rpms
/
gnutls
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated to 3.3.22

This commit is contained in:
Nikos Mavrogiannopoulos 2016-03-11 11:39:36 +01:00
parent 60658bc060
commit 49d7558474
4 changed files with 8 additions and 830 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -57,3 +57,4 @@ gnutls-2.10.1-nosrp.tar.bz2
/gnutls-3.3.19-hobbled.tar.xz
/gnutls-3.3.20-hobbled.tar.xz
/gnutls-3.3.21-hobbled.tar.xz
/gnutls-3.3.22-hobbled.tar.xz

825
gnutls-3.3.21-hash-truncation.patch
View File

@ -1,825 +0,0 @@
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c
index e516c38..a18fdbb 100644
--- a/lib/accelerated/x86/hmac-padlock.c
+++ b/lib/accelerated/x86/hmac-padlock.c
@@ -33,6 +33,7 @@
#include <aes-padlock.h>
#include <sha-padlock.h>
#include <algorithms.h>
+#include <x86-common.h>
#ifdef HAVE_LIBNETTLE
@@ -40,9 +41,9 @@
#define OPAD 0x5c
#define MAX_SHA_DIGEST_SIZE (512/8)
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
struct padlock_hmac_ctx {
union {
@@ -63,91 +64,91 @@ struct padlock_hmac_ctx {
static void
padlock_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &padlock_sha1, key_length, key);
}
static void
padlock_hmac_sha1_update(struct hmac_sha1_ctx *ctx,
- unsigned length, const uint8_t * data)
+ size_t length, const uint8_t * data)
{
padlock_sha1_update(&ctx->state, length, data);
}
static void
padlock_hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &padlock_sha1, length, digest);
}
static void
padlock_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &padlock_sha256, key_length, key);
}
static void
padlock_hmac_sha256_update(struct hmac_sha256_ctx *ctx,
- unsigned length, const uint8_t * data)
+ size_t length, const uint8_t * data)
{
padlock_sha256_update(&ctx->state, length, data);
}
static void
padlock_hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &padlock_sha256, length, digest);
}
static void
padlock_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &padlock_sha224, key_length, key);
}
static void
padlock_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &padlock_sha224, length, digest);
}
static void
padlock_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &padlock_sha384, key_length, key);
}
static void
padlock_hmac_sha384_digest(struct hmac_sha384_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &padlock_sha384, length, digest);
}
static void
padlock_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &padlock_sha512, key_length, key);
}
static void
padlock_hmac_sha512_update(struct hmac_sha512_ctx *ctx,
- unsigned length, const uint8_t * data)
+ size_t length, const uint8_t * data)
{
padlock_sha512_update(&ctx->state, length, data);
}
static void
padlock_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &padlock_sha512, length, digest);
}
@@ -237,7 +238,7 @@ wrap_padlock_hmac_update(void *_ctx, const void *text, size_t textsize)
{
struct padlock_hmac_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
return GNUTLS_E_SUCCESS;
}
diff --git a/lib/accelerated/x86/hmac-x86-ssse3.c b/lib/accelerated/x86/hmac-x86-ssse3.c
index 0d5004d..76894de 100644
--- a/lib/accelerated/x86/hmac-x86-ssse3.c
+++ b/lib/accelerated/x86/hmac-x86-ssse3.c
@@ -33,12 +33,13 @@
#include <aes-x86.h>
#include <sha-x86.h>
#include <algorithms.h>
+#include <x86-common.h>
#ifdef HAVE_LIBNETTLE
