diff --git a/configure b/configure index a5848e7..fe9de90 100755 --- a/configure +++ b/configure @@ -54265,7 +54265,7 @@ shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" +sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no diff --git a/doc/Makefile.am b/doc/Makefile.am index afef3ea..773ab6d 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -635,16 +635,12 @@ FUNCS += functions/dane_verify_session_crt FUNCS += functions/dane_verify_session_crt.short FUNCS += functions/gnutls_aead_cipher_decrypt FUNCS += functions/gnutls_aead_cipher_decrypt.short -FUNCS += functions/gnutls_aead_cipher_decryptv2 -FUNCS += functions/gnutls_aead_cipher_decryptv2.short FUNCS += functions/gnutls_aead_cipher_deinit FUNCS += functions/gnutls_aead_cipher_deinit.short FUNCS += functions/gnutls_aead_cipher_encrypt FUNCS += functions/gnutls_aead_cipher_encrypt.short FUNCS += functions/gnutls_aead_cipher_encryptv FUNCS += functions/gnutls_aead_cipher_encryptv.short -FUNCS += functions/gnutls_aead_cipher_encryptv2 -FUNCS += functions/gnutls_aead_cipher_encryptv2.short FUNCS += functions/gnutls_aead_cipher_init FUNCS += functions/gnutls_aead_cipher_init.short FUNCS += functions/gnutls_alert_get diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 1d1aebd..9beee86 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -119,11 +119,9 @@ APIMANS += dane_verify_crt.3 APIMANS += dane_verify_crt_raw.3 APIMANS += dane_verify_session_crt.3 APIMANS += gnutls_aead_cipher_decrypt.3 -APIMANS += gnutls_aead_cipher_decryptv2.3 APIMANS += gnutls_aead_cipher_deinit.3 APIMANS += gnutls_aead_cipher_encrypt.3 APIMANS += gnutls_aead_cipher_encryptv.3 -APIMANS += gnutls_aead_cipher_encryptv2.3 APIMANS += gnutls_aead_cipher_init.3 APIMANS += gnutls_alert_get.3 APIMANS += gnutls_alert_get_name.3 diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in index 1dfc88e..95e1e9c 100644 --- a/guile/src/Makefile.in +++ b/guile/src/Makefile.in @@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la # Use '-module' to build a "dlopenable module", in Libtool terms. # Use '-undefined' to placate Libtool on Windows; see # . -guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy +guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined # Linking against GnuTLS. GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la diff --git a/lib/Makefile.am b/lib/Makefile.am index 7750d21..83b328e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -80,8 +80,7 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c gthreads.h handshake-tls system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \ cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \ crypto-selftests.c crypto-selftests-pk.c secrets.c extv.c extv.h \ - hello_ext_lib.c hello_ext_lib.h ocsp-api.c stek.c cert-cred-rawpk.c \ - iov.c iov.h + hello_ext_lib.c hello_ext_lib.h ocsp-api.c stek.c cert-cred-rawpk.c if WINDOWS COBJECTS += system/keys-win.c diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 473f120..0b6be4e 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -31,7 +31,6 @@ #include #include #include "crypto-api.h" -#include "iov.h" typedef struct api_cipher_hd_st { cipher_hd_st ctx_enc; @@ -820,26 +819,7 @@ static void iov_store_free(struct iov_store_st *s) } } -static int iov_store_grow(struct iov_store_st *s, size_t length) -{ - if (s->allocated || s->data == NULL) { - s->size += length; - s->data = gnutls_realloc(s->data, s->size); - if (s->data == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - s->allocated = 1; - } else { - void *data = s->data; - size_t size = s->size + length; - s->data = gnutls_malloc(size); - memcpy(s->data, data, s->size); - s->size += length; - } - return 0; -} - -static int -copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) +static int copy_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) { memset(dst, 0, sizeof(*dst)); if (iovcnt == 0) { @@ -871,26 +851,97 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) } } -static int -copy_to_iov(struct iov_store_st *src, size_t size, - const giovec_t *iov, int iovcnt) -{ - size_t offset = 0; - int i; - - if (unlikely(src->size < size)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - for (i = 0; i < iovcnt && size > 0; i++) { - size_t to_copy = MIN(size, iov[i].iov_len); - memcpy(iov[i].iov_base, (uint8_t *) src->data + offset, to_copy); - offset += to_copy; - size -= to_copy; - } - if (size > 0) - return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); - return 0; -} +#define AUTH_UPDATE_FINAL(ctx) do { \ + if (index) { \ + ret = _gnutls_cipher_auth(ctx, cache, index); \ + if (unlikely(ret < 0)) \ + return gnutls_assert_val(ret); \ + } \ + } while(0) + +#define AUTH_UPDATE(ctx, data, length) do { \ + if (index) { \ + ssize_t left = blocksize - index; \ + if (length < left) { \ + memcpy(cache+index, data, \ + length); \ + index += length; \ + goto __update_done; \ + } else { \ + memcpy(cache+index, data, left); \ + ret = _gnutls_cipher_auth(ctx, cache, blocksize); \ + if (unlikely(ret < 0)) \ + return gnutls_assert_val(ret); \ + data += left; \ + length -= left; \ + } \ + } \ + if (length >= blocksize) { \ + ssize_t to_proc = (length/blocksize)*blocksize; \ + ret = _gnutls_cipher_auth(ctx, data, to_proc); \ + if (unlikely(ret < 0)) \ + return gnutls_assert_val(ret); \ + data += to_proc; \ + length -= to_proc; \ + } \ + if (length) \ + memcpy(cache, data, length); \ + index = length; \ + __update_done: \ + ; \ + } while(0) + +#define ENCRYPT_FINAL(ctx, dst, dst_size) do { \ + if (index) { \ + if (unlikely(dst_size < (ssize_t)index)) \ + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); \ + ret = _gnutls_cipher_encrypt2(ctx, cache, index, dst, dst_size); \ + if (unlikely(ret < 0)) \ + return gnutls_assert_val(ret); \ + dst += index; \ + dst_size -= index; \ + } \ + } while(0) + +#define ENCRYPT(ctx, data, length, dst, dst_size) do { \ + if (index) { \ + ssize_t left = blocksize - index; \ + if (length < left) { \ + memcpy(cache+index, data, \ + length); \ + index += length; \ + goto __encrypt_done; \ + } else { \ + if (unlikely(dst_size < blocksize)) \ + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); \ + memcpy(cache+index, data, left); \ + ret = _gnutls_cipher_encrypt2(ctx, cache, blocksize, dst, dst_size); \ + if (unlikely(ret < 0)) \ + return gnutls_assert_val(ret); \ + data += left; \ + length -= left; \ + dst += blocksize; \ + dst_size -= blocksize; \ + } \ + } \ + if (length >= blocksize) { \ + ssize_t to_proc = (length/blocksize)*blocksize; \ + if (unlikely(dst_size < to_proc)) \ + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); \ + ret = _gnutls_cipher_encrypt2(ctx, data, to_proc, dst, dst_size); \ + if (unlikely(ret < 0)) \ + return gnutls_assert_val(ret); \ + data += to_proc; \ + length -= to_proc; \ + dst += to_proc; \ + dst_size -= to_proc; \ + } \ + if (length) \ + memcpy(cache, data, length); \ + index = length; \ + __encrypt_done: \ + ; \ + } while(0) /** @@ -923,13 +974,14 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, void *ctext, size_t *ctext_len) { api_aead_cipher_hd_st *h = handle; - ssize_t ret; + int ret; uint8_t *dst; - size_t dst_size, total = 0; + ssize_t dst_size, total = 0, len; uint8_t *p; - size_t len; - size_t blocksize = handle->ctx_enc.e->blocksize; - struct iov_iter_st iter; + unsigned i; + uint8_t cache[MAX_CIPHER_BLOCK_SIZE]; + unsigned index; + ssize_t blocksize = handle->ctx_enc.e->blocksize; /* Limitation: this function provides an optimization under the internally registered * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(), @@ -946,11 +998,11 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, struct iov_store_st auth; struct iov_store_st ptext; - ret = copy_from_iov(&auth, auth_iov, auth_iovcnt); + ret = copy_iov(&auth, auth_iov, auth_iovcnt); if (ret < 0) return gnutls_assert_val(ret); - ret = copy_from_iov(&ptext, iov, iovcnt); + ret = copy_iov(&ptext, iov, iovcnt); if (ret < 0) { iov_store_free(&auth); return gnutls_assert_val(ret); @@ -971,44 +1023,27 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, if (unlikely(ret < 0)) return gnutls_assert_val(ret); - ret = _gnutls_iov_iter_init(&iter, auth_iov, auth_iovcnt, blocksize); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - while (1) { - ret = _gnutls_iov_iter_next(&iter, &p); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - if (ret == 0) - break; - ret = _gnutls_cipher_auth(&handle->ctx_enc, p, ret); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); + index = 0; + for (i = 0; i < (unsigned)auth_iovcnt; i++) { + p = auth_iov[i].iov_base; + len = auth_iov[i].iov_len; + AUTH_UPDATE(&handle->ctx_enc, p, len); } + AUTH_UPDATE_FINAL(&handle->ctx_enc); dst = ctext; dst_size = *ctext_len; - ret = _gnutls_iov_iter_init(&iter, iov, iovcnt, blocksize); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - while (1) { - ret = _gnutls_iov_iter_next(&iter, &p); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - if (ret == 0) - break; - len = ret; - ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, - p, len, - dst, dst_size); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - DECR_LEN(dst_size, len); - dst += len; - total += len; + index = 0; + for (i = 0; i < (unsigned)iovcnt; i++) { + p = iov[i].iov_base; + len = iov[i].iov_len; + ENCRYPT(&handle->ctx_enc, p, len, dst, dst_size); + total += iov[i].iov_len; } + ENCRYPT_FINAL(&handle->ctx_enc, dst, dst_size); - if (dst_size < tag_size) + if ((size_t)dst_size < tag_size) return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); _gnutls_cipher_tag(&handle->ctx_enc, dst, tag_size); @@ -1020,292 +1055,6 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, } /** - * gnutls_aead_cipher_encryptv2: - * @handle: is a #gnutls_aead_cipher_hd_t type. - * @nonce: the nonce to set - * @nonce_len: The length of the nonce - * @auth_iov: additional data to be authenticated - * @auth_iovcnt: The number of buffers in @auth_iov - * @iov: the data to be encrypted - * @iovcnt: The number of buffers in @iov - * @tag: The authentication tag - * @tag_size: The size of the tag to use (use zero for the default) - * - * This is similar to gnutls_aead_cipher_encrypt(), but it performs - * in-place encryption on the provided data buffers. - * - * Returns: Zero or a negative error code on error. - * - * Since: 3.6.10 - **/ -int -gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle, - const void *nonce, size_t nonce_len, - const giovec_t *auth_iov, int auth_iovcnt, - const giovec_t *iov, int iovcnt, - void *tag, size_t *tag_size) -{ - api_aead_cipher_hd_st *h = handle; - ssize_t ret; - uint8_t *p; - size_t len; - ssize_t blocksize = handle->ctx_enc.e->blocksize; - struct iov_iter_st iter; - size_t _tag_size; - - if (tag_size == NULL || *tag_size == 0) - _tag_size = _gnutls_cipher_get_tag_size(h->ctx_enc.e); - else - _tag_size = *tag_size; - - if (_tag_size > (unsigned)_gnutls_cipher_get_tag_size(h->ctx_enc.e)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - /* Limitation: this function provides an