import gnutls-3.6.14-6.el8
This commit is contained in:
parent
851c991dda
commit
5a71e1e561
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/gnutls-3.6.8.tar.xz
|
||||
SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
SOURCES/gnutls-3.6.14.tar.xz
|
||||
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
|
@ -1,2 +1,2 @@
|
||||
e1243188791af409bca118d31faf3ec3d5f0a5ab SOURCES/gnutls-3.6.8.tar.xz
|
||||
e6f8a1400839ce7b4021cdd0f8d08d71b0693486 SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
bea1b5abcb691acf014e592f41d0a9580a41216a SOURCES/gnutls-3.6.14.tar.xz
|
||||
648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
|
@ -1,29 +0,0 @@
|
||||
From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
|
||||
Date: Fri, 27 Mar 2020 17:17:57 +0100
|
||||
Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
|
||||
hello verify request", which failed to "De Morgan" properly.
|
||||
|
||||
Signed-off-by: Stefan Bühler <stbuehler@web.de>
|
||||
---
|
||||
lib/handshake.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: gnutls-3.6.8/lib/handshake.c
|
||||
===================================================================
|
||||
--- gnutls-3.6.8.orig/lib/handshake.c
|
||||
+++ gnutls-3.6.8/lib/handshake.c
|
||||
@@ -2164,7 +2164,7 @@ static int send_client_hello(gnutls_sess
|
||||
/* Generate random data
|
||||
*/
|
||||
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
|
||||
- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
|
||||
+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
|
||||
ret = _gnutls_gen_client_random(session);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
7849
SOURCES/gnutls-3.6.13-enable-intel-cet.patch
Normal file
7849
SOURCES/gnutls-3.6.13-enable-intel-cet.patch
Normal file
File diff suppressed because it is too large
Load Diff
36
SOURCES/gnutls-3.6.14-autogen-int.patch
Normal file
36
SOURCES/gnutls-3.6.14-autogen-int.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From cf1de82bedd01c01e70921699c84a473b08d0dab Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Mon, 1 Jun 2020 17:23:59 +0200
|
||||
Subject: [PATCH] serv: omit upper bound of --maxearlydata option definition
|
||||
|
||||
It turned out that AutoGen treats numbers that exceed INT_MAX in a
|
||||
platform dependent way. In this case, 4294967295 (UINT_MAX) is
|
||||
treated as is on 64-bit platforms, while it is interpreted as "-1" on
|
||||
32-bit platforms. This causes a problem when the program
|
||||
documentation is compiled under multilib environment.
|
||||
|
||||
Reported by Ivan Molodetskikh in:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1841844
|
||||
and the cause was identified by Anderson Toshiyuki Sasaki.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
src/serv-args.def | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/serv-args.def b/src/serv-args.def
|
||||
index 996fbe36b..a584085e2 100644
|
||||
--- a/src/serv-args.def
|
||||
+++ b/src/serv-args.def
|
||||
@@ -51,7 +51,7 @@ flag = {
|
||||
flag = {
|
||||
name = maxearlydata;
|
||||
arg-type = number;
|
||||
- arg-range = "1->4294967295";
|
||||
+ arg-range = "1->";
|
||||
descrip = "The maximum early data size to accept";
|
||||
doc = "";
|
||||
};
|
||||
--
|
||||
2.26.2
|
||||
|
676
SOURCES/gnutls-3.6.14-fips-dh-check.patch
Normal file
676
SOURCES/gnutls-3.6.14-fips-dh-check.patch
Normal file
@ -0,0 +1,676 @@
|
||||
From bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 10 Jul 2020 09:35:49 +0200
|
||||
Subject: [PATCH 1/5] dh: check validity of Z before export
|
||||
|
||||
SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the
|
||||
calculated shared secret is verified before the data is returned to the
|
||||
caller. This patch adds the validation check.
|
||||
|
||||
Suggested by Stephan Mueller.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/nettle/pk.c | 26 +++++++++++++++++---------
|
||||
1 file changed, 17 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index 57a8560ed..08c7d4860 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -288,7 +288,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
||||
switch (algo) {
|
||||
case GNUTLS_PK_DH: {
|
||||
bigint_t f, x, q, prime;
|
||||
- bigint_t k = NULL, ff = NULL, r = NULL;
|
||||
+ bigint_t k = NULL, primesub1 = NULL, r = NULL;
|
||||
unsigned int bits;
|
||||
|
||||
if (nonce != NULL)
|
||||
@@ -299,21 +299,20 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
||||
q = priv->params[DH_Q];
|
||||
prime = priv->params[DH_P];
|
||||
|
||||
- ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL);
|
||||
+ ret = _gnutls_mpi_init_multi(&k, &primesub1, &r, NULL);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
- ret = _gnutls_mpi_add_ui(ff, f, 1);
|
||||
+ ret = _gnutls_mpi_sub_ui(primesub1, prime, 1);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
goto dh_cleanup;
|
||||
}
|
||||
|
||||
- /* check if f==0,1, or f >= p-1.
|
||||
- * or (ff=f+1) equivalently ff==1,2, ff >= p */
|
||||
- if ((_gnutls_mpi_cmp_ui(ff, 2) == 0)
|
||||
- || (_gnutls_mpi_cmp_ui(ff, 1) == 0)
|
||||
- || (_gnutls_mpi_cmp(ff, prime) >= 0)) {
|
||||
+ /* check if f==0,1, or f >= p-1 */
|
||||
+ if ((_gnutls_mpi_cmp_ui(f, 1) == 0)
|
||||
+ || (_gnutls_mpi_cmp_ui(f, 0) == 0)
|
||||
+ || (_gnutls_mpi_cmp(f, primesub1) >= 0)) {
|
||||
gnutls_assert();
|
||||
ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
||||
goto dh_cleanup;
|
||||
@@ -354,6 +353,15 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
||||
goto dh_cleanup;
|
||||
}
|
||||
|
||||
+ /* check if k==0,1, or k = p-1 */
|
||||
+ if ((_gnutls_mpi_cmp_ui(k, 1) == 0)
|
||||
+ || (_gnutls_mpi_cmp_ui(k, 0) == 0)
|
||||
+ || (_gnutls_mpi_cmp(k, primesub1) == 0)) {
|
||||
+ gnutls_assert();
|
||||
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
||||
+ goto dh_cleanup;
|
||||
+ }
|
||||
+
|
||||
if (flags & PK_DERIVE_TLS13) {
|
||||
ret =
|
||||
_gnutls_mpi_dprint_size(k, out,
|
||||
@@ -370,7 +378,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
||||
ret = 0;
|
||||
dh_cleanup:
|
||||
_gnutls_mpi_release(&r);
|
||||
- _gnutls_mpi_release(&ff);
|
||||
+ _gnutls_mpi_release(&primesub1);
|
||||
zrelease_temp_mpi_key(&k);
|
||||
if (ret < 0)
|
||||
goto cleanup;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
||||
From 13202600d3e42258d8758b05ff45a3e3d0f07e4e Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 10 Jul 2020 09:42:30 +0200
|
||||
Subject: [PATCH 2/5] ecdh: check validity of P before export
|
||||
|
||||
SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of
|
||||
the calculated shared secret is verified before the data is returned
|
||||
to the caller. This patch adds the validation check.
|
||||
|
||||
Suggested by Stephan Mueller.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/nettle/pk.c | 27 +++++++++++++++++++++------
|
||||
1 file changed, 21 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index 08c7d4860..7f0fa8e03 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -229,25 +229,38 @@ _gost_params_to_pubkey(const gnutls_pk_params_st * pk_params,
|
||||
}
|
||||
#endif
|
||||
|
||||
-static void
|
||||
+static int
|
||||
ecc_shared_secret(struct ecc_scalar *private_key,
|
||||
struct ecc_point *public_key, void *out, unsigned size)
|
||||
{
|
||||
struct ecc_point r;
|
||||
- mpz_t x;
|
||||
+ mpz_t x, y;
|
||||
+ int ret = 0;
|
||||
|
||||
mpz_init(x);
|
||||
+ mpz_init(y);
|
||||
ecc_point_init(&r, public_key->ecc);
|
||||
|
||||
ecc_point_mul(&r, private_key, public_key);
|
||||
|
||||
- ecc_point_get(&r, x, NULL);
|
||||
+ ecc_point_get(&r, x, y);
|
||||
+
|
||||
+ /* Check if the point is not an identity element. Note that this cannot
|
||||
+ * happen in nettle implementation, because it cannot represent an
|
||||
+ * infinity point. */
|
||||
+ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
nettle_mpz_get_str_256(size, out, x);
|
||||
|
||||
+ cleanup:
|
||||
mpz_clear(x);
|
||||
+ mpz_clear(y);
|
||||
ecc_point_clear(&r);
|
||||
|
||||
- return;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
#define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS
|
||||
@@ -423,8 +436,10 @@ dh_cleanup:
|
||||
goto ecc_cleanup;
|
||||
}
|
||||
|
||||
- ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
|
||||
- out->size);
|
||||
+ ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
|
||||
+ out->size);
|
||||
+ if (ret < 0)
|
||||
+ gnutls_free(out->data);
|
||||
|
||||
ecc_cleanup:
|
||||
ecc_point_clear(&ecc_pub);
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
||||
From 245fb622e82bfa7b80d2cec7cafdbc65014ca3cb Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 17 Jul 2020 17:45:17 +0200
|
||||
Subject: [PATCH 3/5] dh-primes: make the FIPS approved check return Q value
|
||||
|
||||
This is necessary for full public key validation in
|
||||
SP800-56A (revision 3), section 5.6.2.3.1.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/auth/dh_common.c | 2 +-
|
||||
lib/dh-primes.c | 38 +++++++++++++++++++++++---------------
|
||||
lib/dh.h | 10 ++++++----
|
||||
3 files changed, 30 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
|
||||
index 252eea0cb..fcd696d4d 100644
|
||||
--- a/lib/auth/dh_common.c
|
||||
+++ b/lib/auth/dh_common.c
|
||||
@@ -259,7 +259,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
|
||||
|
||||
#ifdef ENABLE_FIPS140
|
||||
if (gnutls_fips140_mode_enabled() &&
|
||||
- !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) {
|
||||
+ !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) {
|
||||
gnutls_assert();
|
||||
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
||||
}
|
||||
diff --git a/lib/dh-primes.c b/lib/dh-primes.c
|
||||
index a43a8e5de..a440b5b98 100644
|
||||
--- a/lib/dh-primes.c
|
||||
+++ b/lib/dh-primes.c
|
||||
@@ -1894,25 +1894,28 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = {
|
||||
const unsigned int gnutls_modp_8192_key_bits = 512;
|
||||
|
||||
unsigned
|
||||
-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
|
||||
- size_t prime_size,
|
||||
- const uint8_t *generator,
|
||||
- size_t generator_size)
|
||||
+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
|
||||
+ size_t prime_size,
|
||||
+ const uint8_t *generator,
|
||||
+ size_t generator_size,
|
||||
+ uint8_t **q,
|
||||
+ size_t *q_size)
|
||||
{
|
||||
static const struct {
|
||||
const gnutls_datum_t *prime;
|
||||
const gnutls_datum_t *generator;
|
||||
+ const gnutls_datum_t *q;
|
||||
} primes[] = {
|
||||
- { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator },
|
||||
- { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator },
|
||||
- { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator },
|
||||
- { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator },
|
||||
- { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator },
|
||||
- { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator },
|
||||
- { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator },
|
||||
- { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator },
|
||||
- { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator },
|
||||
- { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator },
|
||||
+ { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator, &gnutls_ffdhe_8192_group_q },
|
||||
+ { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator, &gnutls_ffdhe_6144_group_q },
|
||||
+ { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator, &gnutls_ffdhe_4096_group_q },
|
||||
+ { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator, &gnutls_ffdhe_3072_group_q },
|
||||
+ { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator, &gnutls_ffdhe_2048_group_q },
|
||||
+ { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator, &gnutls_modp_8192_group_q },
|
||||
+ { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator, &gnutls_modp_6144_group_q },
|
||||
+ { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator, &gnutls_modp_4096_group_q },
|
||||
+ { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator, &gnutls_modp_3072_group_q },
|
||||
+ { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator, &gnutls_modp_2048_group_q },
|
||||
};
|
||||
size_t i;
|
||||
|
||||
@@ -1920,8 +1923,13 @@ _gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
|
||||
if (primes[i].prime->size == prime_size &&
|
||||
memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 &&
|
||||
primes[i].generator->size == generator_size &&
|
||||
- memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0)
|
||||
+ memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) {
|
||||
+ if (q) {
|
||||
+ *q = primes[i].q->data;
|
||||
+ *q_size = primes[i].q->size;
|
||||
+ }
|
||||
return 1;
|
||||
+ }
|
||||
}
|
||||
|
||||
return 0;
|
||||
diff --git a/lib/dh.h b/lib/dh.h
|
||||
index 672451947..f5c2c0924 100644
|
||||
--- a/lib/dh.h
|
||||
+++ b/lib/dh.h
|
||||
@@ -61,9 +61,11 @@ extern const gnutls_datum_t gnutls_modp_2048_group_generator;
|
||||
extern const unsigned int gnutls_modp_2048_key_bits;
|
||||
|
||||
unsigned
|
||||
-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
|
||||
- size_t prime_size,
|
||||
- const uint8_t *generator,
|
||||
- size_t generator_size);
|
||||
+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
|
||||
+ size_t prime_size,
|
||||
+ const uint8_t *generator,
|
||||
+ size_t generator_size,
|
||||
+ uint8_t **q,
|
||||
+ size_t *q_size);
|
||||
|
||||
#endif /* GNUTLS_LIB_DH_H */
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
||||
From 8b575625614fbe5a22b68dc8d1877efb1d44dd37 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 17 Jul 2020 17:47:06 +0200
|
||||
Subject: [PATCH 4/5] dh: perform SP800-56A rev3 full pubkey validation on
|
||||
keygen
|
||||
|
||||
This implements full public key validation required in SP800-56A rev3,
|
||||
section 5.6.2.3.1.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/nettle/pk.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 90 insertions(+)
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index 7f0fa8e03..057836bc2 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -71,6 +71,7 @@
|
||||
#include "int/dsa-compute-k.h"
|
||||
#include <gnettle.h>
|
||||
#include <fips.h>
|
||||
+#include "dh.h"
|
||||
|
||||
static inline const struct ecc_curve *get_supported_nist_curve(int curve);
|
||||
static inline const struct ecc_curve *get_supported_gost_curve(int curve);
|
||||
@@ -2131,6 +2132,53 @@ edwards_curve_mul_g(gnutls_pk_algorithm_t algo,
|
||||
}
|
||||
}
|
||||
|
||||
+static inline int
|
||||
+dh_find_q(const gnutls_pk_params_st *pk_params, mpz_t q)
|
||||
+{
|
||||
+ gnutls_datum_t prime = { NULL, 0 };
|
||||
+ gnutls_datum_t generator = { NULL, 0 };
|
||||
+ uint8_t *data_q;
|
||||
+ size_t n_q;
|
||||
+ bigint_t _q;
|
||||
+ int ret = 0;
|
||||
+
|
||||
+ ret = _gnutls_mpi_dprint(pk_params->params[DSA_P], &prime);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ ret = _gnutls_mpi_dprint(pk_params->params[DSA_G], &generator);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (!_gnutls_dh_prime_match_fips_approved(prime.data,
|
||||
+ prime.size,
|
||||
+ generator.data,
|
||||
+ generator.size,
|
||||
+ &data_q,
|
||||
+ &n_q)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (_gnutls_mpi_init_scan_nz(&_q, data_q, n_q) != 0) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ mpz_set(q, TOMPZ(_q));
|
||||
+ _gnutls_mpi_release(&_q);
|
||||
+
|
||||
+ cleanup:
|
||||
+ gnutls_free(prime.data);
|
||||
+ gnutls_free(generator.data);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/* To generate a DH key either q must be set in the params or
|
||||
* level should be set to the number of required bits.
|
||||
*/
|
||||
@@ -2212,6 +2260,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
mpz_t x, y;
|
||||
int max_tries;
|
||||
unsigned have_q = 0;
|
||||
+ mpz_t q;
|
||||
+ mpz_t primesub1;
|
||||
+ mpz_t ypowq;
|
||||
|
||||
if (algo != params->algo)
|
||||
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||
@@ -2229,6 +2280,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
mpz_init(x);
|
||||
mpz_init(y);
|
||||
|
||||
+ mpz_init(q);
|
||||
+ mpz_init(primesub1);
|
||||
+ mpz_init(ypowq);
|
||||
+
|
||||
max_tries = 3;
|
||||
do {
|
||||
if (have_q) {
|
||||
@@ -2260,8 +2315,40 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
ret = GNUTLS_E_LIB_IN_ERROR_STATE;
|
||||
goto dh_fail;
|
||||
}
|
||||
+
|
||||
} while(mpz_cmp_ui(y, 1) == 0);
|
||||
|
||||
+#ifdef ENABLE_FIPS140
|
||||
+ if (_gnutls_fips_mode_enabled()) {
|
||||
+ /* Perform FFC full public key validation checks
|
||||
+ * according to SP800-56A (revision 3), 5.6.2.3.1.
|
||||
+ */
|
||||
+
|
||||
+ /* Step 1: 2 <= y <= p - 2 */
|
||||
+ mpz_sub_ui(primesub1, pub.p, 1);
|
||||
+
|
||||
+ if (mpz_cmp_ui(y, 2) < 0 || mpz_cmp(y, primesub1) >= 0) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
||||
+ goto dh_fail;
|
||||
+ }
|
||||
+
|
||||
+ /* Step 2: 1 = y^q mod p */
|
||||
+ if (have_q)
|
||||
+ mpz_set(q, pub.q);
|
||||
+ else {
|
||||
+ ret = dh_find_q(params, q);
|
||||
+ if (ret < 0)
|
||||
+ goto dh_fail;
|
||||
+ }
|
||||
+
|
||||
+ mpz_powm(ypowq, y, q, pub.p);
|
||||
+ if (mpz_cmp_ui(ypowq, 1) != 0) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
||||
+ goto dh_fail;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
@@ -2278,6 +2365,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
mpz_clear(r);
|
||||
mpz_clear(x);
|
||||
mpz_clear(y);
|
||||
+ mpz_clear(q);
|
||||
+ mpz_clear(primesub1);
|
||||
+ mpz_clear(ypowq);
|
||||
|
||||
if (ret < 0)
|
||||
goto fail;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
||||
From 23756c8580dff99d0856adca49dd22a55352ad62 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Sat, 18 Jul 2020 08:26:48 +0200
|
||||
Subject: [PATCH 5/5] ecdh: perform SP800-56A rev3 full pubkey validation on
|
||||
keygen
|
||||
|
||||
This implements full public key validation required in
|
||||
SP800-56A rev3, section 5.6.2.3.3.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/nettle/pk.c | 182 +++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 180 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index 057836bc2..588e9df50 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -1552,6 +1552,80 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve)
|
||||
}
|
||||
}
|
||||
|
||||
+static inline const char *get_supported_nist_curve_order(int curve)
|
||||
+{
|
||||
+ static const struct {
|
||||
+ int curve;
|
||||
+ const char *order;
|
||||
+ } orders[] = {
|
||||
+#ifdef ENABLE_NON_SUITEB_CURVES
|
||||
+ { GNUTLS_ECC_CURVE_SECP192R1,
|
||||
+ "ffffffffffffffffffffffff99def836"
|
||||
+ "146bc9b1b4d22831" },
|
||||
+ { GNUTLS_ECC_CURVE_SECP224R1,
|
||||
+ "ffffffffffffffffffffffffffff16a2"
|
||||
+ "e0b8f03e13dd29455c5c2a3d" },
|
||||
+#endif
|
||||
+ { GNUTLS_ECC_CURVE_SECP256R1,
|
||||
+ "ffffffff00000000ffffffffffffffff"
|
||||
+ "bce6faada7179e84f3b9cac2fc632551" },
|
||||
+ { GNUTLS_ECC_CURVE_SECP384R1,
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "ffffffffffffffffc7634d81f4372ddf"
|
||||
+ "581a0db248b0a77aecec196accc52973" },
|
||||
+ { GNUTLS_ECC_CURVE_SECP521R1,
|
||||
+ "1fffffffffffffffffffffffffffffff"
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "ffa51868783bf2f966b7fcc0148f709a"
|
||||
+ "5d03bb5c9b8899c47aebb6fb71e91386"
|
||||
+ "409" },
|
||||
+ };
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) {
|
||||
+ if (orders[i].curve == curve)
|
||||
+ return orders[i].order;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+static inline const char *get_supported_nist_curve_modulus(int curve)
|
||||
+{
|
||||
+ static const struct {
|
||||
+ int curve;
|
||||
+ const char *order;
|
||||
+ } orders[] = {
|
||||
+#ifdef ENABLE_NON_SUITEB_CURVES
|
||||
+ { GNUTLS_ECC_CURVE_SECP192R1,
|
||||
+ "fffffffffffffffffffffffffffffffe"
|
||||
+ "ffffffffffffffff" },
|
||||
+ { GNUTLS_ECC_CURVE_SECP224R1,
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "000000000000000000000001" },
|
||||
+#endif
|
||||
+ { GNUTLS_ECC_CURVE_SECP256R1,
|
||||
+ "ffffffff000000010000000000000000"
|
||||
+ "00000000ffffffffffffffffffffffff" },
|
||||
+ { GNUTLS_ECC_CURVE_SECP384R1,
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "fffffffffffffffffffffffffffffffe"
|
||||
+ "ffffffff0000000000000000ffffffff" },
|
||||
+ { GNUTLS_ECC_CURVE_SECP521R1,
|
||||
+ "1ff"
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "ffffffffffffffffffffffffffffffff"
|
||||
+ "ffffffffffffffffffffffffffffffff" },
|
||||
+ };
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) {
|
||||
+ if (orders[i].curve == curve)
|
||||
+ return orders[i].order;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
static inline const struct ecc_curve *get_supported_gost_curve(int curve)
|
||||
{
|
||||
switch (curve) {
|
||||
@@ -2507,6 +2581,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
struct ecc_scalar key;
|
||||
struct ecc_point pub;
|
||||
const struct ecc_curve *curve;
|
||||
+ struct ecc_scalar n;
|
||||
+ struct ecc_scalar m;
|
||||
+ struct ecc_point r;
|
||||
+ mpz_t x, y, xx, yy, nn, mm;
|
||||
|
||||
curve = get_supported_nist_curve(level);
|
||||
if (curve == NULL)
|
||||
@@ -2514,8 +2592,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
gnutls_assert_val
|
||||
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
|
||||
|
||||
+ mpz_init(x);
|
||||
+ mpz_init(y);
|
||||
+ mpz_init(xx);
|
||||
+ mpz_init(yy);
|
||||
+ mpz_init(nn);
|
||||
+ mpz_init(mm);
|
||||
+
|
||||
ecc_scalar_init(&key, curve);
|
||||
ecc_point_init(&pub, curve);
|
||||
+ ecc_scalar_init(&n, curve);
|
||||
+ ecc_scalar_init(&m, curve);
|
||||
+ ecc_point_init(&r, curve);
|
||||
|
||||
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
|
||||
if (HAVE_LIB_ERROR()) {
|
||||
@@ -2533,15 +2621,105 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
||||
params->curve = level;
|
||||
params->params_nr = ECC_PRIVATE_PARAMS;
|
||||
|
||||
- ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
|
||||
- TOMPZ(params->params[ECC_Y]));
|
||||
+ ecc_point_get(&pub, x, y);
|
||||
+
|
||||
+#ifdef ENABLE_FIPS140
|
||||
+ if (_gnutls_fips_mode_enabled()) {
|
||||
+ /* Perform ECC full public key validation checks
|
||||
+ * according to SP800-56A (revision 3), 5.6.2.3.3.
