diff options
-rw-r--r-- | src/arch/i386/firmware/pcbios/memmap.c | 14 | ||||
-rw-r--r-- | src/arch/i386/image/multiboot.c | 6 | ||||
-rw-r--r-- | src/include/gpxe/tls.h | 20 | ||||
-rw-r--r-- | src/net/ipv4.c | 2 | ||||
-rw-r--r-- | src/net/tls.c | 37 |
5 files changed, 49 insertions, 30 deletions
diff --git a/src/arch/i386/firmware/pcbios/memmap.c b/src/arch/i386/firmware/pcbios/memmap.c index 848979e..2e9627c 100644 --- a/src/arch/i386/firmware/pcbios/memmap.c +++ b/src/arch/i386/firmware/pcbios/memmap.c @@ -158,7 +158,7 @@ static int meme820 ( struct memory_map *memmap ) { uint32_t smap; size_t size; unsigned int flags; - unsigned int discard_d, discard_D; + unsigned int discard_D; /* Clear the E820 buffer. Do this once before starting, * rather than on each call; some BIOSes rely on the contents @@ -171,13 +171,15 @@ static int meme820 ( struct memory_map *memmap ) { * this by telling gcc that all non-output registers * may be corrupted. */ - __asm__ __volatile__ ( REAL_CODE ( "stc\n\t" + __asm__ __volatile__ ( REAL_CODE ( "pushl %%ebp\n\t" + "stc\n\t" "int $0x15\n\t" "pushfw\n\t" - "popw %w0\n\t" ) - : "=r" ( flags ), "=a" ( smap ), - "=b" ( next ), "=D" ( discard_D ), - "=c" ( size ), "=d" ( discard_d ) + "popw %%dx\n\t" + "popl %%ebp\n\t" ) + : "=a" ( smap ), "=b" ( next ), + "=c" ( size ), "=d" ( flags ), + "=D" ( discard_D ) : "a" ( 0xe820 ), "b" ( next ), "D" ( __from_data16 ( &e820buf ) ), "c" ( sizeof ( e820buf ) ), diff --git a/src/arch/i386/image/multiboot.c b/src/arch/i386/image/multiboot.c index a4a340f..49adf95 100644 --- a/src/arch/i386/image/multiboot.c +++ b/src/arch/i386/image/multiboot.c @@ -282,11 +282,13 @@ static int multiboot_exec ( struct image *image ) { /* Jump to OS with flat physical addressing */ DBGC ( image, "MULTIBOOT %p starting execution at %lx\n", image, entry ); - __asm__ __volatile__ ( PHYS_CODE ( "call *%%edi\n\t" ) + __asm__ __volatile__ ( PHYS_CODE ( "pushl %%ebp\n\t" + "call *%%edi\n\t" + "popl %%ebp\n\t" ) : : "a" ( MULTIBOOT_BOOTLOADER_MAGIC ), "b" ( virt_to_phys ( &mbinfo ) ), "D" ( entry ) - : "ecx", "edx", "esi", "ebp", "memory" ); + : "ecx", "edx", "esi", "memory" ); DBGC ( image, "MULTIBOOT %p returned\n", image ); diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h index a8cf16e..3910945 100644 --- a/src/include/gpxe/tls.h +++ b/src/include/gpxe/tls.h @@ -109,6 +109,22 @@ struct tls_cipherspec { void *mac_secret; }; +/** TLS pre-master secret */ +struct tls_pre_master_secret { + /** TLS version */ + uint16_t version; + /** Random data */ + uint8_t random[46]; +} __attribute__ (( packed )); + +/** TLS client random data */ +struct tls_client_random { + /** GMT Unix time */ + uint32_t gmt_unix_time; + /** Random data */ + uint8_t random[28]; +} __attribute__ (( packed )); + /** A TLS session */ struct tls_session { /** Reference counter */ @@ -128,13 +144,13 @@ struct tls_session { /** Next RX cipher specification */ struct tls_cipherspec rx_cipherspec_pending; /** Premaster secret */ - uint8_t pre_master_secret[48]; + struct tls_pre_master_secret pre_master_secret; /** Master secret */ uint8_t master_secret[48]; /** Server random bytes */ uint8_t server_random[32]; /** Client random bytes */ - uint8_t client_random[32]; + struct tls_client_random client_random; /** MD5 context for handshake verification */ uint8_t handshake_md5_ctx[MD5_CTX_SIZE]; /** SHA1 context for handshake verification */ diff --git a/src/net/ipv4.c b/src/net/ipv4.c index e14ed6a..63dcca2 100644 --- a/src/net/ipv4.c +++ b/src/net/ipv4.c @@ -188,7 +188,7 @@ static struct io_buffer * ipv4_reassemble ( struct io_buffer * iobuf ) { free_iob ( iobuf ); /** Check if the fragment series is over */ - if ( !iphdr->frags & IP_MASK_MOREFRAGS ) { + if ( ! ( iphdr->frags & IP_MASK_MOREFRAGS ) ) { iobuf = fragbuf->frag_iob; free_fragbuf ( fragbuf ); return iobuf; diff --git a/src/net/tls.c b/src/net/tls.c index 834686f..fa4b58d 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -270,16 +270,16 @@ static void tls_generate_master_secret ( struct tls_session *tls ) { DBGC_HD ( tls, &tls->pre_master_secret, sizeof ( tls->pre_master_secret ) ); DBGC ( tls, "TLS %p client random bytes:\n", tls ); - DBGC_HD ( tls, &tls->client_random, sizeof ( tls->server_random ) ); + DBGC_HD ( tls, &tls->client_random, sizeof ( tls->client_random ) ); DBGC ( tls, "TLS %p server random bytes:\n", tls ); DBGC_HD ( tls, &tls->server_random, sizeof ( tls->server_random ) ); - tls_prf_label ( tls, tls->pre_master_secret, + tls_prf_label ( tls, &tls->pre_master_secret, sizeof ( tls->pre_master_secret ), - tls->master_secret, sizeof ( tls->master_secret ), + &tls->master_secret, sizeof ( tls->master_secret ), "master secret", - tls->client_random, sizeof ( tls->client_random ), - tls->server_random, sizeof ( tls->server_random ) ); + &tls->client_random, sizeof ( tls->client_random ), + &tls->server_random, sizeof ( tls->server_random ) ); DBGC ( tls, "TLS %p generated master secret:\n", tls ); DBGC_HD ( tls, &tls->master_secret, sizeof ( tls->master_secret ) ); @@ -304,10 +304,10 @@ static int tls_generate_keys ( struct tls_session *tls ) { int rc; /* Generate key block */ - tls_prf_label ( tls, tls->master_secret, sizeof ( tls->master_secret ), + tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ), key_block, sizeof ( key_block ), "key expansion", - tls->server_random, sizeof ( tls->server_random ), - tls->client_random, sizeof ( tls->client_random ) ); + &tls->server_random, sizeof ( tls->server_random ), + &tls->client_random, sizeof ( tls->client_random ) ); /* Split key block into portions */ key = key_block; @@ -604,7 +604,7 @@ static int tls_send_client_hello ( struct tls_session *tls ) { htonl ( sizeof ( hello ) - sizeof ( hello.type_length ) ) ); hello.version = htons ( TLS_VERSION_TLS_1_0 ); - memcpy ( &hello.random, tls->client_random, sizeof ( hello.random ) ); + memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) ); hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) ); hello.cipher_suites[0] = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ); hello.cipher_suites[1] = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ); @@ -643,7 +643,7 @@ static int tls_send_client_key_exchange ( struct tls_session *tls ) { sizeof ( tls->pre_master_secret ) ); DBGC_HD ( tls, tls->rsa_mod, tls->rsa_mod_len ); DBGC_HD ( tls, tls->rsa_pub_exp, tls->rsa_pub_exp_len ); - RSA_encrypt ( rsa_ctx, tls->pre_master_secret, + RSA_encrypt ( rsa_ctx, ( const uint8_t * ) &tls->pre_master_secret, sizeof ( tls->pre_master_secret ), key_xchg.encrypted_pre_master_secret, 0 ); DBGC ( tls, "RSA encrypt done. Ciphertext:\n" ); @@ -685,7 +685,7 @@ static int tls_send_finished ( struct tls_session *tls ) { htonl ( sizeof ( finished ) - sizeof ( finished.type_length ) ) ); tls_verify_handshake ( tls, digest ); - tls_prf_label ( tls, tls->master_secret, sizeof ( tls->master_secret ), + tls_prf_label ( tls, &tls->master_secret, sizeof ( tls->master_secret ), finished.verify_data, sizeof ( finished.verify_data ), "client finished", digest, sizeof ( digest ) ); @@ -802,7 +802,7 @@ static int tls_new_server_hello ( struct tls_session *tls, } /* Copy out server random bytes */ - memcpy ( tls->server_random, hello_a->random, + memcpy ( &tls->server_random, &hello_a->random, sizeof ( tls->server_random ) ); /* Select cipher suite */ @@ -1710,13 +1710,12 @@ int add_tls ( struct xfer_interface *xfer, struct xfer_interface **next ) { tls_clear_cipher ( tls, &tls->tx_cipherspec_pending ); tls_clear_cipher ( tls, &tls->rx_cipherspec ); tls_clear_cipher ( tls, &tls->rx_cipherspec_pending ); - *( ( uint32_t * ) tls->client_random ) = 0; /* GMT Unix time */ - tls_generate_random ( ( tls->client_random + 4 ), - ( sizeof ( tls->client_random ) - 4 ) ); - *( ( uint16_t * ) tls->pre_master_secret ) - = htons ( TLS_VERSION_TLS_1_0 ); - tls_generate_random ( ( tls->pre_master_secret + 2 ), - ( sizeof ( tls->pre_master_secret ) - 2 ) ); + tls->client_random.gmt_unix_time = 0; + tls_generate_random ( &tls->client_random.random, + ( sizeof ( tls->client_random.random ) ) ); + tls->pre_master_secret.version = htons ( TLS_VERSION_TLS_1_0 ); + tls_generate_random ( &tls->pre_master_secret.random, + ( sizeof ( tls->pre_master_secret.random ) ) ); digest_init ( &md5_algorithm, tls->handshake_md5_ctx ); digest_init ( &sha1_algorithm, tls->handshake_sha1_ctx ); tls->tx_state = TLS_TX_CLIENT_HELLO; |