optimization under the internally registered - * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(), - * then this becomes a convenience function as it missed the lower-level primitives - * necessary for piecemeal encryption. */ - if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) { - /* ciphertext cannot be produced in a piecemeal approach */ - struct iov_store_st auth; - struct iov_store_st ptext; - size_t ptext_size; - - ret = copy_from_iov(&auth, auth_iov, auth_iovcnt); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = copy_from_iov(&ptext, iov, iovcnt); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - ptext_size = ptext.size; - - /* append space for tag */ - ret = iov_store_grow(&ptext, _tag_size); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - ret = gnutls_aead_cipher_encrypt(handle, nonce, nonce_len, - auth.data, auth.size, - _tag_size, - ptext.data, ptext_size, - ptext.data, &ptext.size); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - ret = copy_to_iov(&ptext, ptext_size, iov, iovcnt); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - if (tag != NULL) - memcpy(tag, - (uint8_t *) ptext.data + ptext_size, - _tag_size); - if (tag_size != NULL) - *tag_size = _tag_size; - - fallback_fail: - iov_store_free(&auth); - iov_store_free(&ptext); - - return ret; - } - - ret = _gnutls_cipher_setiv(&handle->ctx_enc, nonce, nonce_len); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - - ret = _gnutls_iov_iter_init(&iter, auth_iov, auth_iovcnt, blocksize); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - while (1) { - ret = _gnutls_iov_iter_next(&iter, &p); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - if (ret == 0) - break; - ret = _gnutls_cipher_auth(&handle->ctx_enc, p, ret); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - } - - ret = _gnutls_iov_iter_init(&iter, iov, iovcnt, blocksize); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - while (1) { - ret = _gnutls_iov_iter_next(&iter, &p); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - if (ret == 0) - break; - - len = ret; - ret = _gnutls_cipher_encrypt2(&handle->ctx_enc, p, len, p, len); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - - ret = _gnutls_iov_iter_sync(&iter, p, len); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - } - - if (tag != NULL) - _gnutls_cipher_tag(&handle->ctx_enc, tag, _tag_size); - if (tag_size != NULL) - *tag_size = _tag_size; - - return 0; -} - -/** - * gnutls_aead_cipher_decryptv2: - * @handle: is a #gnutls_aead_cipher_hd_t type. - * @nonce: the nonce to set - * @nonce_len: The length of the nonce - * @auth_iov: additional data to be authenticated - * @auth_iovcnt: The number of buffers in @auth_iov - * @iov: the data to decrypt - * @iovcnt: The number of buffers in @iov - * @tag: The authentication tag - * @tag_size: The size of the tag to use (use zero for the default) - * - * This is similar to gnutls_aead_cipher_decrypt(), but it performs - * in-place encryption on the provided data buffers. - * - * Returns: Zero or a negative error code on error. - * - * Since: 3.6.10 - **/ -int -gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle, - const void *nonce, size_t nonce_len, - const giovec_t *auth_iov, int auth_iovcnt, - const giovec_t *iov, int iovcnt, - void *tag, size_t tag_size) -{ - api_aead_cipher_hd_st *h = handle; - ssize_t ret; - uint8_t *p; - size_t len; - ssize_t blocksize = handle->ctx_enc.e->blocksize; - struct iov_iter_st iter; - uint8_t _tag[MAX_HASH_SIZE]; - - if (tag_size == 0) - tag_size = _gnutls_cipher_get_tag_size(h->ctx_enc.e); - else if (tag_size > (unsigned)_gnutls_cipher_get_tag_size(h->ctx_enc.e)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - /* Limitation: this function provides an optimization under the internally registered - * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(), - * then this becomes a convenience function as it missed the lower-level primitives - * necessary for piecemeal encryption. */ - if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) { - /* ciphertext cannot be produced in a piecemeal approach */ - struct iov_store_st auth; - struct iov_store_st ctext; - size_t ctext_size; - - ret = copy_from_iov(&auth, auth_iov, auth_iovcnt); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = copy_from_iov(&ctext, iov, iovcnt); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - ctext_size = ctext.size; - - /* append tag */ - ret = iov_store_grow(&ctext, tag_size); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - memcpy((uint8_t *) ctext.data + ctext_size, tag, tag_size); - - ret = gnutls_aead_cipher_decrypt(handle, nonce, nonce_len, - auth.data, auth.size, - tag_size, - ctext.data, ctext.size, - ctext.data, &ctext_size); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - ret = copy_to_iov(&ctext, ctext_size, iov, iovcnt); - if (ret < 0) { - gnutls_assert(); - goto fallback_fail; - } - - fallback_fail: - iov_store_free(&auth); - iov_store_free(&ctext); - - return ret; - } - - ret = _gnutls_cipher_setiv(&handle->ctx_enc, nonce, nonce_len); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - - ret = _gnutls_iov_iter_init(&iter, auth_iov, auth_iovcnt, blocksize); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - while (1) { - ret = _gnutls_iov_iter_next(&iter, &p); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - if (ret == 0) - break; - ret = _gnutls_cipher_auth(&handle->ctx_enc, p, ret); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - } - - ret = _gnutls_iov_iter_init(&iter, iov, iovcnt, blocksize); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - while (1) { - ret = _gnutls_iov_iter_next(&iter, &p); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - if (ret == 0) - break; - - len = ret; - ret = _gnutls_cipher_decrypt2(&handle->ctx_enc, p, len, p, len); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - - ret = _gnutls_iov_iter_sync(&iter, p, len); - if (unlikely(ret < 0)) - return gnutls_assert_val(ret); - } - - if (tag != NULL) { - _gnutls_cipher_tag(&handle->ctx_enc, _tag, tag_size); - if (gnutls_memcmp(_tag, tag, tag_size) != 0) - return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); - } - - return 0; -} - -/** * gnutls_aead_cipher_deinit: * @handle: is a #gnutls_aead_cipher_hd_t type. * diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 59ef38c..f2fbba9 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -185,13 +185,6 @@ typedef struct gnutls_x509_spki_st { /* if non-zero, the legacy value for PKCS#7 signatures will be * written for RSA signatures. */ unsigned int legacy; - - /* the digest used by ECDSA/DSA */ - gnutls_digest_algorithm_t dsa_dig; - - /* flags may include GNUTLS_PK_FLAG_REPRODUCIBLE for - * deterministic ECDSA/DSA */ - unsigned int flags; } gnutls_x509_spki_st; #define GNUTLS_MAX_PK_PARAMS 16 @@ -224,19 +217,9 @@ typedef struct { */ typedef enum { GNUTLS_PK_FLAG_NONE = 0, - GNUTLS_PK_FLAG_PROVABLE = 1, - GNUTLS_PK_FLAG_REPRODUCIBLE = 2 + GNUTLS_PK_FLAG_PROVABLE = 1 } gnutls_pk_flag_t; -#define FIX_SIGN_PARAMS(params, flags, dig) do { \ - if ((flags) & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) { \ - (params).flags |= GNUTLS_PK_FLAG_REPRODUCIBLE; \ - } \ - if ((params).pk == GNUTLS_PK_DSA || \ - (params).pk == GNUTLS_PK_ECDSA) { \ - (params).dsa_dig = (dig); \ - } \ -} while (0) void gnutls_pk_params_release(gnutls_pk_params_st * p); void gnutls_pk_params_clear(gnutls_pk_params_st * p); diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index 3d665b7..1aa53ea 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -78,6 +78,16 @@ static const char ecc_key[] = "MSHpe5vd0TQz+/GAa1zxle8mB/Cdh0JaTrA=\n" "-----END EC PRIVATE KEY-----\n"; +static const char dsa_key[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIH4AgEAAkEA6KUOSXfFNcInFLPdOlLlKNCe79zJrkxnsQN+lllxuk1ifZrE07r2\n" + "3edTrc4riQNnZ2nZ372tYUAMJg+5jM6IIwIVAOa58exwZ+42Tl+p3b4Kbpyu2Ron\n" + "AkBocj7gkiBYHtv6HMIIzooaxn4vpGR0Ns6wBfroBUGvrnSAgfT3WyiNaHkIF28e\n" + "quWcEeOJjUgFvatcM8gcY288AkEAyKWlgzBurIYST8TM3j4PuQJDTvdHDaGoAUAa\n" + "EfjmOw2UXKwqTmwPiT5BYKgCo2ILS87ttlTpd8vndH37pmnmVQIUQIVuKpZ8y9Bw\n" + "VzO8qcrLCFvTOXY=\n" + "-----END DSA PRIVATE KEY-----\n"; + static const char gost01_key[] = "-----BEGIN PRIVATE KEY-----\n" "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n" @@ -97,118 +107,6 @@ static const char gost12_512_key[] = "KjL7CLBERDm7Yvlv\n" "-----END PRIVATE KEY-----\n"; -/* A precomputed RSA-SHA256 signature using the rsa_key2048 */ -static const char rsa_sig[] = - "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; - -/* ECDSA key and signature */ -static const char ecdsa_secp256r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----\n" - "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" - "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" - "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" - "-----END EC PRIVATE KEY-----\n"; - -static const char ecdsa_secp256r1_sig[] = - "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; - -#ifdef ENABLE_NON_SUITEB_CURVES -/* sha256 */ -static const char ecdsa_secp192r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" - "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" - "Fg==" "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp192r1_sig[] = - "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; - -static const char ecdsa_secp224r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" - "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" - "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp224r1_sig[] = - "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; -#endif - -static const char ecdsa_secp384r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" - "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" - "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" - "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp384r1_sig[] = - "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; - -static const char ecdsa_secp521r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" - "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" - "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" - "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" - "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" - "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp521r1_sig[] = - "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; - -/* DSA key and signature */ -static const char dsa_privkey[] = - "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" - "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" - "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" - "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" - "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" - "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" - "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" - "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" - "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" - "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" - "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" - "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" - "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" - "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" - "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" - "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" - "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" - "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" - "-----END