summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8bin0 -> 671 bytes
-rw-r--r--fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319cbin0 -> 729 bytes
-rw-r--r--lib/accelerated/x86/x86-common.c16
-rw-r--r--lib/gnutls_int.h1
-rw-r--r--lib/handshake.c48
-rw-r--r--lib/nettle/pk.c18
-rw-r--r--lib/x509/privkey.c10
-rw-r--r--tests/key-import-export.c31
-rw-r--r--tests/suite/mini-record-timing.c2
9 files changed, 93 insertions, 33 deletions
diff --git a/fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 b/fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8
new file mode 100644
index 0000000000..73a2d97ba2
--- /dev/null
+++ b/fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8
Binary files differ
diff --git a/fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c b/fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c
new file mode 100644
index 0000000000..7ebb883f4d
--- /dev/null
+++ b/fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c
Binary files differ
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index 3845c6b4c9..29410e51fd 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -306,17 +306,21 @@ static int check_phe_sha512(unsigned edx)
static int check_phe_partial(void)
{
- const char *text = "test and test";
+ const char text[64] =
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL
};
- padlock_sha1_blocks(iv, text, sizeof(text) - 1);
- padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+ /* If EAX is set to -1 (this is the case with padlock_sha1_blocks), the
+ * xsha1 instruction takes a complete SHA-1 block (64 bytes), while it
+ * takes arbitrary length data otherwise. */
+ padlock_sha1_blocks(iv, text, 1);
- if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
- iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
- iv[4] == 0x9D3FF5CFUL)
+ if (iv[0] == 0xDA4968EBUL && iv[1] == 0x2E377C1FUL &&
+ iv[2] == 0x884E8F52UL && iv[3] == 0x83524BEBUL &&
+ iv[4] == 0xE74EBDBDUL)
return 1;
else
return 0;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index bb6c197138..31cec5c0cd 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1370,6 +1370,7 @@ typedef struct {
#define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
#define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
#define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
/* The hsk_flags are for use within the ongoing handshake;
* they are reset to zero prior to handshake start by gnutls_handshake. */
diff --git a/lib/handshake.c b/lib/handshake.c
index b40f84b3d9..ce2d160e20 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2061,6 +2061,8 @@ read_server_hello(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
+
return 0;
}
@@ -2585,16 +2587,42 @@ int gnutls_rehandshake(gnutls_session_t session)
return 0;
}
+/* This function checks whether the error code should be treated fatal
+ * or not, and also does the necessary state transition. In
+ * particular, in the case of a rehandshake abort it resets the
+ * handshake's internal state.
+ */
inline static int
_gnutls_abort_handshake(gnutls_session_t session, int ret)
{
- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
- return 0;
+ switch (ret) {
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
+ /* The server always toleretes a "no_renegotiation" alert. */
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ STATE = STATE0;
+ return ret;
+ }
+
+ /* The client should tolerete a "no_renegotiation" alert only if:
+ * - the initial handshake has completed, or
+ * - a Server Hello is not yet received
+ */
+ if (session->internals.initial_negotiation_completed ||
+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
+ STATE = STATE0;
+ return ret;
+ }
- /* this doesn't matter */
- return GNUTLS_E_INTERNAL_ERROR;
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
+ return ret;
+ case GNUTLS_E_GOT_APPLICATION_DATA:
+ STATE = STATE0;
+ return ret;
+ default:
+ return ret;
+ }
}
@@ -2756,13 +2784,7 @@ int gnutls_handshake(gnutls_session_t session)
}
if (ret < 0) {
- /* In the case of a rehandshake abort
- * we should reset the handshake's internal state.