|
||||
+ */
|
||||
+
|
||||
+ const char *order, *modulus;
|
||||
+
|
||||
+ /* Step 1: verify that Q is not an identity
|
||||
+ * element (an infinity point). Note that this
|
||||
+ * cannot happen in the nettle implementation,
|
||||
+ * because it cannot represent an infinity point
|
||||
+ * on curves. */
|
||||
+ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+
|
||||
+ /* Step 2: verify that both coordinates of Q are
|
||||
+ * in the range [0, p - 1].
|
||||
+ *
|
||||
+ * Step 3: verify that Q lie on the curve
|
||||
+ *
|
||||
+ * Both checks are performed in nettle. */
|
||||
+ if (!ecc_point_set(&r, x, y)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+
|
||||
+ /* Step 4: verify that n * Q, where n is the
|
||||
+ * curve order, result in an identity element
|
||||
+ *
|
||||
+ * Since nettle internally cannot represent an
|
||||
+ * identity element on curves, we validate this
|
||||
+ * instead:
|
||||
+ *
|
||||
+ * (n - 1) * Q = -Q
|
||||
+ *
|
||||
+ * That effectively means: n * Q = -Q + Q = O
|
||||
+ */
|
||||
+ order = get_supported_nist_curve_order(level);
|
||||
+ if (unlikely(order == NULL)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+
|
||||
+ ret = mpz_set_str(nn, order, 16);
|
||||
+ if (unlikely(ret < 0)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+
|
||||
+ modulus = get_supported_nist_curve_modulus(level);
|
||||
+ if (unlikely(modulus == NULL)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+
|
||||
+ ret = mpz_set_str(mm, modulus, 16);
|
||||
+ if (unlikely(ret < 0)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+
|
||||
+ /* (n - 1) * Q = -Q */
|
||||
+ mpz_sub_ui (nn, nn, 1);
|
||||
+ ecc_scalar_set(&n, nn);
|
||||
+ ecc_point_mul(&r, &n, &r);
|
||||
+ ecc_point_get(&r, xx, yy);
|
||||
+ mpz_sub (mm, mm, y);
|
||||
+
|
||||
+ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
||||
+ goto ecc_fail;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ mpz_set(TOMPZ(params->params[ECC_X]), x);
|
||||
+ mpz_set(TOMPZ(params->params[ECC_Y]), y);
|
||||
+
|
||||
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
|
||||
|
||||
ret = 0;
|
||||
|
||||
ecc_fail:
|
||||
+ mpz_clear(x);
|
||||
+ mpz_clear(y);
|
||||
+ mpz_clear(xx);
|
||||
+ mpz_clear(yy);
|
||||
+ mpz_clear(nn);
|
||||
+ mpz_clear(mm);
|
||||
ecc_point_clear(&pub);
|
||||
ecc_scalar_clear(&key);
|
||||
+ ecc_point_clear(&r);
|
||||
+ ecc_scalar_clear(&n);
|
||||
+ ecc_scalar_clear(&m);
|
||||
|
||||
if (ret < 0)
|
||||
goto fail;
|
||||
--
|
||||
2.26.2
|
||||
|
1843
SOURCES/gnutls-3.6.14-fips-dh-primes.patch
Normal file
1843
SOURCES/gnutls-3.6.14-fips-dh-primes.patch
Normal file
File diff suppressed because it is too large
Load Diff
42
SOURCES/gnutls-3.6.14-fips-mode-check.patch
Normal file
42
SOURCES/gnutls-3.6.14-fips-mode-check.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From d1dc655cd2c8ae417381e5f966941c75cfe287ee Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Thu, 4 Jun 2020 16:42:07 +0200
|
||||
Subject: [PATCH] _gnutls_fips_mode_enabled: treat selftest failure as FIPS
|
||||
disabled
|
||||
|
||||
Previously gnutls_fips140_mode_enabled() returned true, even after
|
||||
selftests have failed and the library state has switched to error.
|
||||
While later calls to crypto operations fails, it would be more
|
||||
convenient to have a function to detect that state.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/fips.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fips.c b/lib/fips.c
|
||||
index acdd2ec23..f8b10f750 100644
|
||||
--- a/lib/fips.c
|
||||
+++ b/lib/fips.c
|
||||
@@ -491,8 +491,17 @@ unsigned gnutls_fips140_mode_enabled(void)
|
||||
#ifdef ENABLE_FIPS140
|
||||
unsigned ret = _gnutls_fips_mode_enabled();
|
||||
|
||||
- if (ret > GNUTLS_FIPS140_DISABLED)
|
||||
+ if (ret > GNUTLS_FIPS140_DISABLED) {
|
||||
+ /* If the previous run of selftests has failed, return as if
|
||||
+ * the FIPS mode is disabled. We could use HAVE_LIB_ERROR, if
|
||||
+ * we can assume that all the selftests run atomically from
|
||||
+ * the ELF constructor.
|
||||
+ */
|
||||
+ if (_gnutls_get_lib_state() == LIB_STATE_ERROR)
|
||||
+ return 0;
|
||||
+
|
||||
return ret;
|
||||
+ }
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
152
SOURCES/gnutls-3.6.14-fix-iovec-memory-leak.patch
Normal file
152
SOURCES/gnutls-3.6.14-fix-iovec-memory-leak.patch
Normal file
@ -0,0 +1,152 @@
|
||||
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 5 Jun 2020 16:26:33 +0200
|
||||
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
|
||||
|
||||
The AEAD iov interface falls back to serializing the input buffers if
|
||||
the low-level cipher doesn't support scatter/gather encryption.
|
||||
However, there was a bug in the functions used for the serialization,
|
||||
which causes memory leaks under a certain condition (i.e. the number
|
||||
of input buffers is 1).
|
||||
|
||||
This patch makes the logic of the functions simpler, by removing a
|
||||
micro-optimization that tries to minimize the number of calls to
|
||||
malloc/free.
|
||||
|
||||
The original problem was reported by Marius Steffen in:
|
||||
https://bugzilla.samba.org/show_bug.cgi?id=14399
|
||||
and the cause was investigated by Alexander Haase in:
|
||||
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/crypto-api.c | 36 +++++++++++-------------------------
|
||||
tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
|
||||
2 files changed, 29 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
||||
index 45be64ed1..8524f5ed4 100644
|
||||
--- a/lib/crypto-api.c
|
||||
+++ b/lib/crypto-api.c
|
||||
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
|
||||
struct iov_store_st {
|
||||
void *data;
|
||||
size_t size;
|
||||
- unsigned allocated;
|
||||
};
|
||||
|
||||
static void iov_store_free(struct iov_store_st *s)
|
||||
{
|
||||
- if (s->allocated) {
|
||||
- gnutls_free(s->data);
|
||||
- s->allocated = 0;
|
||||
- }
|
||||
+ gnutls_free(s->data);
|
||||
}
|
||||
|
||||
static int iov_store_grow(struct iov_store_st *s, size_t length)
|
||||
{
|
||||
- if (s->allocated || s->data == NULL) {
|
||||
- s->size += length;
|
||||
- s->data = gnutls_realloc(s->data, s->size);
|
||||
- if (s->data == NULL)
|
||||
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
||||
- s->allocated = 1;
|
||||
- } else {
|
||||
- void *data = s->data;
|
||||
- size_t size = s->size + length;
|
||||
- s->data = gnutls_malloc(size);
|
||||
- memcpy(s->data, data, s->size);
|
||||
- s->size += length;
|
||||
- }
|
||||
+ void *data;
|
||||
+
|
||||
+ s->size += length;
|
||||
+ data = gnutls_realloc(s->data, s->size);
|
||||
+ if (data == NULL)
|
||||
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
||||
+
|
||||
+ s->data = data;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
||||
memset(dst, 0, sizeof(*dst));
|
||||
if (iovcnt == 0) {
|
||||
return 0;
|
||||
- } else if (iovcnt == 1) {
|
||||
- dst->data = iov[0].iov_base;
|
||||
- dst->size = iov[0].iov_len;
|
||||
- /* implies: dst->allocated = 0; */
|
||||
- return 0;
|
||||
} else {
|
||||
int i;
|
||||
uint8_t *p;
|
||||
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
||||
|
||||
p = dst->data;
|
||||
for (i=0;i<iovcnt;i++) {
|
||||
- memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
||||
+ if (iov[i].iov_len > 0)
|
||||
+ memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
||||
p += iov[i].iov_len;
|
||||
}
|
||||
|
||||
- dst->allocated = 1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
|
||||
index fba9010d9..6a30a35f7 100644
|
||||
--- a/tests/aead-cipher-vec.c
|
||||
+++ b/tests/aead-cipher-vec.c
|
||||
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
|
||||
giovec_t auth_iov[2];
|
||||
uint8_t tag[64];
|
||||
size_t tag_size = 0;
|
||||
+ size_t i;
|
||||
|
||||
key.data = key16;
|
||||
key.size = gnutls_cipher_get_key_size(algo);
|
||||
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
|
||||
if (ret < 0)
|
||||
fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
|
||||
|
||||
- ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
- iv.data, iv.size,
|
||||
- auth_iov, 2,
|
||||
- iov, 3,
|
||||
- tag, &tag_size);
|
||||
- if (ret < 0)
|
||||
- fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
-
|
||||
- ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
- iv.data, iv.size,
|
||||
- auth_iov, 2,
|
||||
- iov, 3,
|
||||
- tag, tag_size);
|
||||
- if (ret < 0)
|
||||
- fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
+ for (i = 0; i < 2; i++) {
|
||||
+ ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
+ iv.data, iv.size,
|
||||
+ auth_iov, 2,
|
||||
+ iov, i + 1,
|
||||
+ tag, &tag_size);
|
||||
+ if (ret < 0)
|
||||
+ fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
+
|
||||
+ ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
+ iv.data, iv.size,
|
||||
+ auth_iov, 2,
|
||||
+ iov, i + 1,
|
||||
+ tag, tag_size);
|
||||
+ if (ret < 0)
|
||||
+ fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
+ }
|
||||
|
||||
gnutls_aead_cipher_deinit(ch);
|
||||
}
|
||||
--
|
||||
2.25.4
|
||||
|
131
SOURCES/gnutls-3.6.14-memcmp.patch
Normal file
131
SOURCES/gnutls-3.6.14-memcmp.patch
Normal file
@ -0,0 +1,131 @@
|
||||
From 9acc0f68320db4c7c6dadacb974e77c7fbca72a7 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Sun, 21 Jun 2020 16:03:54 +0200
|
||||
Subject: [PATCH] safe_memcmp: remove in favor of gnutls_memcmp
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/accelerated/x86/aes-xts-x86-aesni.c | 2 +-
|
||||
lib/ext/pre_shared_key.c | 2 +-
|
||||
lib/mem.h | 9 ---------
|
||||
lib/nettle/cipher.c | 8 ++++----
|
||||
lib/tls13/finished.c | 2 +-
|
||||
lib/x509/x509.c | 3 ++-
|
||||
6 files changed, 9 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
|
||||
index 3371d0812..b904cbf00 100644
|
||||
--- a/lib/accelerated/x86/aes-xts-x86-aesni.c
|
||||
+++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
|
||||
@@ -72,7 +72,7 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
|
||||
|
||||
/* Check key block according to FIPS-140-2 IG A.9 */
|
||||
if (_gnutls_fips_mode_enabled()){
|
||||
- if (safe_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
|
||||
+ if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
|
||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||
}
|
||||
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
|
||||
index fef67d341..240be2162 100644
|
||||
--- a/lib/ext/pre_shared_key.c
|
||||
+++ b/lib/ext/pre_shared_key.c
|
||||
@@ -650,7 +650,7 @@ static int server_recv_params(gnutls_session_t session,
|
||||
}
|
||||
|
||||
if (_gnutls_mac_get_algo_len(prf) != binder_recvd.size ||
|
||||
- safe_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) {
|
||||
+ gnutls_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) {
|
||||
gnutls_assert();
|
||||
ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
||||
goto fail;
|
||||
diff --git a/lib/mem.h b/lib/mem.h
|
||||
index dc838a2b4..d3eea97a4 100644
|
||||
--- a/lib/mem.h
|
||||
+++ b/lib/mem.h
|
||||
@@ -35,15 +35,6 @@ char *_gnutls_strdup(const char *);
|
||||
|
||||
unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size);
|
||||
|
||||
-/* To avoid undefined behavior when s1 or s2 are null and n = 0 */
|
||||
-inline static
|
||||
-int safe_memcmp(const void *s1, const void *s2, size_t n)
|
||||
-{
|
||||
- if (n == 0)
|
||||
- return 0;
|
||||
- return memcmp(s1, s2, n);
|
||||
-}
|
||||
-
|
||||
#define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \
|
||||
_gnutls_mpi_clear(*mpi); \
|
||||
_gnutls_mpi_release(mpi); \
|
||||
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
|
||||
index b0a52deb5..ec0c1ab04 100644
|
||||
--- a/lib/nettle/cipher.c
|
||||
+++ b/lib/nettle/cipher.c
|
||||
@@ -482,7 +482,7 @@ _xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
|
||||
const uint8_t *key)
|
||||
{
|
||||
if (_gnutls_fips_mode_enabled() &&
|
||||
- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
||||
+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
|
||||
xts_aes128_set_encrypt_key(xts_key, key);
|
||||
@@ -493,7 +493,7 @@ _xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
|
||||
const uint8_t *key)
|
||||
{
|
||||
if (_gnutls_fips_mode_enabled() &&
|
||||
- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
||||
+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
|
||||
xts_aes128_set_decrypt_key(xts_key, key);
|
||||
@@ -504,7 +504,7 @@ _xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
|
||||
const uint8_t *key)
|
||||
{
|
||||
if (_gnutls_fips_mode_enabled() &&
|
||||
- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
||||
+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
|
||||
xts_aes256_set_encrypt_key(xts_key, key);
|
||||
@@ -515,7 +515,7 @@ _xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
|
||||
const uint8_t *key)
|
||||
{
|
||||
if (_gnutls_fips_mode_enabled() &&
|
||||
- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
||||
+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
|
||||
xts_aes256_set_decrypt_key(xts_key, key);
|
||||
diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c
|
||||
index 68eab993e..ec646e673 100644
|
||||
--- a/lib/tls13/finished.c
|
||||
+++ b/lib/tls13/finished.c
|
||||
@@ -112,7 +112,7 @@ int _gnutls13_recv_finished(gnutls_session_t session)
|
||||
#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
|
||||
# warning This is unsafe for production builds
|
||||
#else
|
||||
- if (safe_memcmp(verifier, buf.data, buf.length) != 0) {
|
||||
+ if (gnutls_memcmp(verifier, buf.data, buf.length) != 0) {
|
||||
gnutls_assert();
|
||||
ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
|
||||
goto cleanup;
|
||||
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
|
||||
index 2091f3ae6..2b68fe440 100644
|
||||
--- a/lib/x509/x509.c
|
||||
+++ b/lib/x509/x509.c
|
||||
@@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
|
||||
}
|
||||
|
||||
if (empty1 != empty2 ||
|
||||
- sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) {
|
||||
+ sp1.size != sp2.size ||
|
||||
+ (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) {
|
||||
gnutls_assert();
|
||||
ret = GNUTLS_E_CERTIFICATE_ERROR;
|
||||
goto cleanup;
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,85 +0,0 @@
|
||||
From c2646aeee94e71cb15c90a3147cf3b5b0ca158ca Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Tue, 2 Jun 2020 20:53:11 +0200
|
||||
Subject: [PATCH] stek: differentiate initial state from valid time window of
|
||||
TOTP
|
||||
|
||||
There was a confusion in the TOTP implementation in stek.c. When the
|
||||
mechanism is initialized at the first time, it records the timestamp
|
||||
but doesn't initialize the key. This removes the timestamp recording
|
||||
at the initialization phase, so the key is properly set later.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/stek.c | 17 +++++------------
|
||||
tests/resume-with-previous-stek.c | 4 ++--
|
||||
tests/tls13/prf-early.c | 8 ++++----
|
||||
3 files changed, 11 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/lib/stek.c b/lib/stek.c
|
||||
index 2f885cee3..5ab9e7d2d 100644
|
||||
--- a/lib/stek.c
|
||||
+++ b/lib/stek.c
|
||||
@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
|
||||
if (unlikely(session == NULL || key == NULL))
|
||||
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||
|
||||
- if (session->key.totp.last_result == 0) {
|
||||
- int64_t t;
|
||||
- memcpy(session->key.initial_stek, key->data, key->size);
|
||||
- t = totp_next(session);
|
||||
- if (t < 0)
|
||||
- return gnutls_assert_val(t);
|
||||
+ if (unlikely(session->key.totp.last_result != 0))
|
||||
+ return GNUTLS_E_INVALID_REQUEST;
|
||||
|
||||
- session->key.totp.last_result = t;
|
||||
- session->key.totp.was_rotated = 0;
|
||||
-
|
||||
- return GNUTLS_E_SUCCESS;
|
||||
- }
|
||||
+ memcpy(session->key.initial_stek, key->data, key->size);
|
||||
|
||||
- return GNUTLS_E_INVALID_REQUEST;
|
||||
+ session->key.totp.was_rotated = 0;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
|
||||
index f212b188b..05c1c9086 100644
|
||||
--- a/tests/resume-with-previous-stek.c
|
||||
+++ b/tests/resume-with-previous-stek.c
|
||||
@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
|
||||
serverx509cred = NULL;
|
||||
}
|
||||
|
||||
- if (num_stek_rotations != 2)
|
||||
- fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
|
||||
+ if (num_stek_rotations != 3)
|
||||
+ fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
|
||||
|
||||
if (serverx509cred)
|
||||
gnutls_certificate_free_credentials(serverx509cred);
|
||||
diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c
|
||||
index 414b1db5e..bc3196248 100644
|
||||
--- a/tests/tls13/prf-early.c
|
||||
+++ b/tests/tls13/prf-early.c
|
||||
@@ -123,10 +123,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size)
|
||||
} \
|
||||
}
|
||||
|
||||
-#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68"
|
||||
-#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b"
|
||||
-#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62"
|
||||
-#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b"
|
||||
+#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04"
|
||||
+#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f"
|
||||
+#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec"
|
||||
+#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0"
|
||||
|
||||
static int handshake_callback_called;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
BIN
SOURCES/gnutls-3.6.14.tar.xz.sig
Normal file
BIN
SOURCES/gnutls-3.6.14.tar.xz.sig
Normal file
Binary file not shown.
@ -1,728 +0,0 @@
|
||||
From 2c44e9f8b2e7a1ebc65caeb03f9f106d31e30822 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Wed, 3 Apr 2019 13:40:04 +0200
|
||||
Subject: [PATCH 1/7] crypto-selftests-pk.c: Move hardcoded values to the top
|
||||
|
||||
The objective of moving these values to the top is to allow them to be
|
||||
used by other functions, in particular test_sig().
