Merge changes to config examples and configuration issues
diff --git a/ChangeLog b/ChangeLog
index 2ba5a50..a16a948 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@
(and various x509 structures got a new member)
= PolarSSL 1.3 branch
+Security
+ * Fix length checking for AEAD ciphersuites (found by Codenomicon).
+ It was possible to crash the server (and client) using crafted messages
+ when a GCM suite was chosen.
+
Features
* Add CCM module and cipher mode to Cipher Layer
* Support for CCM and CCM_8 ciphersuites
@@ -31,6 +36,27 @@
* Fix symlink command for cross compiling with CMake (found by Andre
Heinecke)
* Fix DER output of gen_key app (found by Gergely Budai)
+ * Very small records were incorrectly rejected when truncated HMAC was in
+ use with some ciphersuites and versions (RC4 in all versions, CBC with
+ versions < TLS 1.1).
+ * Very large records using more than 224 bytes of padding were incorrectly
+ rejected with CBC-based ciphersuites and TLS >= 1.1
+ * Very large records using less padding could cause a buffer overread of up
+ to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
+ * Restore ability to use a v1 cert as a CA if trusted locally. (This had
+ been removed in 1.3.6.)
+ * Restore ability to locally trust a self-signed cert that is not a proper
+ CA for use as an end entity certificate. (This had been removed in
+ 1.3.6.)
+ * Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan).
+ * Use \n\t rather than semicolons for bn_mul asm, since some assemblers
+ interpret semicolons as comment delimiters (found by Barry K. Nathan).
+ * Fix off-by-one error in parsing Supported Point Format extension that
+ caused some handshakes to fail.
+ * Fix possible miscomputation of the premaster secret with DHE-PSK key
+ exchange that caused some handshakes to fail with other implementations.
+ (Failure rate <= 1/255 with common DHM moduli.)
+ * Disable broken Sparc64 bn_mul assembly (found by Florian Obser).
= PolarSSL 1.3.7 released on 2014-05-02
Features
diff --git a/configs/README.txt b/configs/README.txt
index 7527fdb..bab500d 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -8,6 +8,8 @@
them, you can pick one of the following methods:
1. Replace the default file include/polarssl/config.h with the chosen one.
+ (Depending on your compiler, you may need to ajust the line with
+ #include "polarssl/check_config.h" then.)
2. Define POLARSSL_CONFIG_FILE and adjust the include path accordingly.
For example, using make:
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index fd1b0e8..338fecf 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -51,6 +51,6 @@
/* For testing with compat.sh */
#define POLARSSL_FS_IO
-#include "check_config.h"
+#include "polarssl/check_config.h"
#endif /* POLARSSL_CONFIG_H */
diff --git a/configs/config-psk-rc4-tls1_0.h b/configs/config-psk-rc4-tls1_0.h
index e4fc452..c967b4c 100644
--- a/configs/config-psk-rc4-tls1_0.h
+++ b/configs/config-psk-rc4-tls1_0.h
@@ -35,6 +35,6 @@
#define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C
-#include "check_config.h"
+#include "polarssl/check_config.h"
#endif /* POLARSSL_CONFIG_H */
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 0600c2e..d10cf63 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -85,6 +85,6 @@
*/
#define SSL_MAX_CONTENT_LEN 1024
-#include "check_config.h"
+#include "polarssl/check_config.h"
#endif /* POLARSSL_CONFIG_H */
diff --git a/include/polarssl/bn_mul.h b/include/polarssl/bn_mul.h
index 39dee41..64b59ff 100644
--- a/include/polarssl/bn_mul.h
+++ b/include/polarssl/bn_mul.h
@@ -48,102 +48,95 @@
#if defined(__GNUC__)
#if defined(__i386__)
-#define MULADDC_INIT \
- asm( " \
- movl %%ebx, %0; \
- movl %5, %%esi; \
- movl %6, %%edi; \
- movl %7, %%ecx; \
- movl %8, %%ebx; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "movl %%ebx, %0 \n\t" \
+ "movl %5, %%esi \n\t" \
+ "movl %6, %%edi \n\t" \
+ "movl %7, %%ecx \n\t" \
+ "movl %8, %%ebx \n\t"
-#define MULADDC_CORE \
- " \
- lodsl; \
- mull %%ebx; \
- addl %%ecx, %%eax; \
- adcl $0, %%edx; \
- addl (%%edi), %%eax; \
- adcl $0, %%edx; \
- movl %%edx, %%ecx; \
- stosl; \
- "
+#define MULADDC_CORE \
+ "lodsl \n\t" \
+ "mull %%ebx \n\t" \
+ "addl %%ecx, %%eax \n\t" \
+ "adcl $0, %%edx \n\t" \
+ "addl (%%edi), %%eax \n\t" \
+ "adcl $0, %%edx \n\t" \
+ "movl %%edx, %%ecx \n\t" \
+ "stosl \n\t"
#if defined(POLARSSL_HAVE_SSE2)
-#define MULADDC_HUIT \
- " \
- movd %%ecx, %%mm1; \
- movd %%ebx, %%mm0; \
- movd (%%edi), %%mm3; \
- paddq %%mm3, %%mm1; \
- movd (%%esi), %%mm2; \
- pmuludq %%mm0, %%mm2; \
- movd 4(%%esi), %%mm4; \
- pmuludq %%mm0, %%mm4; \
- movd 8(%%esi), %%mm6; \
- pmuludq %%mm0, %%mm6; \
- movd 12(%%esi), %%mm7; \
- pmuludq %%mm0, %%mm7; \
- paddq %%mm2, %%mm1; \
- movd 4(%%edi), %%mm3; \
- paddq %%mm4, %%mm3; \
- movd 8(%%edi), %%mm5; \
- paddq %%mm6, %%mm5; \
- movd 12(%%edi), %%mm4; \
- paddq %%mm4, %%mm7; \
- movd %%mm1, (%%edi); \
- movd 16(%%esi), %%mm2; \
- pmuludq %%mm0, %%mm2; \
- psrlq $32, %%mm1; \
- movd 20(%%esi), %%mm4; \
- pmuludq %%mm0, %%mm4; \
- paddq %%mm3, %%mm1; \
- movd 24(%%esi), %%mm6; \
- pmuludq %%mm0, %%mm6; \
- movd %%mm1, 4(%%edi); \
- psrlq $32, %%mm1; \
- movd 28(%%esi), %%mm3; \
- pmuludq %%mm0, %%mm3; \
- paddq %%mm5, %%mm1; \
- movd 16(%%edi), %%mm5; \
- paddq %%mm5, %%mm2; \
- movd %%mm1, 8(%%edi); \
- psrlq $32, %%mm1; \
- paddq %%mm7, %%mm1; \
- movd 20(%%edi), %%mm5; \
- paddq %%mm5, %%mm4; \
- movd %%mm1, 12(%%edi); \
- psrlq $32, %%mm1; \
- paddq %%mm2, %%mm1; \
- movd 24(%%edi), %%mm5; \
- paddq %%mm5, %%mm6; \
- movd %%mm1, 16(%%edi); \
- psrlq $32, %%mm1; \
- paddq %%mm4, %%mm1; \
- movd 28(%%edi), %%mm5; \
- paddq %%mm5, %%mm3; \
- movd %%mm1, 20(%%edi); \
- psrlq $32, %%mm1; \
- paddq %%mm6, %%mm1; \
- movd %%mm1, 24(%%edi); \
- psrlq $32, %%mm1; \
- paddq %%mm3, %%mm1; \
- movd %%mm1, 28(%%edi); \
- addl $32, %%edi; \
- addl $32, %%esi; \
- psrlq $32, %%mm1; \
- movd %%mm1, %%ecx; \
- "
+#define MULADDC_HUIT \
+ "movd %%ecx, %%mm1 \n\t" \
+ "movd %%ebx, %%mm0 \n\t" \
+ "movd (%%edi), %%mm3 \n\t" \
+ "paddq %%mm3, %%mm1 \n\t" \
+ "movd (%%esi), %%mm2 \n\t" \
+ "pmuludq %%mm0, %%mm2 \n\t" \
+ "movd 4(%%esi), %%mm4 \n\t" \
+ "pmuludq %%mm0, %%mm4 \n\t" \
+ "movd 8(%%esi), %%mm6 \n\t" \
+ "pmuludq %%mm0, %%mm6 \n\t" \
+ "movd 12(%%esi), %%mm7 \n\t" \
+ "pmuludq %%mm0, %%mm7 \n\t" \
+ "paddq %%mm2, %%mm1 \n\t" \
+ "movd 4(%%edi), %%mm3 \n\t" \
+ "paddq %%mm4, %%mm3 \n\t" \
+ "movd 8(%%edi), %%mm5 \n\t" \
+ "paddq %%mm6, %%mm5 \n\t" \
+ "movd 12(%%edi), %%mm4 \n\t" \
+ "paddq %%mm4, %%mm7 \n\t" \
+ "movd %%mm1, (%%edi) \n\t" \
+ "movd 16(%%esi), %%mm2 \n\t" \
+ "pmuludq %%mm0, %%mm2 \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "movd 20(%%esi), %%mm4 \n\t" \
+ "pmuludq %%mm0, %%mm4 \n\t" \
+ "paddq %%mm3, %%mm1 \n\t" \
+ "movd 24(%%esi), %%mm6 \n\t" \
+ "pmuludq %%mm0, %%mm6 \n\t" \
+ "movd %%mm1, 4(%%edi) \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "movd 28(%%esi), %%mm3 \n\t" \
+ "pmuludq %%mm0, %%mm3 \n\t" \
+ "paddq %%mm5, %%mm1 \n\t" \
+ "movd 16(%%edi), %%mm5 \n\t" \
+ "paddq %%mm5, %%mm2 \n\t" \
+ "movd %%mm1, 8(%%edi) \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "paddq %%mm7, %%mm1 \n\t" \
+ "movd 20(%%edi), %%mm5 \n\t" \
+ "paddq %%mm5, %%mm4 \n\t" \
+ "movd %%mm1, 12(%%edi) \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "paddq %%mm2, %%mm1 \n\t" \
+ "movd 24(%%edi), %%mm5 \n\t" \
+ "paddq %%mm5, %%mm6 \n\t" \
+ "movd %%mm1, 16(%%edi) \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "paddq %%mm4, %%mm1 \n\t" \
