--- mongrel2-v1.9.1.orig/src/polarssl/include/polarssl/config.h 2014-04-09 19:39:37.000000000 +0200 +++ mongrel2-v1.9.1/src/polarssl/include/polarssl/config.h 2015-05-04 23:10:25.000000000 +0200 @@ -71,7 +71,9 @@ /** * \def POLARSSL_HAVE_ASM * - * The compiler has support for asm(). + * The compiler has support for asm() + * + * Uncomment to enable the use of assembly code. * * Requires support for asm() in compiler. * @@ -80,7 +82,6 @@ * library/padlock.c * include/polarssl/bn_mul.h * - * Comment to disable the use of assembly code. */ #define POLARSSL_HAVE_ASM @@ -90,18 +91,19 @@ * CPU supports SSE2 instruction set. * * Uncomment if the CPU supports SSE2 (IA-32 specific). + * #define POLARSSL_HAVE_SSE2 */ /** * \def POLARSSL_HAVE_TIME * - * System has time.h and time() / localtime() / gettimeofday(). + * System has time.h and time() / localtime() / gettimeofday() * * Comment if your system does not support time functions */ #define POLARSSL_HAVE_TIME -/* \} name SECTION: System support */ +/* \} name */ /** * \name SECTION: PolarSSL feature support @@ -216,7 +218,7 @@ /** * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES * - * Enable weak ciphersuites in SSL / TLS. + * Enable weak ciphersuites in SSL / TLS * Warning: Only do so when you know what you are doing. This allows for * channels with virtually no security at all! * @@ -245,7 +247,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED * - * Enable the PSK based ciphersuite modes in SSL / TLS. + * Enable the PSK based ciphersuite modes in SSL / TLS * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -263,7 +265,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. + * Enable the DHE-PSK based ciphersuite modes in SSL / TLS * * Requires: POLARSSL_DHM_C * @@ -283,10 +285,9 @@ /** * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. + * Enable the RSA-PSK based ciphersuite modes in SSL / TLS * (NOT YET IMPLEMENTED) - * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, - * POLARSSL_X509_CRT_PARSE_C + * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15 * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -304,10 +305,9 @@ /** * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. + * Enable the RSA-only based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, - * POLARSSL_X509_CRT_PARSE_C + * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15 * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -330,10 +330,10 @@ /** * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. + * Enable the DHE-RSA based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, - * POLARSSL_X509_CRT_PARSE_C + * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, + * POLARSSL_PKCS1_V15 * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -352,10 +352,10 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. + * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, - * POLARSSL_X509_CRT_PARSE_C + * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, + * POLARSSL_PKCS1_V15 * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -375,9 +375,9 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. + * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, + * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -419,9 +419,9 @@ /** * \def POLARSSL_GENPRIME * - * Enable the prime-number generation code. + * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * - * Requires: POLARSSL_BIGNUM_C + * Enable the RSA prime-number generation code. */ #define POLARSSL_GENPRIME @@ -485,10 +485,9 @@ /** * \def POLARSSL_PKCS1_V15 * - * Enable support for PKCS#1 v1.5 encoding. - * * Requires: POLARSSL_RSA_C * + * Enable support for PKCS#1 v1.5 encoding. * This enables support for PKCS#1 v1.5 operations. */ #define POLARSSL_PKCS1_V15 @@ -496,10 +495,9 @@ /** * \def POLARSSL_PKCS1_V21 * - * Enable support for PKCS#1 v2.1 encoding. - * * Requires: POLARSSL_MD_C, POLARSSL_RSA_C * + * Enable support for PKCS#1 v2.1 encoding. * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ #define POLARSSL_PKCS1_V21 @@ -565,7 +563,7 @@ * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO * * Enable support for receiving and parsing SSLv2 Client Hello messages for the - * SSL Server module (POLARSSL_SSL_SRV_C). + * SSL Server module (POLARSSL_SSL_SRV_C) * * Comment this macro to disable support for SSLv2 Client Hello messages. */ @@ -574,7 +572,7 @@ /** * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH * - * Enable support for RFC 6066 max_fragment_length extension in SSL. + * Enable support for RFC 6066 max_fragment_length extension in SSL * * Comment this macro to disable support for the max_fragment_length extension */ @@ -583,7 +581,7 @@ /** * \def POLARSSL_SSL_PROTO_SSL3 * - * Enable support for SSL 3.0. + * Enable support for SSL 3.0 * * Requires: POLARSSL_MD5_C * POLARSSL_SHA1_C @@ -595,7 +593,7 @@ /** * \def POLARSSL_SSL_PROTO_TLS1 * - * Enable support for TLS 1.0. + * Enable support for TLS 1.0 * * Requires: POLARSSL_MD5_C * POLARSSL_SHA1_C @@ -607,7 +605,7 @@ /** * \def POLARSSL_SSL_PROTO_TLS1_1 * - * Enable support for TLS 1.1. + * Enable support for TLS 1.1 * * Requires: POLARSSL_MD5_C * POLARSSL_SHA1_C @@ -619,7 +617,7 @@ /** * \def POLARSSL_SSL_PROTO_TLS1_2 * - * Enable support for TLS 1.2. + * Enable support for TLS 1.2 * * Requires: POLARSSL_SHA256_C or POLARSSL_SHA512_C * (Depends on ciphersuites) @@ -631,7 +629,7 @@ /** * \def POLARSSL_SSL_SESSION_TICKETS * - * Enable support for RFC 5077 session tickets in SSL. + * Enable support for RFC 5077 session tickets in SSL * * Requires: POLARSSL_AES_C * POLARSSL_SHA256_C @@ -644,7 +642,7 @@ /** * \def POLARSSL_SSL_SERVER_NAME_INDICATION * - * Enable support for RFC 6066 server name indication (SNI) in SSL. + * Enable support for RFC 6066 server name indication (SNI) in SSL * * Comment this macro to disable support for server name indication in SSL */ @@ -653,59 +651,13 @@ /** * \def POLARSSL_SSL_TRUNCATED_HMAC * - * Enable support for RFC 6066 truncated HMAC in SSL. + * Enable support for RFC 6066 truncated HMAC in SSL * * Comment this macro to disable support for truncated HMAC in SSL */ #define POLARSSL_SSL_TRUNCATED_HMAC /** - * \def POLARSSL_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: POLARSSL_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. -#define POLARSSL_THREADING_ALT - */ - -/** - * \def POLARSSL_THREADING_DUMMY - * - * Provide a dummy threading implementation. - * Warning: If you use this, all claims of thread-safety in the documentation - * are void! - * - * Requires: POLARSSL_THREADING_C - * - * Uncomment this to enable code to compile like with threading enabled -#define POLARSSL_THREADING_DUMMY - */ - -/** - * \def POLARSSL_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: POLARSSL_THREADING_C - * - * Uncomment this to enable pthread mutexes. -#define POLARSSL_THREADING_PTHREAD - */ - -/** - * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - * -#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 - */ - -/** * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * * If set, the X509 parser will not break-off when parsing an X509 certificate @@ -731,7 +683,7 @@ * Uncomment to enable use of ZLIB #define POLARSSL_ZLIB_SUPPORT */ -/* \} name SECTION: PolarSSL feature support */ +/* \} name */ /** * \name SECTION: PolarSSL modules @@ -794,11 +746,7 @@ * Enable the generic ASN1 parser. * * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c + * Caller: library/x509parse.c */ #define POLARSSL_ASN1_PARSE_C @@ -808,11 +756,6 @@ * Enable the generic ASN1 writer. * * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c */ #define POLARSSL_ASN1_WRITE_C @@ -835,9 +778,9 @@ * * Module: library/bignum.c * Caller: library/dhm.c - * library/ecp.c * library/rsa.c * library/ssl_tls.c + * library/x509parse.c * * This module is required for RSA and DHM support. */ @@ -900,7 +843,7 @@ /** * \def POLARSSL_CTR_DRBG_C * - * Enable the CTR_DRBG AES-256-based random generator. + * Enable the CTR_DRBG AES-256-based random generator * * Module: library/ctr_drbg.c * Caller: @@ -1046,7 +989,7 @@ /** * \def POLARSSL_GCM_C * - * Enable the Galois/Counter Mode (GCM) for AES. + * Enable the Galois/Counter Mode (GCM) for AES * * Module: library/gcm.c * @@ -1079,8 +1022,8 @@ * Requires: POLARSSL_TIMING_C * * Uncomment to enable the HAVEGE random generator. -#define POLARSSL_HAVEGE_C */ +#define POLARSSL_HAVEGE_C /** * \def POLARSSL_MD_C @@ -1097,10 +1040,10 @@ /** * \def POLARSSL_MD2_C * - * Enable the MD2 hash algorithm. + * Enable the MD2 hash algorithm * * Module: library/md2.c - * Caller: + * Caller: library/x509parse.c * * Uncomment to enable support for (rare) MD2-signed X.509 certs. * @@ -1110,10 +1053,10 @@ /** * \def POLARSSL_MD4_C * - * Enable the MD4 hash algorithm. + * Enable the MD4 hash algorithm * * Module: library/md4.c - * Caller: + * Caller: library/x509parse.c * * Uncomment to enable support for (rare) MD4-signed X.509 certs. * @@ -1123,12 +1066,12 @@ /** * \def POLARSSL_MD5_C * - * Enable the MD5 hash algorithm. + * Enable the MD5 hash algorithm * * Module: library/md5.c - * Caller: library/md.c - * library/pem.c + * Caller: library/pem.c * library/ssl_tls.c + * library/x509parse.c * * This module is required for SSL/TLS and X.509. * PEM_PARSE uses MD5 for decrypting encrypted keys. @@ -1150,11 +1093,8 @@ */ /** - * \def POLARSSL_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces malloc() and free() - * calls) + * The buffer allocator implementation that makes use of a (stack) based + * buffer to 'allocate' dynamic memory. (replaces malloc() and free() calls) * * Module: library/memory_buffer_alloc.c * @@ -1178,21 +1118,12 @@ /** * \def POLARSSL_OID_C * - * Enable the OID database. + * Enable the OID database * * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c + * Caller: library/rsa.c + * library/x509parse.c + * library/x509write.c * * This modules translates between OIDs and internal values. */ @@ -1213,7 +1144,7 @@ /** * \def POLARSSL_PBKDF2_C * - * Enable PKCS#5 PBKDF2 key derivation function. + * Enable PKCS#5 PBKDF2 key derivation function * DEPRECATED: Use POLARSSL_PKCS5_C instead * * Module: library/pbkdf2.c @@ -1227,14 +1158,11 @@ /** * \def POLARSSL_PEM_PARSE_C * - * Enable PEM decoding / parsing. + * Enable PEM decoding / parsing * * Module: library/pem.c - * Caller: library/dhm.c + * Caller: library/x509parse.c * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c * * Requires: POLARSSL_BASE64_C * @@ -1245,12 +1173,11 @@ /** * \def POLARSSL_PEM_WRITE_C * - * Enable PEM encoding / writing. + * Enable PEM encoding / writing * * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c + * Caller: library/x509write.c + * library/pkwrite.c * * Requires: POLARSSL_BASE64_C * @@ -1264,12 +1191,11 @@ * Enable the generic public (asymetric) key layer. * * Module: library/pk.c - * Caller: library/ssl_tls.c + * Caller: library/x509parse.c + * library/ssl_tls.c * library/ssl_cli.c * library/ssl_srv.c * - * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C - * * Uncomment to enable generic public key wrappers. */ #define POLARSSL_PK_C @@ -1280,8 +1206,7 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c + * Caller: library/x509parse.c * * Requires: POLARSSL_PK_C * @@ -1306,7 +1231,7 @@ /** * \def POLARSSL_PKCS5_C * - * Enable PKCS#5 functions. + * Enable PKCS#5 functions * * Module: library/pkcs5.c * @@ -1334,11 +1259,11 @@ /** * \def POLARSSL_PKCS12_C * - * Enable PKCS#12 PBE functions. + * Enable PKCS#12 PBE functions * Adds algorithms for parsing PKCS#8 encrypted private keys * * Module: library/pkcs12.c - * Caller: library/pkparse.c + * Caller: library/x509parse.c * * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C * Can use: POLARSSL_ARC4_C @@ -1370,11 +1295,10 @@ * Enable the SHA1 cryptographic hash algorithm. * * Module: library/sha1.c - * Caller: library/md.c - * library/ssl_cli.c + * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c - * library/x509write_crt.c + * library/x509parse.c * * This module is required for SSL/TLS and SHA1-signed certificates. */ @@ -1387,11 +1311,8 @@ * (Used to be POLARSSL_SHA2_C) * * Module: library/sha256.