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
---
|
||||
lib/crypto-selftests-pk.c | 224 +++++++++++++++++++-------------------
|
||||
1 file changed, 112 insertions(+), 112 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
||||
index 1aa53ea29..4fadd4161 100644
|
||||
--- a/lib/crypto-selftests-pk.c
|
||||
+++ b/lib/crypto-selftests-pk.c
|
||||
@@ -107,6 +107,118 @@ static const char gost12_512_key[] =
|
||||
"KjL7CLBERDm7Yvlv\n"
|
||||
"-----END PRIVATE KEY-----\n";
|
||||
|
||||
+/* A precomputed RSA-SHA256 signature using the rsa_key2048 */
|
||||
+static const char rsa_sig[] =
|
||||
+ "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb";
|
||||
+
|
||||
+/* ECDSA key and signature */
|
||||
+static const char ecdsa_secp256r1_privkey[] =
|
||||
+ "-----BEGIN EC PRIVATE KEY-----\n"
|
||||
+ "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n"
|
||||
+ "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n"
|
||||
+ "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n"
|
||||
+ "-----END EC PRIVATE KEY-----\n";
|
||||
+
|
||||
+static const char ecdsa_secp256r1_sig[] =
|
||||
+ "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35";
|
||||
+
|
||||
+#ifdef ENABLE_NON_SUITEB_CURVES
|
||||
+/* sha256 */
|
||||
+static const char ecdsa_secp192r1_privkey[] =
|
||||
+ "-----BEGIN EC PRIVATE KEY-----"
|
||||
+ "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA"
|
||||
+ "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL"
|
||||
+ "Fg==" "-----END EC PRIVATE KEY-----";
|
||||
+
|
||||
+static const char ecdsa_secp192r1_sig[] =
|
||||
+ "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c";
|
||||
+
|
||||
+static const char ecdsa_secp224r1_privkey[] =
|
||||
+ "-----BEGIN EC PRIVATE KEY-----"
|
||||
+ "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6"
|
||||
+ "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9"
|
||||
+ "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----";
|
||||
+
|
||||
+static const char ecdsa_secp224r1_sig[] =
|
||||
+ "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda";
|
||||
+#endif
|
||||
+
|
||||
+static const char ecdsa_secp384r1_privkey[] =
|
||||
+ "-----BEGIN EC PRIVATE KEY-----"
|
||||
+ "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS"
|
||||
+ "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH"
|
||||
+ "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n"
|
||||
+ "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----";
|
||||
+
|
||||
+static const char ecdsa_secp384r1_sig[] =
|
||||
+ "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad";
|
||||
+
|
||||
+static const char ecdsa_secp521r1_privkey[] =
|
||||
+ "-----BEGIN EC PRIVATE KEY-----"
|
||||
+ "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w"
|
||||
+ "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo"
|
||||
+ "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R"
|
||||
+ "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t"
|
||||
+ "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV"
|
||||
+ "-----END EC PRIVATE KEY-----";
|
||||
+
|
||||
+static const char ecdsa_secp521r1_sig[] =
|
||||
+ "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3";
|
||||
+
|
||||
+/* DSA key and signature */
|
||||
+static const char dsa_privkey[] =
|
||||
+ "-----BEGIN DSA PRIVATE KEY-----\n"
|
||||
+ "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n"
|
||||
+ "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n"
|
||||
+ "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n"
|
||||
+ "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n"
|
||||
+ "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n"
|
||||
+ "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n"
|
||||
+ "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n"
|
||||
+ "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n"
|
||||
+ "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n"
|
||||
+ "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n"
|
||||
+ "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n"
|
||||
+ "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n"
|
||||
+ "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n"
|
||||
+ "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n"
|
||||
+ "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n"
|
||||
+ "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n"
|
||||
+ "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n"
|
||||
+ "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n"
|
||||
+ "-----END DSA PRIVATE KEY-----\n";
|
||||
+
|
||||
+static const char dsa_sig[] =
|
||||
+ "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42";
|
||||
+
|
||||
+static const char gost01_privkey[] =
|
||||
+ "-----BEGIN PRIVATE KEY-----\n"
|
||||
+ "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n"
|
||||
+ "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n"
|
||||
+ "-----END PRIVATE KEY-----\n";
|
||||
+
|
||||
+static const char gost01_sig[] =
|
||||
+ "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb";
|
||||
+
|
||||
+static const char gost12_256_privkey[] =
|
||||
+ "-----BEGIN PRIVATE KEY-----\n"
|
||||
+ "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n"
|
||||
+ "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n"
|
||||
+ "-----END PRIVATE KEY-----\n";
|
||||
+
|
||||
+static const char gost12_256_sig[] =
|
||||
+ "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0";
|
||||
+
|
||||
+static const char gost12_512_privkey[] =
|
||||
+ "-----BEGIN PRIVATE KEY-----\n"
|
||||
+ "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n"
|
||||
+ "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n"
|
||||
+ "hsQ3JCCy4xnd5jWT\n"
|
||||
+ "-----END PRIVATE KEY-----\n";
|
||||
+
|
||||
+static const char gost12_512_sig[] =
|
||||
+ "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f";
|
||||
+
|
||||
static int test_rsa_enc(gnutls_pk_algorithm_t pk,
|
||||
unsigned bits, gnutls_digest_algorithm_t ign)
|
||||
{
|
||||
@@ -302,118 +414,6 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
||||
return ret;
|
||||
}
|
||||
|
||||
-/* A precomputed RSA-SHA1 signature using the rsa_key2048 */
|
||||
-static const char rsa_sig[] =
|
||||
- "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb";
|
||||
-
|
||||
-/* ECDSA key and signature */
|
||||
-static const char ecdsa_secp256r1_privkey[] =
|
||||
- "-----BEGIN EC PRIVATE KEY-----\n"
|
||||
- "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n"
|
||||
- "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n"
|
||||
- "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n"
|
||||
- "-----END EC PRIVATE KEY-----\n";
|
||||
-
|
||||
-static const char ecdsa_secp256r1_sig[] =
|
||||
- "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35";
|
||||
-
|
||||
-#ifdef ENABLE_NON_SUITEB_CURVES
|
||||
-/* sha256 */
|
||||
-static const char ecdsa_secp192r1_privkey[] =
|
||||
- "-----BEGIN EC PRIVATE KEY-----"
|
||||
- "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA"
|
||||
- "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL"
|
||||
- "Fg==" "-----END EC PRIVATE KEY-----";
|
||||
-
|
||||
-static const char ecdsa_secp192r1_sig[] =
|
||||
- "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c";
|
||||
-
|
||||
-static const char ecdsa_secp224r1_privkey[] =
|
||||
- "-----BEGIN EC PRIVATE KEY-----"
|
||||
- "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6"
|
||||
- "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9"
|
||||
- "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----";
|
||||
-
|
||||
-static const char ecdsa_secp224r1_sig[] =
|
||||
- "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda";
|
||||
-#endif
|
||||
-
|
||||
-static const char ecdsa_secp384r1_privkey[] =
|
||||
- "-----BEGIN EC PRIVATE KEY-----"
|
||||
- "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS"
|
||||
- "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH"
|
||||
- "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n"
|
||||
- "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----";
|
||||
-
|
||||
-static const char ecdsa_secp384r1_sig[] =
|
||||
- "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad";
|
||||
-
|
||||
-static const char ecdsa_secp521r1_privkey[] =
|
||||
- "-----BEGIN EC PRIVATE KEY-----"
|
||||
- "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w"
|
||||
- "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo"
|
||||
- "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R"
|
||||
- "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t"
|
||||
- "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV"
|
||||
- "-----END EC PRIVATE KEY-----";
|
||||
-
|
||||
-static const char ecdsa_secp521r1_sig[] =
|
||||
- "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3";
|
||||
-
|
||||
-/* DSA key and signature */
|
||||
-static const char dsa_privkey[] =
|
||||
- "-----BEGIN DSA PRIVATE KEY-----\n"
|
||||
- "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n"
|
||||
- "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n"
|
||||
- "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n"
|
||||
- "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n"
|
||||
- "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n"
|
||||
- "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n"
|
||||
- "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n"
|
||||
- "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n"
|
||||
- "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n"
|
||||
- "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n"
|
||||
- "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n"
|
||||
- "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n"
|
||||
- "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n"
|
||||
- "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n"
|
||||
- "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n"
|
||||
- "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n"
|
||||
- "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n"
|
||||
- "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n"
|
||||
- "-----END DSA PRIVATE KEY-----\n";
|
||||
-
|
||||
-static const char dsa_sig[] =
|
||||
- "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42";
|
||||
-
|
||||
-static const char gost01_privkey[] =
|
||||
- "-----BEGIN PRIVATE KEY-----\n"
|
||||
- "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n"
|
||||
- "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n"
|
||||
- "-----END PRIVATE KEY-----\n";
|
||||
-
|
||||
-static const char gost01_sig[] =
|
||||
- "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb";
|
||||
-
|
||||
-static const char gost12_256_privkey[] =
|
||||
- "-----BEGIN PRIVATE KEY-----\n"
|
||||
- "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n"
|
||||
- "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n"
|
||||
- "-----END PRIVATE KEY-----\n";
|
||||
-
|
||||
-static const char gost12_256_sig[] =
|
||||
- "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0";
|
||||
-
|
||||
-static const char gost12_512_privkey[] =
|
||||
- "-----BEGIN PRIVATE KEY-----\n"
|
||||
- "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n"
|
||||
- "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n"
|
||||
- "hsQ3JCCy4xnd5jWT\n"
|
||||
- "-----END PRIVATE KEY-----\n";
|
||||
-
|
||||
-static const char gost12_512_sig[] =
|
||||
- "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f";
|
||||
-
|
||||
static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
||||
gnutls_digest_algorithm_t dig,
|
||||
const void *privkey, size_t privkey_size,
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
||||
From 4b04d899849ea566ae33862289276d9b297cd493 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Wed, 3 Apr 2019 13:44:56 +0200
|
||||
Subject: [PATCH 2/7] crypto-selftests-pk.c: Add a comparison with a known
|
||||
signature
|
||||
|
||||
For RSA, compare the generated signature with a stored known value in
|
||||
test_sig().
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
---
|
||||
lib/crypto-selftests-pk.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
||||
index 4fadd4161..0233e6b9f 100644
|
||||
--- a/lib/crypto-selftests-pk.c
|
||||
+++ b/lib/crypto-selftests-pk.c
|
||||
@@ -313,6 +313,7 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
||||
{
|
||||
int ret;
|
||||
gnutls_datum_t sig = { NULL, 0 };
|
||||
+ gnutls_datum_t known_sig = { NULL, 0 };
|
||||
gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 };
|
||||
gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 };
|
||||
gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 };
|
||||
@@ -343,6 +344,8 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
||||
}
|
||||
|
||||
if (pk == GNUTLS_PK_RSA) {
|
||||
+ known_sig.data = (void *)rsa_sig;
|
||||
+ known_sig.size = sizeof(rsa_sig) - 1;
|
||||
ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0);
|
||||
} else if (pk == GNUTLS_PK_RSA_PSS) {
|
||||
ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0);
|
||||
@@ -378,6 +381,16 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ /* Compare with a stored known signature */
|
||||
+ if (known_sig.data != NULL) {
|
||||
+ if (sig.size != known_sig.size
|
||||
+ || memcmp(sig.data, known_sig.data, sig.size) != 0) {
|
||||
+ ret = GNUTLS_E_SELF_TEST_ERROR;
|
||||
+ gnutls_assert();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
ret =
|
||||
gnutls_pubkey_verify_data2(pub, sigalgo, 0,
|
||||
&signed_data, &sig);
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
||||
From db2b308fdbe98420b722eaf678c1a911bc51b0a5 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Thu, 18 Apr 2019 17:22:18 +0200
|
||||
Subject: [PATCH 4/7] tests: Run rng-no-onload test in FIPS mode
|
||||
|
||||
This changes the function used in the test to override gnutls_rnd() to
|
||||
fill the given buffer with a different value each time it is called.
|
||||
This allows the test to run when FIPS mode is enabled.
|
||||
|
||||
Previously the rng-no-onload test could get stuck if FIPS mode was
|
||||
enabled. This happened if gnutls_rnd() function was called during
|
||||
global_init() in a loop that checks the generated value (e.g. if ECDSA
|
||||
signature generation is called during self tests).
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
---
|
||||
tests/rng-no-onload.c | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/tests/rng-no-onload.c b/tests/rng-no-onload.c
|
||||
index ac01be214..a485a440d 100644
|
||||
--- a/tests/rng-no-onload.c
|
||||
+++ b/tests/rng-no-onload.c
|
||||
@@ -50,18 +50,20 @@ static int _rnd_called = 0;
|
||||
int __attribute__ ((visibility ("protected")))
|
||||
gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
|
||||
{
|
||||
+ static unsigned int value = 0;
|
||||
+
|
||||
_rnd_called = 1;
|
||||
|
||||
- memset(data, 0xff, len);
|
||||
+ /* Increment 'value' in each call up to 255, then start again from 0 */
|
||||
+ value = (value + 1) & 0xFF;
|
||||
+
|
||||
+ memset(data, value, len);
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
void doit(void)
|
||||
{
|
||||
- if (gnutls_fips140_mode_enabled()) {
|
||||
- exit(77);
|
||||
- }
|
||||
-
|
||||
global_init();
|
||||
|
||||
if (_rnd_called != 0)
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
||||
From fc926cd65f1de06f359315c6693c1a9c9899ba8c Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Thu, 4 Apr 2019 15:45:02 +0200
|
||||
Subject: [PATCH 5/7] crypto-selftests-pk.c: Fix test_known_sig
|
||||
|
||||
Previously a new signature was generated only for deterministic
|
||||
algorithms (i.e. only RSA). With this, a new signature is always
|
||||
generated (and compared with a stored signature for deterministic
|
||||
algorithms). The signature verification is tested for both generated
|
||||
and stored signatures.
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
---
|
||||
lib/crypto-selftests-pk.c | 31 ++++++++++++++++++++-----------
|
||||
1 file changed, 20 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
||||
index 0233e6b9f..ba8f5e376 100644
|
||||
--- a/lib/crypto-selftests-pk.c
|
||||
+++ b/lib/crypto-selftests-pk.c
|
||||
@@ -475,19 +475,17 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- /* Test if the signature we generate matches the stored */
|
||||
+ ret = gnutls_privkey_sign_data(key, dig, 0, &signed_data, &sig);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ /* Test if the generated signature matches the stored */
|
||||
ssig.data = (void *) stored_sig;
|
||||
ssig.size = stored_sig_size;
|
||||
|
||||
if (deterministic_sigs != 0) { /* do not compare against stored signature if not provided */
|
||||
- ret =
|
||||
- gnutls_privkey_sign_data(key, dig, 0, &signed_data,
|
||||
- &sig);
|
||||
- if (ret < 0) {
|
||||
- gnutls_assert();
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
if (sig.size != ssig.size
|
||||
|| memcmp(sig.data, ssig.data, sig.size) != 0) {
|
||||
ret = GNUTLS_E_SELF_TEST_ERROR;
|
||||
@@ -507,7 +505,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
||||
}
|
||||
}
|
||||
|
||||
- /* Test if we can verify the signature */
|
||||
+ /* Test if we can verify the generated signature */
|
||||
|
||||
ret = gnutls_pubkey_import_privkey(pub, key, 0, 0);
|
||||
if (ret < 0) {
|
||||
@@ -515,6 +513,17 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ ret =
|
||||
+ gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
|
||||
+ &signed_data, &sig);
|
||||
+ if (ret < 0) {
|
||||
+ ret = GNUTLS_E_SELF_TEST_ERROR;
|
||||
+ gnutls_assert();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ /* Test if we can verify the stored signature */
|
||||
+
|
||||
ret =
|
||||
gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
|
||||
&signed_data, &ssig);
|
||||
@@ -528,7 +537,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
||||
|
||||
ret =
|
||||
gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
|
||||
- &bad_data, &ssig);
|
||||
+ &bad_data, &sig);
|
||||
|
||||
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) {
|
||||
ret = GNUTLS_E_SELF_TEST_ERROR;
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
||||
From 7e49999db264556ac73ff498bd8f7edce401cdd1 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Thu, 4 Apr 2019 17:22:04 +0200
|
||||
Subject: [PATCH 6/7] crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST
|
||||
|
||||
Remove the flag check from the end of the macros. This change allows
|
||||
more than one test to run in sequence when GNUTLS_SELF_TEST_FLAG_ALL is
|
||||
not set. Move the flags checks to run the minimal set of tests required
|
||||
for FIPS and keep the previous behaviour for GOST (run the first test
|
||||
for each algorithm).
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
---
|
||||
lib/crypto-selftests-pk.c | 37 ++++++++++++++++++++-----------------
|
||||
1 file changed, 20 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
||||
index ba8f5e376..fc8ee2525 100644
|
||||
--- a/lib/crypto-selftests-pk.c
|
||||
+++ b/lib/crypto-selftests-pk.c
|
||||
@@ -568,18 +568,14 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
||||
if (ret < 0) { \
|
||||
gnutls_assert(); \
|
||||
goto cleanup; \
|
||||
- } \
|
||||
- if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \
|
||||
- return 0
|
||||
+ }
|
||||
|
||||
#define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \
|
||||
ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \
|
||||
if (ret < 0) { \
|
||||
gnutls_assert(); \
|
||||
goto cleanup; \
|
||||
- } \
|
||||
- if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \
|
||||
- return 0
|
||||
+ }
|
||||
|
||||
|
||||
/* This file is also included by the test app in tests/slow/cipher-test, so in that
|
||||
@@ -812,11 +808,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256,
|
||||
rsa_key2048, rsa_sig);
|
||||
PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0);
|
||||
- PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
|
||||
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
+ PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
|
||||
+
|
||||
FALLTHROUGH;
|
||||
case GNUTLS_PK_RSA_PSS:
|
||||
PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
|
||||
@@ -828,11 +825,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
case GNUTLS_PK_DSA:
|
||||
PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256,
|
||||
dsa_privkey, dsa_sig);
|
||||
- PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
|
||||
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
+ PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
|
||||
+
|
||||
FALLTHROUGH;
|
||||
case GNUTLS_PK_EC:
|
||||
/* Test ECDH and ECDSA */
|
||||
@@ -850,13 +848,14 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
(GNUTLS_ECC_CURVE_SECP256R1),
|
||||
GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey,
|
||||
ecdsa_secp256r1_sig);
|
||||
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
||||
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
|
||||
- GNUTLS_SIGN_ECDSA_SHA256);
|
||||
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
+ PK_TEST(GNUTLS_PK_EC, test_sig,
|
||||
+ GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
|
||||
+ GNUTLS_SIGN_ECDSA_SHA256);
|
||||
+
|
||||
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
||||
GNUTLS_CURVE_TO_BITS
|
||||
(GNUTLS_ECC_CURVE_SECP384R1),
|
||||
@@ -900,31 +899,35 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
case GNUTLS_PK_GOST_01:
|
||||
PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94,
|
||||
gost01_privkey, gost01_sig);
|
||||
- PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
||||
- GNUTLS_SIGN_GOST_94);
|
||||
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
+ PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
||||
+ GNUTLS_SIGN_GOST_94);
|
||||
+
|
||||
FALLTHROUGH;
|
||||
case GNUTLS_PK_GOST_12_256:
|
||||
PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256,
|
||||
gost12_256_privkey, gost12_256_sig);
|
||||
- PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
||||
- GNUTLS_SIGN_GOST_256);
|
||||
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
+ PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
||||
+ GNUTLS_SIGN_GOST_256);
|
||||
+
|
||||
FALLTHROUGH;
|
||||
case GNUTLS_PK_GOST_12_512:
|
||||
PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512,
|
||||
gost12_512_privkey, gost12_512_sig);
|
||||
- PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
|
||||
- GNUTLS_SIGN_GOST_512);
|
||||
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
+
|
||||
+ PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
|
||||
+ GNUTLS_SIGN_GOST_512);
|
||||
+
|
||||
#endif
|
||||
|
||||
break;
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
||||
From c2e83d2110b98d93588f1b6187bc932feb958ca4 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Mon, 8 Apr 2019 14:21:57 +0200
|
||||
Subject: [PATCH 7/7] crypto-selftests-pk.c: Cleanup self tests
|
||||
|
||||
test_sig() always uses the same key for RSA, DSA, and ECDSA regardless
|
||||
of the value provided in the "bits" parameter. Therefore, avoid
|
||||
printing specific information (number of bits or name of the curve).
|
||||
|
||||
Changes test_sig() to use 2048 bits key for DSA; deleted hardcoded 512
|
||||
bits DSA key;
|
||||
|
||||
Avoid calling test_sig() multiple times for ECDSA: the same key is
|
||||
used regardless of the curve provided in the parameters.