+ "movd 28(%%edi), %%mm5 \n\t" \
+ "paddq %%mm5, %%mm3 \n\t" \
+ "movd %%mm1, 20(%%edi) \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "paddq %%mm6, %%mm1 \n\t" \
+ "movd %%mm1, 24(%%edi) \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "paddq %%mm3, %%mm1 \n\t" \
+ "movd %%mm1, 28(%%edi) \n\t" \
+ "addl $32, %%edi \n\t" \
+ "addl $32, %%esi \n\t" \
+ "psrlq $32, %%mm1 \n\t" \
+ "movd %%mm1, %%ecx \n\t"
-#define MULADDC_STOP \
- " \
- emms; \
- movl %4, %%ebx; \
- movl %%ecx, %1; \
- movl %%edi, %2; \
- movl %%esi, %3; \
- " \
+#define MULADDC_STOP \
+ "emms \n\t" \
+ "movl %4, %%ebx \n\t" \
+ "movl %%ecx, %1 \n\t" \
+ "movl %%edi, %2 \n\t" \
+ "movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
: "eax", "ecx", "edx", "esi", "edi" \
@@ -151,13 +144,11 @@
#else
-#define MULADDC_STOP \
- " \
- movl %4, %%ebx; \
- movl %%ecx, %1; \
- movl %%edi, %2; \
- movl %%esi, %3; \
- " \
+#define MULADDC_STOP \
+ "movl %4, %%ebx \n\t" \
+ "movl %%ecx, %1 \n\t" \
+ "movl %%edi, %2 \n\t" \
+ "movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
: "eax", "ecx", "edx", "esi", "edi" \
@@ -167,36 +158,30 @@
#if defined(__amd64__) || defined (__x86_64__)
-#define MULADDC_INIT \
- asm( \
- " \
- movq %3, %%rsi; \
- movq %4, %%rdi; \
- movq %5, %%rcx; \
- movq %6, %%rbx; \
- xorq %%r8, %%r8; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "movq %3, %%rsi \n\t" \
+ "movq %4, %%rdi \n\t" \
+ "movq %5, %%rcx \n\t" \
+ "movq %6, %%rbx \n\t" \
+ "xorq %%r8, %%r8 \n\t"
-#define MULADDC_CORE \
- " \
- movq (%%rsi), %%rax; \
- mulq %%rbx; \
- addq $8, %%rsi; \
- addq %%rcx, %%rax; \
- movq %%r8, %%rcx; \
- adcq $0, %%rdx; \
- nop; \
- addq %%rax, (%%rdi); \
- adcq %%rdx, %%rcx; \
- addq $8, %%rdi; \
- "
+#define MULADDC_CORE \
+ "movq (%%rsi), %%rax \n\t" \
+ "mulq %%rbx \n\t" \
+ "addq $8, %%rsi \n\t" \
+ "addq %%rcx, %%rax \n\t" \
+ "movq %%r8, %%rcx \n\t" \
+ "adcq $0, %%rdx \n\t" \
+ "nop \n\t" \
+ "addq %%rax, (%%rdi) \n\t" \
+ "adcq %%rdx, %%rcx \n\t" \
+ "addq $8, %%rdi \n\t"
-#define MULADDC_STOP \
- " \
- movq %%rcx, %0; \
- movq %%rdi, %1; \
- movq %%rsi, %2; \
- " \
+#define MULADDC_STOP \
+ "movq %%rcx, %0 \n\t" \
+ "movq %%rdi, %1 \n\t" \
+ "movq %%rsi, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \
@@ -206,123 +191,108 @@
#if defined(__mc68020__) || defined(__mcpu32__)
-#define MULADDC_INIT \
- asm( \
- " \
- movl %3, %%a2; \
- movl %4, %%a3; \
- movl %5, %%d3; \
- movl %6, %%d2; \
- moveq #0, %%d0; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "movl %3, %%a2 \n\t" \
+ "movl %4, %%a3 \n\t" \
+ "movl %5, %%d3 \n\t" \
+ "movl %6, %%d2 \n\t" \
+ "moveq #0, %%d0 \n\t"
-#define MULADDC_CORE \
- " \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d4:%%d1; \
- addl %%d3, %%d1; \
- addxl %%d0, %%d4; \
- moveq #0, %%d3; \
- addl %%d1, %%a3@+; \
- addxl %%d4, %%d3; \
- "
+#define MULADDC_CORE \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d4:%%d1 \n\t" \
+ "addl %%d3, %%d1 \n\t" \
+ "addxl %%d0, %%d4 \n\t" \
+ "moveq #0, %%d3 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "addxl %%d4, %%d3 \n\t"
-#define MULADDC_STOP \
- " \
- movl %%d3, %0; \
- movl %%a3, %1; \
- movl %%a2, %2; \
- " \
+#define MULADDC_STOP \
+ "movl %%d3, %0 \n\t" \
+ "movl %%a3, %1 \n\t" \
+ "movl %%a2, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "d0", "d1", "d2", "d3", "d4", "a2", "a3" \
);
-#define MULADDC_HUIT \
- " \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d4:%%d1; \
- addxl %%d3, %%d1; \
- addxl %%d0, %%d4; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d3:%%d1; \
- addxl %%d4, %%d1; \
- addxl %%d0, %%d3; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d4:%%d1; \
- addxl %%d3, %%d1; \
- addxl %%d0, %%d4; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d3:%%d1; \
- addxl %%d4, %%d1; \
- addxl %%d0, %%d3; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d4:%%d1; \
- addxl %%d3, %%d1; \
- addxl %%d0, %%d4; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d3:%%d1; \
- addxl %%d4, %%d1; \
- addxl %%d0, %%d3; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d4:%%d1; \
- addxl %%d3, %%d1; \
- addxl %%d0, %%d4; \
- addl %%d1, %%a3@+; \
- movel %%a2@+, %%d1; \
- mulul %%d2, %%d3:%%d1; \
- addxl %%d4, %%d1; \
- addxl %%d0, %%d3; \
- addl %%d1, %%a3@+; \
- addxl %%d0, %%d3; \
- "
+#define MULADDC_HUIT \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d4:%%d1 \n\t" \
+ "addxl %%d3, %%d1 \n\t" \
+ "addxl %%d0, %%d4 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d3:%%d1 \n\t" \
+ "addxl %%d4, %%d1 \n\t" \
+ "addxl %%d0, %%d3 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d4:%%d1 \n\t" \
+ "addxl %%d3, %%d1 \n\t" \
+ "addxl %%d0, %%d4 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d3:%%d1 \n\t" \
+ "addxl %%d4, %%d1 \n\t" \
+ "addxl %%d0, %%d3 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d4:%%d1 \n\t" \
+ "addxl %%d3, %%d1 \n\t" \
+ "addxl %%d0, %%d4 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d3:%%d1 \n\t" \
+ "addxl %%d4, %%d1 \n\t" \
+ "addxl %%d0, %%d3 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d4:%%d1 \n\t" \
+ "addxl %%d3, %%d1 \n\t" \
+ "addxl %%d0, %%d4 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "movel %%a2@+, %%d1 \n\t" \
+ "mulul %%d2, %%d3:%%d1 \n\t" \
+ "addxl %%d4, %%d1 \n\t" \
+ "addxl %%d0, %%d3 \n\t" \
+ "addl %%d1, %%a3@+ \n\t" \
+ "addxl %%d0, %%d3 \n\t"
#endif /* MC68000 */
-#if defined(__powerpc__) || defined(__ppc__)
#if defined(__powerpc64__) || defined(__ppc64__)
#if defined(__MACH__) && defined(__APPLE__)
-#define MULADDC_INIT \
- asm( \
- " \
- ld r3, %3; \
- ld r4, %4; \
- ld r5, %5; \
- ld r6, %6; \
- addi r3, r3, -8; \
- addi r4, r4, -8; \
- addic r5, r5, 0; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ld r3, %3 \n\t" \
+ "ld r4, %4 \n\t" \
+ "ld r5, %5 \n\t" \
+ "ld r6, %6 \n\t" \
+ "addi r3, r3, -8 \n\t" \
+ "addi r4, r4, -8 \n\t" \
+ "addic r5, r5, 0 \n\t"
-#define MULADDC_CORE \
- " \
- ldu r7, 8(r3); \
- mulld r8, r7, r6; \
- mulhdu r9, r7, r6; \
- adde r8, r8, r5; \
- ld r7, 8(r4); \
- addze r5, r9; \
- addc r8, r8, r7; \
- stdu r8, 8(r4); \
- "
+#define MULADDC_CORE \
+ "ldu r7, 8(r3) \n\t" \
+ "mulld r8, r7, r6 \n\t" \
+ "mulhdu r9, r7, r6 \n\t" \
+ "adde r8, r8, r5 \n\t" \
+ "ld r7, 8(r4) \n\t" \
+ "addze r5, r9 \n\t" \
+ "addc r8, r8, r7 \n\t" \
+ "stdu r8, 8(r4) \n\t"
-#define MULADDC_STOP \
- " \
- addze r5, r5; \
- addi r4, r4, 8; \
- addi r3, r3, 8; \
- std r5, %0; \
- std r4, %1; \
- std r3, %2; \
- " \
+#define MULADDC_STOP \
+ "addze r5, r5 \n\t" \
+ "addi r4, r4, 8 \n\t" \
+ "addi r3, r3, 8 \n\t" \
+ "std r5, %0 \n\t" \
+ "std r4, %1 \n\t" \
+ "std r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
@@ -331,39 +301,33 @@
#else /* __MACH__ && __APPLE__ */
-#define MULADDC_INIT \
- asm( \
- " \
- ld %%r3, %3; \
- ld %%r4, %4; \
- ld %%r5, %5; \
- ld %%r6, %6; \
- addi %%r3, %%r3, -8; \
- addi %%r4, %%r4, -8; \
- addic %%r5, %%r5, 0; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ld %%r3, %3 \n\t" \
+ "ld %%r4, %4 \n\t" \
+ "ld %%r5, %5 \n\t" \
+ "ld %%r6, %6 \n\t" \
+ "addi %%r3, %%r3, -8 \n\t" \
+ "addi %%r4, %%r4, -8 \n\t" \
+ "addic %%r5, %%r5, 0 \n\t"
-#define MULADDC_CORE \
- " \
- ldu %%r7, 8(%%r3); \
- mulld %%r8, %%r7, %%r6; \
- mulhdu %%r9, %%r7, %%r6; \
- adde %%r8, %%r8, %%r5; \
- ld %%r7, 8(%%r4); \
- addze %%r5, %%r9; \
- addc %%r8, %%r8, %%r7; \
- stdu %%r8, 8(%%r4); \
- "
+#define MULADDC_CORE \
+ "ldu %%r7, 8(%%r3) \n\t" \
+ "mulld %%r8, %%r7, %%r6 \n\t" \