DSA PRIVATE KEY-----\n"; - -static const char dsa_sig[] = - "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; - -static const char gost01_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" - "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost01_sig[] = - "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; - -static const char gost12_256_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" - "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost12_256_sig[] = - "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; - -static const char gost12_512_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" - "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" - "hsQ3JCCy4xnd5jWT\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost12_512_sig[] = - "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; - static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t ign) { @@ -303,22 +201,23 @@ static int test_sig(gnutls_pk_algorithm_t pk, { int ret; gnutls_datum_t sig = { NULL, 0 }; - gnutls_datum_t known_sig = { NULL, 0 }; gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 }; - gnutls_datum_t raw_dsa_key = { (void*)dsa_privkey, sizeof(dsa_privkey)-1 }; + gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 }; gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 }; gnutls_datum_t raw_gost01_key = { (void*)gost01_key, sizeof(gost01_key)-1 }; gnutls_datum_t raw_gost12_256_key = { (void*)gost12_256_key, sizeof(gost12_256_key)-1 }; gnutls_datum_t raw_gost12_512_key = { (void*)gost12_512_key, sizeof(gost12_512_key)-1 }; gnutls_privkey_t key; gnutls_pubkey_t pub = NULL; - char param_name[32] = ""; + char param_name[32]; - if (pk == GNUTLS_PK_GOST_01 || pk == GNUTLS_PK_GOST_12_256 || - pk == GNUTLS_PK_GOST_12_512) { - snprintf(param_name, sizeof(param_name), "-%s", + if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 || + pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) { + snprintf(param_name, sizeof(param_name), "%s", gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE (bits))); + } else { + snprintf(param_name, sizeof(param_name), "%u", bits); } ret = gnutls_privkey_init(&key); @@ -332,8 +231,6 @@ static int test_sig(gnutls_pk_algorithm_t pk, } if (pk == GNUTLS_PK_RSA) { - known_sig.data = (void *)rsa_sig; - known_sig.size = sizeof(rsa_sig) - 1; ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); } else if (pk == GNUTLS_PK_RSA_PSS) { ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); @@ -369,16 +266,6 @@ static int test_sig(gnutls_pk_algorithm_t pk, goto cleanup; } - /* Compare with a stored known signature */ - if (known_sig.data != NULL) { - if (sig.size != known_sig.size - || memcmp(sig.data, known_sig.data, sig.size) != 0) { - ret = GNUTLS_E_SELF_TEST_ERROR; - gnutls_assert(); - goto cleanup; - } - } - ret = gnutls_pubkey_verify_data2(pub, sigalgo, 0, &signed_data, &sig); @@ -406,15 +293,127 @@ static int test_sig(gnutls_pk_algorithm_t pk, gnutls_free(sig.data); if (ret == 0) - _gnutls_debug_log("%s%s-sig self test succeeded\n", + _gnutls_debug_log("%s-%s-sig self test succeeded\n", gnutls_pk_get_name(pk), param_name); else - _gnutls_debug_log("%s%s-sig self test failed\n", + _gnutls_debug_log("%s-%s-sig self test failed\n", gnutls_pk_get_name(pk), param_name); return ret; } +/* A precomputed RSA-SHA1 signature using the rsa_key2048 */ +static const char rsa_sig[] = + "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; + +/* ECDSA key and signature */ +static const char ecdsa_secp256r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" + "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" + "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" + "-----END EC PRIVATE KEY-----\n"; + +static const char ecdsa_secp256r1_sig[] = + "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; + +#ifdef ENABLE_NON_SUITEB_CURVES +/* sha256 */ +static const char ecdsa_secp192r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" + "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" + "Fg==" "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp192r1_sig[] = + "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; + +static const char ecdsa_secp224r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" + "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" + "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp224r1_sig[] = + "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; +#endif + +static const char ecdsa_secp384r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" + "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" + "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" + "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp384r1_sig[] = + "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; + +static const char