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
---
|
||||
lib/crypto-selftests-pk.c | 42 +++++++++------------------------------
|
||||
1 file changed, 9 insertions(+), 33 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
||||
index fc8ee2525..3d665b723 100644
|
||||
--- a/lib/crypto-selftests-pk.c
|
||||
+++ b/lib/crypto-selftests-pk.c
|
||||
@@ -78,16 +78,6 @@ static const char ecc_key[] =
|
||||
"MSHpe5vd0TQz+/GAa1zxle8mB/Cdh0JaTrA=\n"
|
||||
"-----END EC PRIVATE KEY-----\n";
|
||||
|
||||
-static const char dsa_key[] =
|
||||
- "-----BEGIN DSA PRIVATE KEY-----\n"
|
||||
- "MIH4AgEAAkEA6KUOSXfFNcInFLPdOlLlKNCe79zJrkxnsQN+lllxuk1ifZrE07r2\n"
|
||||
- "3edTrc4riQNnZ2nZ372tYUAMJg+5jM6IIwIVAOa58exwZ+42Tl+p3b4Kbpyu2Ron\n"
|
||||
- "AkBocj7gkiBYHtv6HMIIzooaxn4vpGR0Ns6wBfroBUGvrnSAgfT3WyiNaHkIF28e\n"
|
||||
- "quWcEeOJjUgFvatcM8gcY288AkEAyKWlgzBurIYST8TM3j4PuQJDTvdHDaGoAUAa\n"
|
||||
- "EfjmOw2UXKwqTmwPiT5BYKgCo2ILS87ttlTpd8vndH37pmnmVQIUQIVuKpZ8y9Bw\n"
|
||||
- "VzO8qcrLCFvTOXY=\n"
|
||||
- "-----END DSA PRIVATE KEY-----\n";
|
||||
-
|
||||
static const char gost01_key[] =
|
||||
"-----BEGIN PRIVATE KEY-----\n"
|
||||
"MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n"
|
||||
@@ -315,22 +305,20 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
||||
gnutls_datum_t sig = { NULL, 0 };
|
||||
gnutls_datum_t known_sig = { NULL, 0 };
|
||||
gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 };
|
||||
- gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 };
|
||||
+ gnutls_datum_t raw_dsa_key = { (void*)dsa_privkey, sizeof(dsa_privkey)-1 };
|
||||
gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 };
|
||||
gnutls_datum_t raw_gost01_key = { (void*)gost01_key, sizeof(gost01_key)-1 };
|
||||
gnutls_datum_t raw_gost12_256_key = { (void*)gost12_256_key, sizeof(gost12_256_key)-1 };
|
||||
gnutls_datum_t raw_gost12_512_key = { (void*)gost12_512_key, sizeof(gost12_512_key)-1 };
|
||||
gnutls_privkey_t key;
|
||||
gnutls_pubkey_t pub = NULL;
|
||||
- char param_name[32];
|
||||
+ char param_name[32] = "";
|
||||
|
||||
- if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 ||
|
||||
- pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) {
|
||||
- snprintf(param_name, sizeof(param_name), "%s",
|
||||
+ if (pk == GNUTLS_PK_GOST_01 || pk == GNUTLS_PK_GOST_12_256 ||
|
||||
+ pk == GNUTLS_PK_GOST_12_512) {
|
||||
+ snprintf(param_name, sizeof(param_name), "-%s",
|
||||
gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE
|
||||
(bits)));
|
||||
- } else {
|
||||
- snprintf(param_name, sizeof(param_name), "%u", bits);
|
||||
}
|
||||
|
||||
ret = gnutls_privkey_init(&key);
|
||||
@@ -418,10 +406,10 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
||||
gnutls_free(sig.data);
|
||||
|
||||
if (ret == 0)
|
||||
- _gnutls_debug_log("%s-%s-sig self test succeeded\n",
|
||||
+ _gnutls_debug_log("%s%s-sig self test succeeded\n",
|
||||
gnutls_pk_get_name(pk), param_name);
|
||||
else
|
||||
- _gnutls_debug_log("%s-%s-sig self test failed\n",
|
||||
+ _gnutls_debug_log("%s%s-sig self test failed\n",
|
||||
gnutls_pk_get_name(pk), param_name);
|
||||
|
||||
return ret;
|
||||
@@ -812,7 +800,7 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
- PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
|
||||
+ PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256);
|
||||
|
||||
FALLTHROUGH;
|
||||
case GNUTLS_PK_RSA_PSS:
|
||||
@@ -829,7 +817,7 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
||||
return 0;
|
||||
|
||||
- PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
|
||||
+ PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256);
|
||||
|
||||
FALLTHROUGH;
|
||||
case GNUTLS_PK_EC:
|
||||
@@ -861,18 +849,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
(GNUTLS_ECC_CURVE_SECP384R1),
|
||||
GNUTLS_DIG_SHA256, ecdsa_secp384r1_privkey,
|
||||
ecdsa_secp384r1_sig);
|
||||
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
||||
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1),
|
||||
- GNUTLS_SIGN_ECDSA_SHA384);
|
||||
|
||||
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
||||
GNUTLS_CURVE_TO_BITS
|
||||
(GNUTLS_ECC_CURVE_SECP521R1),
|
||||
GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey,
|
||||
ecdsa_secp521r1_sig);
|
||||
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
||||
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1),
|
||||
- GNUTLS_SIGN_ECDSA_SHA512);
|
||||
|
||||
#ifdef ENABLE_NON_SUITEB_CURVES
|
||||
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
||||
@@ -880,18 +862,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
||||
(GNUTLS_ECC_CURVE_SECP192R1),
|
||||
GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey,
|
||||
ecdsa_secp192r1_sig);
|
||||
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
||||
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1),
|
||||
- GNUTLS_SIGN_ECDSA_SHA256);
|
||||
|
||||
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
||||
GNUTLS_CURVE_TO_BITS
|
||||
(GNUTLS_ECC_CURVE_SECP224R1),
|
||||
GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey,
|
||||
ecdsa_secp224r1_sig);
|
||||
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
||||
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1),
|
||||
- GNUTLS_SIGN_ECDSA_SHA256);
|
||||
#endif
|
||||
|
||||
#if ENABLE_GOST
|
||||
--
|
||||
2.20.1
|
File diff suppressed because it is too large
Load Diff
@ -1,687 +0,0 @@
|
||||
From e0fe31f1fc2ba13ada1d6bc35231847b75be4ee9 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Thu, 8 Aug 2019 18:02:08 +0200
|
||||
Subject: [PATCH 1/2] gnutls_int.h: make DECR_LEN neutral to signedness
|
||||
|
||||
DECR_LEN was previously implemented in a way that it first decrements
|
||||
the given length and then checks whether the result is negative. This
|
||||
requires the caller to properly coerce the length argument to a signed
|
||||
integer, before invoking the macro.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/gnutls_int.h | 11 ++++++-----
|
||||
1 file changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
|
||||
index 179d71b4a..7f7b6a7c9 100644
|
||||
--- a/lib/gnutls_int.h
|
||||
+++ b/lib/gnutls_int.h
|
||||
@@ -256,14 +256,15 @@ typedef enum record_send_state_t {
|
||||
|
||||
#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
|
||||
|
||||
-#define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
|
||||
+#define DECR_LEN(len, x) DECR_LENGTH_RET(len, x, GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
|
||||
#define DECR_LEN_FINAL(len, x) do { \
|
||||
- len-=x; \
|
||||
- if (len != 0) \
|
||||
+ if (len != x) \
|
||||
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); \
|
||||
+ else \
|
||||
+ len = 0; \
|
||||
} while (0)
|
||||
-#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
|
||||
-#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
|
||||
+#define DECR_LENGTH_RET(len, x, RET) DECR_LENGTH_COM(len, x, return RET)
|
||||
+#define DECR_LENGTH_COM(len, x, COM) do { if (len<x) {gnutls_assert(); COM;} else len-=x; } while (0)
|
||||
|
||||
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
|
||||
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 5e9b2ec29449c76b1b938a0ebf0dc9b92cae7057 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Thu, 8 Aug 2019 18:04:18 +0200
|
||||
Subject: [PATCH 2/2] lib/*: remove unnecessary cast to ssize_t
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/crypto-api.c | 10 +++++-----
|
||||
lib/ext/alpn.c | 3 +--
|
||||
lib/ext/client_cert_type.c | 9 ++++-----
|
||||
lib/ext/cookie.c | 5 ++---
|
||||
lib/ext/ec_point_formats.c | 7 +++----
|
||||
lib/ext/key_share.c | 5 ++---
|
||||
lib/ext/max_record.c | 3 +--
|
||||
lib/ext/psk_ke_modes.c | 3 +--
|
||||
lib/ext/record_size_limit.c | 3 +--
|
||||
lib/ext/safe_renegotiation.c | 3 +--
|
||||
lib/ext/server_cert_type.c | 9 ++++-----
|
||||
lib/ext/server_name.c | 3 +--
|
||||
lib/ext/session_ticket.c | 5 ++---
|
||||
lib/ext/signature.c | 3 +--
|
||||
lib/ext/srp.c | 3 +--
|
||||
lib/ext/srtp.c | 5 ++---
|
||||
lib/ext/status_request.c | 3 +--
|
||||
lib/ext/supported_groups.c | 3 +--
|
||||
lib/ext/supported_versions.c | 5 ++---
|
||||
lib/extv.c | 8 ++++----
|
||||
lib/sslv2_compat.c | 3 +--
|
||||
lib/supplemental.c | 4 ++--
|
||||
lib/tls13/certificate.c | 21 +++++++++++----------
|
||||
lib/tls13/psk_ext_parser.c | 4 +---
|
||||
lib/tls13/psk_ext_parser.h | 4 ++--
|
||||
lib/tls13/session_ticket.c | 2 +-
|
||||
26 files changed, 58 insertions(+), 78 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
||||
index 2834c0199..09b3d7bfc 100644
|
||||
--- a/lib/crypto-api.c
|
||||
+++ b/lib/crypto-api.c
|
||||
@@ -990,9 +990,9 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
api_aead_cipher_hd_st *h = handle;
|
||||
ssize_t ret;
|
||||
uint8_t *dst;
|
||||
- ssize_t dst_size, total = 0;
|
||||
+ size_t dst_size, total = 0;
|
||||
uint8_t *p;
|
||||
- ssize_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
+ size_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
struct iov_iter_st iter;
|
||||
size_t blocks;
|
||||
|
||||
@@ -1071,7 +1071,7 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
if (ret == 0)
|
||||
break;
|
||||
blocks = ret;
|
||||
- if (unlikely((size_t) dst_size < blocksize * blocks))
|
||||
+ if (unlikely(dst_size < blocksize * blocks))
|
||||
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||
ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, p,
|
||||
blocksize * blocks,
|
||||
@@ -1083,7 +1083,7 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
total += blocksize * blocks;
|
||||
}
|
||||
if (iter.block_offset > 0) {
|
||||
- if (unlikely((size_t) dst_size < iter.block_offset))
|
||||
+ if (unlikely(dst_size < iter.block_offset))
|
||||
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||
ret = _gnutls_cipher_encrypt2(&handle->ctx_enc,
|
||||
iter.block, iter.block_offset,
|
||||
@@ -1095,7 +1095,7 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
total += iter.block_offset;
|
||||
}
|
||||
|
||||
- if ((size_t)dst_size < tag_size)
|
||||
+ if (dst_size < tag_size)
|
||||
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||
|
||||
_gnutls_cipher_tag(&handle->ctx_enc, dst, tag_size);
|
||||
diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c
|
||||
index 34f6ce09d..b9991f0a1 100644
|
||||
--- a/lib/ext/alpn.c
|
||||
+++ b/lib/ext/alpn.c
|
||||
@@ -51,13 +51,12 @@ const hello_ext_entry_st ext_mod_alpn = {
|
||||
|
||||
static int
|
||||
_gnutls_alpn_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
unsigned int i;
|
||||
int ret;
|
||||
const uint8_t *p = data;
|
||||
unsigned len1, len;
|
||||
- ssize_t data_size = _data_size;
|
||||
alpn_ext_st *priv;
|
||||
gnutls_ext_priv_data_t epriv;
|
||||
int selected_protocol_index;
|
||||
diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c
|
||||
index 471d42c5f..b627b71f9 100644
|
||||
--- a/lib/ext/client_cert_type.c
|
||||
+++ b/lib/ext/client_cert_type.c
|
||||
@@ -73,7 +73,6 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
|
||||
gnutls_certificate_type_t cert_type;
|
||||
|
||||
uint8_t i, found = 0;
|
||||
- ssize_t len = data_size;
|
||||
const uint8_t* pdata = data;
|
||||
|
||||
/* Only activate this extension if we have cert credentials set
|
||||
@@ -86,7 +85,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
|
||||
|
||||
/* Compare packet length with expected packet length. For the
|
||||
* client this is a single byte. */
|
||||
- if (len != 1) {
|
||||
+ if (data_size != 1) {
|
||||
return
|
||||
gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
}
|
||||
@@ -136,8 +135,8 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
|
||||
|
||||
} else { // server mode
|
||||
// Compare packet length with expected packet length.
|
||||
- DECR_LEN(len, 1);
|
||||
- if (data[0] != len) {
|
||||
+ DECR_LEN(data_size, 1);
|
||||
+ if (data[0] != data_size) {
|
||||
return
|
||||
gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
}
|
||||
@@ -145,7 +144,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
|
||||
|
||||
// Assign the contents of our data buffer to a gnutls_datum_t
|
||||
cert_types.data = (uint8_t*)pdata; // Need casting to get rid of 'discards const qualifier' warning
|
||||
- cert_types.size = len;
|
||||
+ cert_types.size = data_size;
|
||||
|
||||
// Store the client certificate types in our session
|
||||
_gnutls_hello_ext_set_datum(session,
|
||||
diff --git a/lib/ext/cookie.c b/lib/ext/cookie.c
|
||||
index 1e66c3d49..0feb2f0e5 100644
|
||||
--- a/lib/ext/cookie.c
|
||||
+++ b/lib/ext/cookie.c
|
||||
@@ -53,10 +53,9 @@ const hello_ext_entry_st ext_mod_cookie = {
|
||||
/* Only client sends this extension. */
|
||||
static int
|
||||
cookie_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
- ssize_t data_size = _data_size;
|
||||
- ssize_t csize;
|
||||
+ size_t csize;
|
||||
int ret;
|
||||
gnutls_datum_t tmp;
|
||||
|
||||
diff --git a/lib/ext/ec_point_formats.c b/lib/ext/ec_point_formats.c
|
||||
index eb59ec139..c702d434c 100644
|
||||
--- a/lib/ext/ec_point_formats.c
|
||||
+++ b/lib/ext/ec_point_formats.c
|
||||
@@ -57,11 +57,10 @@ const hello_ext_entry_st ext_mod_supported_ec_point_formats = {
|
||||
static int
|
||||
_gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session,
|
||||
const uint8_t * data,
|
||||
- size_t _data_size)
|
||||
+ size_t data_size)
|
||||
{
|
||||
- int len, i;
|
||||
+ size_t len, i;
|
||||
int uncompressed = 0;
|
||||
- int data_size = _data_size;
|
||||
|
||||
if (session->security_parameters.entity == GNUTLS_CLIENT) {
|
||||
if (data_size < 1)
|
||||
@@ -91,7 +90,7 @@ _gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session,
|
||||
/* only sanity check here. We only support uncompressed points
|
||||
* and a client must support it thus nothing to check.
|
||||
*/
|
||||
- if (_data_size < 1)
|
||||
+ if (data_size < 1)
|
||||
return
|
||||
gnutls_assert_val
|
||||
(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
|
||||
diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
|
||||
index 599eff8fb..8f0912e69 100644
|
||||
--- a/lib/ext/key_share.c
|
||||
+++ b/lib/ext/key_share.c
|
||||
@@ -504,11 +504,10 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
|
||||
|
||||
static int
|
||||
key_share_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
int ret;
|
||||
- ssize_t data_size = _data_size;
|
||||
- ssize_t size;
|
||||
+ size_t size;
|
||||
unsigned gid;
|
||||
const version_entry_st *ver;
|
||||
const gnutls_group_entry_st *group;
|
||||
diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c
|
||||
index dbb98cf62..3cada69be 100644
|
||||
--- a/lib/ext/max_record.c
|
||||
+++ b/lib/ext/max_record.c
|
||||
@@ -65,10 +65,9 @@ const hello_ext_entry_st ext_mod_max_record_size = {
|
||||
|
||||
static int
|
||||
_gnutls_max_record_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
ssize_t new_size;
|
||||
- ssize_t data_size = _data_size;
|
||||
|
||||
if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED)
|
||||
return 0;
|
||||
diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c
|
||||
index da7a55098..8d8effb43 100644
|
||||
--- a/lib/ext/psk_ke_modes.c
|
||||
+++ b/lib/ext/psk_ke_modes.c
|
||||
@@ -106,10 +106,9 @@ psk_ke_modes_send_params(gnutls_session_t session,
|
||||
*/
|
||||
static int
|
||||
psk_ke_modes_recv_params(gnutls_session_t session,
|
||||
- const unsigned char *data, size_t _len)
|
||||
+ const unsigned char *data, size_t len)
|
||||
{
|
||||
uint8_t ke_modes_len;
|
||||
- ssize_t len = _len;
|
||||
const version_entry_st *vers = get_version(session);
|
||||
gnutls_psk_server_credentials_t cred;
|
||||
int dhpsk_pos = MAX_POS;
|
||||
diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c
|
||||
index e9fe6a1d8..0e94fece3 100644
|
||||
--- a/lib/ext/record_size_limit.c
|
||||
+++ b/lib/ext/record_size_limit.c
|
||||
@@ -48,10 +48,9 @@ const hello_ext_entry_st ext_mod_record_size_limit = {
|
||||
|
||||
static int
|
||||
_gnutls_record_size_limit_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
ssize_t new_size;
|
||||
- ssize_t data_size = _data_size;
|
||||
const version_entry_st *vers;
|
||||
|
||||
DECR_LEN(data_size, 2);
|
||||
diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
|
||||
index 6424f45b5..bb4a57e45 100644
|
||||
--- a/lib/ext/safe_renegotiation.c
|
||||
+++ b/lib/ext/safe_renegotiation.c
|
||||
@@ -265,10 +265,9 @@ int _gnutls_ext_sr_send_cs(gnutls_session_t session)
|
||||
|
||||
static int
|
||||
_gnutls_sr_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
unsigned int len;
|
||||
- ssize_t data_size = _data_size;
|
||||
sr_ext_st *priv;
|
||||
gnutls_ext_priv_data_t epriv;
|
||||
int set = 0, ret;
|
||||
diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c
|
||||
index dbcb3971b..864a44bbc 100644
|
||||
--- a/lib/ext/server_cert_type.c
|
||||
+++ b/lib/ext/server_cert_type.c
|
||||
@@ -73,7 +73,6 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
|
||||
gnutls_certificate_type_t cert_type;
|
||||
|
||||
uint8_t i, found = 0;
|
||||
- ssize_t len = data_size;
|
||||
const uint8_t* pdata = data;
|
||||
|
||||
/* Only activate this extension if we have cert credentials set
|
||||
@@ -86,7 +85,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
|
||||
|
||||
/* Compare packet length with expected packet length. For the
|
||||
* client this is a single byte. */
|
||||
- if (len != 1) {
|
||||
+ if (data_size != 1) {
|
||||
return
|
||||
gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
}
|
||||
@@ -135,8 +134,8 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
|
||||
|
||||
} else { // server mode
|
||||
// Compare packet length with expected packet length.