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
struct x86_hmac_ctx {
union {
@@ -61,56 +62,56 @@ struct x86_hmac_ctx {
static void
x86_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &x86_sha1, key_length, key);
}
static void
x86_hmac_sha1_update(struct hmac_sha1_ctx *ctx,
- unsigned length, const uint8_t * data)
+ size_t length, const uint8_t * data)
{
x86_sha1_update(&ctx->state, length, data);
}
static void
x86_hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &x86_sha1, length, digest);
}
static void
x86_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &x86_sha256, key_length, key);
}
static void
x86_hmac_sha256_update(struct hmac_sha256_ctx *ctx,
- unsigned length, const uint8_t * data)
+ size_t length, const uint8_t * data)
{
x86_sha256_update(&ctx->state, length, data);
}
static void
x86_hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &x86_sha256, length, digest);
}
static void
x86_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &x86_sha224, key_length, key);
}
static void
x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &x86_sha224, length, digest);
}
@@ -118,35 +119,35 @@ x86_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
#ifdef ENABLE_SHA512
static void
x86_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &x86_sha384, key_length, key);
}
static void
x86_hmac_sha384_digest(struct hmac_sha384_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &x86_sha384, length, digest);
}
static void
x86_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+ size_t key_length, const uint8_t * key)
{
HMAC_SET_KEY(ctx, &x86_sha512, key_length, key);
}
static void
x86_hmac_sha512_update(struct hmac_sha512_ctx *ctx,
- unsigned length, const uint8_t * data)
+ size_t length, const uint8_t * data)
{
x86_sha512_update(&ctx->state, length, data);
}
static void
x86_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
HMAC_DIGEST(ctx, &x86_sha512, length, digest);
}
@@ -239,7 +240,7 @@ wrap_x86_hmac_update(void *_ctx, const void *text, size_t textsize)
{
struct x86_hmac_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
return GNUTLS_E_SUCCESS;
}
@@ -279,7 +280,7 @@ static int wrap_x86_hmac_fast(gnutls_mac_algorithm_t algo,
return gnutls_assert_val(ret);
ctx.setkey(&ctx, key_size, key);
- ctx.update(&ctx, text_size, text);
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
zeroize_temp_key(&ctx, sizeof(ctx));
diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c
index 70defe4..76a862a 100644
--- a/lib/accelerated/x86/sha-padlock.c
+++ b/lib/accelerated/x86/sha-padlock.c
@@ -34,9 +34,9 @@
#ifdef HAVE_LIBNETTLE
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
typedef void (*init_func) (void *);
struct padlock_hash_ctx {
@@ -60,7 +60,7 @@ wrap_padlock_hash_update(void *_ctx, const void *text, size_t textsize)
{
struct padlock_hash_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
return GNUTLS_E_SUCCESS;
}
@@ -81,21 +81,21 @@ static void wrap_padlock_hash_deinit(void *hd)
void
padlock_sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t * data)
+ _NETTLE_SIZE_T length, const uint8_t * data)
{
MD_UPDATE(ctx, length, data, SHA1_COMPRESS, MD1_INCR(ctx));
}
void
padlock_sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t * data)
+ _NETTLE_SIZE_T length, const uint8_t * data)
{
MD_UPDATE(ctx, length, data, SHA256_COMPRESS, MD1_INCR(ctx));
}
void
padlock_sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t * data)
+ _NETTLE_SIZE_T length, const uint8_t * data)
{
MD_UPDATE(ctx, length, data, SHA512_COMPRESS, MD_INCR(ctx));
}
@@ -136,7 +136,7 @@ _nettle_write_be32(unsigned length, uint8_t * dst, uint32_t * src)
static void
padlock_sha1_digest(struct sha1_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
#ifdef USE_NETTLE3
uint64_t bit_count;
@@ -167,7 +167,7 @@ padlock_sha1_digest(struct sha1_ctx *ctx,
static void
padlock_sha256_digest(struct sha256_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
#ifdef USE_NETTLE3
uint64_t bit_count;
@@ -200,7 +200,7 @@ padlock_sha256_digest(struct sha256_ctx *ctx,
static void
padlock_sha512_digest(struct sha512_ctx *ctx,
- unsigned length, uint8_t * digest)
+ size_t length, uint8_t * digest)
{
uint64_t high, low;
diff --git a/lib/accelerated/x86/sha-padlock.h b/lib/accelerated/x86/sha-padlock.h
index 5cbe1d1..ce18ef8 100644
--- a/lib/accelerated/x86/sha-padlock.h
+++ b/lib/accelerated/x86/sha-padlock.h
@@ -2,6 +2,7 @@
#define SHA_PADLOCK_H
#include <nettle/sha.h>
+#include "nettle/gnettle.h"
void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
@@ -18,11 +19,11 @@ int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
void *digest);
void padlock_sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t * data);
+ _NETTLE_SIZE_T length, const uint8_t * data);
void padlock_sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t * data);
+ _NETTLE_SIZE_T length, const uint8_t * data);
void padlock_sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t * data);
+ _NETTLE_SIZE_T length, const uint8_t * data);
extern const struct nettle_hash padlock_sha1;
extern const struct nettle_hash padlock_sha224;
diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c
index 4fc106c..efcb5ab 100644
--- a/lib/accelerated/x86/sha-x86-ssse3.c
+++ b/lib/accelerated/x86/sha-x86-ssse3.c
@@ -35,9 +35,9 @@ void sha1_block_data_order(void *c, const void *p, size_t len);
void sha256_block_data_order(void *c, const void *p, size_t len);
void sha512_block_data_order(void *c, const void *p, size_t len);
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
typedef void (*init_func) (void *);
struct x86_hash_ctx {
@@ -63,7 +63,7 @@ wrap_x86_hash_update(void *_ctx, const void *text, size_t textsize)
{
struct x86_hash_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
return GNUTLS_E_SUCCESS;
}
@@ -73,7 +73,7 @@ static void wrap_x86_hash_deinit(void *hd)
gnutls_free(hd);
}
-void x86_sha1_update(struct sha1_ctx *ctx, size_t length,
+void x86_sha1_update(struct sha1_ctx *ctx, _NETTLE_SIZE_T length,
const uint8_t * data)
{
struct {
@@ -136,7 +136,7 @@ void x86_sha1_update(struct sha1_ctx *ctx, size_t length,
}
-void x86_sha256_update(struct sha256_ctx *ctx, size_t length,
+void x86_sha256_update(struct sha256_ctx *ctx, _NETTLE_SIZE_T length,
const uint8_t * data)
{
struct {
@@ -189,7 +189,7 @@ void x86_sha256_update(struct sha256_ctx *ctx, size_t length,
}
#ifdef ENABLE_SHA512
-void x86_sha512_update(struct sha512_ctx *ctx, size_t length,
+void x86_sha512_update(struct sha512_ctx *ctx, _NETTLE_SIZE_T length,
const uint8_t * data)
{
struct {
@@ -344,7 +344,7 @@ static int wrap_x86_hash_fast(gnutls_digest_algorithm_t algo,
if (ret < 0)
return gnutls_assert_val(ret);
- ctx.update(&ctx, text_size, text);
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
return 0;
diff --git a/lib/accelerated/x86/sha-x86.h b/lib/accelerated/x86/sha-x86.h
index 3304212..245fe32 100644
--- a/lib/accelerated/x86/sha-x86.h
+++ b/lib/accelerated/x86/sha-x86.h
@@ -2,6 +2,7 @@
#define SHA_X86_H
#include <nettle/sha.h>
+#include "nettle/gnettle.h"
/* nettle's SHA512 is faster than openssl's */
#undef ENABLE_SHA512
@@ -12,9 +13,9 @@ extern const struct nettle_hash x86_sha256;
extern const struct nettle_hash x86_sha384;
extern const struct nettle_hash x86_sha512;
-void x86_sha1_update(struct sha1_ctx *ctx, size_t length, const uint8_t * data);
-void x86_sha256_update(struct sha256_ctx *ctx, size_t length, const uint8_t * data);
-void x86_sha512_update(struct sha512_ctx *ctx, size_t length, const uint8_t * data);
+void x86_sha1_update(struct sha1_ctx *ctx, _NETTLE_SIZE_T length, const uint8_t * data);
+void x86_sha256_update(struct sha256_ctx *ctx, _NETTLE_SIZE_T length, const uint8_t * data);
+void x86_sha512_update(struct sha512_ctx *ctx, _NETTLE_SIZE_T length, const uint8_t * data);
extern const gnutls_crypto_digest_st _gnutls_sha_x86_ssse3;
extern const gnutls_crypto_mac_st _gnutls_hmac_sha_x86_ssse3;
diff --git a/lib/accelerated/x86/x86-common.h b/lib/accelerated/x86/x86-common.h
index 3c3f6e8..6261bce 100644
--- a/lib/accelerated/x86/x86-common.h
+++ b/lib/accelerated/x86/x86-common.h
@@ -22,6 +22,8 @@
#include <config.h>
+#include "nettle/gnettle.h"
+
extern unsigned int _gnutls_x86_cpuid_s[3];
#if defined(ASM_X86)
diff --git a/lib/nettle/gnettle.h b/lib/nettle/gnettle.h
index e27149c..7616dea 100644
--- a/lib/nettle/gnettle.h
+++ b/lib/nettle/gnettle.h
@@ -1,3 +1,30 @@
+#ifndef GNETTLE_H
+# define GNETTLE_H
+
+#include <config.h>
+#include <minmax.h>
+#include <limits.h>
+
#define PRIME_CHECK_PARAM 8
#define TOMPZ(x) ((__mpz_struct*)(x))
#define SIZEOF_MPZT sizeof(__mpz_struct)
+
+#ifdef USE_NETTLE3
+# define _NETTLE_SIZE_T size_t
+# define _NETTLE_UPDATE(func, ctx, size, data) func(ctx, size, data)
+#else
+# define _NETTLE_SIZE_T unsigned
+#define _NETTLE_UPDATE(func, ptr, size, data) { \
+ size_t _rsize = size; \
+ const uint8_t *_t = text; \
+ while(size > 0) { \
+ _rsize = MIN(size, UINT_MAX); \
+ func(ptr, _rsize, _t); \
+ size -= _rsize; \
+ _t += _rsize; \
+ } \
+}
+
+#endif
+
+#endif
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index cfa37e3..cf4fd70 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -31,12 +31,13 @@
#include <nettle/sha.h>
#include <nettle/hmac.h>
#include <nettle/umac.h>
+#include "gnettle.h"
#include <fips.h>
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
-typedef void (*set_nonce_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, _NETTLE_SIZE_T, const uint8_t *);
+typedef void (*digest_func) (void *, _NETTLE_SIZE_T, uint8_t *);
+typedef void (*set_key_func) (void *, _NETTLE_SIZE_T, const uint8_t *);
+typedef void (*set_nonce_func) (void *, _NETTLE_SIZE_T, const uint8_t *);
static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo,
void **_ctx);
@@ -80,7 +81,7 @@ struct nettle_mac_ctx {
};
static void
-_wrap_umac96_set_key(void *ctx, unsigned len, const uint8_t * key)
+_wrap_umac96_set_key(void *ctx, _NETTLE_SIZE_T len, const uint8_t * key)
{
if (unlikely(len != 16))