+ "mulhdu %%r9, %%r7, %%r6 \n\t" \
+ "adde %%r8, %%r8, %%r5 \n\t" \
+ "ld %%r7, 8(%%r4) \n\t" \
+ "addze %%r5, %%r9 \n\t" \
+ "addc %%r8, %%r8, %%r7 \n\t" \
+ "stdu %%r8, 8(%%r4) \n\t"
-#define MULADDC_STOP \
- " \
- addze %%r5, %%r5; \
- addi %%r4, %%r4, 8; \
- addi %%r3, %%r3, 8; \
- std %%r5, %0; \
- std %%r4, %1; \
- std %%r3, %2; \
- " \
+#define MULADDC_STOP \
+ "addze %%r5, %%r5 \n\t" \
+ "addi %%r4, %%r4, 8 \n\t" \
+ "addi %%r3, %%r3, 8 \n\t" \
+ "std %%r5, %0 \n\t" \
+ "std %%r4, %1 \n\t" \
+ "std %%r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
@@ -371,43 +335,37 @@
#endif /* __MACH__ && __APPLE__ */
-#else /* PPC32 */
+#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */
#if defined(__MACH__) && defined(__APPLE__)
-#define MULADDC_INIT \
- asm( \
- " \
- lwz r3, %3; \
- lwz r4, %4; \
- lwz r5, %5; \
- lwz r6, %6; \
- addi r3, r3, -4; \
- addi r4, r4, -4; \
- addic r5, r5, 0; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "lwz r3, %3 \n\t" \
+ "lwz r4, %4 \n\t" \
+ "lwz r5, %5 \n\t" \
+ "lwz r6, %6 \n\t" \
+ "addi r3, r3, -4 \n\t" \
+ "addi r4, r4, -4 \n\t" \
+ "addic r5, r5, 0 \n\t"
-#define MULADDC_CORE \
- " \
- lwzu r7, 4(r3); \
- mullw r8, r7, r6; \
- mulhwu r9, r7, r6; \
- adde r8, r8, r5; \
- lwz r7, 4(r4); \
- addze r5, r9; \
- addc r8, r8, r7; \
- stwu r8, 4(r4); \
- "
+#define MULADDC_CORE \
+ "lwzu r7, 4(r3) \n\t" \
+ "mullw r8, r7, r6 \n\t" \
+ "mulhwu r9, r7, r6 \n\t" \
+ "adde r8, r8, r5 \n\t" \
+ "lwz r7, 4(r4) \n\t" \
+ "addze r5, r9 \n\t" \
+ "addc r8, r8, r7 \n\t" \
+ "stwu r8, 4(r4) \n\t"
-#define MULADDC_STOP \
- " \
- addze r5, r5; \
- addi r4, r4, 4; \
- addi r3, r3, 4; \
- stw r5, %0; \
- stw r4, %1; \
- stw r3, %2; \
- " \
+#define MULADDC_STOP \
+ "addze r5, r5 \n\t" \
+ "addi r4, r4, 4 \n\t" \
+ "addi r3, r3, 4 \n\t" \
+ "stw r5, %0 \n\t" \
+ "stw r4, %1 \n\t" \
+ "stw r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
@@ -415,39 +373,33 @@
#else /* __MACH__ && __APPLE__ */
-#define MULADDC_INIT \
- asm( \
- " \
- lwz %%r3, %3; \
- lwz %%r4, %4; \
- lwz %%r5, %5; \
- lwz %%r6, %6; \
- addi %%r3, %%r3, -4; \
- addi %%r4, %%r4, -4; \
- addic %%r5, %%r5, 0; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "lwz %%r3, %3 \n\t" \
+ "lwz %%r4, %4 \n\t" \
+ "lwz %%r5, %5 \n\t" \
+ "lwz %%r6, %6 \n\t" \
+ "addi %%r3, %%r3, -4 \n\t" \
+ "addi %%r4, %%r4, -4 \n\t" \
+ "addic %%r5, %%r5, 0 \n\t"
-#define MULADDC_CORE \
- " \
- lwzu %%r7, 4(%%r3); \
- mullw %%r8, %%r7, %%r6; \
- mulhwu %%r9, %%r7, %%r6; \
- adde %%r8, %%r8, %%r5; \
- lwz %%r7, 4(%%r4); \
- addze %%r5, %%r9; \
- addc %%r8, %%r8, %%r7; \
- stwu %%r8, 4(%%r4); \
- "
+#define MULADDC_CORE \
+ "lwzu %%r7, 4(%%r3) \n\t" \
+ "mullw %%r8, %%r7, %%r6 \n\t" \
+ "mulhwu %%r9, %%r7, %%r6 \n\t" \
+ "adde %%r8, %%r8, %%r5 \n\t" \
+ "lwz %%r7, 4(%%r4) \n\t" \
+ "addze %%r5, %%r9 \n\t" \
+ "addc %%r8, %%r8, %%r7 \n\t" \
+ "stwu %%r8, 4(%%r4) \n\t"
-#define MULADDC_STOP \
- " \
- addze %%r5, %%r5; \
- addi %%r4, %%r4, 4; \
- addi %%r3, %%r3, 4; \
- stw %%r5, %0; \
- stw %%r4, %1; \
- stw %%r3, %2; \
- " \
+#define MULADDC_STOP \
+ "addze %%r5, %%r5 \n\t" \
+ "addi %%r4, %%r4, 4 \n\t" \
+ "addi %%r3, %%r3, 4 \n\t" \
+ "stw %%r5, %0 \n\t" \
+ "stw %%r4, %1 \n\t" \
+ "stw %%r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4", "r5", "r6", "r7", "r8", "r9" \
@@ -456,40 +408,37 @@
#endif /* __MACH__ && __APPLE__ */
#endif /* PPC32 */
-#endif /* PPC64 */
-#if defined(__sparc__) && defined(__sparc64__)
+/*
+ * The Sparc64 assembly is reported to be broken.
+ * Disable it for now, until we're able to fix it.
+ */
+#if 0 && defined(__sparc__) && defined(__sparc64__)
-#define MULADDC_INIT \
- asm( \
- " \
- ldx %3, %%o0; \
- ldx %4, %%o1; \
- ld %5, %%o2; \
- ld %6, %%o3; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ldx %3, %%o0 \n\t" \
+ "ldx %4, %%o1 \n\t" \
+ "ld %5, %%o2 \n\t" \
+ "ld %6, %%o3 \n\t"
-#define MULADDC_CORE \
- " \
- ld [%%o0], %%o4; \
- inc 4, %%o0; \
- ld [%%o1], %%o5; \
- umul %%o3, %%o4, %%o4; \
- addcc %%o4, %%o2, %%o4; \
- rd %%y, %%g1; \
- addx %%g1, 0, %%g1; \
- addcc %%o4, %%o5, %%o4; \
- st %%o4, [%%o1]; \
- addx %%g1, 0, %%o2; \
- inc 4, %%o1; \
- "
+#define MULADDC_CORE \
+ "ld [%%o0], %%o4 \n\t" \
+ "inc 4, %%o0 \n\t" \
+ "ld [%%o1], %%o5 \n\t" \
+ "umul %%o3, %%o4, %%o4 \n\t" \
+ "addcc %%o4, %%o2, %%o4 \n\t" \
+ "rd %%y, %%g1 \n\t" \
+ "addx %%g1, 0, %%g1 \n\t" \
+ "addcc %%o4, %%o5, %%o4 \n\t" \
+ "st %%o4, [%%o1] \n\t" \
+ "addx %%g1, 0, %%o2 \n\t" \
+ "inc 4, %%o1 \n\t"
-#define MULADDC_STOP \
- " \
- st %%o2, %0; \
- stx %%o1, %1; \
- stx %%o0, %2; \
- " \
+ #define MULADDC_STOP \
+ "st %%o2, %0 \n\t" \
+ "stx %%o1, %1 \n\t" \
+ "stx %%o0, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "g1", "o0", "o1", "o2", "o3", "o4", \
@@ -499,36 +448,30 @@
#if defined(__sparc__) && !defined(__sparc64__)
-#define MULADDC_INIT \
- asm( \
- " \
- ld %3, %%o0; \
- ld %4, %%o1; \
- ld %5, %%o2; \
- ld %6, %%o3; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ld %3, %%o0 \n\t" \
+ "ld %4, %%o1 \n\t" \
+ "ld %5, %%o2 \n\t" \
+ "ld %6, %%o3 \n\t"
-#define MULADDC_CORE \
- " \
- ld [%%o0], %%o4; \
- inc 4, %%o0; \
- ld [%%o1], %%o5; \
- umul %%o3, %%o4, %%o4; \
- addcc %%o4, %%o2, %%o4; \
- rd %%y, %%g1; \
- addx %%g1, 0, %%g1; \
- addcc %%o4, %%o5, %%o4; \
- st %%o4, [%%o1]; \
- addx %%g1, 0, %%o2; \
- inc 4, %%o1; \
- "
+#define MULADDC_CORE \
+ "ld [%%o0], %%o4 \n\t" \
+ "inc 4, %%o0 \n\t" \
+ "ld [%%o1], %%o5 \n\t" \
+ "umul %%o3, %%o4, %%o4 \n\t" \
+ "addcc %%o4, %%o2, %%o4 \n\t" \
+ "rd %%y, %%g1 \n\t" \
+ "addx %%g1, 0, %%g1 \n\t" \
+ "addcc %%o4, %%o5, %%o4 \n\t" \
+ "st %%o4, [%%o1] \n\t" \
+ "addx %%g1, 0, %%o2 \n\t" \
+ "inc 4, %%o1 \n\t"
-#define MULADDC_STOP \
- " \
- st %%o2, %0; \
- st %%o1, %1; \
- st %%o0, %2; \
- " \
+#define MULADDC_STOP \
+ "st %%o2, %0 \n\t" \
+ "st %%o1, %1 \n\t" \
+ "st %%o0, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "g1", "o0", "o1", "o2", "o3", "o4", \
@@ -539,52 +482,46 @@
#if defined(__microblaze__) || defined(microblaze)
-#define MULADDC_INIT \
- asm( \
- " \
- lwi r3, %3; \
- lwi r4, %4; \
- lwi r5, %5; \
- lwi r6, %6; \
- andi r7, r6, 0xffff; \
- bsrli r6, r6, 16; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "lwi r3, %3 \n\t" \
+ "lwi r4, %4 \n\t" \
+ "lwi r5, %5 \n\t" \
+ "lwi r6, %6 \n\t" \
+ "andi r7, r6, 0xffff \n\t" \
+ "bsrli r6, r6, 16 \n\t"
-#define MULADDC_CORE \
- " \
- lhui r8, r3, 0; \
- addi r3, r3, 2; \
- lhui r9, r3, 0; \
- addi r3, r3, 2; \
- mul r10, r9, r6; \
- mul r11, r8, r7; \
- mul r12, r9, r7; \
- mul r13, r8, r6; \
- bsrli r8, r10, 16; \
- bsrli r9, r11, 16; \
- add r13, r13, r8; \
- add r13, r13, r9; \
- bslli r10, r10, 16; \
- bslli r11, r11, 16; \
- add r12, r12, r10; \
- addc r13, r13, r0; \
- add r12, r12, r11; \
- addc r13, r13, r0; \
- lwi r10, r4, 0; \
- add r12, r12, r10; \
- addc r13, r13, r0; \
- add r12, r12, r5; \
- addc r5, r13, r0; \
- swi r12, r4, 0; \
- addi r4, r4, 4; \
- "
+#define MULADDC_CORE \
+ "lhui r8, r3, 0 \n\t" \
+ "addi r3, r3, 2 \n\t" \
+ "lhui r9, r3, 0 \n\t" \
+ "addi r3, r3, 2 \n\t" \
+ "mul r10, r9, r6 \n\t" \
+ "mul r11, r8, r7 \n\t" \
+ "mul r12, r9, r7 \n\t" \
+ "mul r13, r8, r6 \n\t" \
+ "bsrli r8, r10, 16 \n\t" \
+ "bsrli r9, r11, 16 \n\t" \
+ "add r13, r13, r8 \n\t" \
+ "add r13, r13, r9 \n\t" \
+ "bslli r10, r10, 16 \n\t" \
+ "bslli r11, r11, 16 \n\t" \
+ "add r12, r12, r10 \n\t" \
+ "addc r13, r13, r0 \n\t" \
+ "add r12, r12, r11 \n\t" \
+ "addc r13, r13, r0 \n\t" \
+ "lwi r10, r4, 0 \n\t" \
+ "add r12, r12, r10 \n\t" \