|
||||
- DECR_LEN(len, 1);
|
||||
- if (data[0] != len) {
|
||||
+ DECR_LEN(data_size, 1);
|
||||
+ if (data[0] != data_size) {
|
||||
return
|
||||
gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
}
|
||||
@@ -144,7 +143,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
|
||||
|
||||
// Assign the contents of our data buffer to a gnutls_datum_t
|
||||
cert_types.data = (uint8_t*)pdata; // Need casting to get rid of 'discards const qualifier' warning
|
||||
- cert_types.size = len;
|
||||
+ cert_types.size = data_size;
|
||||
|
||||
// Store the server certificate types in our session
|
||||
_gnutls_hello_ext_set_datum(session,
|
||||
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
|
||||
index 259dc998e..0c6331569 100644
|
||||
--- a/lib/ext/server_name.c
|
||||
+++ b/lib/ext/server_name.c
|
||||
@@ -66,11 +66,10 @@ const hello_ext_entry_st ext_mod_server_name = {
|
||||
*/
|
||||
static int
|
||||
_gnutls_server_name_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
const unsigned char *p;
|
||||
uint16_t len, type;
|
||||
- ssize_t data_size = _data_size;
|
||||
gnutls_datum_t name;
|
||||
|
||||
if (session->security_parameters.entity == GNUTLS_SERVER) {
|
||||
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
|
||||
index 98db39ff8..263273fa2 100644
|
||||
--- a/lib/ext/session_ticket.c
|
||||
+++ b/lib/ext/session_ticket.c
|
||||
@@ -78,7 +78,7 @@ static int
|
||||
unpack_ticket(const gnutls_datum_t *ticket_data, struct ticket_st *ticket)
|
||||
{
|
||||
const uint8_t * data = ticket_data->data;
|
||||
- ssize_t data_size = ticket_data->size;
|
||||
+ size_t data_size = ticket_data->size;
|
||||
const uint8_t *encrypted_state;
|
||||
|
||||
/* Format:
|
||||
@@ -371,11 +371,10 @@ unpack_session(gnutls_session_t session, const gnutls_datum_t *state)
|
||||
|
||||
static int
|
||||
session_ticket_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
gnutls_datum_t ticket_data;
|
||||
gnutls_datum_t state;
|
||||
- ssize_t data_size = _data_size;
|
||||
int ret;
|
||||
|
||||
if (session->internals.flags & GNUTLS_NO_TICKETS)
|
||||
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
|
||||
index e734d2c7d..a90f58d53 100644
|
||||
--- a/lib/ext/signature.c
|
||||
+++ b/lib/ext/signature.c
|
||||
@@ -187,9 +187,8 @@ _gnutls_sign_algorithm_parse_data(gnutls_session_t session,
|
||||
static int
|
||||
_gnutls_signature_algorithm_recv_params(gnutls_session_t session,
|
||||
const uint8_t * data,
|
||||
- size_t _data_size)
|
||||
+ size_t data_size)
|
||||
{
|
||||
- ssize_t data_size = _data_size;
|
||||
int ret;
|
||||
|
||||
if (session->security_parameters.entity == GNUTLS_CLIENT) {
|
||||
diff --git a/lib/ext/srp.c b/lib/ext/srp.c
|
||||
index 8b58222e0..07f6e6883 100644
|
||||
--- a/lib/ext/srp.c
|
||||
+++ b/lib/ext/srp.c
|
||||
@@ -59,10 +59,9 @@ const hello_ext_entry_st ext_mod_srp = {
|
||||
|
||||
static int
|
||||
_gnutls_srp_recv_params(gnutls_session_t session, const uint8_t * data,
|
||||
- size_t _data_size)
|
||||
+ size_t data_size)
|
||||
{
|
||||
uint8_t len;
|
||||
- ssize_t data_size = _data_size;
|
||||
gnutls_ext_priv_data_t epriv;
|
||||
srp_ext_st *priv;
|
||||
|
||||
diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
|
||||
index 3fc7ed35a..412e26d45 100644
|
||||
--- a/lib/ext/srtp.c
|
||||
+++ b/lib/ext/srtp.c
|
||||
@@ -162,13 +162,12 @@ const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile)
|
||||
|
||||
static int
|
||||
_gnutls_srtp_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
unsigned int i;
|
||||
int ret;
|
||||
const uint8_t *p = data;
|
||||
- int len;
|
||||
- ssize_t data_size = _data_size;
|
||||
+ size_t len;
|
||||
srtp_ext_st *priv;
|
||||
gnutls_ext_priv_data_t epriv;
|
||||
uint16_t profile;
|
||||
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
|
||||
index d8779e8cf..cf9d5bd03 100644
|
||||
--- a/lib/ext/status_request.c
|
||||
+++ b/lib/ext/status_request.c
|
||||
@@ -86,9 +86,8 @@ client_send(gnutls_session_t session,
|
||||
static int
|
||||
server_recv(gnutls_session_t session,
|
||||
status_request_ext_st * priv,
|
||||
- const uint8_t * data, size_t size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
- ssize_t data_size = size;
|
||||
unsigned rid_bytes = 0;
|
||||
|
||||
/* minimum message is type (1) + responder_id_list (2) +
|
||||
diff --git a/lib/ext/supported_groups.c b/lib/ext/supported_groups.c
|
||||
index 952d3bb0c..ef7859f73 100644
|
||||
--- a/lib/ext/supported_groups.c
|
||||
+++ b/lib/ext/supported_groups.c
|
||||
@@ -93,10 +93,9 @@ static unsigned get_min_dh(gnutls_session_t session)
|
||||
*/
|
||||
static int
|
||||
_gnutls_supported_groups_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
int i;
|
||||
- ssize_t data_size = _data_size;
|
||||
uint16_t len;
|
||||
const uint8_t *p = data;
|
||||
const gnutls_group_entry_st *group = NULL;
|
||||
diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c
|
||||
index 52828ee37..8d52fad5c 100644
|
||||
--- a/lib/ext/supported_versions.c
|
||||
+++ b/lib/ext/supported_versions.c
|
||||
@@ -54,12 +54,11 @@ const hello_ext_entry_st ext_mod_supported_versions = {
|
||||
|
||||
static int
|
||||
supported_versions_recv_params(gnutls_session_t session,
|
||||
- const uint8_t * data, size_t _data_size)
|
||||
+ const uint8_t * data, size_t data_size)
|
||||
{
|
||||
const version_entry_st *vers;
|
||||
- ssize_t data_size = _data_size;
|
||||
uint8_t major, minor;
|
||||
- ssize_t bytes;
|
||||
+ size_t bytes;
|
||||
int ret;
|
||||
|
||||
if (session->security_parameters.entity == GNUTLS_SERVER) {
|
||||
diff --git a/lib/extv.c b/lib/extv.c
|
||||
index bfdfdf974..0c0c46f32 100644
|
||||
--- a/lib/extv.c
|
||||
+++ b/lib/extv.c
|
||||
@@ -105,7 +105,7 @@ int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
|
||||
const gnutls_datum_t *data, unsigned int flags)
|
||||
{
|
||||
if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
|
||||
- ssize_t size = data->size;
|
||||
+ size_t size = data->size;
|
||||
size_t len;
|
||||
uint8_t *p = data->data;
|
||||
|
||||
@@ -137,12 +137,12 @@ int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
|
||||
DECR_LEN(size, len);
|
||||
p += len;
|
||||
|
||||
- if (size <= 0)
|
||||
+ if (size == 0)
|
||||
return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
|
||||
|
||||
return _gnutls_extv_parse(ctx, cb, p, size);
|
||||
} else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
|
||||
- ssize_t size = data->size;
|
||||
+ size_t size = data->size;
|
||||
size_t len;
|
||||
uint8_t *p = data->data;
|
||||
|
||||
@@ -181,7 +181,7 @@ int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
|
||||
DECR_LEN(size, len);
|
||||
p += len;
|
||||
|
||||
- if (size <= 0)
|
||||
+ if (size == 0)
|
||||
return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
|
||||
|
||||
return _gnutls_extv_parse(ctx, cb, p, size);
|
||||
diff --git a/lib/sslv2_compat.c b/lib/sslv2_compat.c
|
||||
index 6122d1098..9d247ba4c 100644
|
||||
--- a/lib/sslv2_compat.c
|
||||
+++ b/lib/sslv2_compat.c
|
||||
@@ -87,14 +87,13 @@ _gnutls_handshake_select_v2_suite(gnutls_session_t session,
|
||||
*/
|
||||
int
|
||||
_gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
|
||||
- unsigned int datalen)
|
||||
+ unsigned int len)
|
||||
{
|
||||
uint16_t session_id_len = 0;
|
||||
int pos = 0;
|
||||
int ret = 0, sret = 0;
|
||||
uint16_t sizeOfSuites;
|
||||
uint8_t rnd[GNUTLS_RANDOM_SIZE], major, minor;
|
||||
- int len = datalen;
|
||||
int neg_version;
|
||||
const version_entry_st *vers;
|
||||
uint16_t challenge;
|
||||
diff --git a/lib/supplemental.c b/lib/supplemental.c
|
||||
index cd90fa1fb..07b38cc93 100644
|
||||
--- a/lib/supplemental.c
|
||||
+++ b/lib/supplemental.c
|
||||
@@ -192,14 +192,14 @@ _gnutls_parse_supplemental(gnutls_session_t session,
|
||||
const uint8_t * data, int datalen)
|
||||
{
|
||||
const uint8_t *p = data;
|
||||
- ssize_t dsize = datalen;
|
||||
+ size_t dsize = datalen;
|
||||
size_t total_size;
|
||||
|
||||
DECR_LEN(dsize, 3);
|
||||
total_size = _gnutls_read_uint24(p);
|
||||
p += 3;
|
||||
|
||||
- if (dsize != (ssize_t) total_size) {
|
||||
+ if (dsize != total_size) {
|
||||
gnutls_assert();
|
||||
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
||||
}
|
||||
diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
|
||||
index bd257237f..8a1a11872 100644
|
||||
--- a/lib/tls13/certificate.c
|
||||
+++ b/lib/tls13/certificate.c
|
||||
@@ -360,11 +360,12 @@ static int parse_cert_extension(void *_ctx, unsigned tls_id, const uint8_t *data
|
||||
static int
|
||||
parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size)
|
||||
{
|
||||
- int len, ret;
|
||||
+ int ret;
|
||||
+ size_t len;
|
||||
uint8_t *p = data;
|
||||
cert_auth_info_t info;
|
||||
gnutls_certificate_credentials_t cred;
|
||||
- ssize_t dsize = data_size, size;
|
||||
+ size_t size;
|
||||
int i;
|
||||
unsigned npeer_certs, npeer_ocsp, j;
|
||||
crt_cert_ctx_st ctx;
|
||||
@@ -395,31 +396,31 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size)
|
||||
if (info == NULL)
|
||||
return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
|
||||
|
||||
- DECR_LEN(dsize, 3);
|
||||
+ DECR_LEN(data_size, 3);
|
||||
size = _gnutls_read_uint24(p);
|
||||
p += 3;
|
||||
|
||||
- if (size != dsize)
|
||||
+ if (size != data_size)
|
||||
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
|
||||
if (size == 0)
|
||||
return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
|
||||
|
||||
- i = dsize;
|
||||
+ i = data_size;
|
||||
|
||||
while (i > 0) {
|
||||
- DECR_LEN(dsize, 3);
|
||||
+ DECR_LEN(data_size, 3);
|
||||
len = _gnutls_read_uint24(p);
|
||||
if (len == 0)
|
||||
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
|
||||
- DECR_LEN(dsize, len);
|
||||
+ DECR_LEN(data_size, len);
|
||||
p += len + 3;
|
||||
i -= len + 3;
|
||||
|
||||
- DECR_LEN(dsize, 2);
|
||||
+ DECR_LEN(data_size, 2);
|
||||
len = _gnutls_read_uint16(p);
|
||||
- DECR_LEN(dsize, len);
|
||||
+ DECR_LEN(data_size, len);
|
||||
|
||||
i -= len + 2;
|
||||
p += len + 2;
|
||||
@@ -427,7 +428,7 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size)
|
||||
nentries++;
|
||||
}
|
||||
|
||||
- if (dsize != 0)
|
||||
+ if (data_size != 0)
|
||||
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||||
|
||||
/* this is unnecessary - keeping to avoid a regression due to a re-org
|
||||
diff --git a/lib/tls13/psk_ext_parser.c b/lib/tls13/psk_ext_parser.c
|
||||
index 6e3a12f90..33ebc0461 100644
|
||||
--- a/lib/tls13/psk_ext_parser.c
|
||||
+++ b/lib/tls13/psk_ext_parser.c
|
||||
@@ -28,10 +28,8 @@
|
||||
* are present, or 0, on success.
|
||||
*/
|
||||
int _gnutls13_psk_ext_parser_init(psk_ext_parser_st *p,
|
||||
- const unsigned char *data, size_t _len)
|
||||
+ const unsigned char *data, size_t len)
|
||||
{
|
||||
- ssize_t len = _len;
|
||||
-
|
||||
if (!p || !data || !len)
|
||||
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||
|
||||
diff --git a/lib/tls13/psk_ext_parser.h b/lib/tls13/psk_ext_parser.h
|
||||
index 30b47e904..f46b211e0 100644
|
||||
--- a/lib/tls13/psk_ext_parser.h
|
||||
+++ b/lib/tls13/psk_ext_parser.h
|
||||
@@ -25,10 +25,10 @@
|
||||
|
||||
struct psk_ext_parser_st {
|
||||
const unsigned char *identities_data;
|
||||
- ssize_t identities_len;
|
||||
+ size_t identities_len;
|
||||
|
||||
const unsigned char *binders_data;
|
||||
- ssize_t binders_len;
|
||||
+ size_t binders_len;
|
||||
};
|
||||
|
||||
typedef struct psk_ext_parser_st psk_ext_parser_st;
|
||||
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
|
||||
index 146aee9b1..072a56d9c 100644
|
||||
--- a/lib/tls13/session_ticket.c
|
||||
+++ b/lib/tls13/session_ticket.c
|
||||
@@ -105,7 +105,7 @@ unpack_ticket(gnutls_session_t session, gnutls_datum_t *packed, tls13_ticket_st
|
||||
gnutls_mac_algorithm_t kdf;
|
||||
const mac_entry_st *prf;
|
||||
uint8_t *p;
|
||||
- ssize_t len;
|
||||
+ size_t len;
|
||||
uint64_t v;
|
||||
int ret;
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,36 +0,0 @@
|
||||
From facea2b7659e11efce7014bda8800574d35dd05d Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Wed, 12 Jun 2019 14:02:05 +0200
|
||||
Subject: [PATCH] fips: run selftests over overridden AES-CBC algorithm
|
||||
|
||||
Previously, we only tested nettle's AES-CBC in
|
||||
_gnutls_fips_perform_self_checks1(), which is called before the
|
||||
implementation is overridden. This adds an AES-CBC self-test in
|
||||
_gnutls_fips_perform_self_checks2() so it can test the actual
|
||||
implementation.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/fips.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/lib/fips.c b/lib/fips.c
|
||||
index b92edbbd7..902af5674 100644
|
||||
--- a/lib/fips.c
|
||||
+++ b/lib/fips.c
|
||||
@@ -317,6 +317,12 @@ int _gnutls_fips_perform_self_checks2(void)
|
||||
goto error;
|
||||
}
|
||||
|
||||
+ ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
--
|
||||
2.20.1
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,203 +0,0 @@
|
||||
From c7a419e7868fd9342c1799a04d21c2ff6292c405 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Fri, 21 Jun 2019 15:49:26 +0200
|
||||
Subject: [PATCH] nettle/rnd-fips: add FIPS 140-2 continuous RNG test
|
||||
|
||||
This adds a continuous random number generator test as defined in FIPS
|
||||
140-2 4.9.2, by iteratively fetching fixed sized block from the system
|
||||
and comparing consecutive blocks.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/nettle/rnd-fips.c | 102 +++++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 81 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
|
||||
index ee68cf68d..ccb92d25a 100644
|
||||
--- a/lib/nettle/rnd-fips.c
|
||||
+++ b/lib/nettle/rnd-fips.c
|
||||
@@ -27,12 +27,13 @@
|
||||
|
||||
#include "gnutls_int.h"
|
||||
#include "errors.h"
|
||||
-#include <nettle/aes.h>
|
||||
-#include <nettle/memxor.h>
|
||||
-#include <locks.h>
|
||||
+#include <nettle/sha2.h>
|
||||
#include <atfork.h>
|
||||
#include <rnd-common.h>
|
||||
|
||||
+/* The block size is chosen arbitrarily */
|
||||
+#define ENTROPY_BLOCK_SIZE SHA256_DIGEST_SIZE
|
||||
+
|
||||
/* This provides a random generator for gnutls. It uses
|
||||
* two instances of the DRBG-AES-CTR generator, one for
|
||||
* nonce level and another for the other levels of randomness.
|
||||
@@ -41,11 +42,13 @@ struct fips_ctx {
|
||||
struct drbg_aes_ctx nonce_context;
|
||||
struct drbg_aes_ctx normal_context;
|
||||
unsigned int forkid;
|
||||
+ uint8_t entropy_hash[SHA256_DIGEST_SIZE];
|
||||
};
|
||||
|
||||
static int _rngfips_ctx_reinit(struct fips_ctx *fctx);
|
||||
static int _rngfips_ctx_init(struct fips_ctx *fctx);
|
||||
-static int drbg_reseed(struct drbg_aes_ctx *ctx);
|
||||
+static int drbg_reseed(struct fips_ctx *fctx, struct drbg_aes_ctx *ctx);
|
||||
+static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length);
|
||||
|
||||
static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx,
|
||||
void *buffer, size_t length)
|
||||
@@ -59,7 +62,7 @@ static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx,
|
||||
}
|
||||
|
||||
if (ctx->reseed_counter > DRBG_AES_RESEED_TIME) {
|
||||
- ret = drbg_reseed(ctx);
|
||||
+ ret = drbg_reseed(fctx, ctx);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
@@ -71,54 +74,111 @@ static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length)
|
||||
+{
|
||||
+ int ret;
|
||||
+ uint8_t block[ENTROPY_BLOCK_SIZE];
|
||||
+ uint8_t hash[SHA256_DIGEST_SIZE];
|
||||
+ struct sha256_ctx ctx;
|
||||
+ size_t total = 0;
|
||||
+
|
||||
+ /* For FIPS 140-2 4.9.2 continuous random number generator
|
||||
+ * test, iteratively fetch fixed sized block from the system
|
||||
+ * RNG and compare consecutive blocks.
|
||||
+ *
|
||||
+ * Note that we store the hash of the entropy block rather
|
||||
+ * than the block itself for backward secrecy.
|
||||
+ */
|
||||
+ while (total < length) {
|
||||
+ ret = _rnd_get_system_entropy(block, ENTROPY_BLOCK_SIZE);
|
||||
+ if (ret < 0)
|
||||
+ return gnutls_assert_val(ret);
|
||||
+
|
||||
+ sha256_init(&ctx);
|
||||
+ sha256_update(&ctx, sizeof(block), block);
|
||||
+ sha256_digest(&ctx, sizeof(hash), hash);
|
||||
+
|
||||
+ if (memcmp(hash, fctx->entropy_hash, sizeof(hash)) == 0) {
|
||||
+ _gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
+ return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
||||
+ }
|
||||
+ memcpy(fctx->entropy_hash, hash, sizeof(hash));
|
||||
+
|
||||
+ memcpy(buffer, block, MIN(length - total, sizeof(block)));
|
||||
+ total += sizeof(block);
|
||||
+ buffer += sizeof(block);
|
||||
+ }
|
||||
+ zeroize_key(block, sizeof(block));
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
#define PSTRING "gnutls-rng"
|
||||
#define PSTRING_SIZE (sizeof(PSTRING)-1)
|
||||
-static int drbg_init(struct drbg_aes_ctx *ctx)
|
||||
+static int drbg_init(struct fips_ctx *fctx, struct drbg_aes_ctx *ctx)
|
||||
{
|
||||
uint8_t buffer[DRBG_AES_SEED_SIZE];
|
||||
int ret;
|
||||
|
||||
- /* Get a key from the standard RNG or from the entropy source. */
|
||||
- ret = _rnd_get_system_entropy(buffer, sizeof(buffer));
|
||||
+ ret = get_entropy(fctx, buffer, sizeof(buffer));
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
- ret = drbg_aes_init(ctx, sizeof(buffer), buffer, PSTRING_SIZE, (void*)PSTRING);
|
||||
+ ret = drbg_aes_init(ctx, sizeof(buffer), buffer,
|
||||
+ PSTRING_SIZE, (void*)PSTRING);
|
||||
+ zeroize_key(buffer, sizeof(buffer));
|
||||
if (ret == 0)
|
||||
return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
||||
|
||||
- zeroize_key(buffer, sizeof(buffer));
|
||||
-
|
||||
- return 0;
|
||||
+ return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
|
||||
/* Reseed a generator. */
|
||||
-static int drbg_reseed(struct drbg_aes_ctx *ctx)
|
||||
+static int drbg_reseed(struct fips_ctx *fctx, struct drbg_aes_ctx *ctx)
|
||||
{
|
||||
uint8_t buffer[DRBG_AES_SEED_SIZE];
|
||||
int ret;
|
||||
|
||||
- /* The other two generators are seeded from /dev/random. */
|
||||
- ret = _rnd_get_system_entropy(buffer, sizeof(buffer));
|
||||
+ ret = get_entropy(fctx, buffer, sizeof(buffer));
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
- drbg_aes_reseed(ctx, sizeof(buffer), buffer, 0, NULL);
|
||||
+ ret = drbg_aes_reseed(ctx, sizeof(buffer), buffer, 0, NULL);
|
||||
+ zeroize_key(buffer, sizeof(buffer));
|
||||
+ if (ret == 0)
|
||||
+ return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
||||
|
||||
- return 0;
|
||||
+ return GNUTLS_E_SUCCESS;
|
||||
}
|
||||
|
||||
static int _rngfips_ctx_init(struct fips_ctx *fctx)
|
||||
{
|
||||
+ uint8_t block[ENTROPY_BLOCK_SIZE];
|
||||
+ struct sha256_ctx ctx;
|
||||
int ret;
|
||||
|
||||
+ /* For FIPS 140-2 4.9.2 continuous random number generator
|
||||
+ * test, get the initial entropy from the system RNG and keep
|
||||
+ * it for comparison.
|
||||
+ *
|
||||
+ * Note that we store the hash of the entropy block rather
|
||||
+ * than the block itself for backward secrecy.