abort();
@@ -88,7 +89,7 @@ _wrap_umac96_set_key(void *ctx, unsigned len, const uint8_t * key)
}
static void
-_wrap_umac128_set_key(void *ctx, unsigned len, const uint8_t * key)
+_wrap_umac128_set_key(void *ctx, _NETTLE_SIZE_T len, const uint8_t * key)
{
if (unlikely(len != 16))
abort();
@@ -188,7 +189,7 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
if (ctx.set_nonce)
ctx.set_nonce(&ctx, nonce_size, nonce);
ctx.set_key(&ctx, key_size, key);
- ctx.update(&ctx, text_size, text);
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
zeroize_temp_key(&ctx, sizeof(ctx));
@@ -269,7 +270,7 @@ wrap_nettle_mac_update(void *_ctx, const void *text, size_t textsize)
{
struct nettle_mac_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
return GNUTLS_E_SUCCESS;
}
@@ -305,7 +306,7 @@ wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize)
{
struct nettle_hash_ctx *ctx = _ctx;
- ctx->update(ctx->ctx_ptr, textsize, text);
+ _NETTLE_UPDATE(ctx->update, ctx->ctx_ptr, textsize, text);
return GNUTLS_E_SUCCESS;
}
@@ -411,7 +412,7 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
if (ret < 0)
return gnutls_assert_val(ret);
- ctx.update(&ctx, text_size, text);
+ _NETTLE_UPDATE(ctx.update, &ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
return 0;
diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am
index 1b82e17..2511e7e 100644
--- a/tests/slow/Makefile.am
+++ b/tests/slow/Makefile.am
@@ -40,8 +40,8 @@ endif
ctests = gendh keygen cipher-test
-check_PROGRAMS = $(ctests)
-TESTS = $(ctests)
+check_PROGRAMS = $(ctests) hash-large
+TESTS = $(ctests) test-hash-large
EXTRA_DIST = README
diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c
new file mode 100644
index 0000000..41c2bd5
--- /dev/null
+++ b/tests/slow/hash-large.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2016 Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <limits.h>
+#include "utils.h"
+
+#define MIN(x,y) ((x)<(y))?(x):(y)
+
+/* Test hashing on large buffers */
+
+void doit(void)
+{
+ unsigned char digest[32];
+ int err;
+ char *buf, *p;
+ ssize_t size, left, size2;
+ gnutls_hash_hd_t td;
+
+ if (sizeof(size) <= 4)
+ exit(77);
+
+ global_init();
+
+ size = (ssize_t)UINT_MAX + (ssize_t)64*1024;
+ buf = calloc(1, size);
+ if (buf == NULL)
+ exit(77);
+
+ if (size < (ssize_t)UINT_MAX)
+ exit(77);
+
+
+ err =
+ gnutls_hash_fast(GNUTLS_DIG_SHA256, buf, size,
+ digest);
+ if (err < 0)
+ fail("gnutls_hash_fast(SHA256) failed: %d\n", err);
+ else {
+#define SHA256_HASH "\x80\x92\xd9\xbe\x54\xa0\xe9\xd7\x7c\xb8\xe4\x2d\xd3\x7c\x19\xfe\x4e\x68\x84\x33\x71\xef\x1c\x81\xd6\x44\x36\x52\x06\xd8\x4b\x8a"
+ if (memcmp(digest, SHA256_HASH, 32) == 0) {
+ if (debug)
+ success("gnutls_hash_fast(SHA256) %lu OK\n", (unsigned long)size);
+ } else {
+ hexprint(digest, 32);
+ fail("gnutls_hash_fast(SHA256) failure\n");
+ }
+ }
+
+ err = gnutls_hash_init(&td, GNUTLS_DIG_SHA256);
+ if (err < 0) {
+ fail("failed in %d\n", __LINE__);
+ }
+
+ size2 = size;
+ p = buf;
+ while(size2 > 0) {
+ left = MIN(64*1024, size2);
+ gnutls_hash(td, p, left);
+ size2 -= left;
+ p += left;
+ }
+
+ gnutls_hash_output(td, digest);
+ gnutls_hash_deinit(td, NULL);
+ if (memcmp(digest, SHA256_HASH, 32) == 0) {
+ if (debug)
+ success("gnutls_hash_fast(SHA256) %lu OK\n", (unsigned long)size);
+ } else {
+ hexprint(digest, 32);
+ fail("gnutls_hash(SHA256) failure\n");
+ }
+
+ /* SHA1 */
+
+ err =
+ gnutls_hash_fast(GNUTLS_MAC_SHA1, buf, size,
+ digest);
+ if (err < 0)
+ fail("gnutls_hash_fast(SHA1) failed: %d\n", err);
+ else {
+#define SHA1_HASH "\x75\xd2\x67\x3f\xec\x73\xe4\x57\xb8\x40\xb3\xb5\xf1\xc7\xa8\x1a\x2d\x11\x7e\xd9"
+ if (memcmp(digest, SHA1_HASH, 20) == 0) {
+ if (debug)
+ success("gnutls_hash_fast(SHA1) OK\n");
+ } else {
+ hexprint(digest, 20);
+ fail("gnutls_hash_fast(SHA1) failure\n");
+ }
+ }
+
+ err =
+ gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, buf, size,
+ digest);
+ if (err < 0)
+ fail("gnutls_hmac_fast(SHA1) failed: %d\n", err);
+ else {
+#define SHA1_MAC "\xe2\xe9\x84\x48\x53\xe3\x0b\xfe\x45\x04\xf6\x6b\x5b\x6d\x4d\x2c\xa3\x0f\xcf\x23"
+ if (memcmp(digest, SHA1_MAC, 20) == 0) {
+ if (debug)
+ success("gnutls_hmac_fast(SHA1) OK\n");
+ } else {
+ hexprint(digest, 20);
+ fail("gnutls_hmac_fast(SHA1) failure\n");
+ }
+ }
+
+ free(buf);
+ gnutls_global_deinit();
+}
diff --git a/tests/slow/test-hash-large b/tests/slow/test-hash-large
new file mode 100755
index 0000000..e09579a
--- /dev/null
+++ b/tests/slow/test-hash-large
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Nikos Mavrogiannopoulos
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+PROG=./hash-large${EXEEXT}
+unset RETCODE
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+${PROG}
+ret=$?
+if test $ret != 0; then
+ echo "default cipher tests failed"
+ exit $ret
+fi
+
+GNUTLS_CPUID_OVERRIDE=0x1 ${PROG}
+ret=$?
+if test $ret != 0; then
+ echo "included cipher tests failed"
+ exit $ret
+fi
+
+GNUTLS_CPUID_OVERRIDE=0x4 ${PROG}
+ret=$?
+if test $ret != 0; then
+ echo "SSSE3 cipher tests failed"
+ exit $ret
+fi
+
+GNUTLS_CPUID_OVERRIDE=0x200000 ${PROG}
+ret=$?
+if test $ret != 0; then
+ echo "padlock PHE cipher tests failed"
+ exit $ret
+fi
+
+GNUTLS_CPUID_OVERRIDE=0x400000 ${PROG}
+ret=$?
+if test $ret != 0; then
+ echo "padlock PHE SHA512 cipher tests failed"
+ exit $ret
+fi
+
+exit 0

10
gnutls.spec
View File

@ -2,8 +2,8 @@
%bcond_without guile
Summary: A TLS protocol implementation
Name: gnutls
Version: 3.3.21
Release: 2%{?dist}
Version: 3.3.22
Release: 1%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+
License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries
@ -33,7 +33,6 @@ Source0: %{name}-%{version}-hobbled.tar.xz
Source1: libgnutls-config
Source2: hobble-gnutls
Patch1: gnutls-3.2.7-rpath.patch
Patch2: gnutls-3.3.21-hash-truncation.patch
Patch3: gnutls-3.1.11-nosrp.patch
Patch4: gnutls-3.3.19-default-policy.patch
@ -136,7 +135,6 @@ This package contains Guile bindings for the library.
%setup -q
%patch1 -p1 -b .rpath
%patch2 -p1 -b .hash-truncation
%patch3 -p1 -b .nosrp
%patch4 -p1 -b .default-policy
@ -173,6 +171,7 @@ export LDFLAGS="-Wl,--no-add-needed"
--disable-dane \
%endif
--with-arcfour128 \
--with-ssl3 \
--disable-rpath
make %{?_smp_mflags} V=1
@ -275,6 +274,9 @@ fi
%endif
%changelog
* Fri Mar 11 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.3.22-1
- updated to 3.3.22
* Fri Feb 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.3.21-2
- Fix issue with hash truncation on large input (#1310103)

2
sources
View File

@ -1 +1 @@
823393bdbe4db4c8ce943b99ebc8bd94 gnutls-3.3.21-hobbled.tar.xz
922001010708a3cf99b7e5fbbc8dcc72 gnutls-3.3.22-hobbled.tar.xz