+ "addc r13, r13, r0 \n\t" \
+ "add r12, r12, r5 \n\t" \
+ "addc r5, r13, r0 \n\t" \
+ "swi r12, r4, 0 \n\t" \
+ "addi r4, r4, 4 \n\t"
-#define MULADDC_STOP \
- " \
- swi r5, %0; \
- swi r4, %1; \
- swi r3, %2; \
- " \
+#define MULADDC_STOP \
+ "swi r5, %0 \n\t" \
+ "swi r4, %1 \n\t" \
+ "swi r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4" "r5", "r6", "r7", "r8", \
@@ -595,33 +532,27 @@
#if defined(__tricore__)
-#define MULADDC_INIT \
- asm( \
- " \
- ld.a %%a2, %3; \
- ld.a %%a3, %4; \
- ld.w %%d4, %5; \
- ld.w %%d1, %6; \
- xor %%d5, %%d5; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ld.a %%a2, %3 \n\t" \
+ "ld.a %%a3, %4 \n\t" \
+ "ld.w %%d4, %5 \n\t" \
+ "ld.w %%d1, %6 \n\t" \
+ "xor %%d5, %%d5 \n\t"
-#define MULADDC_CORE \
- " \
- ld.w %%d0, [%%a2+]; \
- madd.u %%e2, %%e4, %%d0, %%d1; \
- ld.w %%d0, [%%a3]; \
- addx %%d2, %%d2, %%d0; \
- addc %%d3, %%d3, 0; \
- mov %%d4, %%d3; \
- st.w [%%a3+], %%d2; \
- "
+#define MULADDC_CORE \
+ "ld.w %%d0, [%%a2+] \n\t" \
+ "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \
+ "ld.w %%d0, [%%a3] \n\t" \
+ "addx %%d2, %%d2, %%d0 \n\t" \
+ "addc %%d3, %%d3, 0 \n\t" \
+ "mov %%d4, %%d3 \n\t" \
+ "st.w [%%a3+], %%d2 \n\t"
-#define MULADDC_STOP \
- " \
- st.w %0, %%d4; \
- st.a %1, %%a3; \
- st.a %2, %%a2; \
- " \
+#define MULADDC_STOP \
+ "st.w %0, %%d4 \n\t" \
+ "st.a %1, %%a3 \n\t" \
+ "st.a %2, %%a2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "d0", "d1", "e2", "d4", "a2", "a3" \
@@ -633,59 +564,53 @@
#if defined(__thumb__) && !defined(__thumb2__)
-#define MULADDC_INIT \
- asm( \
- " \
- ldr r0, %3; \
- ldr r1, %4; \
- ldr r2, %5; \
- ldr r3, %6; \
- lsr r7, r3, #16; \
- mov r9, r7; \
- lsl r7, r3, #16; \
- lsr r7, r7, #16; \
- mov r8, r7; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ldr r0, %3 \n\t" \
+ "ldr r1, %4 \n\t" \
+ "ldr r2, %5 \n\t" \
+ "ldr r3, %6 \n\t" \
+ "lsr r7, r3, #16 \n\t" \
+ "mov r9, r7 \n\t" \
+ "lsl r7, r3, #16 \n\t" \
+ "lsr r7, r7, #16 \n\t" \
+ "mov r8, r7 \n\t"
-#define MULADDC_CORE \
- " \
- ldmia r0!, {r6}; \
- lsr r7, r6, #16; \
- lsl r6, r6, #16; \
- lsr r6, r6, #16; \
- mov r4, r8; \
- mul r4, r6; \
- mov r3, r9; \
- mul r6, r3; \
- mov r5, r9; \
- mul r5, r7; \
- mov r3, r8; \
- mul r7, r3; \
- lsr r3, r6, #16; \
- add r5, r5, r3; \
- lsr r3, r7, #16; \
- add r5, r5, r3; \
- add r4, r4, r2; \
- mov r2, #0; \
- adc r5, r2; \
- lsl r3, r6, #16; \
- add r4, r4, r3; \
- adc r5, r2; \
- lsl r3, r7, #16; \
- add r4, r4, r3; \
- adc r5, r2; \
- ldr r3, [r1]; \
- add r4, r4, r3; \
- adc r2, r5; \
- stmia r1!, {r4}; \
- "
+#define MULADDC_CORE \
+ "ldmia r0!, {r6} \n\t" \
+ "lsr r7, r6, #16 \n\t" \
+ "lsl r6, r6, #16 \n\t" \
+ "lsr r6, r6, #16 \n\t" \
+ "mov r4, r8 \n\t" \
+ "mul r4, r6 \n\t" \
+ "mov r3, r9 \n\t" \
+ "mul r6, r3 \n\t" \
+ "mov r5, r9 \n\t" \
+ "mul r5, r7 \n\t" \
+ "mov r3, r8 \n\t" \
+ "mul r7, r3 \n\t" \
+ "lsr r3, r6, #16 \n\t" \
+ "add r5, r5, r3 \n\t" \
+ "lsr r3, r7, #16 \n\t" \
+ "add r5, r5, r3 \n\t" \
+ "add r4, r4, r2 \n\t" \
+ "mov r2, #0 \n\t" \
+ "adc r5, r2 \n\t" \
+ "lsl r3, r6, #16 \n\t" \
+ "add r4, r4, r3 \n\t" \
+ "adc r5, r2 \n\t" \
+ "lsl r3, r7, #16 \n\t" \
+ "add r4, r4, r3 \n\t" \
+ "adc r5, r2 \n\t" \
+ "ldr r3, [r1] \n\t" \
+ "add r4, r4, r3 \n\t" \
+ "adc r2, r5 \n\t" \
+ "stmia r1!, {r4} \n\t"
-#define MULADDC_STOP \
- " \
- str r2, %0; \
- str r1, %1; \
- str r0, %2; \
- " \
+#define MULADDC_STOP \
+ "str r2, %0 \n\t" \
+ "str r1, %1 \n\t" \
+ "str r0, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r0", "r1", "r2", "r3", "r4", "r5", \
@@ -694,32 +619,26 @@
#else
-#define MULADDC_INIT \
- asm( \
- " \
- ldr r0, %3; \
- ldr r1, %4; \
- ldr r2, %5; \
- ldr r3, %6; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ldr r0, %3 \n\t" \
+ "ldr r1, %4 \n\t" \
+ "ldr r2, %5 \n\t" \
+ "ldr r3, %6 \n\t"
-#define MULADDC_CORE \
- " \
- ldr r4, [r0], #4; \
- mov r5, #0; \
- ldr r6, [r1]; \
- umlal r2, r5, r3, r4; \
- adds r7, r6, r2; \
- adc r2, r5, #0; \
- str r7, [r1], #4; \
- "
+#define MULADDC_CORE \
+ "ldr r4, [r0], #4 \n\t" \
+ "mov r5, #0 \n\t" \
+ "ldr r6, [r1] \n\t" \
+ "umlal r2, r5, r3, r4 \n\t" \
+ "adds r7, r6, r2 \n\t" \
+ "adc r2, r5, #0 \n\t" \
+ "str r7, [r1], #4 \n\t"
-#define MULADDC_STOP \
- " \
- str r2, %0; \
- str r1, %1; \
- str r0, %2; \
- " \
+#define MULADDC_STOP \
+ "str r2, %0 \n\t" \
+ "str r1, %1 \n\t" \
+ "str r0, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r0", "r1", "r2", "r3", "r4", "r5", \
@@ -732,38 +651,32 @@
#if defined(__alpha__)
-#define MULADDC_INIT \
- asm( \
- " \
- ldq $1, %3; \
- ldq $2, %4; \
- ldq $3, %5; \
- ldq $4, %6; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "ldq $1, %3 \n\t" \
+ "ldq $2, %4 \n\t" \
+ "ldq $3, %5 \n\t" \
+ "ldq $4, %6 \n\t"
-#define MULADDC_CORE \
- " \
- ldq $6, 0($1); \
- addq $1, 8, $1; \
- mulq $6, $4, $7; \
- umulh $6, $4, $6; \
- addq $7, $3, $7; \
- cmpult $7, $3, $3; \
- ldq $5, 0($2); \
- addq $7, $5, $7; \
- cmpult $7, $5, $5; \
- stq $7, 0($2); \
- addq $2, 8, $2; \
- addq $6, $3, $3; \
- addq $5, $3, $3; \
- "
+#define MULADDC_CORE \
+ "ldq $6, 0($1) \n\t" \
+ "addq $1, 8, $1 \n\t" \
+ "mulq $6, $4, $7 \n\t" \
+ "umulh $6, $4, $6 \n\t" \
+ "addq $7, $3, $7 \n\t" \
+ "cmpult $7, $3, $3 \n\t" \
+ "ldq $5, 0($2) \n\t" \
+ "addq $7, $5, $7 \n\t" \
+ "cmpult $7, $5, $5 \n\t" \
+ "stq $7, 0($2) \n\t" \
+ "addq $2, 8, $2 \n\t" \
+ "addq $6, $3, $3 \n\t" \
+ "addq $5, $3, $3 \n\t"
-#define MULADDC_STOP \
- " \
- stq $3, %0; \
- stq $2, %1; \
- stq $1, %2; \
- " \
+#define MULADDC_STOP \
+ "stq $3, %0 \n\t" \
+ "stq $2, %1 \n\t" \
+ "stq $1, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "$1", "$2", "$3", "$4", "$5", "$6", "$7" \
@@ -772,39 +685,33 @@
#if defined(__mips__) && !defined(__mips64__)
-#define MULADDC_INIT \
- asm( \
- " \
- lw $10, %3; \
- lw $11, %4; \
- lw $12, %5; \
- lw $13, %6; \
- "
+#define MULADDC_INIT \
+ asm( \
+ "lw $10, %3 \n\t" \
+ "lw $11, %4 \n\t" \
+ "lw $12, %5 \n\t" \
+ "lw $13, %6 \n\t"
-#define MULADDC_CORE \
- " \
- lw $14, 0($10); \
- multu $13, $14; \
- addi $10, $10, 4; \
- mflo $14; \
- mfhi $9; \
- addu $14, $12, $14; \
- lw $15, 0($11); \
- sltu $12, $14, $12; \
- addu $15, $14, $15; \
- sltu $14, $15, $14; \
- addu $12, $12, $9; \
- sw $15, 0($11); \
- addu $12, $12, $14; \
- addi $11, $11, 4; \
- "
+#define MULADDC_CORE \
+ "lw $14, 0($10) \n\t" \
+ "multu $13, $14 \n\t" \
+ "addi $10, $10, 4 \n\t" \
+ "mflo $14 \n\t" \
+ "mfhi $9 \n\t" \
+ "addu $14, $12, $14 \n\t" \
+ "lw $15, 0($11) \n\t" \
+ "sltu $12, $14, $12 \n\t" \
+ "addu $15, $14, $15 \n\t" \
+ "sltu $14, $15, $14 \n\t" \
+ "addu $12, $12, $9 \n\t" \
+ "sw $15, 0($11) \n\t" \
+ "addu $12, $12, $14 \n\t" \
+ "addi $11, $11, 4 \n\t"
-#define MULADDC_STOP \
- " \
- sw $12, %0; \
- sw $11, %1; \
- sw $10, %2; \
- " \
+#define MULADDC_STOP \
+ "sw $12, %0 \n\t" \
+ "sw $11, %1 \n\t" \
+ "sw $10, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "$9", "$10", "$11", "$12", "$13", "$14", "$15" \
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 21ed42e..91e3981 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -258,8 +258,8 @@
/* \} name SECTION: Module settings */
/*
- * Allow an extra 301 bytes for the record header
- * and encryption overhead: counter (8) + header (5) + MAC (32) + padding (256)
+ * Allow an extra 301 bytes for the record header and encryption overhead:
+ * counter (8) + header (5) + IV(16) + MAC (48) + padding (256)
* and allow for a maximum of 1024 of compression expansion if
* enabled.