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c + * Caller: library/md_wrap.c + * library/x509parse.c * * This module adds support for SHA-224 and SHA-256. * This module is required for the SSL/TLS 1.2 PRF function. @@ -1405,10 +1326,8 @@ * (Used to be POLARSSL_SHA4_C) * * Module: library/sha512.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c + * Caller: library/md_wrap.c + * library/x509parse.c * * This module adds support for SHA-384 and SHA-512. */ @@ -1463,7 +1382,7 @@ * Caller: library/ssl_cli.c * library/ssl_srv.c * - * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C + * Requires: POLARSSL_CIPHER_C, POLARSSL_PK_C, POLARSSL_MD_C * and at least one of the POLARSSL_SSL_PROTO_* defines * * This module is required for SSL/TLS. @@ -1471,27 +1390,6 @@ #define POLARSSL_SSL_TLS_C /** - * \def POLARSSL_THREADING_C - * - * Enable the threading abstraction layer. - * By default PolarSSL assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either POLARSSL_THREADING_ALT, - * POLARSSL_THREADING_PTHREAD or POLARSSL_THREADING_DUMMY. - * - * Enable this layer to allow use of mutexes within PolarSSL -#define POLARSSL_THREADING_C - */ - -/** * \def POLARSSL_TIMING_C * * Enable the portable timing interface. @@ -1517,7 +1415,7 @@ /** * \def POLARSSL_X509_USE_C * - * Enable X.509 core for using certificates. + * Enable X.509 core for using certificates * * Module: library/x509.c * Caller: library/x509_crl.c @@ -1578,7 +1476,7 @@ /** * \def POLARSSL_X509_CREATE_C * - * Enable X.509 core for creating certificates. + * Enable X.509 core for creating certificates * * Module: library/x509_create.c * @@ -1604,7 +1502,7 @@ /** * \def POLARSSL_X509_CSR_WRITE_C * - * Enable creating X.509 Certificate Signing Requests (CSR). + * Enable creating X.509 Certificate Signing Requests (CSR) * * Module: library/x509_csr_write.c * @@ -1624,7 +1522,7 @@ */ #define POLARSSL_XTEA_C -/* \} name SECTION: PolarSSL modules */ +/* \} name */ /** * \name SECTION: Module configuration options @@ -1804,7 +1702,7 @@ #endif #if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \ - !defined(POLARSSL_MD_C) ) + !defined(POLARSSL_PK_C) || !defined(POLARSSL_MD_C) ) #error "POLARSSL_SSL_TLS_C defined, but not all prerequisites" #endif @@ -1840,32 +1738,6 @@ #error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites" #endif -#if defined(POLARSSL_THREADING_DUMMY) -#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL) -#error "POLARSSL_THREADING_DUMMY defined, but not all prerequisites" -#endif -#define POLARSSL_THREADING_IMPL -#endif - -#if defined(POLARSSL_THREADING_PTHREAD) -#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL) -#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites" -#endif -#define POLARSSL_THREADING_IMPL -#endif - -#if defined(POLARSSL_THREADING_ALT) -#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL) -#error "POLARSSL_THREADING_ALT defined, but not all prerequisites" -#endif -#define POLARSSL_THREADING_IMPL -#endif - -#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL) -#error "POLARSSL_THREADING_C defined, single threading implementation required" -#endif -#undef POLARSSL_THREADING_IMPL - #if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \ !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \ !defined(POLARSSL_PK_PARSE_C) )