|
||||
+ */
|
||||
+ ret = _rnd_get_system_entropy(block, sizeof(block));
|
||||
+ if (ret < 0)
|
||||
+ return gnutls_assert_val(ret);
|
||||
+ sha256_init(&ctx);
|
||||
+ sha256_update(&ctx, sizeof(block), block);
|
||||
+ zeroize_key(block, sizeof(block));
|
||||
+ sha256_digest(&ctx, sizeof(fctx->entropy_hash), fctx->entropy_hash);
|
||||
+
|
||||
/* normal */
|
||||
- ret = drbg_init(&fctx->normal_context);
|
||||
+ ret = drbg_init(fctx, &fctx->normal_context);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
/* nonce */
|
||||
- ret = drbg_init(&fctx->nonce_context);
|
||||
+ ret = drbg_init(fctx, &fctx->nonce_context);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
@@ -132,12 +192,12 @@ static int _rngfips_ctx_reinit(struct fips_ctx *fctx)
|
||||
int ret;
|
||||
|
||||
/* normal */
|
||||
- ret = drbg_reseed(&fctx->normal_context);
|
||||
+ ret = drbg_reseed(fctx, &fctx->normal_context);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
/* nonce */
|
||||
- ret = drbg_reseed(&fctx->nonce_context);
|
||||
+ ret = drbg_reseed(fctx, &fctx->nonce_context);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,124 +0,0 @@
|
||||
From fbb6dd2a65c6fc7a2e9bd82fe66fde54f6cf2952 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Fri, 16 Aug 2019 17:01:05 +0200
|
||||
Subject: [PATCH] nettle: disable RSA blinding in FIPS selftests
|
||||
|
||||
Nettle's RSA signing, encryption and decryption functions still
|
||||
require randomness for blinding, so fallback to use a fixed buffer in
|
||||
selftests where entropy might not be available.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/nettle/pk.c | 37 +++++++++++++++++++++++++++++++++----
|
||||
1 file changed, 33 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index b2d27cf74..772fcdc21 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -94,6 +94,15 @@ static void rnd_mpz_func(void *_ctx, size_t length, uint8_t * data)
|
||||
nettle_mpz_get_str_256 (length, data, *k);
|
||||
}
|
||||
|
||||
+static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t * data)
|
||||
+{
|
||||
+ if (unlikely(_gnutls_get_lib_state() != LIB_STATE_SELFTEST)) {
|
||||
+ _gnutls_switch_lib_state(LIB_STATE_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ memset(data, 0xAA, length);
|
||||
+}
|
||||
+
|
||||
static void
|
||||
ecc_scalar_zclear (struct ecc_scalar *s)
|
||||
{
|
||||
@@ -435,6 +444,7 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
|
||||
case GNUTLS_PK_RSA:
|
||||
{
|
||||
struct rsa_public_key pub;
|
||||
+ nettle_random_func *random_func;
|
||||
|
||||
ret = _rsa_params_to_pubkey(pk_params, &pub);
|
||||
if (ret < 0) {
|
||||
@@ -442,8 +452,12 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
|
||||
+ random_func = rnd_nonce_func_fallback;
|
||||
+ else
|
||||
+ random_func = rnd_nonce_func;
|
||||
ret =
|
||||
- rsa_encrypt(&pub, NULL, rnd_nonce_func,
|
||||
+ rsa_encrypt(&pub, NULL, random_func,
|
||||
plaintext->size, plaintext->data,
|
||||
p);
|
||||
if (ret == 0 || HAVE_LIB_ERROR()) {
|
||||
@@ -496,6 +510,7 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
|
||||
struct rsa_public_key pub;
|
||||
size_t length;
|
||||
bigint_t c;
|
||||
+ nettle_random_func *random_func;
|
||||
|
||||
_rsa_params_to_privkey(pk_params, &priv);
|
||||
ret = _rsa_params_to_pubkey(pk_params, &pub);
|
||||
@@ -526,8 +541,12 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
|
||||
+ random_func = rnd_nonce_func_fallback;
|
||||
+ else
|
||||
+ random_func = rnd_nonce_func;
|
||||
ret =
|
||||
- rsa_decrypt_tr(&pub, &priv, NULL, rnd_nonce_func,
|
||||
+ rsa_decrypt_tr(&pub, &priv, NULL, random_func,
|
||||
&length, plaintext->data,
|
||||
TOMPZ(c));
|
||||
_gnutls_mpi_release(&c);
|
||||
@@ -573,6 +592,7 @@ _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
|
||||
bigint_t c;
|
||||
uint32_t is_err;
|
||||
int ret;
|
||||
+ nettle_random_func *random_func;
|
||||
|
||||
if (algo != GNUTLS_PK_RSA || plaintext == NULL) {
|
||||
gnutls_assert();
|
||||
@@ -592,7 +612,11 @@ _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
|
||||
return gnutls_assert_val (GNUTLS_E_MPI_SCAN_FAILED);
|
||||
}
|
||||
|
||||
- ret = rsa_sec_decrypt(&pub, &priv, NULL, rnd_nonce_func,
|
||||
+ if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
|
||||
+ random_func = rnd_nonce_func_fallback;
|
||||
+ else
|
||||
+ random_func = rnd_nonce_func;
|
||||
+ ret = rsa_sec_decrypt(&pub, &priv, NULL, random_func,
|
||||
plaintext_size, plaintext, TOMPZ(c));
|
||||
/* after this point, any conditional on failure that cause differences
|
||||
* in execution may create a timing or cache access pattern side
|
||||
@@ -942,6 +966,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||
{
|
||||
struct rsa_private_key priv;
|
||||
struct rsa_public_key pub;
|
||||
+ nettle_random_func *random_func;
|
||||
mpz_t s;
|
||||
|
||||
_rsa_params_to_privkey(pk_params, &priv);
|
||||
@@ -952,8 +977,12 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||
|
||||
mpz_init(s);
|
||||
|
||||
+ if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
|
||||
+ random_func = rnd_nonce_func_fallback;
|
||||
+ else
|
||||
+ random_func = rnd_nonce_func;
|
||||
ret =
|
||||
- rsa_pkcs1_sign_tr(&pub, &priv, NULL, rnd_nonce_func,
|
||||
+ rsa_pkcs1_sign_tr(&pub, &priv, NULL, random_func,
|
||||
vdata->size, vdata->data, s);
|
||||
if (ret == 0 || HAVE_LIB_ERROR()) {
|
||||
gnutls_assert();
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,767 +0,0 @@
|
||||
From bbb312749780928cc10b45662c6d7eadcaa98f0b Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Thu, 3 Oct 2019 10:34:18 +0200
|
||||
Subject: [PATCH 1/3] iov: _gnutls_iov_iter_next: return bytes instead of
|
||||
blocks
|
||||
|
||||
This eliminates the need of special handling of final block. Also
|
||||
adds more tests in exceptional cases.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/crypto-api.c | 82 +++++-------------------------
|
||||
lib/iov.c | 31 +++++++++---
|
||||
tests/iov.c | 126 ++++++++++++++++++++++++++++++++---------------
|
||||
3 files changed, 121 insertions(+), 118 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
||||
index 09b3d7bfc..41e759b74 100644
|
||||
--- a/lib/crypto-api.c
|
||||
+++ b/lib/crypto-api.c
|
||||
@@ -992,9 +992,9 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
uint8_t *dst;
|
||||
size_t dst_size, total = 0;
|
||||
uint8_t *p;
|
||||
+ size_t len;
|
||||
size_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
struct iov_iter_st iter;
|
||||
- size_t blocks;
|
||||
|
||||
/* Limitation: this function provides an optimization under the internally registered
|
||||
* AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(),
|
||||
@@ -1045,15 +1045,7 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- blocks = ret;
|
||||
- ret = _gnutls_cipher_auth(&handle->ctx_enc, p,
|
||||
- blocksize * blocks);
|
||||
- if (unlikely(ret < 0))
|
||||
- return gnutls_assert_val(ret);
|
||||
- }
|
||||
- if (iter.block_offset > 0) {
|
||||
- ret = _gnutls_cipher_auth(&handle->ctx_enc,
|
||||
- iter.block, iter.block_offset);
|
||||
+ ret = _gnutls_cipher_auth(&handle->ctx_enc, p, ret);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
@@ -1070,29 +1062,15 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- blocks = ret;
|
||||
- if (unlikely(dst_size < blocksize * blocks))
|
||||
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||
- ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, p,
|
||||
- blocksize * blocks,
|
||||
- dst, dst_size);
|
||||
- if (unlikely(ret < 0))
|
||||
- return gnutls_assert_val(ret);
|
||||
- DECR_LEN(dst_size, blocksize * blocks);
|
||||
- dst += blocksize * blocks;
|
||||
- total += blocksize * blocks;
|
||||
- }
|
||||
- if (iter.block_offset > 0) {
|
||||
- if (unlikely(dst_size < iter.block_offset))
|
||||
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||
+ len = ret;
|
||||
ret = _gnutls_cipher_encrypt2(&handle->ctx_enc,
|
||||
- iter.block, iter.block_offset,
|
||||
+ p, len,
|
||||
dst, dst_size);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
- DECR_LEN(dst_size, iter.block_offset);
|
||||
- dst += iter.block_offset;
|
||||
- total += iter.block_offset;
|
||||
+ DECR_LEN(dst_size, len);
|
||||
+ dst += len;
|
||||
+ total += len;
|
||||
}
|
||||
|
||||
if (dst_size < tag_size)
|
||||
@@ -1137,7 +1115,6 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
uint8_t *p;
|
||||
ssize_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
struct iov_iter_st iter;
|
||||
- size_t blocks;
|
||||
size_t _tag_size;
|
||||
|
||||
if (tag_size == NULL || *tag_size == 0)
|
||||
@@ -1220,15 +1197,7 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- blocks = ret;
|
||||
- ret = _gnutls_cipher_auth(&handle->ctx_enc, p,
|
||||
- blocksize * blocks);
|
||||
- if (unlikely(ret < 0))
|
||||
- return gnutls_assert_val(ret);
|
||||
- }
|
||||
- if (iter.block_offset > 0) {
|
||||
- ret = _gnutls_cipher_auth(&handle->ctx_enc,
|
||||
- iter.block, iter.block_offset);
|
||||
+ ret = _gnutls_cipher_auth(&handle->ctx_enc, p, ret);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
@@ -1242,17 +1211,7 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- blocks = ret;
|
||||
- ret = _gnutls_cipher_encrypt2(&handle->ctx_enc,
|
||||
- p, blocksize * blocks,
|
||||
- p, blocksize * blocks);
|
||||
- if (unlikely(ret < 0))
|
||||
- return gnutls_assert_val(ret);
|
||||
- }
|
||||
- if (iter.block_offset > 0) {
|
||||
- ret = _gnutls_cipher_encrypt2(&handle->ctx_enc,
|
||||
- iter.block, iter.block_offset,
|
||||
- iter.block, iter.block_offset);
|
||||
+ ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, p, ret, p, ret);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
@@ -1296,7 +1255,6 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
uint8_t *p;
|
||||
ssize_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
struct iov_iter_st iter;
|
||||
- size_t blocks;
|
||||
uint8_t _tag[MAX_HASH_SIZE];
|
||||
|
||||
if (tag_size == 0)
|
||||
@@ -1370,15 +1328,7 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- blocks = ret;
|
||||
- ret = _gnutls_cipher_auth(&handle->ctx_enc, p,
|
||||
- blocksize * blocks);
|
||||
- if (unlikely(ret < 0))
|
||||
- return gnutls_assert_val(ret);
|
||||
- }
|
||||
- if (iter.block_offset > 0) {
|
||||
- ret = _gnutls_cipher_auth(&handle->ctx_enc,
|
||||
- iter.block, iter.block_offset);
|
||||
+ ret = _gnutls_cipher_auth(&handle->ctx_enc, p, ret);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
@@ -1392,17 +1342,7 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- blocks = ret;
|
||||
- ret = _gnutls_cipher_decrypt2(&handle->ctx_enc,
|
||||
- p, blocksize * blocks,
|
||||
- p, blocksize * blocks);
|
||||
- if (unlikely(ret < 0))
|
||||
- return gnutls_assert_val(ret);
|
||||
- }
|
||||
- if (iter.block_offset > 0) {
|
||||
- ret = _gnutls_cipher_decrypt2(&handle->ctx_enc,
|
||||
- iter.block, iter.block_offset,
|
||||
- iter.block, iter.block_offset);
|
||||
+ ret = _gnutls_cipher_decrypt2(&handle->ctx_enc, p, ret, p, ret);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
diff --git a/lib/iov.c b/lib/iov.c
|
||||
index 5dc29c54b..17272886c 100644
|
||||
--- a/lib/iov.c
|
||||
+++ b/lib/iov.c
|
||||
@@ -58,8 +58,8 @@ _gnutls_iov_iter_init(struct iov_iter_st *iter,
|
||||
* @data: the return location of extracted data
|
||||
*
|
||||
* Retrieve block(s) pointed by @iter and advance it to the next
|
||||
- * position. It returns the number of consecutive blocks in @data.
|
||||
- * At the end of iteration, 0 is returned.
|
||||
+ * position. It returns the number of bytes in @data. At the end of
|
||||
+ * iteration, 0 is returned.
|
||||
*
|
||||
* If the data stored in @iter is not multiple of the block size, the
|
||||
* remaining data is stored in the "block" field of @iter with the
|
||||
@@ -88,25 +88,30 @@ _gnutls_iov_iter_next(struct iov_iter_st *iter, uint8_t **data)
|
||||
if ((len % iter->block_size) == 0) {
|
||||
iter->iov_index++;
|
||||
iter->iov_offset = 0;
|
||||
- } else
|
||||
- iter->iov_offset +=
|
||||
- len - (len % iter->block_size);
|
||||
+ } else {
|
||||
+ len -= (len % iter->block_size);
|
||||
+ iter->iov_offset += len;
|
||||
+ }
|
||||
|
||||
/* Return the blocks. */
|
||||
*data = p;
|
||||
- return len / iter->block_size;
|
||||
+ return len;
|
||||
}
|
||||
|
||||
/* We can complete one full block to return. */
|
||||
block_left = iter->block_size - iter->block_offset;
|
||||
if (len >= block_left) {
|
||||
memcpy(iter->block + iter->block_offset, p, block_left);
|
||||
- iter->iov_offset += block_left;
|
||||
+ if (len == block_left) {
|
||||
+ iter->iov_index++;
|
||||
+ iter->iov_offset = 0;
|
||||
+ } else
|
||||
+ iter->iov_offset += block_left;
|
||||
iter->block_offset = 0;
|
||||
|
||||
/* Return the filled block. */
|
||||
*data = iter->block;
|
||||
- return 1;
|
||||
+ return iter->block_size;
|
||||
}
|
||||
|
||||
/* Not enough data for a full block, store in temp
|
||||
@@ -116,5 +121,15 @@ _gnutls_iov_iter_next(struct iov_iter_st *iter, uint8_t **data)
|
||||
iter->iov_index++;
|
||||
iter->iov_offset = 0;
|
||||
}
|
||||
+
|
||||
+ if (iter->block_offset > 0) {
|
||||
+ size_t len = iter->block_offset;
|
||||
+
|
||||
+ /* Return the incomplete block. */
|
||||
+ *data = iter->block;
|
||||
+ iter->block_offset = 0;
|
||||
+ return len;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
diff --git a/tests/iov.c b/tests/iov.c
|
||||
index eda5583a7..3d116b471 100644
|
||||
--- a/tests/iov.c
|
||||
+++ b/tests/iov.c
|
||||
@@ -32,7 +32,6 @@ struct exp_st {
|
||||
ssize_t ret;
|
||||
size_t iov_index;
|
||||
size_t iov_offset;
|
||||
- size_t block_offset;
|
||||
};
|
||||
|
||||
struct test_st {
|
||||
@@ -42,7 +41,6 @@ struct test_st {
|
||||
size_t block_size;
|
||||
const struct exp_st *exp;
|
||||
size_t expcnt;
|
||||
- size_t remaining;
|
||||
};
|
||||
|
||||
static const giovec_t iov16[] = {
|
||||
@@ -53,40 +51,41 @@ static const giovec_t iov16[] = {
|
||||
};
|
||||
|
||||
static const struct exp_st exp16_64[] = {
|
||||
- {1, 3, 16, 0},
|
||||
- {0, 0, 0, 0}
|
||||
+ {64, 4, 0},
|
||||
+ {0, 0, 0}
|
||||
};
|
||||
|
||||
static const struct exp_st exp16_32[] = {
|
||||
- {1, 1, 16, 0},
|
||||
- {1, 3, 16, 0},
|
||||
- {0, 0, 0, 0}
|
||||
+ {32, 2, 0},
|
||||
+ {32, 4, 0},
|
||||
+ {0, 0, 0}
|
||||
};
|
||||
|
||||
static const struct exp_st exp16_16[] = {
|
||||
- {1, 1, 0, 0},
|
||||
- {1, 2, 0, 0},
|
||||
- {1, 3, 0, 0},
|
||||
- {1, 4, 0, 0},
|
||||
- {0, 0, 0, 0}
|
||||
+ {16, 1, 0},
|
||||
+ {16, 2, 0},
|
||||
+ {16, 3, 0},
|
||||
+ {16, 4, 0},
|
||||
+ {0, 0, 0}
|
||||
};
|
||||
|
||||
static const struct exp_st exp16_4[] = {
|
||||
- {4, 1, 0, 0},
|
||||
- {4, 2, 0, 0},
|
||||
- {4, 3, 0, 0},
|
||||
- {4, 4, 0, 0},
|
||||
- {0, 0, 0, 0}
|
||||
+ {16, 1, 0},
|
||||
+ {16, 2, 0},
|
||||
+ {16, 3, 0},
|
||||
+ {16, 4, 0},
|
||||
+ {0, 0, 0}
|
||||
};
|
||||
|
||||
static const struct exp_st exp16_3[] = {
|
||||
- {5, 0, 15, 0},
|
||||
- {1, 1, 2, 0},
|
||||
- {4, 1, 14, 0},
|
||||
- {1, 2, 1, 0},
|
||||
- {5, 3, 0, 0},
|
||||
- {5, 3, 15, 0},
|
||||
- {0, 0, 0, 1}
|
||||
+ {15, 0, 15},
|
||||
+ {3, 1, 2},
|
||||
+ {12, 1, 14},
|
||||
+ {3, 2, 1},
|
||||
+ {15, 3, 0},
|
||||
+ {15, 3, 15},
|
||||
+ {1, 4, 0},
|
||||
+ {0, 0, 0}
|
||||
};
|
||||
|
||||
static const giovec_t iov8[] = {
|
||||
@@ -97,22 +96,74 @@ static const giovec_t iov8[] = {
|
||||
};
|
||||
|
||||
static const struct exp_st exp8_64[] = {
|
||||
- {0, 0, 0, 32}
|
||||
+ {32, 4, 0},
|
||||
+ {0, 0, 0}
|
||||
+};
|
||||
+
|
||||
+static const giovec_t iov_odd[] = {
|
||||
+ {(void *) "0", 1},
|
||||
+ {(void *) "012", 3},
|
||||
+ {(void *) "01234", 5},
|
||||
+ {(void *) "0123456", 7},
|
||||
+ {(void *) "012345678", 9},
|
||||
+ {(void *) "01234567890", 11},
|
||||
+ {(void *) "0123456789012", 13},
|
||||
+ {(void *) "012345678901234", 15}
|
||||
+};
|
||||
+
|
||||
+static const struct exp_st exp_odd_16[] = {
|
||||
+ {16, 4, 0},
|
||||
+ {16, 5, 7},
|
||||
+ {16, 6, 12},
|
||||
+ {16, 8, 0},
|
||||
+ {0, 0, 0}
|
||||
+};
|
||||
+
|
||||
+static const giovec_t iov_skip[] = {
|
||||
+ {(void *) "0123456789012345", 16},
|
||||
+ {(void *) "01234567", 8},
|
||||
+ {(void *) "", 0},
|
||||
+ {(void *) "", 0},
|
||||
+ {(void *) "0123456789012345", 16}
|
||||
+};
|
||||
+
|
||||
+static const struct exp_st exp_skip_16[] = {
|
||||
+ {16, 1, 0},
|
||||
+ {16, 4, 8},
|
||||
+ {8, 5, 0},
|
||||
+ {0, 0, 0}
|
||||
+};
|
||||
+
|
||||
+static const giovec_t iov_empty[] = {
|
||||
+ {(void *) "", 0},
|
||||
+ {(void *) "", 0},
|
||||
+ {(void *) "", 0},
|
||||
+ {(void *) "", 0}
|
||||
+};
|
||||
+
|
||||
+static const struct exp_st exp_empty_16[] = {
|
||||
+ {0, 0, 0}
|
||||
};
|
||||
|
||||
static const struct test_st tests[] = {
|
||||
{ "16/64", iov16, sizeof(iov16)/sizeof(iov16[0]), 64,
|
||||
- exp16_64, sizeof(exp16_64)/sizeof(exp16_64[0]), 0 },
|
||||
+ exp16_64, sizeof(exp16_64)/sizeof(exp16_64[0]) },
|
||||
{ "16/32", iov16, sizeof(iov16)/sizeof(iov16[0]), 32,
|
||||
- exp16_32, sizeof(exp16_32)/sizeof(exp16_32[0]), 0 },
|
||||
+ exp16_32, sizeof(exp16_32)/sizeof(exp16_32[0]) },
|
||||
{ "16/16", iov16, sizeof(iov16)/sizeof(iov16[0]), 16,
|
||||
- exp16_16, sizeof(exp16_16)/sizeof(exp16_16[0]), 0 },
|
||||
+ exp16_16, sizeof(exp16_16)/sizeof(exp16_16[0]) },
|
||||
{ "16/4", iov16, sizeof(iov16)/sizeof(iov16[0]), 4,
|
||||
- exp16_4, sizeof(exp16_4)/sizeof(exp16_4[0]), 0 },
|
||||
+ exp16_4, sizeof(exp16_4)/sizeof(exp16_4[0]) },
|
||||
{ "16/3", iov16, sizeof(iov16)/sizeof(iov16[0]), 3,
|
||||
- exp16_3, sizeof(exp16_3)/sizeof(exp16_3[0]), 1 },
|
||||
+ exp16_3, sizeof(exp16_3)/sizeof(exp16_3[0]) },
|
||||
{ "8/64", iov8, sizeof(iov8)/sizeof(iov8[0]), 64,
|
||||
- exp8_64, sizeof(exp8_64)/sizeof(exp8_64[0]), 32 }
|
||||
+ exp8_64, sizeof(exp8_64)/sizeof(exp8_64[0]) },
|
||||
+ { "odd/16", iov_odd, sizeof(iov_odd)/sizeof(iov_odd[0]), 16,
|
||||
+ exp_odd_16, sizeof(exp_odd_16)/sizeof(exp_odd_16[0]) },
|
||||
+ { "skip/16", iov_skip, sizeof(iov_skip)/sizeof(iov_skip[0]), 16,
|
||||
+ exp_skip_16, sizeof(exp_skip_16)/sizeof(exp_skip_16[0]) },
|
||||
+ { "empty/16", iov_empty, sizeof(iov_empty)/sizeof(iov_empty[0]), 16,
|
||||
+ exp_empty_16, sizeof(exp_empty_16)/sizeof(exp_empty_16[0]) },
|
||||
};
|
||||
|
||||
void
|
||||
@@ -155,16 +206,13 @@ doit (void)
|
||||
else if (debug)
|
||||
success("iter.iov_offset: %u == %u\n",
|
||||
(unsigned) iter.iov_offset, (unsigned) exp[j].iov_offset);
|
||||
- if (iter.block_offset != exp[j].block_offset)
|
||||
- fail("iter.block_offset: %u != %u\n",
|
||||
- (unsigned) iter.block_offset, (unsigned) exp[j].block_offset);
|
||||
+ if (iter.block_offset != 0)
|
||||
+ fail("iter.block_offset: %u != 0\n",
|
||||
+ (unsigned) iter.block_offset);
|
||||
else if (debug)
|
||||
- success("iter.block_offset: %u == %u\n",
|
||||
- (unsigned) iter.block_offset, (unsigned) exp[j].block_offset);
|
||||
+ success("iter.block_offset: %u == 0\n",
|
||||
+ (unsigned) iter.block_offset);
|
||||
}
|
||||
}
|
||||
- if (iter.block_offset != tests[i].remaining)
|
||||
- fail("remaining: %u != %u\n",
|
||||
- (unsigned) iter.block_offset, (unsigned) tests[i].remaining);
|
||||
}
|
||||
}
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From c684814cc456a9792a9183ce77d32d435f29e6b7 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Tue, 1 Oct 2019 18:14:48 +0200
|
||||
Subject: [PATCH 2/3] iov: add _gnutls_iov_iter_sync to write back cached data
|
||||
to iov
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/iov.c | 59 +++++++++++++++++++++++++++++++++++++++++++++
|
||||
lib/iov.h | 4 +++-
|
||||
lib/libgnutls.map | 1 +
|
||||
tests/iov.c | 61 +++++++++++++++++++++++++++++++++++++++++++----
|
||||
4 files changed, 119 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/iov.c b/lib/iov.c
|
||||
index 17272886c..1cd8d46dd 100644
|
||||
--- a/lib/iov.c
|
||||
+++ b/lib/iov.c
|
||||
@@ -133,3 +133,62 @@ _gnutls_iov_iter_next(struct iov_iter_st *iter, uint8_t **data)
|
||||
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ * _gnutls_iov_iter_sync:
|
||||
+ * @iter: the iterator
|
||||
+ * @data: data returned by _gnutls_iov_iter_next
|
||||
+ * @data_size: size of @data
|
||||
+ *
|
||||
+ * Flush the content of temp buffer (if any) to the data buffer.
|
||||
+ */
|
||||
+int
|
||||
+_gnutls_iov_iter_sync(struct iov_iter_st *iter, const uint8_t *data,
|
||||
+ size_t data_size)
|
||||
+{
|
||||
+ size_t iov_index;
|
||||
+ size_t iov_offset;
|
||||
+
|
||||
+ /* We didn't return the cached block. */
|
||||
+ if (data != iter->block)
|
||||
+ return 0;
|
||||
+
|
||||
+ iov_index = iter->iov_index;
|
||||
+ iov_offset = iter->iov_offset;
|
||||
+
|
||||
+ /* When syncing a cache block we walk backwards because we only have a
|
||||
+ * pointer to were the block ends in the iovec, walking backwards is
|
||||
+ * fine as we are always writing a full block, so the whole content
|
||||
+ * is written in the right places:
|
||||
+ * iovec: |--0--|---1---|--2--|-3-|
|
||||
+ * block: |-----------------------|
|
||||
+ * 1st write |---|
|
||||
+ * 2nd write |-----
|
||||
+ * 3rd write |-------
|
||||
+ * last write |-----
|
||||
+ */
|
||||
+ while (data_size > 0) {
|
||||
+ const giovec_t *iov;
|
||||
+ uint8_t *p;
|
||||
+ size_t to_write;
|
||||
+
|
||||
+ while (iov_offset == 0) {
|
||||
+ if (unlikely(iov_index == 0))
|
||||
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||
+
|
||||
+ iov_index--;
|
||||
+ iov_offset = iter->iov[iov_index].iov_len;
|
||||
+ }
|
||||
+
|
||||
+ iov = &iter->iov[iov_index];
|
||||
+ p = iov->iov_base;
|
||||
+ to_write = MIN(data_size, iov_offset);
|
||||
+
|
||||
+ iov_offset -= to_write;
|
||||
+ data_size -= to_write;
|
||||
+
|
||||
+ memcpy(p + iov_offset, &iter->block[data_size], to_write);
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/lib/iov.h b/lib/iov.h
|
||||
index 47fba559a..5b9903460 100644
|
||||
--- a/lib/iov.h
|
||||
+++ b/lib/iov.h
|
||||
@@ -34,7 +34,6 @@ struct iov_iter_st {
|
||||
uint8_t block[MAX_CIPHER_BLOCK_SIZE]; /* incomplete block for reading */
|
||||
size_t block_size; /* actual block size of the cipher */
|
||||
size_t block_offset; /* offset in block */
|
||||
-
|
||||
};
|
||||
|
||||
int _gnutls_iov_iter_init(struct iov_iter_st *iter,
|
||||
@@ -43,4 +42,7 @@ int _gnutls_iov_iter_init(struct iov_iter_st *iter,
|
||||
|
||||
ssize_t _gnutls_iov_iter_next(struct iov_iter_st *iter, uint8_t **data);
|
||||
|
||||
+int _gnutls_iov_iter_sync(struct iov_iter_st *iter, const uint8_t *data,
|
||||
+ size_t data_size);
|
||||
+
|
||||
#endif /* GNUTLS_LIB_IOV_H */
|
||||
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
|
||||
index f83a21e9b..d6973f72e 100644
|
||||
--- a/lib/libgnutls.map
|
||||
+++ b/lib/libgnutls.map
|
||||
@@ -1394,4 +1394,5 @@ GNUTLS_PRIVATE_3_4 {
|
||||
# needed by tests/iov:
|
||||
_gnutls_iov_iter_init;
|
||||
_gnutls_iov_iter_next;
|
||||
+ _gnutls_iov_iter_sync;
|
||||
} GNUTLS_3_4;
|
||||
diff --git a/tests/iov.c b/tests/iov.c
|
||||
index 3d116b471..2acd2b5f5 100644
|
||||
--- a/tests/iov.c
|
||||
+++ b/tests/iov.c
|
||||
@@ -44,10 +44,10 @@ struct test_st {
|
||||
};
|
||||
|
||||
static const giovec_t iov16[] = {
|
||||
- {(void *) "0123456789abcdef", 16},
|
||||
- {(void *) "0123456789abcdef", 16},
|
||||
- {(void *) "0123456789abcdef", 16},
|
||||
- {(void *) "0123456789abcdef", 16}
|
||||
+ {(void *) "0123456789012345", 16},
|
||||
+ {(void *) "0123456789012345", 16},
|
||||
+ {(void *) "0123456789012345", 16},
|
||||
+ {(void *) "0123456789012345", 16}
|
||||
};
|
||||
|
||||
static const struct exp_st exp16_64[] = {
|
||||
@@ -166,20 +166,53 @@ static const struct test_st tests[] = {
|
||||
exp_empty_16, sizeof(exp_empty_16)/sizeof(exp_empty_16[0]) },
|
||||
};
|
||||
|
||||
+static void
|
||||
+copy(giovec_t *dst, uint8_t *buffer, const giovec_t *src, size_t iovcnt)
|
||||
+{
|
||||
+ uint8_t *p = buffer;
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < iovcnt; i++) {
|
||||
+ dst[i].iov_base = p;
|
||||
+ dst[i].iov_len = src[i].iov_len;
|
||||
+ memcpy(dst[i].iov_base, src[i].iov_base, src[i].iov_len);
|
||||
+ p += src[i].iov_len;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+translate(uint8_t *data, size_t len)
|
||||
+{
|
||||
+ for (; len > 0; len--) {
|
||||
+ uint8_t *p = &data[len - 1];
|
||||
+ if (*p >= '0' && *p <= '9')
|
||||
+ *p = 'A' + *p - '0';
|
||||
+ else if (*p >= 'A' && *p <= 'Z')
|
||||
+ *p = '0' + *p - 'A';
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+#define MAX_BUF 1024
|
||||
+#define MAX_IOV 16
|
||||
+
|
||||
void
|
||||
doit (void)
|
||||
{
|
||||
+ uint8_t buffer[MAX_BUF];
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
|
||||
+ giovec_t iov[MAX_IOV];
|
||||
struct iov_iter_st iter;
|
||||
const struct exp_st *exp = tests[i].exp;
|
||||
uint8_t *data;
|
||||
size_t j;
|
||||
|
||||
+ copy(iov, buffer, tests[i].iov, tests[i].iovcnt);
|
||||
+
|
||||
success("%s\n", tests[i].name);
|
||||
assert(_gnutls_iov_iter_init(&iter,
|
||||
- tests[i].iov, tests[i].iovcnt,
|
||||
+ iov, tests[i].iovcnt,
|
||||
tests[i].block_size) == 0);
|
||||
for (j = 0; j < tests[i].expcnt; j++) {
|
||||
ssize_t ret;
|
||||
@@ -212,7 +245,25 @@ doit (void)
|
||||
else if (debug)
|
||||
success("iter.block_offset: %u == 0\n",
|
||||
(unsigned) iter.block_offset);
|
||||
+
|
||||
+ translate(data, ret);
|
||||
+
|
||||
+ ret = _gnutls_iov_iter_sync(&iter, data, ret);
|
||||
+ if (ret < 0)
|
||||
+ fail("sync failed\n");
|
||||
}
|
||||
}
|
||||
+
|
||||
+ for (j = 0; j < tests[i].iovcnt; j++) {
|
||||
+ translate(iov[j].iov_base, iov[j].iov_len);
|
||||
+
|
||||
+ if (memcmp(iov[j].iov_base, tests[i].iov[j].iov_base,
|
||||
+ iov[j].iov_len) != 0)
|
||||
+ fail("iov doesn't match: %*s != %*s\n",
|
||||
+ (int)iov[j].iov_len,
|
||||
+ (char *)iov[j].iov_base,
|
||||
+ (int)tests[i].iov[j].iov_len,
|
||||
+ (char *)tests[i].iov[j].iov_len);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 6df0cf1c0ec727fc237a9b429684c8f2ef5d34b7 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Tue, 1 Oct 2019 18:15:19 +0200
|
||||
Subject: [PATCH 3/3] gnutls_aead_cipher_{en,de}cryptv2: write back cached data
|
||||
to buffers
|
||||
|
||||
Previously, those functions failed to write the output to the buffers
|
||||
if the buffer length is not multiple of cipher block size. This makes
|
||||
sure that the cached data is always flushed.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/crypto-api.c | 18 ++++++++++++++++--
|
||||
tests/aead-cipher-vec.c | 14 ++++++++------
|
||||
2 files changed, 24 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
||||
index 41e759b74..7308d7e7b 100644
|
||||
--- a/lib/crypto-api.c
|
||||
+++ b/lib/crypto-api.c
|
||||
@@ -1113,6 +1113,7 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
api_aead_cipher_hd_st *h = handle;
|
||||
ssize_t ret;
|
||||
uint8_t *p;
|
||||
+ size_t len;
|
||||
ssize_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
struct iov_iter_st iter;
|
||||
size_t _tag_size;
|
||||
@@ -1211,7 +1212,13 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, p, ret, p, ret);
|
||||
+
|
||||
+ len = ret;
|
||||
+ ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, p, len, p, len);
|
||||
+ if (unlikely(ret < 0))
|
||||
+ return gnutls_assert_val(ret);
|
||||
+
|
||||
+ ret = _gnutls_iov_iter_sync(&iter, p, len);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
@@ -1253,6 +1260,7 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
api_aead_cipher_hd_st *h = handle;
|
||||
ssize_t ret;
|
||||
uint8_t *p;
|
||||
+ size_t len;
|
||||
ssize_t blocksize = handle->ctx_enc.e->blocksize;
|
||||
struct iov_iter_st iter;
|
||||
uint8_t _tag[MAX_HASH_SIZE];
|
||||
@@ -1342,7 +1350,13 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle,
|
||||
return gnutls_assert_val(ret);
|
||||
if (ret == 0)
|
||||
break;
|
||||
- ret = _gnutls_cipher_decrypt2(&handle->ctx_enc, p, ret, p, ret);
|
||||
+
|
||||
+ len = ret;
|
||||
+ ret = _gnutls_cipher_decrypt2(&handle->ctx_enc, p, len, p, len);
|
||||
+ if (unlikely(ret < 0))
|
||||
+ return gnutls_assert_val(ret);
|
||||
+
|
||||
+ ret = _gnutls_iov_iter_sync(&iter, p, len);
|
||||
if (unlikely(ret < 0))
|
||||
return gnutls_assert_val(ret);
|
||||
}
|
||||
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
|
||||
index 6c2542cf1..10e3db862 100644
|
||||
--- a/tests/aead-cipher-vec.c
|
||||
+++ b/tests/aead-cipher-vec.c
|
||||
@@ -43,9 +43,9 @@ static void start(const char *name, int algo)
|
||||
uint8_t key16[64];
|
||||
uint8_t iv16[32];
|
||||
uint8_t auth[128];
|
||||
- uint8_t data[128+64];
|
||||
+ uint8_t data[64+56+36];
|
||||
gnutls_datum_t key, iv;
|
||||
- giovec_t iov[2];
|
||||
+ giovec_t iov[3];
|
||||
giovec_t auth_iov[2];
|
||||
uint8_t tag[64];
|
||||
size_t tag_size = 0;
|
||||
@@ -60,13 +60,15 @@ static void start(const char *name, int algo)
|
||||
|
||||
memset(iv.data, 0xff, iv.size);
|
||||
memset(key.data, 0xfe, key.size);
|
||||
- memset(data, 0xfa, 128);
|
||||
+ memset(data, 0xfa, sizeof(data));
|
||||
memset(auth, 0xaa, sizeof(auth));
|
||||
|
||||
iov[0].iov_base = data;
|
||||
iov[0].iov_len = 64;
|
||||
iov[1].iov_base = data + 64;
|
||||
- iov[1].iov_len = 64;
|
||||
+ iov[1].iov_len = 56;
|
||||
+ iov[2].iov_base = data + 64 + 56;
|
||||
+ iov[2].iov_len = 36;
|
||||
|
||||
auth_iov[0].iov_base = auth;
|
||||
auth_iov[0].iov_len = 64;
|
||||
@@ -83,7 +85,7 @@ static void start(const char *name, int algo)
|
||||
ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
iv.data, iv.size,
|
||||
auth_iov, 2,
|
||||
- iov, 2,
|
||||
+ iov, 3,
|
||||
tag, &tag_size);
|
||||
if (ret < 0)
|
||||
fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
@@ -91,7 +93,7 @@ static void start(const char *name, int algo)
|
||||
ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
iv.data, iv.size,
|
||||
auth_iov, 2,
|
||||
- iov, 2,
|
||||
+ iov, 3,
|
||||
tag, tag_size);
|
||||
if (ret < 0)
|
||||
fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,204 +0,0 @@
|
||||
From 1c2135506825ae80966fe2797613806916b7e3c0 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Wed, 6 Nov 2019 12:07:24 +0100
|
||||
Subject: [PATCH 1/2] nettle: backport fixes to cfb8_decrypt
|
||||
|
||||
cfb8: don't truncate output IV if input is shorter than block size:
|
||||
https://git.lysator.liu.se/nettle/nettle/commit/f4a9c842621baf5d71aa9cc3989851f44dc46861
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/nettle/backport/cfb8.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/nettle/backport/cfb8.c b/lib/nettle/backport/cfb8.c
|
||||
index e9816feb7..1762192f4 100644
|
||||
--- a/lib/nettle/backport/cfb8.c
|
||||
+++ b/lib/nettle/backport/cfb8.c
|
||||
@@ -110,10 +110,12 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
|
||||
src += i;
|
||||
dst += i;
|
||||
|
||||
- memcpy(buffer, buffer + block_size, block_size);
|
||||
- memcpy(buffer + block_size, src,
|
||||
- length < block_size ? length : block_size);
|
||||
-
|
||||
+ if (i == block_size)
|
||||
+ {
|
||||
+ memcpy(buffer, buffer + block_size, block_size);
|
||||
+ memcpy(buffer + block_size, src,
|
||||
+ length < block_size ? length : block_size);
|
||||
+ }
|
||||
}
|
||||
|
||||
memcpy(iv, buffer + i, block_size);
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From cc01347302678719f0bcfb4f3383fe0f1e905ed8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
||||
Date: Wed, 6 Nov 2019 13:17:57 +0100
|
||||
Subject: [PATCH 2/2] crypto-selftests: test CFB8 ciphers with different
|
||||
chunksizes
|
||||
|
||||
Signed-off-by: Guenther Deschner <gd@samba.org>
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/crypto-selftests.c | 124 +++++++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 118 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
|
||||
index 6caf817e8..5f0a4ec8b 100644
|
||||
--- a/lib/crypto-selftests.c
|
||||
+++ b/lib/crypto-selftests.c
|
||||
@@ -710,6 +710,107 @@ static int test_cipher(gnutls_cipher_algorithm_t cipher,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int test_cipher_all_block_sizes(gnutls_cipher_algorithm_t cipher,
|
||||
+ const struct cipher_vectors_st *vectors,
|
||||
+ size_t vectors_size, unsigned flags)
|
||||
+{
|
||||
+ gnutls_cipher_hd_t hd;
|
||||
+ int ret;
|
||||
+ unsigned int i;
|
||||
+ uint8_t tmp[384];
|
||||
+ gnutls_datum_t key, iv = {NULL, 0};
|
||||
+ size_t block;
|
||||
+ size_t offset;
|
||||
+
|
||||
+ for (i = 0; i < vectors_size; i++) {
|
||||
+ for (block = 1; block <= vectors[i].plaintext_size; block++) {
|
||||
+ key.data = (void *) vectors[i].key;
|
||||
+ key.size = vectors[i].key_size;
|
||||
+
|
||||
+ iv.data = (void *) vectors[i].iv;
|
||||
+ iv.size = gnutls_cipher_get_iv_size(cipher);
|
||||
+
|
||||
+ if (iv.size != vectors[i].iv_size)
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+
|
||||
+ ret = gnutls_cipher_init(&hd, cipher, &key, &iv);
|
||||
+ if (ret < 0) {
|
||||
+ _gnutls_debug_log("error initializing: %s\n",
|
||||
+ gnutls_cipher_get_name(cipher));
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ for (offset = 0;
|
||||
+ offset < vectors[i].plaintext_size;
|
||||
+ offset += block) {
|
||||
+ ret =
|
||||
+ gnutls_cipher_encrypt2(hd,
|
||||
+ vectors[i].plaintext + offset,
|
||||
+ MIN(block, vectors[i].plaintext_size - offset),
|
||||
+ tmp + offset,
|
||||
+ sizeof(tmp) - offset);
|
||||
+ if (ret < 0)
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ if (memcmp
|
||||
+ (tmp, vectors[i].ciphertext,
|
||||
+ vectors[i].plaintext_size) != 0) {
|
||||
+ _gnutls_debug_log("%s encryption of test vector %d failed with block size %d/%d!\n",
|
||||
+ gnutls_cipher_get_name(cipher),
|
||||
+ i, (int)block, (int)vectors[i].plaintext_size);
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ gnutls_cipher_deinit(hd);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < vectors_size; i++) {
|
||||
+ for (block = 1; block <= vectors[i].plaintext_size; block++) {
|
||||
+ key.data = (void *) vectors[i].key;
|
||||
+ key.size = vectors[i].key_size;
|
||||
+
|
||||
+ iv.data = (void *) vectors[i].iv;
|
||||
+ iv.size = gnutls_cipher_get_iv_size(cipher);
|
||||
+
|
||||
+ ret = gnutls_cipher_init(&hd, cipher, &key, &iv);
|
||||
+ if (ret < 0)
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+
|
||||
+ for (offset = 0;
|
||||
+ offset + block <= vectors[i].plaintext_size;
|
||||
+ offset += block) {
|
||||
+ ret =
|
||||
+ gnutls_cipher_decrypt2(hd,
|
||||
+ vectors[i].ciphertext + offset,
|
||||
+ MIN(block, vectors[i].plaintext_size - offset),
|
||||
+ tmp + offset,
|
||||
+ sizeof(tmp) - offset);
|
||||
+ if (ret < 0)
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ if (memcmp
|
||||
+ (tmp, vectors[i].plaintext,
|
||||
+ vectors[i].plaintext_size) != 0) {
|
||||
+ _gnutls_debug_log("%s decryption of test vector %d failed with block size %d!\n",
|
||||
+ gnutls_cipher_get_name(cipher),
|
||||
+ i, (int)block);
|
||||
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ gnutls_cipher_deinit(hd);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ _gnutls_debug_log
|
||||
+ ("%s self check succeeded\n",
|
||||
+ gnutls_cipher_get_name(cipher));
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/* AEAD modes (compat APIs) */
|
||||
static int test_cipher_aead_compat(gnutls_cipher_algorithm_t cipher,
|
||||
const struct cipher_aead_vectors_st *vectors,
|
||||
@@ -1721,6 +1822,14 @@ static int test_mac(gnutls_mac_algorithm_t mac,
|
||||
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \
|
||||
return ret
|
||||
|
||||
+#define CASE2(x, func, func2, vectors) case x: \
|
||||
+ ret = func(x, V(vectors), flags); \
|
||||
+ if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \
|
||||
+ return ret; \
|
||||
+ ret = func2(x, V(vectors), flags); \
|
||||
+ if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \
|
||||
+ return ret
|
||||
+
|
||||
#define NON_FIPS_CASE(x, func, vectors) case x: \
|
||||
if (_gnutls_fips_mode_enabled() == 0) { \
|
||||
ret = func(x, V(vectors), flags); \
|
||||
@@ -1786,14 +1895,17 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher)
|
||||
NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead,
|
||||
chacha_poly1305_vectors);
|
||||
FALLTHROUGH;
|
||||
- CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
|
||||
- aes128_cfb8_vectors);
|
||||
+ CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
|
||||
+ test_cipher_all_block_sizes,
|
||||
+ aes128_cfb8_vectors);
|
||||
FALLTHROUGH;
|
||||
- CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
|
||||
- aes192_cfb8_vectors);
|
||||
+ CASE2(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
|
||||
+ test_cipher_all_block_sizes,
|
||||
+ aes192_cfb8_vectors);
|
||||
FALLTHROUGH;
|
||||
- CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
|
||||
- aes256_cfb8_vectors);
|
||||
+ CASE2(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
|
||||
+ test_cipher_all_block_sizes,
|
||||
+ aes256_cfb8_vectors);
|
||||
FALLTHROUGH;
|
||||
CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher,
|
||||
aes128_xts_vectors);
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,286 +0,0 @@
|
||||
From 6023c69c616d866e19ab1c0bb87931e5143c79d3 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Wed, 5 Jun 2019 16:48:39 +0200
|
||||
Subject: [PATCH] tls13/key_update: ignore multiple key updates instead of
|
||||
error
|
||||
|
||||
This fixes the multiple KeyUpdate messages handling in commit
|
||||
65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is
|
||||
sent even if the limit doesn't exceed.
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
.gitignore | 1 +
|
||||
lib/tls13/key_update.c | 2 -
|
||||
tests/Makefile.am | 2 +
|
||||
tests/tls13/key_update_multiple.c | 232 ++++++++++++++++++++++++++++++
|
||||
4 files changed, 235 insertions(+), 2 deletions(-)
|
||||
create mode 100644 tests/tls13/key_update_multiple.c
|
||||
|
||||
diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
|
||||
index d542a214b..c6f6e0aa1 100644
|
||||
--- a/lib/tls13/key_update.c
|
||||
+++ b/lib/tls13/key_update.c
|
||||
@@ -117,8 +117,6 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
|
||||
session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1;
|
||||
else if (session->internals.rsend_state == RECORD_SEND_CORKED)
|
||||
session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU;
|
||||
- else
|
||||
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
||||
|
||||
break;
|
||||
default:
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index ca0481879..4ffa69825 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -119,6 +119,8 @@ ctests += tls13/psk-ext
|
||||
|
||||
ctests += tls13/key_update
|
||||
|
||||
+ctests += tls13/key_update_multiple
|
||||
+
|
||||
ctests += tls13/key_limits
|
||||
|
||||
ctests += tls13/multi-ocsp
|
||||
diff --git a/tests/tls13/key_update_multiple.c b/tests/tls13/key_update_multiple.c
|
||||
new file mode 100644
|
||||
index 000000000..8b2c2db4b
|
||||
--- /dev/null
|
||||
+++ b/tests/tls13/key_update_multiple.c
|
||||
@@ -0,0 +1,232 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2017-2019 Red Hat, Inc.
|
||||
+ *
|
||||
+ * Author: Daiki Ueno
|
||||
+ *
|
||||
+ * This file is part of GnuTLS.
|
||||
+ *
|
||||
+ * GnuTLS is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation; either version 3 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * GnuTLS is distributed in the hope that it will be useful, but
|
||||
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ * General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU Lesser General Public License
|
||||
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
|
||||
+ */
|
||||
+
|
||||
+#ifdef HAVE_CONFIG_H
|
||||
+#include <config.h>
|
||||
+#endif
|
||||
+
|
||||
+#include <stdbool.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <errno.h>
|
||||
+#include <gnutls/gnutls.h>
|
||||
+#include <gnutls/crypto.h>
|
||||
+#include <assert.h>
|
||||
+#include "cert-common.h"
|
||||
+
|
||||
+#include "utils.h"
|
||||
+#include "virt-time.h"
|
||||
+#define RANDOMIZE
|
||||
+#include "eagain-common.h"
|
||||
+
|
||||
+const char *side = "";
|
||||
+
|
||||
+/* This program tests whether multiple key update messages are handled
|
||||
+ * properly with rate-limit. */
|
||||
+
|
||||
+static void tls_log_func(int level, const char *str)
|
||||
+{
|
||||
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
|
||||
+}
|
||||
+
|
||||
+#define MAX_BUF 1024
|
||||
+#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..."