*/
@@ -269,7 +269,7 @@
#define SSL_COMPRESSION_ADD 0
#endif
-#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 301)
+#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 333)
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h
index 3016b87..9f597a8 100644
--- a/include/polarssl/x509_crl.h
+++ b/include/polarssl/x509_crl.h
@@ -75,7 +75,7 @@
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version;
+ int version; /**< CRL version (1=v1, 2=v2) */
x509_buf sig_oid1;
x509_buf issuer_raw; /**< The raw issuer data (DER). */
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index e90e357..4bf8e56 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -59,7 +59,7 @@
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
+ int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h
index bbe6bec..6591e38 100644
--- a/include/polarssl/x509_csr.h
+++ b/include/polarssl/x509_csr.h
@@ -56,7 +56,7 @@
x509_buf raw; /**< The raw CSR data (DER). */
x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
- int version;
+ int version; /**< CSR version (1=v1). */
x509_buf subject_raw; /**< The raw subject data (DER). */
x509_name subject; /**< The parsed subject data (named information object). */
diff --git a/library/aesni.c b/library/aesni.c
index 9bd780f..97f646e 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -51,8 +51,8 @@
if( ! done )
{
- asm( "movl $1, %%eax \n"
- "cpuid \n"
+ asm( "movl $1, %%eax \n\t"
+ "cpuid \n\t"
: "=c" (c)
:
: "eax", "ebx", "edx" );
@@ -96,35 +96,35 @@
const unsigned char input[16],
unsigned char output[16] )
{
- asm( "movdqu (%3), %%xmm0 \n" // load input
- "movdqu (%1), %%xmm1 \n" // load round key 0
- "pxor %%xmm1, %%xmm0 \n" // round 0
- "addq $16, %1 \n" // point to next round key
- "subl $1, %0 \n" // normal rounds = nr - 1
- "test %2, %2 \n" // mode?
- "jz 2f \n" // 0 = decrypt
+ asm( "movdqu (%3), %%xmm0 \n\t" // load input
+ "movdqu (%1), %%xmm1 \n\t" // load round key 0
+ "pxor %%xmm1, %%xmm0 \n\t" // round 0
+ "addq $16, %1 \n\t" // point to next round key
+ "subl $1, %0 \n\t" // normal rounds = nr - 1
+ "test %2, %2 \n\t" // mode?
+ "jz 2f \n\t" // 0 = decrypt
- "1: \n" // encryption loop
- "movdqu (%1), %%xmm1 \n" // load round key
- AESENC xmm1_xmm0 "\n" // do round
- "addq $16, %1 \n" // point to next round key
- "subl $1, %0 \n" // loop
- "jnz 1b \n"
- "movdqu (%1), %%xmm1 \n" // load round key
- AESENCLAST xmm1_xmm0 "\n" // last round
- "jmp 3f \n"
+ "1: \n\t" // encryption loop
+ "movdqu (%1), %%xmm1 \n\t" // load round key
+ AESENC xmm1_xmm0 "\n\t" // do round
+ "addq $16, %1 \n\t" // point to next round key
+ "subl $1, %0 \n\t" // loop
+ "jnz 1b \n\t"
+ "movdqu (%1), %%xmm1 \n\t" // load round key
+ AESENCLAST xmm1_xmm0 "\n\t" // last round
+ "jmp 3f \n\t"
- "2: \n" // decryption loop
- "movdqu (%1), %%xmm1 \n"
- AESDEC xmm1_xmm0 "\n" // do round
- "addq $16, %1 \n"
- "subl $1, %0 \n"
- "jnz 2b \n"
- "movdqu (%1), %%xmm1 \n" // load round key
- AESDECLAST xmm1_xmm0 "\n" // last round
+ "2: \n\t" // decryption loop
+ "movdqu (%1), %%xmm1 \n\t"
+ AESDEC xmm1_xmm0 "\n\t" // do round
+ "addq $16, %1 \n\t"
+ "subl $1, %0 \n\t"
+ "jnz 2b \n\t"
+ "movdqu (%1), %%xmm1 \n\t" // load round key
+ AESDECLAST xmm1_xmm0 "\n\t" // last round
- "3: \n"
- "movdqu %%xmm0, (%4) \n" // export output
+ "3: \n\t"
+ "movdqu %%xmm0, (%4) \n\t" // export output
:
: "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
: "memory", "cc", "xmm0", "xmm1" );
@@ -151,44 +151,44 @@
bb[i] = b[15 - i];
}
- asm( "movdqu (%0), %%xmm0 \n" // a1:a0
- "movdqu (%1), %%xmm1 \n" // b1:b0
+ asm( "movdqu (%0), %%xmm0 \n\t" // a1:a0
+ "movdqu (%1), %%xmm1 \n\t" // b1:b0
/*
* Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
* using [CLMUL-WP] algorithm 1 (p. 13).
*/
- "movdqa %%xmm1, %%xmm2 \n" // copy of b1:b0
- "movdqa %%xmm1, %%xmm3 \n" // same
- "movdqa %%xmm1, %%xmm4 \n" // same
- PCLMULQDQ xmm0_xmm1 ",0x00 \n" // a0*b0 = c1:c0
- PCLMULQDQ xmm0_xmm2 ",0x11 \n" // a1*b1 = d1:d0
- PCLMULQDQ xmm0_xmm3 ",0x10 \n" // a0*b1 = e1:e0
- PCLMULQDQ xmm0_xmm4 ",0x01 \n" // a1*b0 = f1:f0
- "pxor %%xmm3, %%xmm4 \n" // e1+f1:e0+f0
- "movdqa %%xmm4, %%xmm3 \n" // same
- "psrldq $8, %%xmm4 \n" // 0:e1+f1
- "pslldq $8, %%xmm3 \n" // e0+f0:0
- "pxor %%xmm4, %%xmm2 \n" // d1:d0+e1+f1
- "pxor %%xmm3, %%xmm1 \n" // c1+e0+f1:c0
+ "movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0
+ "movdqa %%xmm1, %%xmm3 \n\t" // same
+ "movdqa %%xmm1, %%xmm4 \n\t" // same
+ PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0
+ PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
+ PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
+ PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
+ "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
+ "movdqa %%xmm4, %%xmm3 \n\t" // same
+ "psrldq $8, %%xmm4 \n\t" // 0:e1+f1
+ "pslldq $8, %%xmm3 \n\t" // e0+f0:0
+ "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
+ "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
/*
* Now shift the result one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 20)
*/
- "movdqa %%xmm1, %%xmm3 \n" // r1:r0
- "movdqa %%xmm2, %%xmm4 \n" // r3:r2
- "psllq $1, %%xmm1 \n" // r1<<1:r0<<1
- "psllq $1, %%xmm2 \n" // r3<<1:r2<<1
- "psrlq $63, %%xmm3 \n" // r1>>63:r0>>63
- "psrlq $63, %%xmm4 \n" // r3>>63:r2>>63
- "movdqa %%xmm3, %%xmm5 \n" // r1>>63:r0>>63
- "pslldq $8, %%xmm3 \n" // r0>>63:0
- "pslldq $8, %%xmm4 \n" // r2>>63:0
- "psrldq $8, %%xmm5 \n" // 0:r1>>63
- "por %%xmm3, %%xmm1 \n" // r1<<1|r0>>63:r0<<1
- "por %%xmm4, %%xmm2 \n" // r3<<1|r2>>62:r2<<1
- "por %%xmm5, %%xmm2 \n" // r3<<1|r2>>62:r2<<1|r1>>63
+ "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
+ "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
+ "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
+ "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
+ "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
+ "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
+ "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
+ "pslldq $8, %%xmm3 \n\t" // r0>>63:0
+ "pslldq $8, %%xmm4 \n\t" // r2>>63:0
+ "psrldq $8, %%xmm5 \n\t" // 0:r1>>63
+ "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
+ "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
+ "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
@@ -196,44 +196,44 @@
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
*/
/* Step 2 (1) */
- "movdqa %%xmm1, %%xmm3 \n" // x1:x0
- "movdqa %%xmm1, %%xmm4 \n" // same
- "movdqa %%xmm1, %%xmm5 \n" // same
- "psllq $63, %%xmm3 \n" // x1<<63:x0<<63 = stuff:a
- "psllq $62, %%xmm4 \n" // x1<<62:x0<<62 = stuff:b
- "psllq $57, %%xmm5 \n" // x1<<57:x0<<57 = stuff:c
+ "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
+ "movdqa %%xmm1, %%xmm4 \n\t" // same
+ "movdqa %%xmm1, %%xmm5 \n\t" // same
+ "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
+ "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
+ "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
/* Step 2 (2) */
- "pxor %%xmm4, %%xmm3 \n" // stuff:a+b
- "pxor %%xmm5, %%xmm3 \n" // stuff:a+b+c
- "pslldq $8, %%xmm3 \n" // a+b+c:0
- "pxor %%xmm3, %%xmm1 \n" // x1+a+b+c:x0 = d:x0
+ "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
+ "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
+ "pslldq $8, %%xmm3 \n\t" // a+b+c:0
+ "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
/* Steps 3 and 4 */
- "movdqa %%xmm1,%%xmm0 \n" // d:x0
- "movdqa %%xmm1,%%xmm4 \n" // same
- "movdqa %%xmm1,%%xmm5 \n" // same
- "psrlq $1, %%xmm0 \n" // e1:x0>>1 = e1:e0'
- "psrlq $2, %%xmm4 \n" // f1:x0>>2 = f1:f0'
- "psrlq $7, %%xmm5 \n" // g1:x0>>7 = g1:g0'
- "pxor %%xmm4, %%xmm0 \n" // e1+f1:e0'+f0'
- "pxor %%xmm5, %%xmm0 \n" // e1+f1+g1:e0'+f0'+g0'
- // e0'+f0'+g0' is almost e0+f0+g0, except for some missing
- // bits carried from d. Now get those bits back in.
