diff options
-rw-r--r-- | lib/accelerated/x86/x86-common.c | 16 | ||||
-rw-r--r-- | lib/nettle/pk.c | 18 | ||||
-rw-r--r-- | lib/x509/privkey.c | 10 | ||||
-rw-r--r-- | src/serv-args.def | 6 | ||||
-rw-r--r-- | src/serv.c | 10 | ||||
-rw-r--r-- | tests/key-import-export.c | 31 | ||||
-rw-r--r-- | tests/suite/mini-record-timing.c | 2 |
7 files changed, 70 insertions, 23 deletions
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c index 3845c6b4c9..29410e51fd 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -306,17 +306,21 @@ static int check_phe_sha512(unsigned edx) static int check_phe_partial(void) { - const char *text = "test and test"; + const char text[64] = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL, 0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL }; - padlock_sha1_blocks(iv, text, sizeof(text) - 1); - padlock_sha1_blocks(iv, text, sizeof(text) - 1); + /* If EAX is set to -1 (this is the case with padlock_sha1_blocks), the + * xsha1 instruction takes a complete SHA-1 block (64 bytes), while it + * takes arbitrary length data otherwise. */ + padlock_sha1_blocks(iv, text, 1); - if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL && - iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL && - iv[4] == 0x9D3FF5CFUL) + if (iv[0] == 0xDA4968EBUL && iv[1] == 0x2E377C1FUL && + iv[2] == 0x884E8F52UL && iv[3] == 0x83524BEBUL && + iv[4] == 0xE74EBDBDUL) return 1; else return 0; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 588e9df502..e9a380857c 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -3275,22 +3275,22 @@ static int calc_rsa_exp(gnutls_pk_params_st * params) return GNUTLS_E_INTERNAL_ERROR; } - params->params[6] = params->params[7] = NULL; + params->params[RSA_E1] = params->params[RSA_E2] = NULL; - ret = _gnutls_mpi_init_multi(&tmp, ¶ms->params[6], ¶ms->params[7], NULL); + ret = _gnutls_mpi_init_multi(&tmp, ¶ms->params[RSA_E1], ¶ms->params[RSA_E2], NULL); if (ret < 0) return gnutls_assert_val(ret); /* [6] = d % p-1, [7] = d % q-1 */ - _gnutls_mpi_sub_ui(tmp, params->params[3], 1); + _gnutls_mpi_sub_ui(tmp, params->params[RSA_PRIME1], 1); ret = - _gnutls_mpi_modm(params->params[6], params->params[2] /*d */ , tmp); + _gnutls_mpi_modm(params->params[RSA_E1], params->params[RSA_PRIV] /*d */ , tmp); if (ret < 0) goto fail; - _gnutls_mpi_sub_ui(tmp, params->params[4], 1); + _gnutls_mpi_sub_ui(tmp, params->params[RSA_PRIME2], 1); ret = - _gnutls_mpi_modm(params->params[7], params->params[2] /*d */ , tmp); + _gnutls_mpi_modm(params->params[RSA_E2], params->params[RSA_PRIV] /*d */ , tmp); if (ret < 0) goto fail; @@ -3300,8 +3300,8 @@ static int calc_rsa_exp(gnutls_pk_params_st * params) fail: zrelease_mpi_key(&tmp); - zrelease_mpi_key(¶ms->params[6]); - zrelease_mpi_key(¶ms->params[7]); + zrelease_mpi_key(¶ms->params[RSA_E1]); + zrelease_mpi_key(¶ms->params[RSA_E2]); return ret; } @@ -3346,6 +3346,8 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, zrelease_mpi_key(¶ms->params[RSA_E1]); zrelease_mpi_key(¶ms->params[RSA_E2]); + /* marks RSA_COEF as present */ + params->params_nr = RSA_PRIVATE_PARAMS - 2; ret = calc_rsa_exp(params); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index b26295e51b..3852064648 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -885,7 +885,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, gnutls_pk_params_init(&key->params); siz = m->size; - if (_gnutls_mpi_init_scan_nz(&key->params.params[0], m->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_MODULUS], m->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -893,7 +893,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = e->size; - if (_gnutls_mpi_init_scan_nz(&key->params.params[1], e->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PUB], e->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -901,7 +901,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = d->size; - if (_gnutls_mpi_init_scan_nz(&key->params.params[2], d->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIV], d->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -909,7 +909,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = p->size; - if (_gnutls_mpi_init_scan_nz(&key->params.params[3], p->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIME1], p->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -917,7 +917,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = q->size; - if (_gnutls_mpi_init_scan_nz(&key->params.params[4], q->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIME2], q->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; diff --git a/src/serv-args.def b/src/serv-args.def index a584085e26..ca61801c1e 100644 --- a/src/serv-args.def +++ b/src/serv-args.def @@ -95,6 +95,12 @@ flag = { }; flag = { + name = crlf; + descrip = "Do not replace CRLF by LF in Echo server mode"; + doc = ""; +}; + +flag = { name = udp; value = u; descrip = "Use DTLS (datagram TLS) over UDP"; diff --git a/src/serv.c b/src/serv.c index 57304bc9d3..5198b58c65 100644 --- a/src/serv.c +++ b/src/serv.c @@ -55,6 +55,7 @@ /* global stuff */ static int generate = 0; static int http = 0; +static int strip_crlf = 1; static int x509ctype; static int debug = 0; @@ -1058,7 +1059,8 @@ get_response(gnutls_session_t session, char *request, *response = peer_print_data(session, response_length); } else { int ret; - strip(request); + if (strip_crlf != 0) + strip(request); fprintf(stderr, "received cmd: %s\n", request); ret = check_command(session, request, disable_client_cert); @@ -1838,9 +1840,11 @@ static void cmd_parser(int argc, char **argv) noticket = HAVE_OPT(NOTICKET); earlydata = HAVE_OPT(EARLYDATA); - if (HAVE_OPT(ECHO)) + if (HAVE_OPT(ECHO)) { http = 0; - else + if (HAVE_OPT(CRLF)) + strip_crlf = 0; + } else http = 1; record_max_size = OPT_VALUE_RECORDSIZE; diff --git a/tests/key-import-export.c b/tests/key-import-export.c index 45434eeb2d..e28b21a4f2 100644 --- a/tests/key-import-export.c +++ b/tests/key-import-export.c @@ -285,6 +285,20 @@ int check_x509_privkey(void) static int check_privkey_import_export(void) { + static const struct rsa_privkey_opt_args + { + gnutls_datum_t *_u, *_e1, *_e2; + } + rsa_opt_args[] = + { + { NULL, NULL, NULL }, + { NULL, &_rsa_e1, &_rsa_e2 }, + { NULL, &_rsa_e1, NULL }, + { NULL, NULL, &_rsa_e2 }, + { &_rsa_u, NULL, NULL }, + { &_rsa_u, &_rsa_e1, NULL }, + { &_rsa_u, NULL, &_rsa_e2 }, + }; gnutls_privkey_t key; gnutls_datum_t p, q, g, y, x; gnutls_datum_t m, e, u, e1, e2, d; @@ -293,6 +307,7 @@ int check_privkey_import_export(void) gnutls_digest_algorithm_t digest; gnutls_gost_paramset_t paramset; #endif + unsigned i; int ret; global_init(); @@ -337,10 +352,26 @@ int check_privkey_import_export(void) gnutls_privkey_deinit(key); /* RSA */ + + /* Optional arguments */ + for (i = 0; i < sizeof(rsa_opt_args) / sizeof(rsa_opt_args[0]); i++) + { + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, rsa_opt_args[i]._u, rsa_opt_args[i]._e1, rsa_opt_args[i]._e2); + if (ret < 0) + fail("error\n"); + + gnutls_privkey_deinit(key); + } + ret = gnutls_privkey_init(&key); if (ret < 0) fail("error\n"); + /* Import/export */ ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, &_rsa_u, &_rsa_e1, &_rsa_e2); if (ret < 0) fail("error\n"); diff --git a/tests/suite/mini-record-timing.c b/tests/suite/mini-record-timing.c index 354f733d63..093f3d5d32 100644 --- a/tests/suite/mini-record-timing.c +++ b/tests/suite/mini-record-timing.c @@ -232,7 +232,7 @@ client(int fd, const char *prio, unsigned int text_size, restart: do { - ret = gnutls_record_send(session, text, sizeof(text)); + ret = gnutls_record_send(session, text, text_size); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); /* measure peer's processing time */ |