|
||||
+
|
||||
+/* These must match the definitions in lib/tls13/key_update.c. */
|
||||
+#define KEY_UPDATES_WINDOW 1000
|
||||
+#define KEY_UPDATES_PER_WINDOW 8
|
||||
+
|
||||
+static unsigned key_update_msg_inc = 0;
|
||||
+static unsigned key_update_msg_out = 0;
|
||||
+
|
||||
+static int hsk_callback(gnutls_session_t session, unsigned int htype,
|
||||
+ unsigned post, unsigned int incoming, const gnutls_datum_t *msg)
|
||||
+{
|
||||
+ assert(post == GNUTLS_HOOK_PRE);
|
||||
+
|
||||
+ assert(msg->size == 1);
|
||||
+
|
||||
+ if (htype == GNUTLS_HANDSHAKE_KEY_UPDATE) {
|
||||
+ if (incoming)
|
||||
+ key_update_msg_inc++;
|
||||
+ else
|
||||
+ key_update_msg_out++;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void run(const char *name, bool exceed_limit)
|
||||
+{
|
||||
+ /* Server stuff. */
|
||||
+ gnutls_certificate_credentials_t ccred;
|
||||
+ gnutls_certificate_credentials_t scred;
|
||||
+ gnutls_session_t server;
|
||||
+ int sret, cret;
|
||||
+ /* Client stuff. */
|
||||
+ gnutls_session_t client;
|
||||
+ /* Need to enable anonymous KX specifically. */
|
||||
+ char buffer[MAX_BUF + 1];
|
||||
+ int ret, transferred = 0;
|
||||
+ size_t i;
|
||||
+
|
||||
+ success("%s\n", name);
|
||||
+
|
||||
+ /* General init. */
|
||||
+ global_init();
|
||||
+ gnutls_global_set_log_function(tls_log_func);
|
||||
+ if (debug)
|
||||
+ gnutls_global_set_log_level(9);
|
||||
+
|
||||
+ /* Init server */
|
||||
+ assert(gnutls_certificate_allocate_credentials(&scred) >= 0);
|
||||
+ assert(gnutls_certificate_set_x509_key_mem(scred,
|
||||
+ &server_ca3_localhost_cert,
|
||||
+ &server_ca3_key,
|
||||
+ GNUTLS_X509_FMT_PEM) >= 0);
|
||||
+
|
||||
+ assert(gnutls_init(&server, GNUTLS_SERVER) >= 0);
|
||||
+ ret =
|
||||
+ gnutls_priority_set_direct(server,
|
||||
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3",
|
||||
+ NULL);
|
||||
+ if (ret < 0)
|
||||
+ exit(1);
|
||||
+
|
||||
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred);
|
||||
+ gnutls_transport_set_push_function(server, server_push);
|
||||
+ gnutls_transport_set_pull_function(server, server_pull);
|
||||
+ gnutls_transport_set_ptr(server, server);
|
||||
+
|
||||
+ /* Init client */
|
||||
+ assert(gnutls_certificate_allocate_credentials(&ccred) >= 0);
|
||||
+ assert(gnutls_certificate_set_x509_trust_mem
|
||||
+ (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0);
|
||||
+
|
||||
+ gnutls_init(&client, GNUTLS_CLIENT);
|
||||
+ ret =
|
||||
+ gnutls_priority_set_direct(client,
|
||||
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3",
|
||||
+ NULL);
|
||||
+ assert(ret >= 0);
|
||||
+
|
||||
+ ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred);
|
||||
+ if (ret < 0)
|
||||
+ exit(1);
|
||||
+
|
||||
+ gnutls_transport_set_push_function(client, client_push);
|
||||
+ gnutls_transport_set_pull_function(client, client_pull);
|
||||
+ gnutls_transport_set_ptr(client, client);
|
||||
+
|
||||
+
|
||||
+ HANDSHAKE(client, server);
|
||||
+ if (debug)
|
||||
+ success("Handshake established\n");
|
||||
+
|
||||
+ key_update_msg_inc = 0;
|
||||
+ key_update_msg_out = 0;
|
||||
+
|
||||
+ gnutls_handshake_set_hook_function(client, -1, GNUTLS_HOOK_PRE, hsk_callback);
|
||||
+
|
||||
+ /* schedule multiple key updates */
|
||||
+ for (i = 0; i < KEY_UPDATES_PER_WINDOW; i++) {
|
||||
+ do {
|
||||
+ ret = gnutls_session_key_update(client, 1);
|
||||
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
|
||||
+ if (ret < 0)
|
||||
+ fail("error in key update: %s\n", gnutls_strerror(ret));
|
||||
+ }
|
||||
+
|
||||
+ /* server receives the client key update and sends data */
|
||||
+ TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF);
|
||||
+ TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF);
|
||||
+ EMPTY_BUF(server, client, buffer, MAX_BUF);
|
||||
+
|
||||
+ if (key_update_msg_out != KEY_UPDATES_PER_WINDOW)
|
||||
+ fail("unexpected number of key updates are sent: %d\n",
|
||||
+ key_update_msg_out);
|
||||
+ else {
|
||||
+ if (debug)
|
||||
+ success("successfully sent %d key updates\n",
|
||||
+ KEY_UPDATES_PER_WINDOW);
|
||||
+ }
|
||||
+ if (key_update_msg_inc != 1)
|
||||
+ fail("unexpected number of key updates received: %d\n",
|
||||
+ key_update_msg_inc);
|
||||
+ else {
|
||||
+ if (debug)
|
||||
+ success("successfully received 1 key update\n");
|
||||
+ }
|
||||
+
|
||||
+ if (exceed_limit) {
|
||||
+ /* excessive key update in the same time window should
|
||||
+ * be rejected by the peer */
|
||||
+ do {
|
||||
+ ret = gnutls_session_key_update(client, 1);
|
||||
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
|
||||
+
|
||||
+ /* server receives the client key update and sends data */
|
||||
+ ret = record_send_loop(client, MSG, strlen(MSG), 0);
|
||||
+ assert(ret == strlen(MSG));
|
||||
+ ret = gnutls_record_recv(server, buffer, MAX_BUF);
|
||||
+ if (ret != GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS)
|
||||
+ fail("server didn't reject excessive number of key updates\n");
|
||||
+ else {
|
||||
+ if (debug)
|
||||
+ success("server rejected excessive number of key updates\n");
|
||||
+ }
|
||||
+ } else {
|
||||
+ virt_sec_sleep(KEY_UPDATES_WINDOW / 1000 + 1);
|
||||
+
|
||||
+ /* the time window should be rolled over now */
|
||||
+ do {
|
||||
+ ret = gnutls_session_key_update(client, 1);
|
||||
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
|
||||
+ if (ret < 0)
|
||||
+ fail("error in key update: %s\n", gnutls_strerror(ret));
|
||||
+
|
||||
+ /* server receives the client key update and sends data */
|
||||
+ TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF);
|
||||
+ TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF);
|
||||
+ EMPTY_BUF(server, client, buffer, MAX_BUF);
|
||||
+ }
|
||||
+
|
||||
+ gnutls_bye(client, GNUTLS_SHUT_WR);
|
||||
+ gnutls_bye(server, GNUTLS_SHUT_WR);
|
||||
+
|
||||
+ gnutls_deinit(client);
|
||||
+ gnutls_deinit(server);
|
||||
+
|
||||
+ gnutls_certificate_free_credentials(scred);
|
||||
+ gnutls_certificate_free_credentials(ccred);
|
||||
+
|
||||
+ gnutls_global_deinit();
|
||||
+ reset_buffers();
|
||||
+}
|
||||
+
|
||||
+void doit(void)
|
||||
+{
|
||||
+ virt_time_init();
|
||||
+
|
||||
+ run("not exceeding limit", 0);
|
||||
+ run("exceeding limit", 1);
|
||||
+}
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,265 +0,0 @@
|
||||
From fa5147c86941512921282b84819b896a0d4f29bb Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Wed, 19 Jun 2019 17:21:16 +0200
|
||||
Subject: [PATCH] pkcs11: ignore login error when traversing tokens
|
||||
|
||||
If a token is a general access device, it is expected that login
|
||||
attempt to that token returns error:
|
||||
https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
|
||||
|
||||
On the other hand, _pkcs11_traverse_tokens treats the error as fatal
|
||||
and stops iteration. This behavior prevents object search without
|
||||
token specifier if such tokens are registered in the system.
|
||||
|
||||
Reported by Stanislav Zidek in
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1705478
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
.gitignore | 1 +
|
||||
lib/pkcs11.c | 8 +-
|
||||
tests/Makefile.am | 2 +-
|
||||
tests/p11-kit-load.sh | 23 ++++++
|
||||
tests/pkcs11/list-objects.c | 150 ++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 182 insertions(+), 2 deletions(-)
|
||||
create mode 100644 tests/pkcs11/list-objects.c
|
||||
|
||||
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
|
||||
index de5309b29..2ef0e3e02 100644
|
||||
--- a/lib/pkcs11.c
|
||||
+++ b/lib/pkcs11.c
|
||||
@@ -1617,7 +1617,13 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input,
|
||||
info, flags);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
- return ret;
|
||||
+ pkcs11_close_session(&sinfo);
|
||||
+
|
||||
+ /* treat the error as fatal only if
|
||||
+ * the token requires login */
|
||||
+ if (l_tinfo.flags & CKF_LOGIN_REQUIRED)
|
||||
+ return ret;
|
||||
+ continue;
|
||||
}
|
||||
|
||||
ret =
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index a67f1549c..7fe954f63 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -496,7 +496,7 @@ dist_check_SCRIPTS += p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh
|
||||
if HAVE_PKCS11_TRUST_STORE
|
||||
if P11KIT_0_23_11_API
|
||||
dist_check_SCRIPTS += p11-kit-load.sh
|
||||
-indirect_tests += pkcs11/list-tokens
|
||||
+indirect_tests += pkcs11/list-tokens pkcs11/list-objects
|
||||
endif
|
||||
endif
|
||||
|
||||
diff --git a/tests/p11-kit-load.sh b/tests/p11-kit-load.sh
|
||||
index 3201a2c5f..419900f6a 100755
|
||||
--- a/tests/p11-kit-load.sh
|
||||
+++ b/tests/p11-kit-load.sh
|
||||
@@ -22,6 +22,7 @@
|
||||
srcdir="${srcdir:-.}"
|
||||
builddir="${builddir:-.}"
|
||||
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
|
||||
+P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}"
|
||||
DIFF="${DIFF:-diff}"
|
||||
PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}"
|
||||
TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp"
|
||||
@@ -90,6 +91,12 @@ if test $? != 0; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
+GNUTLS_PIN="${PIN}" ${P11TOOL} --login --label GnuTLS-Test-RSA --generate-privkey rsa --provider "${SOFTHSM_MODULE}" pkcs11: --outfile /dev/null
|
||||
+if test $? != 0; then
|
||||
+ echo "failed to generate privkey"
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
FILTERTOKEN="sed s/token=.*//g"
|
||||
|
||||
# Check whether both are listed
|
||||
@@ -175,6 +182,22 @@ if test "$nr" != 2;then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
+# Check whether public key and privkey are listed.
|
||||
+nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test|sort -u|wc -l)
|
||||
+if test "$nr" != 2;then
|
||||
+ echo "Error in test 8: did not find all objects"
|
||||
+ ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
+# Check whether all privkeys are listed even if trust module is registered.
|
||||
+nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:|sort -u|wc -l)
|
||||
+if test "$nr" != 1;then
|
||||
+ echo "Error in test 9: did not find privkey objects"
|
||||
+ ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
rm -f ${P11DIR}/*
|
||||
rm -rf ${TMP_SOFTHSM_DIR}
|
||||
|
||||
diff --git a/tests/pkcs11/list-objects.c b/tests/pkcs11/list-objects.c
|
||||
new file mode 100644
|
||||
index 000000000..ab30cd568
|
||||
--- /dev/null
|
||||
+++ b/tests/pkcs11/list-objects.c
|
||||
@@ -0,0 +1,150 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2016-2017 Red Hat, Inc.
|
||||
+ *
|
||||
+ * Author: Nikos Mavrogiannopoulos
|
||||
+ *
|
||||
+ * This file is part of GnuTLS.
|
||||
+ *
|
||||
+ * GnuTLS is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation; either version 3 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * GnuTLS is distributed in the hope that it will be useful, but
|
||||
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ * General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU Lesser General Public License
|
||||
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
|
||||
+ */
|
||||
+
|
||||
+#ifdef HAVE_CONFIG_H
|
||||
+#include <config.h>
|
||||
+#endif
|
||||
+
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <unistd.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/wait.h>
|
||||
+
|
||||
+#include <gnutls/gnutls.h>
|
||||
+#include <gnutls/x509.h>
|
||||
+#include <gnutls/abstract.h>
|
||||
+#include <getopt.h>
|
||||
+#define P11_KIT_FUTURE_UNSTABLE_API
|
||||
+#include <p11-kit/p11-kit.h>
|
||||
+#include "cert-common.h"
|
||||
+
|
||||
+/* lists the registered PKCS#11 modules by p11-kit.
|
||||
+ */
|
||||
+
|
||||
+static void tls_log_func(int level, const char *str)
|
||||
+{
|
||||
+ fprintf(stderr, "|<%d>| %s", level, str);
|
||||
+}
|
||||
+
|
||||
+static const char *opt_pin;
|
||||
+
|
||||
+static
|
||||
+int pin_func(void* userdata, int attempt, const char* url, const char *label,
|
||||
+ unsigned flags, char *pin, size_t pin_max)
|
||||
+{
|
||||
+ if (attempt == 0) {
|
||||
+ strcpy(pin, opt_pin);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char **argv)
|
||||
+{
|
||||
+ int ret;
|
||||
+ unsigned i;
|
||||
+ int opt;
|
||||
+ char *url, *mod;
|
||||
+ unsigned flags;
|
||||
+ unsigned obj_flags = 0;
|
||||
+ int attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL;
|
||||
+ gnutls_pkcs11_obj_t *crt_list;
|
||||
+ unsigned int crt_list_size = 0;
|
||||
+ const char *envvar;
|
||||
+
|
||||
+ ret = gnutls_global_init();
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ gnutls_global_set_log_function(tls_log_func);
|
||||
+
|
||||
+ while((opt = getopt(argc, argv, "o:t:")) != -1) {
|
||||
+ switch(opt) {
|
||||
+ case 'o':
|
||||
+ mod = strdup(optarg);
|
||||
+ p11_kit_override_system_files(NULL, NULL, mod, mod, NULL);
|
||||
+ break;
|
||||
+ case 't':
|
||||
+ /* specify the object type to list */
|
||||
+ if (strcmp(optarg, "all") == 0)
|
||||
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL;
|
||||
+ else if (strcmp(optarg, "privkey") == 0)
|
||||
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY;
|
||||
+ else {
|
||||
+ fprintf(stderr, "Unknown object type %s\n", optarg);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ break;
|
||||
+ default:
|
||||
+ fprintf(stderr, "Unknown option %c\n", (char)opt);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (optind == argc) {
|
||||
+ fprintf(stderr, "specify URL\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ url = argv[optind];
|
||||
+
|
||||
+ envvar = getenv("GNUTLS_PIN");
|
||||
+ if (envvar && *envvar != '\0') {
|
||||
+ opt_pin = envvar;
|
||||
+ obj_flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
|
||||
+ gnutls_pkcs11_set_pin_function(pin_func, NULL);
|
||||
+ }
|
||||
+
|
||||
+ ret = gnutls_pkcs11_token_get_flags(url, &flags);
|
||||
+ if (ret < 0) {
|
||||
+ flags = 0;
|
||||
+ }
|
||||
+
|
||||
+ ret =
|
||||
+ gnutls_pkcs11_obj_list_import_url2(&crt_list, &crt_list_size,
|
||||
+ url, attrs, obj_flags);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < crt_list_size; i++) {
|
||||
+ char *output;
|
||||
+
|
||||
+ ret =
|
||||
+ gnutls_pkcs11_obj_export_url(crt_list[i], 0,
|
||||
+ &output);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ fprintf(stdout, "%s\n", output);
|
||||
+ gnutls_free(output);
|
||||
+ gnutls_pkcs11_obj_deinit(crt_list[i]);
|
||||
+ }
|
||||
+ gnutls_free(crt_list);
|
||||
+
|
||||
+ gnutls_global_deinit();
|
||||
+}
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,51 +0,0 @@
|
||||
From 1f6bbceeeeb613cf4d790874bdd1e917a7071159 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Mon, 8 Jul 2019 16:54:56 +0200
|
||||
Subject: [PATCH] ext/session_ticket: avoid calling memcpy on overlapping
|
||||
memory areas
|
||||
|
||||
In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
|
||||
from ticket_data->data, thus those memory areas may overlap. Using
|
||||
memcpy here leads to undefined behavior.
|
||||
|
||||
Spotted by valgrind run on ppc64le.
|
||||
|
||||
==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
|
||||
==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023)
|
||||
==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139)
|
||||
==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
|
||||
==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
|
||||
==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
|
||||
==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
|
||||
==95231== by 0x4110DEB: handshake_server (handshake.c:3331)
|
||||
==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727)
|
||||
==95231== by 0x10009EBF: retry_handshake (serv.c:1306)
|
||||
==95231== by 0x1000AB67: tcp_server (serv.c:1500)
|
||||
==95231== by 0x10009E5B: main (serv.c:1297)
|
||||
==95231==
|
||||
|
||||
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
||||
---
|
||||
lib/ext/session_ticket.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
|
||||
index 09e240c2d..98db39ff8 100644
|
||||
--- a/lib/ext/session_ticket.c
|
||||
+++ b/lib/ext/session_ticket.c
|
||||
@@ -136,7 +136,11 @@ pack_ticket(const struct ticket_st *ticket, gnutls_datum_t *ticket_data)
|
||||
_gnutls_write_uint16(ticket->encrypted_state_len, p);
|
||||
p += 2;
|
||||
|
||||
- memcpy(p, ticket->encrypted_state, ticket->encrypted_state_len);
|
||||
+ /* We use memmove instead of memcpy here because
|
||||
+ * ticket->encrypted_state is allocated from
|
||||
+ * ticket_data->data, and thus both memory areas may overlap.
|
||||
+ */
|
||||
+ memmove(p, ticket->encrypted_state, ticket->encrypted_state_len);
|
||||
p += ticket->encrypted_state_len;
|
||||
|
||||
memcpy(p, ticket->mac, TICKET_MAC_SIZE);
|
||||
--
|
||||
2.21.0
|
||||
|
Binary file not shown.
@ -1,21 +1,14 @@
|
||||
Version: 3.6.8
|
||||
Release: 11%{?dist}
|
||||
Version: 3.6.14
|
||||
Release: 6%{?dist}
|
||||
Patch1: gnutls-3.2.7-rpath.patch
|
||||
Patch2: gnutls-3.6.4-no-now-guile.patch
|
||||
Patch3: gnutls-3.6.5-fix-fips-signature-post.patch
|
||||
Patch4: gnutls-3.6.8-fips-aes-cbc-kat.patch
|
||||
Patch5: gnutls-3.6.8-multiple-key-updates.patch
|
||||
Patch6: gnutls-3.6.8-fips-rng-continuous.patch
|
||||
Patch7: gnutls-3.6.8-session-ticket-ub.patch
|
||||
Patch8: gnutls-3.6.8-pkcs11-login-error.patch
|
||||
Patch9: gnutls-3.6.8-fips-deterministic-ecdsa.patch
|
||||
Patch10: gnutls-3.6.8-aead-cipher-encryptv2.patch
|
||||
Patch11: gnutls-3.6.8-fips-rsa-random-selftests.patch
|
||||
Patch12: gnutls-3.6.8-decr-len.patch
|
||||
Patch13: gnutls-3.6.8-fix-aead-cipher-encryptv2.patch
|
||||
Patch14: gnutls-3.6.8-fix-cfb8-decrypt.patch
|
||||
Patch15: gnutls-3.6.12-dtls-random.patch
|
||||
Patch16: gnutls-3.6.14-totp-init.patch
|
||||
Patch3: gnutls-3.6.13-enable-intel-cet.patch
|
||||
Patch4: gnutls-3.6.14-autogen-int.patch
|
||||
Patch5: gnutls-3.6.14-fips-mode-check.patch
|
||||
Patch6: gnutls-3.6.14-fips-dh-primes.patch
|
||||
Patch7: gnutls-3.6.14-memcmp.patch
|
||||
Patch8: gnutls-3.6.14-fips-dh-check.patch
|
||||
Patch9: gnutls-3.6.14-fix-iovec-memory-leak.patch
|
||||
%bcond_without dane
|
||||
%if 0%{?rhel}
|
||||
%bcond_with guile
|
||||
@ -61,7 +54,7 @@ BuildRequires: guile-devel
|
||||
URL: http://www.gnutls.org/
|
||||
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
|
||||
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig
|
||||
Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
|
||||
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
||||
Provides: bundled(gnulib) = 20130424
|
||||
@ -299,11 +292,35 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 8 2020 Daiki Ueno <dueno@redhat.com> - 3.6.8-11
|
||||
- Fix CVE-2020-13777 (#1844147)
|
||||
* Mon Aug 24 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
|
||||
- Fix memory leak when serializing iovec_t (#1844112)
|
||||
|
||||
* Sat Jul 18 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-5
|
||||
- Perform validation checks on (EC)DH public keys and share secrets (#1855803)
|
||||
|
||||
* Mon Jun 29 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-4
|
||||
- Tighten FIPS DH primes check according to SP800-56A (rev 3) (#1849079)
|
||||
|
||||
* Fri Jun 5 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-3
|
||||
- Update gnutls-3.6.14-fips-mode-check.patch
|
||||
|
||||
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-2
|
||||
- Return false from gnutls_fips140_mode_enabled() if selftests failed (#1827687)
|
||||
|
||||
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-1
|
||||
- Update to upstream 3.6.14 release
|
||||
|
||||
* Mon May 25 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-3
|
||||
- Add an option to gnutls-cli to wait for resumption under TLS 1.3 (#1677754)
|
||||
|
||||
* Wed May 20 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-2
|
||||
- Enable Intel CET (#1838476)
|
||||
|
||||
* Tue May 5 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-1
|
||||
- Update to upstream 3.6.13 release
|
||||
|
||||
* Tue Apr 21 2020 Daiki Ueno <dueno@redhat.com> - 3.6.8-10
|
||||
- Fix CVE-2020-11501 (#1826176)
|
||||
- Fix CVE-2020-11501 (#1822005)
|
||||
|
||||
* Wed Nov 6 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-9
|
||||
- Fix CFB8 decryption when repeatedly called (#1757848)
|
||||
|
Loading…
Reference in New Issue
Block a user