- Merged changesets 1399 up to and including 1415 into 1.2 branch
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index 5f6c198..b79894c 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -141,7 +141,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index 48ad60b..7233384 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -66,7 +66,7 @@
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index 3b8b1f6..ce29ca3 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -223,7 +223,7 @@
*/
int mpi_lset( mpi *X, t_sint z );
-/*
+/**
* \brief Get a specific bit from X
*
* \param X MPI to use
@@ -233,7 +233,7 @@
*/
int mpi_get_bit( const mpi *X, size_t pos );
-/*
+/**
* \brief Set a bit of X to a specific value of 0 or 1
*
* \note Will grow X if necessary to set a bit to 1 in a not yet
diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h
index 7139c18..313d898 100644
--- a/include/polarssl/blowfish.h
+++ b/include/polarssl/blowfish.h
@@ -129,7 +129,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief Blowfish-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index b2b1294..f073d46 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -139,7 +139,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief CAMELLIA-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 09b10c2..1ce28e5 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -150,7 +150,7 @@
*
* Enable weak ciphersuites in SSL / TLS
* Warning: Only do so when you know what you are doing. This allows for
- * channels without virtually no security at all!
+ * channels with virtually no security at all!
*
* This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA
@@ -345,7 +345,7 @@
/**
* \def POLARSSL_BIGNUM_C
*
- * Enable the multo-precision integer library.
+ * Enable the multi-precision integer library.
*
* Module: library/bignum.c
* Caller: library/dhm.c
@@ -738,7 +738,7 @@
*/
#define POLARSSL_SSL_CLI_C
-/*
+/**
* \def POLARSSL_SSL_SRV_C
*
* Enable the SSL/TLS server code.
diff --git a/include/polarssl/des.h b/include/polarssl/des.h
index b649ccf..5eee7ac 100644
--- a/include/polarssl/des.h
+++ b/include/polarssl/des.h
@@ -220,7 +220,7 @@
const unsigned char *input,
unsigned char *output );
-/*
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index ba6e424..48d9268 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -225,7 +225,7 @@
int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, size_t *olen );
-/*
+/**
* \brief Free the components of a DHM key
*/
void dhm_free( dhm_context *ctx );
diff --git a/include/polarssl/pkcs11.h b/include/polarssl/pkcs11.h
index ddfae30..003d3f5 100644
--- a/include/polarssl/pkcs11.h
+++ b/include/polarssl/pkcs11.h
@@ -104,7 +104,7 @@
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
- unsigned int output_max_len );
+ size_t output_max_len );
/**
* \brief Do a private RSA to sign a message digest
@@ -134,7 +134,7 @@
*/
static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
- unsigned int output_max_len )
+ size_t output_max_len )
{
return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output,
output_max_len );
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 513b037..3a822cb 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -167,6 +167,9 @@
/**
* \brief Initialize an RSA context
*
+ * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
+ * encryption scheme and the RSASSA-PSS signature scheme.
+ *
* \param ctx RSA context to be initialized
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 071288e..5a1e7fc 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -116,8 +116,8 @@
#define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1
-#define SSL_RENEGOTIATION_ENABLED 0
-#define SSL_RENEGOTIATION_DISABLED 1
+#define SSL_RENEGOTIATION_DISABLED 0
+#define SSL_RENEGOTIATION_ENABLED 1
#define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
@@ -852,7 +852,8 @@
* (Default: SSL_RENEGOTIATION_DISABLED)
*
* Note: A server with support enabled is more vulnerable for a
- * resource DoS by a malicious client.
+ * resource DoS by a malicious client. You should enable this on
+ * a client to enable server-initiated renegotiation.
*
* \param ssl SSL context
* \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
@@ -883,8 +884,9 @@
* (Most secure option, interoperability issues)
*
* \param ssl SSL context
- * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION or
- * SSL_ALLOW_LEGACY_RENEGOTIATION)
+ * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+ * SSL_ALLOW_LEGACY_RENEGOTIATION or
+ * SSL_LEGACY_BREAK_HANDSHAKE)
*/
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
@@ -999,7 +1001,7 @@
* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
* \param message The alert message (SSL_ALERT_MSG_*)
*
- * \return 1 if successful, or a specific SSL error code.
+ * \return 0 if successful, or a specific SSL error code.
*/
int ssl_send_alert_message( ssl_context *ssl,
unsigned char level,
diff --git a/include/polarssl/version.h b/include/polarssl/version.h
index 159c95a..4fe84a9 100644
--- a/include/polarssl/version.h
+++ b/include/polarssl/version.h
@@ -39,16 +39,16 @@
*/
#define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 2
-#define POLARSSL_VERSION_PATCH 0
+#define POLARSSL_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define POLARSSL_VERSION_NUMBER 0x01020000
-#define POLARSSL_VERSION_STRING "1.2.0"
-#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.0"
+#define POLARSSL_VERSION_NUMBER 0x01020100
+#define POLARSSL_VERSION_STRING "1.2.1"
+#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.1"
#if defined(POLARSSL_VERSION_C)
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 32aad72..87151c9 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -641,7 +641,7 @@
*/
const char *x509_oid_get_description( x509_buf *oid );
-/*
+/**
* \brief Give an OID, return a string version of its OID number.
*
* \param buf Buffer to write to
@@ -680,7 +680,7 @@
* (void *parameter, x509_cert *crt, int certificate_depth,
* int *flags). With the flags representing current flags for
* that specific certificate and the certificate depth from
- * the top (Trust CA depth = 0).
+ * the bottom (Peer cert depth = 0).
*
* All flags left after returning from the callback
* are also returned to the application. The function should
diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h
index e2adb87..0db7bc8 100644
--- a/include/polarssl/xtea.h
+++ b/include/polarssl/xtea.h
@@ -97,7 +97,7 @@
unsigned char *input,
unsigned char *output);
-/*
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed