diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h index d02520d0b..a635f265b 100644 --- a/include/polarssl/bignum.h +++ b/include/polarssl/bignum.h @@ -90,6 +90,9 @@ void mpi_free( mpi *X, ... ); /** * \brief Enlarge to the specified number of limbs * + * \param X MPI to grow + * \param nblimbs The target number of limbs + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -98,6 +101,9 @@ int mpi_grow( mpi *X, int nblimbs ); /** * \brief Copy the contents of Y into X * + * \param X Destination MPI + * \param Y Source MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -105,12 +111,18 @@ int mpi_copy( mpi *X, mpi *Y ); /** * \brief Swap the contents of X and Y + * + * \param X First MPI value + * \param Y Second MPI value */ void mpi_swap( mpi *X, mpi *Y ); /** * \brief Set value from integer * + * \param X MPI to set + * \param z Value to use + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -118,25 +130,31 @@ int mpi_lset( mpi *X, int z ); /** * \brief Return the number of least significant bits + * + * \param X MPI to use */ int mpi_lsb( mpi *X ); /** * \brief Return the number of most significant bits + * + * \param X MPI to use */ int mpi_msb( mpi *X ); /** * \brief Return the total size in bytes + * + * \param X MPI to use */ int mpi_size( mpi *X ); /** * \brief Import from an ASCII string * - * \param X destination mpi - * \param radix input numeric base - * \param s null-terminated string buffer + * \param X Destination MPI + * \param radix Input numeric base + * \param s Null-terminated string buffer * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code */ @@ -145,10 +163,10 @@ int mpi_read_string( mpi *X, int radix, char *s ); /** * \brief Export into an ASCII string * - * \param X source mpi - * \param radix output numeric base - * \param s string buffer - * \param slen string buffer size + * \param X Source MPI + * \param radix Output numeric base + * \param s String buffer + * \param slen String buffer size * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code * @@ -160,21 +178,21 @@ int mpi_write_string( mpi *X, int radix, char *s, int *slen ); /** * \brief Read X from an opened file * - * \param X destination mpi - * \param radix input numeric base - * \param fin input file handle + * \param X Destination MPI + * \param radix Input numeric base + * \param fin Input file handle * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code */ int mpi_read_file( mpi *X, int radix, FILE *fin ); /** - * \brief Write X into an opened file, or stdout + * \brief Write X into an opened file, or stdout if fout is NULL * - * \param p prefix, can be NULL - * \param X source mpi - * \param radix output numeric base - * \param fout output file handle + * \param p Prefix, can be NULL + * \param X Source MPI + * \param radix Output numeric base + * \param fout Output file handle (can be NULL) * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code * @@ -185,9 +203,9 @@ int mpi_write_file( char *p, mpi *X, int radix, FILE *fout ); /** * \brief Import X from unsigned binary data, big endian * - * \param X destination mpi - * \param buf input buffer - * \param buflen input buffer size + * \param X Destination MPI + * \param buf Input buffer + * \param buflen Input buffer size * * \return 0 if successful, * 1 if memory allocation failed @@ -197,21 +215,21 @@ int mpi_read_binary( mpi *X, unsigned char *buf, int buflen ); /** * \brief Export X into unsigned binary data, big endian * - * \param X source mpi - * \param buf output buffer - * \param buflen output buffer size + * \param X Source MPI + * \param buf Output buffer + * \param buflen Output buffer size * * \return 0 if successful, * POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough - * - * \note Call this function with *buflen = 0 to obtain the - * minimum required buffer size in *buflen. */ int mpi_write_binary( mpi *X, unsigned char *buf, int buflen ); /** * \brief Left-shift: X <<= count * + * \param X MPI to shift + * \param count Amount to shift + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -220,6 +238,9 @@ int mpi_shift_l( mpi *X, int count ); /** * \brief Right-shift: X >>= count * + * \param X MPI to shift + * \param count Amount to shift + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -228,6 +249,9 @@ int mpi_shift_r( mpi *X, int count ); /** * \brief Compare unsigned values * + * \param X Left-hand MPI + * \param Y Right-hand MPI + * * \return 1 if |X| is greater than |Y|, * -1 if |X| is lesser than |Y| or * 0 if |X| is equal to |Y| @@ -237,6 +261,9 @@ int mpi_cmp_abs( mpi *X, mpi *Y ); /** * \brief Compare signed values * + * \param X Left-hand MPI + * \param Y Right-hand MPI + * * \return 1 if X is greater than Y, * -1 if X is lesser than Y or * 0 if X is equal to Y @@ -246,6 +273,9 @@ int mpi_cmp_mpi( mpi *X, mpi *Y ); /** * \brief Compare signed values * + * \param X Left-hand MPI + * \param z The integer value to compare to + * * \return 1 if X is greater than z, * -1 if X is lesser than z or * 0 if X is equal to z @@ -255,6 +285,10 @@ int mpi_cmp_int( mpi *X, int z ); /** * \brief Unsigned addition: X = |A| + |B| * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -263,6 +297,10 @@ int mpi_add_abs( mpi *X, mpi *A, mpi *B ); /** * \brief Unsigned substraction: X = |A| - |B| * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A */ @@ -271,6 +309,10 @@ int mpi_sub_abs( mpi *X, mpi *A, mpi *B ); /** * \brief Signed addition: X = A + B * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -279,6 +321,10 @@ int mpi_add_mpi( mpi *X, mpi *A, mpi *B ); /** * \brief Signed substraction: X = A - B * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -287,6 +333,10 @@ int mpi_sub_mpi( mpi *X, mpi *A, mpi *B ); /** * \brief Signed addition: X = A + b * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to add + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -295,6 +345,10 @@ int mpi_add_int( mpi *X, mpi *A, int b ); /** * \brief Signed substraction: X = A - b * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to subtract + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -303,6 +357,10 @@ int mpi_sub_int( mpi *X, mpi *A, int b ); /** * \brief Baseline multiplication: X = A * B * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -313,6 +371,10 @@ int mpi_mul_mpi( mpi *X, mpi *A, mpi *B ); * Note: b is an unsigned integer type, thus * Negative values of b are ignored. * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to multiply with + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -321,6 +383,11 @@ int mpi_mul_int( mpi *X, mpi *A, t_int b ); /** * \brief Division by mpi: A = Q * B + R * + * \param Q Destination MPI for the quotient + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0 @@ -332,6 +399,11 @@ int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B ); /** * \brief Division by int: A = Q * b + R * + * \param Q Destination MPI for the quotient + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param b Integer to divide by + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 @@ -343,6 +415,10 @@ int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b ); /** * \brief Modulo: R = A mod B * + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0, @@ -353,6 +429,10 @@ int mpi_mod_mpi( mpi *R, mpi *A, mpi *B ); /** * \brief Modulo: r = A mod b * + * \param a Destination t_int + * \param A Left-hand MPI + * \param b Integer to divide by + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0, @@ -363,6 +443,12 @@ int mpi_mod_int( t_int *r, mpi *A, int b ); /** * \brief Sliding-window exponentiation: X = A^E mod N * + * \param X Destination MPI + * \param A Left-hand MPI + * \param E Exponent MPI + * \param N Modular MPI + * \param _RR Speed-up MPI used for recalculations + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even @@ -376,6 +462,10 @@ int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR ); /** * \brief Greatest common divisor: G = gcd(A, B) * + * \param G Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -384,16 +474,24 @@ int mpi_gcd( mpi *G, mpi *A, mpi *B ); /** * \brief Modular inverse: X = A^-1 mod N * + * \param X Destination MPI + * \param A Left-hand MPI + * \param N Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil - * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N + POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N */ int mpi_inv_mod( mpi *X, mpi *A, mpi *N ); /** * \brief Miller-Rabin primality test * + * \param X MPI to check + * \param f_rng RNG