- "movdqa %%xmm1,%%xmm3 \n" // d:x0
- "movdqa %%xmm1,%%xmm4 \n" // same
- "movdqa %%xmm1,%%xmm5 \n" // same
- "psllq $63, %%xmm3 \n" // d<<63:stuff
- "psllq $62, %%xmm4 \n" // d<<62:stuff
- "psllq $57, %%xmm5 \n" // d<<57:stuff
- "pxor %%xmm4, %%xmm3 \n" // d<<63+d<<62:stuff
- "pxor %%xmm5, %%xmm3 \n" // missing bits of d:stuff
- "psrldq $8, %%xmm3 \n" // 0:missing bits of d
- "pxor %%xmm3, %%xmm0 \n" // e1+f1+g1:e0+f0+g0
- "pxor %%xmm1, %%xmm0 \n" // h1:h0
- "pxor %%xmm2, %%xmm0 \n" // x3+h1:x2+h0
+ "movdqa %%xmm1,%%xmm0 \n\t" // d:x0
+ "movdqa %%xmm1,%%xmm4 \n\t" // same
+ "movdqa %%xmm1,%%xmm5 \n\t" // same
+ "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
+ "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
+ "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
+ "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
+ "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
+ // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
+ // bits carried from d. Now get those\t bits back in.
+ "movdqa %%xmm1,%%xmm3 \n\t" // d:x0
+ "movdqa %%xmm1,%%xmm4 \n\t" // same
+ "movdqa %%xmm1,%%xmm5 \n\t" // same
+ "psllq $63, %%xmm3 \n\t" // d<<63:stuff
+ "psllq $62, %%xmm4 \n\t" // d<<62:stuff
+ "psllq $57, %%xmm5 \n\t" // d<<57:stuff
+ "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
+ "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
+ "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
+ "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
+ "pxor %%xmm1, %%xmm0 \n\t" // h1:h0
+ "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
- "movdqu %%xmm0, (%2) \n" // done
+ "movdqu %%xmm0, (%2) \n\t" // done
:
: "r" (aa), "r" (bb), "r" (cc)
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
@@ -257,9 +257,9 @@
memcpy( ik, fk, 16 );
for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
- asm( "movdqu (%0), %%xmm0 \n"
- AESIMC xmm0_xmm0 "\n"
- "movdqu %%xmm0, (%1) \n"
+ asm( "movdqu (%0), %%xmm0 \n\t"
+ AESIMC xmm0_xmm0 "\n\t"
+ "movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
: "memory", "xmm0" );
@@ -273,9 +273,9 @@
static void aesni_setkey_enc_128( unsigned char *rk,
const unsigned char *key )
{
- asm( "movdqu (%1), %%xmm0 \n" // copy the original key
- "movdqu %%xmm0, (%0) \n" // as round key 0
- "jmp 2f \n" // skip auxiliary routine
+ asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key
+ "movdqu %%xmm0, (%0) \n\t" // as round key 0
+ "jmp 2f \n\t" // skip auxiliary routine
/*
* Finish generating the next round key.
@@ -287,31 +287,31 @@
* with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
* and those are written to the round key buffer.
*/
- "1: \n"
- "pshufd $0xff, %%xmm1, %%xmm1 \n" // X:X:X:X
- "pxor %%xmm0, %%xmm1 \n" // X+r3:X+r2:X+r1:r4
- "pslldq $4, %%xmm0 \n" // r2:r1:r0:0
- "pxor %%xmm0, %%xmm1 \n" // X+r3+r2:X+r2+r1:r5:r4
- "pslldq $4, %%xmm0 \n" // etc
- "pxor %%xmm0, %%xmm1 \n"
- "pslldq $4, %%xmm0 \n"
- "pxor %%xmm1, %%xmm0 \n" // update xmm0 for next time!
- "add $16, %0 \n" // point to next round key
- "movdqu %%xmm0, (%0) \n" // write it
- "ret \n"
+ "1: \n\t"
+ "pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X
+ "pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4
+ "pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0
+ "pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4
+ "pslldq $4, %%xmm0 \n\t" // etc
+ "pxor %%xmm0, %%xmm1 \n\t"
+ "pslldq $4, %%xmm0 \n\t"
+ "pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time!
+ "add $16, %0 \n\t" // point to next round key
+ "movdqu %%xmm0, (%0) \n\t" // write it
+ "ret \n\t"
/* Main "loop" */
- "2: \n"
- AESKEYGENA xmm0_xmm1 ",0x01 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x02 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x04 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x08 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x10 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x20 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x40 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x80 \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x1B \ncall 1b \n"
- AESKEYGENA xmm0_xmm1 ",0x36 \ncall 1b \n"
+ "2: \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t"
+ AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0" );
@@ -323,13 +323,13 @@
static void aesni_setkey_enc_192( unsigned char *rk,
const unsigned char *key )
{
- asm( "movdqu (%1), %%xmm0 \n" // copy original round key
- "movdqu %%xmm0, (%0) \n"
- "add $16, %0 \n"
- "movq 16(%1), %%xmm1 \n"
- "movq %%xmm1, (%0) \n"
- "add $8, %0 \n"
- "jmp 2f \n" // skip auxiliary routine
+ asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key
+ "movdqu %%xmm0, (%0) \n\t"
+ "add $16, %0 \n\t"
+ "movq 16(%1), %%xmm1 \n\t"
+ "movq %%xmm1, (%0) \n\t"
+ "add $8, %0 \n\t"
+ "jmp 2f \n\t" // skip auxiliary routine
/*
* Finish generating the next 6 quarter-keys.
@@ -340,34 +340,34 @@
* On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10
* and those are written to the round key buffer.
*/
- "1: \n"
- "pshufd $0x55, %%xmm2, %%xmm2 \n" // X:X:X:X
- "pxor %%xmm0, %%xmm2 \n" // X+r3:X+r2:X+r1:r4
- "pslldq $4, %%xmm0 \n" // etc
- "pxor %%xmm0, %%xmm2 \n"
- "pslldq $4, %%xmm0 \n"
- "pxor %%xmm0, %%xmm2 \n"
- "pslldq $4, %%xmm0 \n"
- "pxor %%xmm2, %%xmm0 \n" // update xmm0 = r9:r8:r7:r6
- "movdqu %%xmm0, (%0) \n"
- "add $16, %0 \n"
- "pshufd $0xff, %%xmm0, %%xmm2 \n" // r9:r9:r9:r9
- "pxor %%xmm1, %%xmm2 \n" // stuff:stuff:r9+r5:r10
- "pslldq $4, %%xmm1 \n" // r2:r1:r0:0
- "pxor %%xmm2, %%xmm1 \n" // update xmm1 = stuff:stuff:r11:r10
- "movq %%xmm1, (%0) \n"
- "add $8, %0 \n"
- "ret \n"
+ "1: \n\t"
+ "pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X
+ "pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4
+ "pslldq $4, %%xmm0 \n\t" // etc
+ "pxor %%xmm0, %%xmm2 \n\t"
+ "pslldq $4, %%xmm0 \n\t"
+ "pxor %%xmm0, %%xmm2 \n\t"
+ "pslldq $4, %%xmm0 \n\t"
+ "pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6
+ "movdqu %%xmm0, (%0) \n\t"
+ "add $16, %0 \n\t"
+ "pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9
+ "pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10
+ "pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0
+ "pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10
+ "movq %%xmm1, (%0) \n\t"
+ "add $8, %0 \n\t"
+ "ret \n\t"
- "2: \n"
- AESKEYGENA xmm1_xmm2 ",0x01 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x02 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x04 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x08 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x10 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x20 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x40 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x80 \ncall 1b \n"
+ "2: \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
@@ -380,12 +380,12 @@
static void aesni_setkey_enc_256( unsigned char *rk,
const unsigned char *key )
{
- asm( "movdqu (%1), %%xmm0 \n"
- "movdqu %%xmm0, (%0) \n"
- "add $16, %0 \n"
- "movdqu 16(%1), %%xmm1 \n"
- "movdqu %%xmm1, (%0) \n"
- "jmp 2f \n" // skip auxiliary routine
+ asm( "movdqu (%1), %%xmm0 \n\t"
+ "movdqu %%xmm0, (%0) \n\t"
+ "add $16, %0 \n\t"
+ "movdqu 16(%1), %%xmm1 \n\t"
+ "movdqu %%xmm1, (%0) \n\t"
+ "jmp 2f \n\t" // skip auxiliary routine
/*
* Finish generating the next two round keys.
@@ -396,45 +396,45 @@
* On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12
* and those have been written to the output buffer.