ecdsa_secp521r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" + "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" + "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" + "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" + "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" + "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp521r1_sig[] = + "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; + +/* DSA key and signature */ +static const char dsa_privkey[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" + "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" + "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" + "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" + "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" + "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" + "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" + "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" + "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" + "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" + "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" + "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" + "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" + "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" + "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" + "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" + "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" + "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" + "-----END DSA PRIVATE KEY-----\n"; + +static const char dsa_sig[] = + "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; + +static const char gost01_privkey[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" + "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" + "-----END PRIVATE KEY-----\n"; + +static const char gost01_sig[] = + "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; + +static const char gost12_256_privkey[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" + "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" + "-----END PRIVATE KEY-----\n"; + +static const char gost12_256_sig[] = + "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; + +static const char gost12_512_privkey[] = + "-----BEGIN PRIVATE KEY-----\n" + "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" + "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" + "hsQ3JCCy4xnd5jWT\n" + "-----END PRIVATE KEY-----\n"; + +static const char gost12_512_sig[] = + "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; + static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t dig, const void *privkey, size_t privkey_size, @@ -463,17 +462,19 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, goto cleanup; } - ret = gnutls_privkey_sign_data(key, dig, 0, &signed_data, &sig); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - /* Test if the generated signature matches the stored */ + /* Test if the signature we generate matches the stored */ ssig.data = (void *) stored_sig; ssig.size = stored_sig_size; if (deterministic_sigs != 0) { /* do not compare against stored signature if not provided */ + ret = + gnutls_privkey_sign_data(key, dig, 0, &signed_data, + &sig); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + if (sig.size != ssig.size || memcmp(sig.data, ssig.data, sig.size) != 0) { ret = GNUTLS_E_SELF_TEST_ERROR; @@ -493,7 +494,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, } } - /* Test if we can verify the generated signature */ + /* Test if we can verify the signature */ ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); if (ret < 0) { @@ -503,17 +504,6 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, ret = gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, - &signed_data, &sig); - if (ret < 0) { - ret = GNUTLS_E_SELF_TEST_ERROR; - gnutls_assert(); - goto cleanup; - } - - /* Test if we can verify the stored signature */ - - ret = - gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, &signed_data, &ssig); if (ret < 0) { ret = GNUTLS_E_SELF_TEST_ERROR; @@ -525,7 +515,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, ret = gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, - &bad_data, &sig); + &bad_data, &ssig); if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) { ret = GNUTLS_E_SELF_TEST_ERROR; @@ -556,14 +546,18 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, if (ret < 0) { \ gnutls_assert(); \ goto cleanup; \ - } + } \ + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \ + return 0 #define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \ ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \ if (ret < 0) { \ gnutls_assert(); \ goto cleanup; \ - } + } \ + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \ + return 0 /* This file is also included by the test app in tests/slow/cipher-test, so in that @@ -796,12 +790,11 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256, rsa_key2048, rsa_sig); PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0); + PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256); - FALLTHROUGH; case GNUTLS_PK_RSA_PSS: PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256); @@ -813,12 +806,11 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) case GNUTLS_PK_DSA: PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256, dsa_privkey, dsa_sig); + PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256); - FALLTHROUGH; case GNUTLS_PK_EC: /* Test ECDH and ECDSA */ @@ -836,25 +828,30 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) (GNUTLS_ECC_CURVE_SECP256R1), GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey, ecdsa_secp256r1_sig); - - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) - return 0; - PK_TEST(GNUTLS_PK_EC, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), GNUTLS_SIGN_ECDSA_SHA256); + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP384R1), GNUTLS_DIG_SHA256, ecdsa_secp384r1_privkey, ecdsa_secp384r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1), + GNUTLS_SIGN_ECDSA_SHA384); PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP521R1), GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey, ecdsa_secp521r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), + GNUTLS_SIGN_ECDSA_SHA512); #ifdef ENABLE_NON_SUITEB_CURVES PK_KNOWN_TEST(GNUTLS_PK_EC, 0, @@ -862,12 +859,18 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) (GNUTLS_ECC_CURVE_SECP192R1), GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, ecdsa_secp192r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_SIGN_ECDSA_SHA256); PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP224R1), GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, ecdsa_secp224r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_SIGN_ECDSA_SHA256); #endif #if ENABLE_GOST @@ -875,35 +878,31 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) case GNUTLS_PK_GOST_01: PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94, gost01_privkey, gost01_sig); + PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), + GNUTLS_SIGN_GOST_94); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), - GNUTLS_SIGN_GOST_94); - FALLTHROUGH; case GNUTLS_PK_GOST_12_256: PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256, gost12_256_privkey, gost12_256_sig); + PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), + GNUTLS_SIGN_GOST_256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), - GNUTLS_SIGN_GOST_256); - FALLTHROUGH; case GNUTLS_PK_GOST_12_512: PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512, gost12_512_privkey, gost12_512_sig); - - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) - return 0; - PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), GNUTLS_SIGN_GOST_512); + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; #endif break; diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index 9ed300c..02e9284 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -696,107 +696,6 @@ static int test_cipher(gnutls_cipher_algorithm_t cipher, return 0; } -static int test_cipher_all_block_sizes(gnutls_cipher_algorithm_t cipher, - const struct cipher_vectors_st *vectors, - size_t vectors_size, unsigned flags) -{ - gnutls_cipher_hd_t hd; - int ret; - unsigned int i; - uint8_t tmp[384]; - gnutls_datum_t key, iv = {NULL, 0}; - size_t block; - size_t offset; - - for (i = 0; i < vectors_size; i++) { - for (block = 1; block <= vectors[i].plaintext_size; block++) { - key.data = (void *) vectors[i].key; - key.size = vectors[i].key_size; - - iv.data = (void *) vectors[i].iv; - iv.size = gnutls_cipher_get_iv_size(cipher); - - if (iv.size != vectors[i].iv_size) - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - - ret = gnutls_cipher_init(&hd, cipher, &key, &iv); - if (ret < 0) { - _gnutls_debug_log("error initializing: %s\n", - gnutls_cipher_get_name(cipher)); - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - } - - for (offset = 0; - offset < vectors[i].plaintext_size; - offset += block) { - ret = - gnutls_cipher_encrypt2(hd, - vectors[i].plaintext + offset, - MIN(block, vectors[i].plaintext_size - offset), - tmp + offset, - sizeof(tmp) - offset); - if (ret < 0) - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - } - - if (memcmp - (tmp, vectors[i].ciphertext, - vectors[i].plaintext_size) != 0) { - _gnutls_debug_log("%s encryption of test vector %d failed with block size %d/%d!\n", - gnutls_cipher_get_name(cipher), - i, (int)block, (int)vectors[i].plaintext_size); - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - } - - gnutls_cipher_deinit(hd); - } - } - - for (i = 0; i < vectors_size; i++) { - for (block = 1; block <= vectors[i].plaintext_size; block++) { - key.data = (void *) vectors[i].key; - key.size = vectors[i].key_size; - - iv.data = (void *) vectors[i].iv; - iv.size = gnutls_cipher_get_iv_size(cipher); - - ret = gnutls_cipher_init(&hd, cipher, &key, &iv); - if (ret < 0) - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - - for (offset = 0; - offset + block <= vectors[i].plaintext_size; - offset += block) { - ret = - gnutls_cipher_decrypt2(hd, - vectors[i].ciphertext + offset, - MIN(block, vectors[i].plaintext_size - offset), - tmp + offset, - sizeof(tmp) - offset); - if (ret < 0) - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - } - - if (memcmp - (tmp, vectors[i].plaintext, - vectors[i].plaintext_size) != 0) { - _gnutls_debug_log("%s decryption of test vector %d failed with block size %d!