function + * \param p_rng RNG parameter + * * \return 0 if successful (probably prime), * 1 if memory allocation failed, * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime @@ -403,9 +501,9 @@ int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng ); /** * \brief Prime number generation * - * \param X destination mpi - * \param nbits required size of X in bits - * \param dh_flag if 1, then (X-1)/2 will be prime too + * \param X Destination MPI + * \param nbits Required size of X in bits + * \param dh_flag If 1, then (X-1)/2 will be prime too * \param f_rng RNG function * \param p_rng RNG parameter * diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 329b53d63..785e54cbc 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -130,9 +130,12 @@ /* * Module: library/camellia.c - * Caller: + * Caller: library/ssl_tls.c * * This module enabled the following cipher suites: + * SSL_RSA_CAMELLIA_128_SHA + * SSL_RSA_CAMELLIA_256_SHA + * SSL_EDH_RSA_CAMELLIA_256_SHA */ #define POLARSSL_CAMELLIA_C @@ -172,6 +175,7 @@ * This module enables the following ciphersuites: * SSL_EDH_RSA_DES_168_SHA * SSL_EDH_RSA_AES_256_SHA + * SSL_EDH_RSA_CAMELLIA_256_SHA */ #define POLARSSL_DHM_C @@ -189,8 +193,8 @@ * * Uncomment to enable support for (rare) MD2-signed X.509 certs. * -#define POLARSSL_MD2_C */ +#define POLARSSL_MD2_C /* * Module: library/md4.c @@ -198,8 +202,8 @@ * * Uncomment to enable support for (rare) MD4-signed X.509 certs. * -#define POLARSSL_MD4_C */ +#define POLARSSL_MD4_C /* * Module: library/md5.c diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h index 1f6daa2f3..6ac20391b 100644 --- a/include/polarssl/havege.h +++ b/include/polarssl/havege.h @@ -49,7 +49,7 @@ void havege_init( havege_state *hs ); /** * \brief HAVEGE rand function * - * \param rng_st points to an HAVEGE state + * \param p_rng A HAVEGE state * * \return A random int */ diff --git a/include/polarssl/net.h b/include/polarssl/net.h index d07f0e393..f6a28af27 100644 --- a/include/polarssl/net.h +++ b/include/polarssl/net.h @@ -40,6 +40,10 @@ extern "C" { /** * \brief Initiate a TCP connection with host:port * + * \param fd Socket to use + * \param host Host to connect to + * \param port Port to connect to + * * \return 0 if successful, or one of: * POLARSSL_ERR_NET_SOCKET_FAILED, * POLARSSL_ERR_NET_UNKNOWN_HOST, @@ -51,6 +55,10 @@ int net_connect( int *fd, char *host, int port ); * \brief Create a listening socket on bind_ip:port. * If bind_ip == NULL, all interfaces are binded. * + * \param fd Socket to use + * \param bind_ip IP to bind to, can be NULL + * \param port Port number to use + * * \return 0 if successful, or one of: * POLARSSL_ERR_NET_SOCKET_FAILED, * POLARSSL_ERR_NET_BIND_FAILED, @@ -59,17 +67,23 @@ int net_connect( int *fd, char *host, int port ); int net_bind( int *fd, char *bind_ip, int port ); /** - * \brief Accept a connection from a remote client + * \brief Accept a connection from a remote client * - * \return 0 if successful, POLARSSL_ERR_NET_ACCEPT_FAILED, or - * POLARSSL_ERR_NET_WOULD_BLOCK is bind_fd was set to - * non-blocking and accept() is blocking. + * \param bind_fd Relevant socket + * \param client_fd Will contain the connected client socket + * \param client_ip Will contain the client IP address + * + * \return 0 if successful, POLARSSL_ERR_NET_ACCEPT_FAILED, or + * POLARSSL_ERR_NET_WOULD_BLOCK is bind_fd was set to + * non-blocking and accept() is blocking. */ int net_accept( int bind_fd, int *client_fd, void *client_ip ); /** * \brief Set the socket blocking * + * \param fd Socket to set + * * \return 0 if successful, or a non-zero error code */ int net_set_block( int fd ); @@ -77,6 +91,8 @@ int net_set_block( int fd ); /** * \brief Set the socket non-blocking * + * \param fd Socket to set + * * \return 0 if successful, or a non-zero error code */ int net_set_nonblock( int fd ); @@ -84,33 +100,45 @@ int net_set_nonblock( int fd ); /** * \brief Portable usleep helper * + * \param usec Amount of microseconds to sleep + * * \note Real amount of time slept will not be less than * select()'s timeout granularity (typically, 10ms). */ void net_usleep( unsigned long usec ); /** - * \brief Read at most 'len' characters. len is updated to - * reflect the actual number of characters read. + * \brief Read at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer * * \return This function returns the number of bytes received, - * or a negative error code; POLARSSL_ERR_NET_TRY_AGAIN + * or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN * indicates read() is blocking. */ int net_recv( void *ctx, unsigned char *buf, int len ); /** - * \brief Write at most 'len' characters. len is updated to - * reflect the number of characters _not_ written. + * \brief Write at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer * * \return This function returns the number of bytes sent, - * or a negative error code; POLARSSL_ERR_NET_TRY_AGAIN + * or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN * indicates write() is blocking. */ int net_send( void *ctx, unsigned char *buf, int len ); /** * \brief Gracefully shutdown the connection + * + * \param fd The socket to close */ void net_close( int fd ); diff --git a/include/polarssl/padlock.h b/include/polarssl/padlock.h index 692b79215..fc8941cbc 100644 --- a/include/polarssl/padlock.h +++ b/include/polarssl/padlock.h @@ -44,6 +44,8 @@ extern "C" { /** * \brief PadLock detection routine * + * \param The feature to detect + * * \return 1 if CPU has support for the feature, 0 otherwise */ int padlock_supports( int feature ); diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index 49a04b3cd..2e8e40cc8 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -24,6 +24,9 @@ #include "polarssl/bignum.h" +/* + * RSA Error codes + */ #define POLARSSL_ERR_RSA_BAD_INPUT_DATA 0x0400 #define POLARSSL_ERR_RSA_INVALID_PADDING 0x0410 #define POLARSSL_ERR_RSA_KEY_GEN_FAILED 0x0420 @@ -56,27 +59,27 @@ #define RSA_CRYPT 2 #define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30" -#define ASN1_STR_NULL "\x05" -#define ASN1_STR_OID "\x06" -#define ASN1_STR_OCTET_STRING "\x04" +#define ASN1_STR_NULL "\x05" +#define ASN1_STR_OID "\x06" +#define ASN1_STR_OCTET_STRING "\x04" -#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00" -#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a" -#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00" +#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00" +#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a" +#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00" -#define OID_ISO_MEMBER_BODIES "\x2a" -#define OID_ISO_IDENTIFIED_ORG "\x2b" +#define OID_ISO_MEMBER_BODIES "\x2a" +#define OID_ISO_IDENTIFIED_ORG "\x2b" /* * ISO Member bodies OID parts */ -#define OID_COUNTRY_US "\x86\x48" -#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d" +#define OID_COUNTRY_US "\x86\x48" +#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d" /* * ISO Identified organization OID parts */ -#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" +#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" /* * DigestInfo ::= SEQUENCE { @@ -87,30 +90,30 @@ * * Digest ::= OCTET STRING */ -#define ASN1_HASH_MDX \ -( \ +#define ASN1_HASH_MDX \ +( \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \ - ASN1_STR_OID "\x08" \ - OID_DIGEST_ALG_MDX \ - ASN1_STR_NULL "\x00" \ - ASN1_STR_OCTET_STRING "\x10" \ + ASN1_STR_OID "\x08" \ + OID_DIGEST_ALG_MDX \ + ASN1_STR_NULL "\x00" \ + ASN1_STR_OCTET_STRING "\x10" \ ) -#define ASN1_HASH_SHA1 \ +#define ASN1_HASH_SHA1 \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \ - ASN1_STR_OID "\x05" \ - OID_HASH_ALG_SHA1 \ - ASN1_STR_NULL "\x00" \ + ASN1_STR_OID "\x05" \ + OID_HASH_ALG_SHA1 \ + ASN1_STR_NULL "\x00" \ ASN1_STR_OCTET_STRING "\x14" -#define ASN1_HASH_SHA2X \ +#define ASN1_HASH_SHA2X \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \ - ASN1_STR_OID "\x09" \ - OID_HASH_ALG_SHA2X \ - ASN1_STR_NULL "\x00" \ + ASN1_STR_OID "\x09" \ + OID_HASH_ALG_SHA2X \ + ASN1_STR_NULL "\x00" \ ASN1_STR_OCTET_STRING "\x00" /** @@ -274,7 +277,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, int mode, int *olen, unsigned char *input, unsigned char *output, - int output_max_len); + int output_max_len ); /** * \brief Do a private RSA to sign a message digest @@ -324,6 +327,8 @@ int rsa_pkcs1_verify( rsa_context *ctx, /** * \brief Free the components of an RSA key + * + * \param ctx RSA Context to free */ void rsa_free( rsa_context *ctx ); diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 313d1255a..0b4dae845 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -31,6 +31,9 @@ #include "polarssl/sha1.h" #include "polarssl/x509.h" +/* + * SSL Error codes + */ #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE 0x1000 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA 0x1800 #define POLARSSL_ERR_SSL_INVALID_MAC 0x2000 @@ -94,8 +97,8 @@ #define SSL_RSA_AES_256_SHA 53 #define SSL_EDH_RSA_AES_256_SHA 57 -#define SSL_RSA_CAMELLIA_128_SHA 0x41 -#define SSL_RSA_CAMELLIA_256_SHA 0x84 +#define SSL_RSA_CAMELLIA_128_SHA 0x41 +#define SSL_RSA_CAMELLIA_256_SHA 0x84 #define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 /* @@ -502,11 +505,15 @@ int ssl_write( ssl_context *ssl, unsigned char *buf, int len ); /** * \brief Notify the peer that the connection is being closed + * + * \param ssl SSL context */ int ssl_close_notify( ssl_context *ssl ); /** * \brief Free an SSL context + * + * \param ssl SSL context */ void ssl_free( ssl_context *ssl ); diff --git a/include/polarssl/timing.h b/include/polarssl/timing.h index 1bc735137..203ee9ae5 100644 --- a/include/polarssl/timing.h +++ b/include/polarssl/timing.h @@ -58,6 +58,8 @@ void set_alarm( int seconds ); /** * \brief Sleep for a certain amount of time + * + * \param Delay in milliseconds */ void m_sleep( int milliseconds ); diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 1215e79ea..2f6d9c9b3 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -24,12 +24,21 @@ #include "polarssl/rsa.h" +/* + * ASN1 Error codes + * + * These error codes will be OR'ed to X509 error codes for + * higher error granularity. + */ #define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014 #define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016 #define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018 #define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A #define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C +/* + * X509 Error codes + */ #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE 0x0020 #define POLARSSL_ERR_X509_CERT_INVALID_PEM 0x0040 #define POLARSSL_ERR_X509_CERT_INVALID_FORMAT 0x0060 @@ -56,6 +65,9 @@ #define POLARSSL_ERR_X509_POINT_ERROR 0x0300 #define POLARSSL_ERR_X509_VALUE_TO_LENGTH 0x0320 +/* + * X509 Verify codes + */ #define BADCERT_EXPIRED 1 #define BADCERT_REVOKED 2 #define BADCERT_CN_MISMATCH 4 @@ -321,23 +333,51 @@ int x509parse_keyfile( rsa_context *rsa, char *path, char *password ); /** * \brief Store the certificate DN in printable form into buf; * no more than size characters will be written. + * + * \param buf Buffer to write to + * \param size Maximum size of buffer + * \param dn The X509 name to represent + * + * \return The amount of data written to the buffer, or -1 in + * case of an error. */ int x509parse_dn_gets( char *buf, size_t size, x509_name *dn ); /** * \brief Returns an informational string about the * certificate. + * + * \param buf Buffer to write to + * \param size Maximum size of buffer + * \param prefix A line prefix + * \param crt The X509 certificate to represent + * + * \return The amount of data written to the buffer, or -1 in + * case of an error. */ int x509parse_cert_info( char *buf, size_t size, char *prefix, x509_cert *crt ); /** * \brief Returns an informational string about the * CRL. + * + * \param buf Buffer to write to + * \param size Maximum size of buffer + * \param prefix A line prefix + * \param crt The X509 CRL to represent + * + * \return The amount of data written to the buffer, or -1 in + * case of an error. */ int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl ); /** - * \brief Return 0 if the x509_time is still valid, + * \brief Check a given x509_time against the system time and check + * if it is valid. + * + * \param time x509_time to check + * + * \return Return 0 if the x509_time is still valid, * or 1 otherwise. */ int x509parse_time_expired( x509_time *time ); @@ -369,11 +409,15 @@ int x509parse_verify( x509_cert *crt, /** * \brief Unallocate all certificate data + * + * \param crt Certificate chain to free */ void x509_free( x509_cert *crt ); /** * \brief Unallocate all CRL data + * + * \param crt CRL chain to free */ void x509_crl_free( x509_crl *crl );