*/
- "1: \n"
- "pshufd $0xff, %%xmm2, %%xmm2 \n"
- "pxor %%xmm0, %%xmm2 \n"
- "pslldq $4, %%xmm0 \n"
- "pxor %%xmm0, %%xmm2 \n"
- "pslldq $4, %%xmm0 \n"
- "pxor %%xmm0, %%xmm2 \n"
- "pslldq $4, %%xmm0 \n"
- "pxor %%xmm2, %%xmm0 \n"
- "add $16, %0 \n"
- "movdqu %%xmm0, (%0) \n"
+ "1: \n\t"
+ "pshufd $0xff, %%xmm2, %%xmm2 \n\t"
+ "pxor %%xmm0, %%xmm2 \n\t"
+ "pslldq $4, %%xmm0 \n\t"
+ "pxor %%xmm0, %%xmm2 \n\t"
+ "pslldq $4, %%xmm0 \n\t"
+ "pxor %%xmm0, %%xmm2 \n\t"
+ "pslldq $4, %%xmm0 \n\t"
+ "pxor %%xmm2, %%xmm0 \n\t"
+ "add $16, %0 \n\t"
+ "movdqu %%xmm0, (%0) \n\t"
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
- AESKEYGENA xmm0_xmm2 ",0x00 \n"
- "pshufd $0xaa, %%xmm2, %%xmm2 \n"
- "pxor %%xmm1, %%xmm2 \n"
- "pslldq $4, %%xmm1 \n"
- "pxor %%xmm1, %%xmm2 \n"
- "pslldq $4, %%xmm1 \n"
- "pxor %%xmm1, %%xmm2 \n"
- "pslldq $4, %%xmm1 \n"
- "pxor %%xmm2, %%xmm1 \n"
- "add $16, %0 \n"
- "movdqu %%xmm1, (%0) \n"
- "ret \n"
+ AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
+ "pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm2, %%xmm1 \n\t"
+ "add $16, %0 \n\t"
+ "movdqu %%xmm1, (%0) \n\t"
+ "ret \n\t"
/*
* Main "loop" - Generating one more key than necessary,
* see definition of aes_context.buf
*/
- "2: \n"
- AESKEYGENA xmm1_xmm2 ",0x01 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x02 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x04 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x08 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x10 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x20 \ncall 1b \n"
- AESKEYGENA xmm1_xmm2 ",0x40 \ncall 1b \n"
+ "2: \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
+ AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0" );
diff --git a/library/gcm.c b/library/gcm.c
index 4e40fbf..d4c68ae 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -266,6 +266,13 @@
const unsigned char *p;
size_t use_len, olen = 0;
+ /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
+ if( ( (uint64_t) iv_len ) >> 61 != 0 ||
+ ( (uint64_t) add_len ) >> 61 != 0 )
+ {
+ return( POLARSSL_ERR_GCM_BAD_INPUT );
+ }
+
memset( ctx->y, 0x00, sizeof(ctx->y) );
memset( ctx->buf, 0x00, sizeof(ctx->buf) );
@@ -342,6 +349,14 @@
if( output > input && (size_t) ( output - input ) < length )
return( POLARSSL_ERR_GCM_BAD_INPUT );
+ /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
+ * Also check for possible overflow */
+ if( ctx->len + length < ctx->len ||
+ (uint64_t) ctx->len + length > 0x03FFFFE0llu )
+ {
+ return( POLARSSL_ERR_GCM_BAD_INPUT );
+ }
+
ctx->len += length;
p = input;
@@ -387,7 +402,7 @@
uint64_t orig_len = ctx->len * 8;
uint64_t orig_add_len = ctx->add_len * 8;
- if( tag_len > 16 )
+ if( tag_len > 16 || tag_len < 4 )
return( POLARSSL_ERR_GCM_BAD_INPUT );
if( tag_len != 0 )
diff --git a/library/padlock.c b/library/padlock.c
index d277ccf..5d06390 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -51,17 +51,17 @@
if( flags == -1 )
{
- asm( "movl %%ebx, %0 \n" \
- "movl $0xC0000000, %%eax \n" \
- "cpuid \n" \
- "cmpl $0xC0000001, %%eax \n" \
- "movl $0, %%edx \n" \
- "jb unsupported \n" \
- "movl $0xC0000001, %%eax \n" \
- "cpuid \n" \
- "unsupported: \n" \
- "movl %%edx, %1 \n" \
- "movl %2, %%ebx \n"
+ asm( "movl %%ebx, %0 \n\t"
+ "movl $0xC0000000, %%eax \n\t"
+ "cpuid \n\t"
+ "cmpl $0xC0000001, %%eax \n\t"
+ "movl $0, %%edx \n\t"
+ "jb unsupported \n\t"
+ "movl $0xC0000001, %%eax \n\t"
+ "cpuid \n\t"
+ "unsupported: \n\t"
+ "movl %%edx, %1 \n\t"
+ "movl %2, %%ebx \n\t"
: "=m" (ebx), "=m" (edx)
: "m" (ebx)
: "eax", "ecx", "edx" );
@@ -93,15 +93,16 @@
ctrl = blk + 4;
*ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
- asm( "pushfl; popfl \n" \
- "movl %%ebx, %0 \n" \
- "movl $1, %%ecx \n" \
- "movl %2, %%edx \n" \
- "movl %3, %%ebx \n" \
- "movl %4, %%esi \n" \
- "movl %4, %%edi \n" \
- ".byte 0xf3,0x0f,0xa7,0xc8\n" \
- "movl %1, %%ebx \n"
+ asm( "pushfl \n\t"
+ "popfl \n\t"
+ "movl %%ebx, %0 \n\t"
+ "movl $1, %%ecx \n\t"
+ "movl %2, %%edx \n\t"
+ "movl %3, %%ebx \n\t"
+ "movl %4, %%esi \n\t"
+ "movl %4, %%edi \n\t"
+ ".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
+ "movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
: "ecx", "edx", "esi", "edi" );
@@ -141,16 +142,17 @@
count = ( length + 15 ) >> 4;
- asm( "pushfl; popfl \n" \
- "movl %%ebx, %0 \n" \
- "movl %2, %%ecx \n" \
- "movl %3, %%edx \n" \
- "movl %4, %%ebx \n" \
- "movl %5, %%esi \n" \
- "movl %6, %%edi \n" \
- "movl %7, %%eax \n" \
- ".byte 0xf3,0x0f,0xa7,0xd0\n" \
- "movl %1, %%ebx \n"
+ asm( "pushfl \n\t"
+ "popfl \n\t"
+ "movl %%ebx, %0 \n\t"
+ "movl %2, %%ecx \n\t"
+ "movl %3, %%edx \n\t"
+ "movl %4, %%ebx \n\t"
+ "movl %5, %%esi \n\t"
+ "movl %6, %%edi \n\t"
+ "movl %7, %%eax \n\t"
+ ".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
+ "movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (count), "m" (ctrl),
"m" (rk), "m" (input), "m" (output), "m" (iw)
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a74e324..7463353 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -51,18 +51,18 @@
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
* 2. By key length and cipher:
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
- * 3. By cipher mode when relevant CCM > GCM > CBC > CCM_8
+ * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
* 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC
*/
static const int ciphersuite_preference[] =
{
/* All AES-256 ephemeral suites */
- TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
- TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
@@ -82,11 +82,11 @@
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All AES-128 ephemeral suites */
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
- TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
@@ -111,8 +111,8 @@
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* The PSK ephemeral suites */
- TLS_DHE_PSK_WITH_AES_256_CCM,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_PSK_WITH_AES_256_CCM,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
@@ -122,8 +122,8 @@
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CCM_8,
- TLS_DHE_PSK_WITH_AES_128_CCM,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_PSK_WITH_AES_128_CCM,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
@@ -137,8 +137,8 @@
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
/* All AES-256 suites */
- TLS_RSA_WITH_AES_256_CCM,
TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_256_CCM,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
@@ -159,8 +159,8 @@
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
/* All AES-128 suites */
- TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
@@ -201,16 +201,16 @@
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
/* The PSK suites */
- TLS_PSK_WITH_AES_256_CCM,
TLS_PSK_WITH_AES_256_GCM_SHA384,
+ TLS_PSK_WITH_AES_256_CCM,
TLS_PSK_WITH_AES_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CCM_8,
- TLS_PSK_WITH_AES_128_CCM,
TLS_PSK_WITH_AES_128_GCM_SHA256,
+ TLS_PSK_WITH_AES_128_CCM,
TLS_PSK_WITH_AES_128_CBC_SHA256,
TLS_PSK_WITH_AES_128_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9903954..035cf39 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -803,7 +803,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- p = buf + 2;
+ p = buf + 1;
while( list_size > 0 )
{
if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED ||
@@ -818,7 +818,8 @@
p++;
}
- return( 0 );
+ SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
@@ -2056,7 +2057,7 @@
SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
- ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
+ ssl->handshake->pmslen = POLARSSL_PREMASTER_SIZE;
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
ssl->handshake->premaster,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7a5f462..a8e4f41 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2743,7 +2743,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
- ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
+ ssl->handshake->pmslen = POLARSSL_PREMASTER_SIZE;
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
ssl->handshake->premaster,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ce6730d..a1428dc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -511,58 +511,81 @@
* Determine the appropriate key, IV and MAC length.
*/
+ transform->keylen = cipher_info->key_length / 8;
+
if( cipher_info->mode == POLARSSL_MODE_GCM ||
cipher_info->mode == POLARSSL_MODE_CCM )
{
- transform->keylen = cipher_info->key_length;
- transform->keylen /= 8;
- transform->minlen = 1;
+ transform->maclen = 0;
+
transform->ivlen = 12;
transform->fixed_ivlen = 4;
- transform->maclen = 0;
+
+ /* Minimum length is expicit IV + tag */
+ transform->minlen = transform->ivlen - transform->fixed_ivlen
+ + ( transform->ciphersuite_info->flags &
+ POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
}
else
{
- if( md_info->type != POLARSSL_MD_NONE )
+ int ret;
+
+ /* Initialize HMAC contexts */
+ if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 ||
+ ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
{
- int ret;
-
- if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "md_init_ctx", ret );
- return( ret );
- }
-
- if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "md_init_ctx", ret );
- return( ret );
- }
-
- transform->maclen = md_get_size( md_info );
-
-#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
- /*
- * If HMAC is to be truncated, we shall keep the leftmost bytes,
- * (rfc 6066 page 13 or rfc 2104 section 4),
- * so we only need to adjust the length here.
- */
- if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
- transform->maclen = SSL_TRUNCATED_HMAC_LEN;
-#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+ SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+ return( ret );
}
- transform->keylen = cipher_info->key_length;
- transform->keylen /= 8;
+ /* Get MAC length */
+ transform->maclen = md_get_size( md_info );
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ /*
+ * If HMAC is to be truncated, we shall keep the leftmost bytes,
+ * (rfc 6066 page 13 or rfc 2104 section 4),
+ * so we only need to adjust the length here.
+ */
+ if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+ transform->maclen = SSL_TRUNCATED_HMAC_LEN;
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+
+ /* IV length */
transform->ivlen = cipher_info->iv_size;
- transform->minlen = transform->keylen;
- if( transform->minlen < transform->maclen )
+ /* Minimum length */
+ if( cipher_info->mode == POLARSSL_MODE_STREAM )
+ transform->minlen = transform->maclen;
+ else
{
- if( cipher_info->mode == POLARSSL_MODE_STREAM )
- transform->minlen = transform->maclen;
+ /*
+ * GenericBlockCipher:
+ * first multiple of blocklen greater than maclen
+ * + IV except for SSL3 and TLS 1.0
+ */
+ transform->minlen = transform->maclen
+ + cipher_info->block_size
+ - transform->maclen % cipher_info->block_size;
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 ||
+ ssl->minor_ver == SSL_MINOR_VERSION_1 )
+ ; /* No need to adjust minlen */
else
- transform->minlen += transform->keylen;
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_2 ||
+ ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ transform->minlen += transform->ivlen;
+ }
+ else
+#endif
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+ }
}
}
@@ -885,19 +908,18 @@
if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK )
{
int ret;
- size_t len = ssl->handshake->dhm_ctx.len;
+ size_t len = end - ( p + 2 );
- if( end - p < 2 + (int) len )
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
- *(p++) = (unsigned char)( len >> 8 );
- *(p++) = (unsigned char)( len );
+ /* Write length only when we know the actual value */
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
- p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
+ p + 2, &len,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
return( ret );
}
+ *(p++) = (unsigned char)( len >> 8 );
+ *(p++) = (unsigned char)( len );
p += len;
SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
@@ -1327,10 +1349,18 @@
unsigned char add_data[13];
unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+ unsigned char explicit_iv_len = ssl->transform_in->ivlen -
+ ssl->transform_in->fixed_ivlen;
- dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
- ssl->transform_in->fixed_ivlen );
- dec_msglen -= taglen;
+ if( ssl->in_msglen < explicit_iv_len + taglen )
+ {
+ SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
+ "+ taglen (%d)", ssl->in_msglen,
+ explicit_iv_len, taglen ) );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+ dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
+
dec_msg = ssl->in_msg;
dec_msg_result = ssl->in_msg;
ssl->in_msglen = dec_msglen;
@@ -1943,9 +1973,6 @@
SSL_DEBUG_MSG( 2, ( "=> read record" ) );
- SSL_DEBUG_BUF( 4, "input record from network",
- ssl->in_hdr, 5 + ssl->in_msglen );
-
if( ssl->in_hslen != 0 &&
ssl->in_hslen < ssl->in_msglen )
{
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c5f7f70..03cdda8 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1587,22 +1587,48 @@
/*
* Check if 'parent' is a suitable parent (signing CA) for 'child'.