- */
- if (_gnutls_abort_handshake(session, ret) == 0)
- STATE = STATE0;
-
- return ret;
+ return _gnutls_abort_handshake(session, ret);
}
/* clear handshake buffer */
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 588e9df502..e9a380857c 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -3275,22 +3275,22 @@ static int calc_rsa_exp(gnutls_pk_params_st * params)
return GNUTLS_E_INTERNAL_ERROR;
}
- params->params[6] = params->params[7] = NULL;
+ params->params[RSA_E1] = params->params[RSA_E2] = NULL;
- ret = _gnutls_mpi_init_multi(&tmp, &params->params[6], &params->params[7], NULL);
+ ret = _gnutls_mpi_init_multi(&tmp, &params->params[RSA_E1], &params->params[RSA_E2], NULL);
if (ret < 0)
return gnutls_assert_val(ret);
/* [6] = d % p-1, [7] = d % q-1 */
- _gnutls_mpi_sub_ui(tmp, params->params[3], 1);
+ _gnutls_mpi_sub_ui(tmp, params->params[RSA_PRIME1], 1);
ret =
- _gnutls_mpi_modm(params->params[6], params->params[2] /*d */ , tmp);
+ _gnutls_mpi_modm(params->params[RSA_E1], params->params[RSA_PRIV] /*d */ , tmp);
if (ret < 0)
goto fail;
- _gnutls_mpi_sub_ui(tmp, params->params[4], 1);
+ _gnutls_mpi_sub_ui(tmp, params->params[RSA_PRIME2], 1);
ret =
- _gnutls_mpi_modm(params->params[7], params->params[2] /*d */ , tmp);
+ _gnutls_mpi_modm(params->params[RSA_E2], params->params[RSA_PRIV] /*d */ , tmp);
if (ret < 0)
goto fail;
@@ -3300,8 +3300,8 @@ static int calc_rsa_exp(gnutls_pk_params_st * params)
fail:
zrelease_mpi_key(&tmp);
- zrelease_mpi_key(&params->params[6]);
- zrelease_mpi_key(&params->params[7]);
+ zrelease_mpi_key(&params->params[RSA_E1]);
+ zrelease_mpi_key(&params->params[RSA_E2]);
return ret;
}
@@ -3346,6 +3346,8 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
zrelease_mpi_key(&params->params[RSA_E1]);
zrelease_mpi_key(&params->params[RSA_E2]);
+ /* marks RSA_COEF as present */
+ params->params_nr = RSA_PRIVATE_PARAMS - 2;
ret = calc_rsa_exp(params);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index b26295e51b..3852064648 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -885,7 +885,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
gnutls_pk_params_init(&key->params);
siz = m->size;
- if (_gnutls_mpi_init_scan_nz(&key->params.params[0], m->data, siz)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_MODULUS], m->data, siz)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
@@ -893,7 +893,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
key->params.params_nr++;
siz = e->size;
- if (_gnutls_mpi_init_scan_nz(&key->params.params[1], e->data, siz)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PUB], e->data, siz)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
@@ -901,7 +901,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
key->params.params_nr++;
siz = d->size;
- if (_gnutls_mpi_init_scan_nz(&key->params.params[2], d->data, siz)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIV], d->data, siz)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
@@ -909,7 +909,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
key->params.params_nr++;
siz = p->size;
- if (_gnutls_mpi_init_scan_nz(&key->params.params[3], p->data, siz)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIME1], p->data, siz)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
@@ -917,7 +917,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
key->params.params_nr++;
siz = q->size;
- if (_gnutls_mpi_init_scan_nz(&key->params.params[4], q->data, siz)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIME2], q->data, siz)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
diff --git a/tests/key-import-export.c b/tests/key-import-export.c
index 45434eeb2d..e28b21a4f2 100644
--- a/tests/key-import-export.c
+++ b/tests/key-import-export.c
@@ -285,6 +285,20 @@ int check_x509_privkey(void)
static
int check_privkey_import_export(void)
{
+ static const struct rsa_privkey_opt_args
+ {
+ gnutls_datum_t *_u, *_e1, *_e2;
+ }
+ rsa_opt_args[] =
+ {
+ { NULL, NULL, NULL },
+ { NULL, &_rsa_e1, &_rsa_e2 },
+ { NULL, &_rsa_e1, NULL },
+ { NULL, NULL, &_rsa_e2 },
+ { &_rsa_u, NULL, NULL },
+ { &_rsa_u, &_rsa_e1, NULL },
+ { &_rsa_u, NULL, &_rsa_e2 },
+ };
gnutls_privkey_t key;
gnutls_datum_t p, q, g, y, x;
gnutls_datum_t m, e, u, e1, e2, d;
@@ -293,6 +307,7 @@ int check_privkey_import_export(void)
gnutls_digest_algorithm_t digest;
gnutls_gost_paramset_t paramset;
#endif
+ unsigned i;
int ret;
global_init();
@@ -337,10 +352,26 @@ int check_privkey_import_export(void)
gnutls_privkey_deinit(key);
/* RSA */
+
+ /* Optional arguments */
+ for (i = 0; i < sizeof(rsa_opt_args) / sizeof(rsa_opt_args[0]); i++)
+ {
+ ret = gnutls_privkey_init(&key);
+ if (ret < 0)
+ fail("error\n");
+
+ ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, rsa_opt_args[i]._u, rsa_opt_args[i]._e1, rsa_opt_args[i]._e2);
+ if (ret < 0)
+ fail("error\n");
+
+ gnutls_privkey_deinit(key);
+ }
+
ret = gnutls_privkey_init(&key);
if (ret < 0)
fail("error\n");
+ /* Import/export */
ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, &_rsa_u, &_rsa_e1, &_rsa_e2);
if (ret < 0)
fail("error\n");
diff --git a/tests/suite/mini-record-timing.c b/tests/suite/mini-record-timing.c
index 354f733d63..093f3d5d32 100644
--- a/tests/suite/mini-record-timing.c
+++ b/tests/suite/mini-record-timing.c
@@ -232,7 +232,7 @@ client(int fd, const char *prio, unsigned int text_size,
restart:
do {
- ret = gnutls_record_send(session, text, sizeof(text));
+ ret = gnutls_record_send(session, text, text_size);
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
/* measure peer's processing time */
View Lorry Controller Status