Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer

2025-12-23 15:55:10 +01:00 · 2013-10-28 14:37:09 +01:00 · 2013-10-28 14:37:09 +01:00 · 1642122f8b
commit 1642122f8b
parent 3f917e230d a8a25ae1b9
32 changed files with 5615 additions and 3443 deletions
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@ -102,6 +102,9 @@ typedef enum {
    POLARSSL_CIPHER_CAMELLIA_128_CTR,
    POLARSSL_CIPHER_CAMELLIA_192_CTR,
    POLARSSL_CIPHER_CAMELLIA_256_CTR,
+    POLARSSL_CIPHER_CAMELLIA_128_GCM,
+    POLARSSL_CIPHER_CAMELLIA_192_GCM,
+    POLARSSL_CIPHER_CAMELLIA_256_GCM,
    POLARSSL_CIPHER_DES_ECB,
    POLARSSL_CIPHER_DES_CBC,
    POLARSSL_CIPHER_DES_EDE_ECB,
@ -149,10 +152,13 @@ enum {
    POLARSSL_KEY_LENGTH_DES_EDE = 128,
    /** Key length, in bits (including parity), for DES in three-key EDE */
    POLARSSL_KEY_LENGTH_DES_EDE3 = 192,
-    /** Maximum length of any IV, in bytes */
-    POLARSSL_MAX_IV_LENGTH = 16,
 };

+/** Maximum length of any IV, in bytes */
+#define POLARSSL_MAX_IV_LENGTH      16
+/** Maximum block size of any cipher, in bytes */
+#define POLARSSL_MAX_BLOCK_LENGTH   16
+
 /**
 * Base cipher information. The non-mode specific functions and values.
 */
@ -245,7 +251,7 @@ typedef struct {
    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );

    /** Buffer for data that hasn't been encrypted yet */
-    unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH];
+    unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH];

    /** Number of bytes that still need processing */
    size_t unprocessed_len;
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -191,26 +191,27 @@
 *
 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
 * the following ciphersuites:
- *      TLS_RSA_WITH_NULL_MD5
- *      TLS_RSA_WITH_NULL_SHA
- *      TLS_RSA_WITH_NULL_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_NULL_SHA
 *      TLS_ECDHE_RSA_WITH_NULL_SHA
- *      TLS_PSK_WITH_NULL_SHA
- *      TLS_PSK_WITH_NULL_SHA256
- *      TLS_PSK_WITH_NULL_SHA384
- *      TLS_DHE_PSK_WITH_NULL_SHA
- *      TLS_DHE_PSK_WITH_NULL_SHA256
- *      TLS_DHE_PSK_WITH_NULL_SHA384
- *      TLS_RSA_PSK_WITH_NULL_SHA
- *      TLS_RSA_PSK_WITH_NULL_SHA256
- *      TLS_RSA_PSK_WITH_NULL_SHA384
- *      TLS_ECDHE_PSK_WITH_NULL_SHA
- *      TLS_ECDHE_PSK_WITH_NULL_SHA256
 *      TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      TLS_DHE_PSK_WITH_NULL_SHA384
+ *      TLS_DHE_PSK_WITH_NULL_SHA256
+ *      TLS_DHE_PSK_WITH_NULL_SHA
+ *      TLS_RSA_WITH_NULL_SHA256
+ *      TLS_RSA_WITH_NULL_SHA
+ *      TLS_RSA_WITH_NULL_MD5
+ *      TLS_RSA_PSK_WITH_NULL_SHA384
+ *      TLS_RSA_PSK_WITH_NULL_SHA256
+ *      TLS_RSA_PSK_WITH_NULL_SHA
+ *      TLS_PSK_WITH_NULL_SHA384
+ *      TLS_PSK_WITH_NULL_SHA256
+ *      TLS_PSK_WITH_NULL_SHA
 *
 * Uncomment this macro to enable the NULL cipher and ciphersuites
+#define POLARSSL_CIPHER_NULL_CIPHER
 */
-//#define POLARSSL_CIPHER_NULL_CIPHER

 /**
 * \def POLARSSL_CIPHER_PADDING_XXX
@ -239,14 +240,14 @@
 *      TLS_DHE_RSA_WITH_DES_CBC_SHA
 *
 * Uncomment this macro to enable weak ciphersuites
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
 */
-//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES

 /**
 * \def POLARSSL_ECP_XXXX_ENABLED
 *
 * Enables specific curves within the Elliptic Curve module.
- * By default all supported curves are enables.
+ * By default all supported curves are enabled.
 *
 * Comment macros to disable the curve and functions for it
 */
@ -277,14 +278,18 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_PSK_WITH_RC4_128_SHA
- *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_PSK_WITH_AES_128_CBC_SHA
- *      TLS_PSK_WITH_AES_256_CBC_SHA
- *      TLS_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_PSK_WITH_AES_128_GCM_SHA256
 *      TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_PSK_WITH_RC4_128_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED

@ -297,14 +302,18 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_DHE_PSK_WITH_RC4_128_SHA
- *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_DHE_PSK_WITH_RC4_128_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED

@ -317,14 +326,14 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
- *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
 *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
 *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED

@ -338,14 +347,18 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_RSA_PSK_WITH_RC4_128_SHA
- *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_RSA_PSK_WITH_RC4_128_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED

@ -359,19 +372,21 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_RSA_WITH_AES_128_CBC_SHA
- *      TLS_RSA_WITH_AES_256_CBC_SHA
- *      TLS_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_RSA_WITH_RC4_128_MD5
- *      TLS_RSA_WITH_RC4_128_SHA
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      TLS_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
 *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_RSA_WITH_RC4_128_SHA
+ *      TLS_RSA_WITH_RC4_128_MD5
 */
 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED

@ -385,14 +400,18 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
@ -407,16 +426,18 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
- *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
 *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED

@ -429,16 +450,18 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
- *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
- *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
- *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
- *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 */
 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

@ -798,20 +821,52 @@
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_RSA_WITH_AES_128_CBC_SHA
- *      TLS_RSA_WITH_AES_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      TLS_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      TLS_PSK_WITH_AES_256_CBC_SHA384
 *      TLS_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_PSK_WITH_AES_128_CBC_SHA
 *
 * PEM_PARSE uses AES for decrypting encrypted keys.
 */
@ -827,9 +882,13 @@
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_RSA_WITH_RC4_128_MD5
- *      TLS_RSA_WITH_RC4_128_SHA
+ *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      TLS_RSA_WITH_RC4_128_SHA
+ *      TLS_RSA_WITH_RC4_128_MD5
+ *      TLS_RSA_PSK_WITH_RC4_128_SHA
 *      TLS_PSK_WITH_RC4_128_SHA
 */
 #define POLARSSL_ARC4_C
@ -908,14 +967,40 @@
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
 */
 #define POLARSSL_CAMELLIA_C

@ -984,9 +1069,13 @@
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
- *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
 *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *
 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
@ -996,26 +1085,14 @@
 /**
 * \def POLARSSL_DHM_C
 *
- * Enable the Diffie-Hellman-Merkle key exchange.
+ * Enable the Diffie-Hellman-Merkle module.
 *
 * Module:  library/dhm.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      TLS_DHE_RSA_WITH_DES_CBC_SHA
- *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
 */
 #define POLARSSL_DHM_C

@ -1028,13 +1105,8 @@
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      TLS_ECDHE_RSA_WITH_NULL_SHA
- *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
- *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
 *
 * Requires: POLARSSL_ECP_C
 */
@ -1048,6 +1120,9 @@
 * Module:  library/ecdsa.c
 * Caller:
 *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
 * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
 */
 #define POLARSSL_ECDSA_C
@ -1098,12 +1173,10 @@
 *
 * Module:  library/gcm.c
 *
- * Requires: POLARSSL_AES_C
+ * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
 *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      TLS_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_RSA_WITH_AES_256_GCM_SHA384
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
 */
 #define POLARSSL_GCM_C

@ -1404,9 +1477,10 @@
 *          library/ssl_tls.c
 *          library/x509.c
 *
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
 *
- * This module is required for SSL/TLS and MD5-signed certificates.
+ * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
 */
 #define POLARSSL_RSA_C

@ -1782,7 +1856,8 @@
 #error "CTR_DRBG_ENTROPY_LEN value too high"
 #endif

-#if defined(POLARSSL_GCM_C) && !defined(POLARSSL_AES_C)
+#if defined(POLARSSL_GCM_C) && (                                        \
+        !defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
 #error "POLARSSL_GCM_C defined, but not all prerequisites"
 #endif

--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@ -85,7 +85,7 @@
 * ECP       4   7 (Started from top)
 * MD        5   4
 * CIPHER    6   6
- * SSL       6   7 (Started from top)
+ * SSL       6   8 (Started from top)
 * SSL       7   31
 *
 * Module dependent error code (5 bits 0x.08.-0x.F8.)
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -132,6 +132,7 @@
 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unkown identity received (eg, PSK identity) */
+#define POLARSSL_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */

 /*
 * Various constants
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@ -156,10 +156,25 @@ extern "C" {

 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
-
 #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< TLS 1.2 */
 #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< TLS 1.2 */

+#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
+#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
+
+#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08D /**< TLS 1.2 */
+#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
+
 #define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094 /**< TLS 1.2 */
 #define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095 /**< TLS 1.2 */
 #define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096 /**< TLS 1.2 */