* Return 0 if yes, -1 if not.
+ *
+ * top means parent is a locally-trusted certificate
+ * bottom means child is the end entity cert
*/
static int x509_crt_check_parent( const x509_crt *child,
- const x509_crt *parent )
+ const x509_crt *parent,
+ int top, int bottom )
{
- if( parent->version == 0 ||
- parent->ca_istrue == 0 ||
- child->issuer_raw.len != parent->subject_raw.len ||
+ int need_ca_bit;
+
+ /* Parent must be the issuer */
+ if( child->issuer_raw.len != parent->subject_raw.len ||
memcmp( child->issuer_raw.p, parent->subject_raw.p,
child->issuer_raw.len ) != 0 )
{
return( -1 );
}
-#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
- if( x509_crt_check_key_usage( parent, KU_KEY_CERT_SIGN ) != 0 )
+ /* Parent must have the basicConstraints CA bit set as a general rule */
+ need_ca_bit = 1;
+
+ /* Exception: v1/v2 certificates that are locally trusted. */
+ if( top && parent->version < 3 )
+ need_ca_bit = 0;
+
+ /* Exception: self-signed end-entity certs that are locally trusted. */
+ if( top && bottom &&
+ child->raw.len == parent->raw.len &&
+ memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
+ {
+ need_ca_bit = 0;
+ }
+
+ if( need_ca_bit && ! parent->ca_istrue )
return( -1 );
+
+#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
+ if( need_ca_bit &&
+ x509_crt_check_key_usage( parent, KU_KEY_CERT_SIGN ) != 0 )
+ {
+ return( -1 );
+ }
#endif
return( 0 );
@@ -1643,7 +1669,7 @@
for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
{
- if( x509_crt_check_parent( child, trust_ca ) != 0 )
+ if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
continue;
/*
@@ -1770,7 +1796,8 @@
grandparent != NULL;
grandparent = grandparent->next )
{
- if( x509_crt_check_parent( parent, grandparent ) == 0 )
+ if( x509_crt_check_parent( parent, grandparent,
+ 0, path_cnt == 0 ) == 0 )
break;
}
@@ -1872,7 +1899,7 @@
/* Look for a parent upwards the chain */
for( parent = crt->next; parent != NULL; parent = parent->next )
{
- if( x509_crt_check_parent( crt, parent ) == 0 )
+ if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
break;
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2b1c03a..3af54f9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -72,7 +72,7 @@
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT 4433
#define DFL_REQUEST_PAGE "/"
-#define DFL_REQUEST_SIZE 0
+#define DFL_REQUEST_SIZE -1
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
#define DFL_CA_FILE ""
@@ -288,8 +288,8 @@
" server_addr=%%s default: given by name\n" \
" server_port=%%d default: 4433\n" \
" request_page=%%s default: \".\"\n" \
- " request_size=%%d default: 0 (no extra padding)\n" \
- " (minimum: 16, max: " ")\n" \
+ " request_size=%%d default: about 34 (basic request)\n" \
+ " (minimum: 0, max: 16384)\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
@@ -1035,9 +1035,9 @@
len = snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
opt.request_page );
- // Add padding to GET request to reach opt.request_size in length
- //
- if( len + tail_len < (size_t) opt.request_size )
+ /* Add padding to GET request to reach opt.request_size in length */
+ if( opt.request_size != DFL_REQUEST_SIZE &&
+ len + tail_len < (size_t) opt.request_size )
{
memset( buf + len, 'A', opt.request_size - len - tail_len );
len += opt.request_size - len - tail_len;
@@ -1047,6 +1047,17 @@
len += tail_len;
}
+ /* Truncate if request size is smaller than the "natural" size */
+ if( opt.request_size != DFL_REQUEST_SIZE &&
+ len > opt.request_size )
+ {
+ len = opt.request_size;
+
+ /* Still end with \r\n unless that's really not possible */
+ if( len >= 2 ) buf[len - 2] = '\r';
+ if( len >= 1 ) buf[len - 1] = '\n';
+ }
+
for( written = 0, frags = 0; written < len; written += ret, frags++ )
{
while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3b8f234..d5f01bc 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1507,7 +1507,8 @@
larger_buf[ori_len + extra_len] = '\0';
printf( " %u bytes read (%u + %u)\n\n%s\n",
- ori_len + extra_len, ori_len, extra_len, (char *) buf );
+ ori_len + extra_len, ori_len, extra_len,
+ (char *) larger_buf );
polarssl_free( larger_buf );
}
diff --git a/tests/data_files/server1-v1.crt b/tests/data_files/server1-v1.crt
new file mode 100644
index 0000000..47f1fff
--- /dev/null
+++ b/tests/data_files/server1-v1.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
+EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
+MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
+BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
+WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
+WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
+G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
+IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
+krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-v1-chain.crt b/tests/data_files/server2-v1-chain.crt
new file mode 100644
index 0000000..84bb6b2
--- /dev/null
+++ b/tests/data_files/server2-v1-chain.crt
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
+ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
+UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
+MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
+ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
+p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
++uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
+4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
+i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
+6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
+3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
+ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
+53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
+GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
+o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
+EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
+MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
+BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
+WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
+WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
+G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
+IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
+krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-v1.crt b/tests/data_files/server2-v1.crt
new file mode 100644
index 0000000..7ef7968
--- /dev/null
+++ b/tests/data_files/server2-v1.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
+ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
+UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
+MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
+ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
+p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
++uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
+4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
+i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
+6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
+3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
+ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
+53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
+GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
+o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-selfsigned.crt b/tests/data_files/server5-selfsigned.crt
new file mode 100644
index 0000000..cb55647
--- /dev/null
+++ b/tests/data_files/server5-selfsigned.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBzTCCAXKgAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
+BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
+U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY0M1oYDzIwMjQwNjE4MTEz
+NjQzWjBHMRMwEQYDVQQDEwpzZWxmc2lnbmVkMRAwDgYDVQQLEwd0ZXN0aW5nMREw
+DwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/q
+L9I0XV0WvYqIwmt3DVXNiioO+gHItO3/o0AwPjAMBgNVHRMBAf8EAjAAMA8GA1Ud
+DwEB/wQFAwMHgAAwHQYDVR0OBBYEFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqG
+SM49BAMCA0kAMEYCIQCf/bzFoge0pCOIrtHrABgc1+Cl9kjlsICpduXhdHUMOwIh
+AOJ+nBHfaEGyF4PRJvn/jMDeIaH1zisinVzC2v+JQOWq
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server6-ss-child.crt b/tests/data_files/server6-ss-child.crt
new file mode 100644
index 0000000..3c6fd4d
--- /dev/null
+++ b/tests/data_files/server6-ss-child.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAZmgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
+BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
+U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY1NloYDzIwMjQwNjE4MTEz
+NjU2WjBNMRkwFwYDVQQDExBzZWxmc2lnbmVkLWNoaWxkMRAwDgYDVQQLEwd0ZXN0
+aW5nMREwDwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAASBWTF2SST6Fa2roDFuDu0zEfqRJVXBsMGcA3I+mLotpHI3
+iR9DN40fjjrY8FfoL0/JAKT323MPssYElNFAOzjjo2EwXzAMBgNVHRMBAf8EAjAA
+MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFDxZrEo+LvwCNi/afcvLnHqyiZlT
+MB8GA1UdIwQYMBaAFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqGSM49BAMCA0cA
+MEQCIAMlQ59/NW7S0hP1cu5OTD2zqT087bEmnIfOTBYfj8UFAiBBrrz2dipODVYx
+vvTsQmSCzjrm+JtQQoWa+cdnAG3w5g==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-v1.crt b/tests/data_files/test-ca-v1.crt
new file mode 100644
index 0000000..e5a3b1c
--- /dev/null
+++ b/tests/data_files/test-ca-v1.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAgsCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
+EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA4MTRaGA8yMDI0
+MDYxODEwMDgxNFowUDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBDQSB2MTEQMA4G
+A1UECxMHdGVzdGluZzERMA8GA1UEChMIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUW
+oM0h8ZnU7OrLfBhYCJSl7JvFi98aHpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6j
+MFKp8udAcBTLRKJyC8LlQPk+5aYOs/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8
+Ko/vJ2DDxp/LuuxgfbfmhDK+T/tYJiIDW9S01fv145YucMDkLr38Lu7iQVXANC59
+JHJpy0exFECDfWf0hvYxq/F5pLK1LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp
+/KzbLijRfgJLI6AV8jhlZAnqDG6OGxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QID
+AQABMA0GCSqGSIb3DQEBCwUAA4IBAQBoXC5AlXI5azyOPvmNse2qHhO7BrXOEjH+
+9g5P/VsrVADhsUGv6x0A2oLoWXtOjGDIWWH53BWHkCUCu4T5D5C6+I47rXWl4pAr
+J+h+tQVZo6J0AJxfPse/NnrjsboUSWhunmo/iTrU6S4KJBguIKP6T1DZoD/8EYgU
+x+fXDmvRO+MTesWDiY+p+FHEzsu3b9EBtG9dUiR/zzXi/ktFCfrgstKGSuW6+j7m
+lcduTxsogi6Uc3tWKtn6qpSGR0uBoCz6emFO7Smmy/tIyVA88lH0+3UnxOvu4TAK
+uvjYkOcZqhprDiMfhxBB7pxbfiviEANTbgSfCtZewSNz2RUJ9ocy
+-----END CERTIFICATE-----
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f43f1eb..102a5b5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -176,7 +176,7 @@
# psk is useful when server only has bad certs
$P_CLI request_page=SERVERQUIT tickets=0 auth_mode=none psk=abc123 \
crt_file=data_files/cli2.crt key_file=data_files/cli2.key \
- >/dev/null
+ >/dev/null 2>&1
wait $SRV_PID
kill $WATCHDOG_PID
@@ -1422,6 +1422,244 @@
0 \
-s "Read from client: 500 bytes read (.*+.*)"
+# Tests for small packets
+
+run_test "Small packet SSLv3 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet SSLv3 StreamCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.0 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.1 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.1 StreamCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 StreamCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 AEAD" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.2 AEAD shorter tag" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+# Test for large packets
+
+run_test "Large packet SSLv3 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet SSLv3 StreamCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.0 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.1 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.1 StreamCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 BlockCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 StreamCipher" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 AEAD" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+run_test "Large packet TLS 1.2 AEAD shorter tag" \
+ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
# Final report
echo "------------------------------------------------------------------------"
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 54ef202..a22741e 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -622,6 +622,26 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA256_C
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
+X509 Certificate verification #70 (v1 trusted CA)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_SHA256_C
+x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #71 (v1 trusted CA, other)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_SHA256_C
+x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #72 (v1 chain)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_SHA256_C
+x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
+
+X509 Certificate verification #73 (selfsigned trusted without CA bit)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
+x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+
+X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
+x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
+
X509 Parse Selftest
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_CERTS_C
x509_selftest: