int mbedtls_x509write_crt_set_subject_key_identifier(
+ mbedtls_x509write_cert *ctx);
/**
* \brief Set the authorityKeyIdentifier extension for a CRT
@@ -1097,8 +1184,9 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C */
+int mbedtls_x509write_crt_set_authority_key_identifier(
+ mbedtls_x509write_cert *ctx);
+# endif /* MBEDTLS_SHA1_C */
/**
* \brief Set the Key Usage Extension flags
@@ -1109,8 +1197,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
- unsigned int key_usage );
+int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
+ unsigned int key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -1121,15 +1209,15 @@
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
- unsigned char ns_cert_type );
+int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
+ unsigned char ns_cert_type);
/**
* \brief Free the contents of a CRT write context
*
* \param ctx CRT context to free
*/
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
+void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
/**
* \brief Write a built up certificate to a X509 DER structure
@@ -1148,11 +1236,13 @@
*
* \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
+ unsigned char *buf,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
-#if defined(MBEDTLS_PEM_WRITE_C)
+# if defined(MBEDTLS_PEM_WRITE_C)
/**
* \brief Write a built up certificate to a X509 PEM string
*
@@ -1166,10 +1256,12 @@
*
* \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx,
+ unsigned char *buf,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
+# endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 674f9ce..55dc9b8 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -43,37 +43,46 @@
/**
* Certificate Signing Request (CSR) structure.
*/
-typedef struct mbedtls_x509_csr
-{
- mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
- mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
+typedef struct mbedtls_x509_csr {
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo
+ body (DER). */
- int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
+ int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
- mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
- mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data
+ (DER). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data
+ (named information object).
+ */
- mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key
+ context. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
- mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-}
-mbedtls_x509_csr;
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
+ the MD algorithm of the
+ signature algorithm, e.g.
+ MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
+ the Public Key algorithm of
+ the signature algorithm, e.g.
+ MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
+ mbedtls_pk_verify_ext(), e.g. for
+ RSASSA-PSS */
+} mbedtls_x509_csr;
/**
* Container for writing a CSR
*/
-typedef struct mbedtls_x509write_csr
-{
+typedef struct mbedtls_x509write_csr {
mbedtls_pk_context *MBEDTLS_PRIVATE(key);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
-}
-mbedtls_x509write_csr;
+} mbedtls_x509write_csr;
#if defined(MBEDTLS_X509_CSR_PARSE_C)
/**
@@ -87,8 +96,9 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
- const unsigned char *buf, size_t buflen );
+int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
+ const unsigned char *buf,
+ size_t buflen);
/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
@@ -102,9 +112,11 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr,
+ const unsigned char *buf,
+ size_t buflen);
-#if defined(MBEDTLS_FS_IO)
+# if defined(MBEDTLS_FS_IO)
/**
* \brief Load a Certificate Signing Request (CSR)
*
@@ -115,10 +127,10 @@
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
-#endif /* MBEDTLS_FS_IO */
+int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path);
+# endif /* MBEDTLS_FS_IO */
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
+# if !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Returns an informational string about the
* CSR.
@@ -131,23 +143,25 @@
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
- const mbedtls_x509_csr *csr );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
+int mbedtls_x509_csr_info(char *buf,
+ size_t size,
+ const char *prefix,
+ const mbedtls_x509_csr *csr);
+# endif /* !MBEDTLS_X509_REMOVE_INFO */
/**
* \brief Initialize a CSR
*
* \param csr CSR to initialize
*/
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
+void mbedtls_x509_csr_init(mbedtls_x509_csr *csr);
/**
* \brief Unallocate all CSR data
*
* \param csr CSR to free
*/
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
+void mbedtls_x509_csr_free(mbedtls_x509_csr *csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */
/* \} name */
@@ -159,7 +173,7 @@
*
* \param ctx CSR context to initialize
*/
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
+void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx);
/**
* \brief Set the subject name for a CSR
@@ -173,8 +187,8 @@
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
- const char *subject_name );
+int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
+ const char *subject_name);
/**
* \brief Set the key for a CSR (public key will be included,
@@ -183,7 +197,8 @@
* \param ctx CSR context to use
* \param key Asymetric key to include
*/
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx,
+ mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -192,7 +207,8 @@
* \param ctx CSR context to use
* \param md_alg MD algorithm to use
*/
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
+void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx,
+ mbedtls_md_type_t md_alg);
/**
* \brief Set the Key Usage Extension flags
@@ -211,7 +227,8 @@
* #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
* function.
*/
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
+int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx,
+ unsigned char key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -222,8 +239,8 @@
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
- unsigned char ns_cert_type );
+int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
+ unsigned char ns_cert_type);
/**
* \brief Generic function to add to or replace an extension in the
@@ -238,17 +255,19 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
- const char *oid, size_t oid_len,
- int critical,
- const unsigned char *val, size_t val_len );
+int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
+ const char *oid,
+ size_t oid_len,
+ int critical,
+ const unsigned char *val,
+ size_t val_len);
/**
* \brief Free the contents of a CSR context
*
* \param ctx CSR context to free
*/
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
+void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
/**
* \brief Write a CSR (Certificate Signing Request) to a
@@ -268,11 +287,13 @@
*
* \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx,
+ unsigned char *buf,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
-#if defined(MBEDTLS_PEM_WRITE_C)
+# if defined(MBEDTLS_PEM_WRITE_C)
/**
* \brief Write a CSR (Certificate Signing Request) to a
* PEM string
@@ -287,10 +308,12 @@
*
* \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx,
+ unsigned char *buf,
+ size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
+# endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
#ifdef __cplusplus