Merge branch 'development' into iotssl-1381-x509-verify-refactor-restricted

* development: (557 commits) Add attribution for #1351 report Adapt version_features.c Note incompatibility of truncated HMAC extension in ChangeLog Add LinkLibraryDependencies to VS2010 app template Add ChangeLog entry for PR #1382 MD: Make deprecated functions not inline Add ChangeLog entry for PR #1384 Have Visual Studio handle linking to mbedTLS.lib internally Mention in ChangeLog that this fixes #1351 Add issue number to ChangeLog Note in the changelog that this fixes an interoperability issue. Style fix in ChangeLog Add ChangeLog entries for PR #1168 and #1362 Add ChangeLog entry for PR #1165 ctr_drbg: Typo fix in the file description comment. dhm: Fix typo in RFC 5114 constants tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1 data_files/pkcs8-v2: add keys generated with PRF != SHA1 tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms ...
2018-03-05 11:55:38 +01:00 · 2018-03-05 11:55:38 +01:00 · 05e464dff7
commit 05e464dff7
parent 3f81691d29 1bf6123fca
388 changed files with 17537 additions and 5196 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -2,7 +2,8 @@
 * \file ssl.h
 *
 * \brief SSL/TLS functions.
- *
+ */
+/*
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
@ -1703,18 +1704,50 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */

 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+
 /**
 * \brief          Set the Diffie-Hellman public P and G values,
 *                 read as hexadecimal strings (server-side only)
- *                 (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
+ *                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
 *
 * \param conf     SSL configuration
 * \param dhm_P    Diffie-Hellman-Merkle modulus
 * \param dhm_G    Diffie-Hellman-Merkle generator
 *
+ * \deprecated     Superseded by \c mbedtls_ssl_conf_dh_param_bin.
+ *
 * \return         0 if successful
 */
-int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
+MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
+                                                  const char *dhm_P,
+                                                  const char *dhm_G );
+
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief          Set the Diffie-Hellman public P and G values
+ *                 from big-endian binary presentations.
+ *                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
+ *
+ * \param conf     SSL configuration
+ * \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
+ * \param P_len    Length of DHM modulus
+ * \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
+ * \param G_len    Length of DHM generator
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
+                                   const unsigned char *dhm_P, size_t P_len,
+                                   const unsigned char *dhm_G,  size_t G_len );

 /**
 * \brief          Set the Diffie-Hellman public P and G values,
@ -1798,15 +1831,22 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
- * \brief          Set the hostname to check against the received server
- *                 certificate. It sets the ServerName TLS extension too,
- *                 if the extension is enabled.
- *                 (client-side only)
+ * \brief          Set or reset the hostname to check against the received 
+ *                 server certificate. It sets the ServerName TLS extension, 
+ *                 too, if that extension is enabled. (client-side only)
 *
 * \param ssl      SSL context
- * \param hostname the server hostname
+ * \param hostname the server hostname, may be NULL to clear hostname
+ 
+ * \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
 *
- * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ * \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on 
+ *                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on 
+ *                 too long input hostname.
+ *
+ *                 Hostname set to the one provided on success (cleared
+ *                 when NULL). On allocation failure hostname is cleared. 
+ *                 On too long input failure, old hostname is unchanged.
 */
 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */