Squashed 'lib/mbedtls/external/mbedtls/' content from commit 2ca6c285a0dd
git-subtree-dir: lib/mbedtls/external/mbedtls
git-subtree-split: 2ca6c285a0dd3f33982dd57299012dacab1ff206
diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h
new file mode 100644
index 0000000..cf77690
--- /dev/null
+++ b/doxygen/input/doc_encdec.h
@@ -0,0 +1,54 @@
+/**
+ * \file doc_encdec.h
+ *
+ * \brief Encryption/decryption module documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @addtogroup encdec_module Encryption/decryption module
+ *
+ * The Encryption/decryption module provides encryption/decryption functions.
+ * One can differentiate between symmetric and asymmetric algorithms; the
+ * symmetric ones are mostly used for message confidentiality and the asymmetric
+ * ones for key exchange and message integrity.
+ * Some symmetric algorithms provide different block cipher modes, mainly
+ * Electronic Code Book (ECB) which is used for short (64-bit) messages and
+ * Cipher Block Chaining (CBC) which provides the structure needed for longer
+ * messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode,
+ * Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for
+ * specific algorithms.
+ *
+ * All symmetric encryption algorithms are accessible via the generic cipher layer
+ * (see \c mbedtls_cipher_setup()).
+ *
+ * The asymmetric encryption algorithms are accessible via the generic public
+ * key layer (see \c mbedtls_pk_init()).
+ *
+ * The following algorithms are provided:
+ * - Symmetric:
+ * - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and
+ * \c mbedtls_aes_crypt_ctr()).
+ * - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(),
+ * \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()).
+ * - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb()
+ * and \c mbedtls_des3_crypt_cbc()).
+ * - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init())
+ * - Asymmetric:
+ * - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public()
+ * and \c mbedtls_dhm_calc_secret()).
+ * - RSA (see \c mbedtls_rsa_public() and \c mbedtls_rsa_private()).
+ * - Elliptic Curves over GF(p) (see \c mbedtls_ecp_point_init()).
+ * - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c mbedtls_ecdsa_init()).
+ * - Elliptic Curve Diffie Hellman (ECDH) (see \c mbedtls_ecdh_init()).
+ *
+ * This module provides encryption/decryption which can be used to provide
+ * secrecy.
+ *
+ * It also provides asymmetric key functions which can be used for
+ * confidentiality, integrity, authentication and non-repudiation.
+ */
diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h
new file mode 100644
index 0000000..83613bf
--- /dev/null
+++ b/doxygen/input/doc_hashing.h
@@ -0,0 +1,30 @@
+/**
+ * \file doc_hashing.h
+ *
+ * \brief Hashing module documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @addtogroup hashing_module Hashing module
+ *
+ * The Message Digest (MD) or Hashing module provides one-way hashing
+ * functions. Such functions can be used for creating a hash message
+ * authentication code (HMAC) when sending a message. Such a HMAC can be used
+ * in combination with a private key for authentication, which is a message
+ * integrity control.
+ *
+ * All hash algorithms can be accessed via the generic MD layer (see
+ * \c mbedtls_md_setup())
+ *
+ * The following hashing-algorithms are provided:
+ * - MD5 128-bit one-way hash function by Ron Rivest.
+ * - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
+ * NIST and NSA.
+ *
+ * This module provides one-way hashing which can be used for authentication.
+ */
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
new file mode 100644
index 0000000..3eb5f75
--- /dev/null
+++ b/doxygen/input/doc_mainpage.h
@@ -0,0 +1,19 @@
+/**
+ * \file doc_mainpage.h
+ *
+ * \brief Main page documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @mainpage Mbed TLS v3.6.0 API Documentation
+ *
+ * This documentation describes the internal structure of Mbed TLS. It was
+ * automatically generated from specially formatted comment blocks in
+ * Mbed TLS's source code using Doxygen. (See
+ * https://www.doxygen.nl for more information on Doxygen)
+ */
diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h
new file mode 100644
index 0000000..22608a8
--- /dev/null
+++ b/doxygen/input/doc_rng.h
@@ -0,0 +1,27 @@
+/**
+ * \file doc_rng.h
+ *
+ * \brief Random number generator (RNG) module documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @addtogroup rng_module Random number generator (RNG) module
+ *
+ * The Random number generator (RNG) module provides random number
+ * generation, see \c mbedtls_ctr_drbg_random().
+ *
+ * The block-cipher counter-mode based deterministic random
+ * bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external
+ * source of entropy. For these purposes \c mbedtls_entropy_func() can be used.
+ * This is an implementation based on a simple entropy accumulator design.
+ *
+ * Meaning that there seems to be no practical algorithm that can guess
+ * the next bit with a probability larger than 1/2 in an output sequence.
+ *
+ * This module can be used to generate random numbers.
+ */
diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h
new file mode 100644
index 0000000..5757574
--- /dev/null
+++ b/doxygen/input/doc_ssltls.h
@@ -0,0 +1,37 @@
+/**
+ * \file doc_ssltls.h
+ *
+ * \brief SSL/TLS communication module documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @addtogroup ssltls_communication_module SSL/TLS communication module
+ *
+ * The SSL/TLS communication module provides the means to create an SSL/TLS
+ * communication channel.
+ *
+ * The basic provisions are:
+ * - initialise an SSL/TLS context (see \c mbedtls_ssl_init()).
+ * - perform an SSL/TLS handshake (see \c mbedtls_ssl_handshake()).
+ * - read/write (see \c mbedtls_ssl_read() and \c mbedtls_ssl_write()).
+ * - notify a peer that connection is being closed (see \c mbedtls_ssl_close_notify()).
+ *
+ * Many aspects of such a channel are set through parameters and callback
+ * functions:
+ * - the endpoint role: client or server.
+ * - the authentication mode. Should verification take place.
+ * - the Host-to-host communication channel. A TCP/IP module is provided.
+ * - the random number generator (RNG).
+ * - the ciphers to use for encryption/decryption.
+ * - session control functions.
+ * - X.509 parameters for certificate-handling and key exchange.
+ *
+ * This module can be used to create an SSL/TLS server and client and to provide a basic
+ * framework to setup and communicate through an SSL/TLS communication channel.\n
+ * Note that you need to provide for several aspects yourself as mentioned above.
+ */
diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h
new file mode 100644
index 0000000..f8d8c69
--- /dev/null
+++ b/doxygen/input/doc_tcpip.h
@@ -0,0 +1,32 @@
+/**
+ * \file doc_tcpip.h
+ *
+ * \brief TCP/IP communication module documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @addtogroup tcpip_communication_module TCP/IP communication module
+ *
+ * The TCP/IP communication module provides for a channel of
+ * communication for the \link ssltls_communication_module SSL/TLS communication
+ * module\endlink to use.
+ * In the TCP/IP-model it provides for communication up to the Transport
+ * (or Host-to-host) layer.
+ * SSL/TLS resides on top of that, in the Application layer, and makes use of
+ * its basic provisions:
+ * - listening on a port (see \c mbedtls_net_bind()).
+ * - accepting a connection (through \c mbedtls_net_accept()).
+ * - read/write (through \c mbedtls_net_recv()/\c mbedtls_net_send()).
+ * - close a connection (through \c mbedtls_net_close()).
+ *
+ * This way you have the means to, for example, implement and use an UDP or
+ * IPSec communication solution as a basis.
+ *
+ * This module can be used at server- and clientside to provide a basic
+ * means of communication over the internet.
+ */
diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h
new file mode 100644
index 0000000..945830f
--- /dev/null
+++ b/doxygen/input/doc_x509.h
@@ -0,0 +1,31 @@
+/**
+ * \file doc_x509.h
+ *
+ * \brief X.509 module documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @addtogroup x509_module X.509 module
+ *
+ * The X.509 module provides X.509 support for reading, writing and verification
+ * of certificates.
+ * In summary:
+ * - X.509 certificate (CRT) reading (see \c mbedtls_x509_crt_parse(),
+ * \c mbedtls_x509_crt_parse_der(), \c mbedtls_x509_crt_parse_file()).
+ * - X.509 certificate revocation list (CRL) reading (see
+ * \c mbedtls_x509_crl_parse(), \c mbedtls_x509_crl_parse_der(),
+ * and \c mbedtls_x509_crl_parse_file()).
+ * - X.509 certificate signature verification (see \c
+ * mbedtls_x509_crt_verify() and \c mbedtls_x509_crt_verify_with_profile().
+ * - X.509 certificate writing and certificate request writing (see
+ * \c mbedtls_x509write_crt_der() and \c mbedtls_x509write_csr_der()).
+ *
+ * This module can be used to build a certificate authority (CA) chain and
+ * verify its signature. It is also used to generate Certificate Signing
+ * Requests and X.509 certificates just as a CA would do.
+ */
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
new file mode 100644
index 0000000..c4505ac
--- /dev/null
+++ b/doxygen/mbedtls.doxyfile
@@ -0,0 +1,55 @@
+PROJECT_NAME = "Mbed TLS v3.6.0"
+OUTPUT_DIRECTORY = ../apidoc/
+FULL_PATH_NAMES = NO
+OPTIMIZE_OUTPUT_FOR_C = YES
+EXTRACT_ALL = YES
+EXTRACT_PRIVATE = YES
+EXTRACT_STATIC = YES
+CASE_SENSE_NAMES = NO
+INPUT = ../include input ../tests/include/alt-dummy
+FILE_PATTERNS = *.h
+RECURSIVE = YES
+EXCLUDE_SYMLINKS = YES
+SOURCE_BROWSER = YES
+REFERENCED_BY_RELATION = YES
+REFERENCES_RELATION = YES
+ALPHABETICAL_INDEX = NO
+HTML_OUTPUT = .
+HTML_TIMESTAMP = YES
+SEARCHENGINE = YES
+GENERATE_LATEX = NO
+GENERATE_XML = YES
+MACRO_EXPANSION = YES
+EXPAND_ONLY_PREDEF = YES
+INCLUDE_PATH = ../include
+EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
+CLASS_DIAGRAMS = NO
+HAVE_DOT = YES
+DOT_GRAPH_MAX_NODES = 200
+MAX_DOT_GRAPH_DEPTH = 1000
+DOT_TRANSPARENT = YES
+
+# We mostly use \retval declarations to document which error codes a function
+# can return. The reader can follow the hyperlink to the definition of the
+# constant to get the generic documentation of that error code. If we don't
+# have anything to say about the specific error code for the specific
+# function, we can leave the description part of the \retval command blank.
+# This is perfectly valid as far as Doxygen is concerned. However, with
+# Clang >=15, the -Wdocumentation option emits a warning for empty
+# descriptions.
+# https://github.com/Mbed-TLS/mbedtls/issues/6960
+# https://github.com/llvm/llvm-project/issues/60315
+# As a workaround, you can write something like
+# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+# This avoids writing redundant text and keeps Clang happy.
+ALIASES += emptydescription=""
+
+# Define away Mbed TLS macros that make parsing definitions difficult.
+# MBEDTLS_DEPRECATED is not included in this list as it's important to
+# display deprecated status in the documentation.
+PREDEFINED = "MBEDTLS_CHECK_RETURN_CRITICAL=" \
+ "MBEDTLS_CHECK_RETURN_TYPICAL=" \
+ "MBEDTLS_CHECK_RETURN_OPTIONAL=" \
+ "MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \
+ "__DOXYGEN__" \
+