\n", - gnutls_cipher_get_name(cipher), - i, (int)block); - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - } - - gnutls_cipher_deinit(hd); - } - } - - _gnutls_debug_log - ("%s self check succeeded\n", - gnutls_cipher_get_name(cipher)); - - return 0; -} - /* AEAD modes (compat APIs) */ static int test_cipher_aead_compat(gnutls_cipher_algorithm_t cipher, const struct cipher_aead_vectors_st *vectors, @@ -1697,14 +1596,6 @@ static int test_mac(gnutls_mac_algorithm_t mac, if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ return ret -#define CASE2(x, func, func2, vectors) case x: \ - ret = func(x, V(vectors), flags); \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ - return ret; \ - ret = func2(x, V(vectors), flags); \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ - return ret - #define NON_FIPS_CASE(x, func, vectors) case x: \ if (_gnutls_fips_mode_enabled() == 0) { \ ret = func(x, V(vectors), flags); \ @@ -1770,17 +1661,14 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher) NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead, chacha_poly1305_vectors); FALLTHROUGH; - CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher, - test_cipher_all_block_sizes, - aes128_cfb8_vectors); + CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher, + aes128_cfb8_vectors); FALLTHROUGH; - CASE2(GNUTLS_CIPHER_AES_192_CFB8, test_cipher, - test_cipher_all_block_sizes, - aes192_cfb8_vectors); + CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher, + aes192_cfb8_vectors); FALLTHROUGH; - CASE2(GNUTLS_CIPHER_AES_256_CFB8, test_cipher, - test_cipher_all_block_sizes, - aes256_cfb8_vectors); + CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher, + aes256_cfb8_vectors); FALLTHROUGH; CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher, aes128_xts_vectors); diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c index b9991f0..34f6ce0 100644 --- a/lib/ext/alpn.c +++ b/lib/ext/alpn.c @@ -51,12 +51,13 @@ const hello_ext_entry_st ext_mod_alpn = { static int _gnutls_alpn_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { unsigned int i; int ret; const uint8_t *p = data; unsigned len1, len; + ssize_t data_size = _data_size; alpn_ext_st *priv; gnutls_ext_priv_data_t epriv; int selected_protocol_index; diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c index b627b71..471d42c 100644 --- a/lib/ext/client_cert_type.c +++ b/lib/ext/client_cert_type.c @@ -73,6 +73,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, gnutls_certificate_type_t cert_type; uint8_t i, found = 0; + ssize_t len = data_size; const uint8_t* pdata = data; /* Only activate this extension if we have cert credentials set @@ -85,7 +86,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, /* Compare packet length with expected packet length. For the * client this is a single byte. */ - if (data_size != 1) { + if (len != 1) { return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } @@ -135,8 +136,8 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, } else { // server mode // Compare packet length with expected packet length. - DECR_LEN(data_size, 1); - if (data[0] != data_size) { + DECR_LEN(len, 1); + if (data[0] != len) { return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } @@ -144,7 +145,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, // Assign the contents of our data buffer to a gnutls_datum_t cert_types.data = (uint8_t*)pdata; // Need casting to get rid of 'discards const qualifier' warning - cert_types.size = data_size; + cert_types.size = len; // Store the client certificate types in our session _gnutls_hello_ext_set_datum(session, diff --git a/lib/ext/cookie.c b/lib/ext/cookie.c index 0feb2f0..1e66c3d 100644 --- a/lib/ext/cookie.c +++ b/lib/ext/cookie.c @@ -53,9 +53,10 @@ const hello_ext_entry_st ext_mod_cookie = { /* Only client sends this extension. */ static int cookie_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { - size_t csize; + ssize_t data_size = _data_size; + ssize_t csize; int ret; gnutls_datum_t tmp; diff --git a/lib/ext/ec_point_formats.c b/lib/ext/ec_point_formats.c index c702d43..eb59ec1 100644 --- a/lib/ext/ec_point_formats.c +++ b/lib/ext/ec_point_formats.c @@ -57,10 +57,11 @@ const hello_ext_entry_st ext_mod_supported_ec_point_formats = { static int _gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session, const uint8_t * data, - size_t data_size) + size_t _data_size) { - size_t len, i; + int len, i; int uncompressed = 0; + int data_size = _data_size; if (session->security_parameters.entity == GNUTLS_CLIENT) { if (data_size < 1) @@ -90,7 +91,7 @@ _gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session, /* only sanity check here. We only support uncompressed points * and a client must support it thus nothing to check. */ - if (data_size < 1) + if (_data_size < 1) return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c index 8f0912e..599eff8 100644 --- a/lib/ext/key_share.c +++ b/lib/ext/key_share.c @@ -504,10 +504,11 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou static int key_share_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { int ret; - size_t size; + ssize_t data_size = _data_size; + ssize_t size; unsigned gid; const version_entry_st *ver; const gnutls_group_entry_st *group; diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c index 3cada69..dbb98cf 100644 --- a/lib/ext/max_record.c +++ b/lib/ext/max_record.c @@ -65,9 +65,10 @@ const hello_ext_entry_st ext_mod_max_record_size = { static int _gnutls_max_record_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { ssize_t new_size; + ssize_t data_size = _data_size; if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED) return 0; diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c index 8d8effb..da7a550 100644 --- a/lib/ext/psk_ke_modes.c +++ b/lib/ext/psk_ke_modes.c @@ -106,9 +106,10 @@ psk_ke_modes_send_params(gnutls_session_t session, */ static int psk_ke_modes_recv_params(gnutls_session_t session, - const unsigned char *data, size_t len) + const unsigned char *data, size_t _len) { uint8_t ke_modes_len; + ssize_t len = _len; const version_entry_st *vers = get_version(session); gnutls_psk_server_credentials_t cred; int dhpsk_pos = MAX_POS; diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c index 0e94fec..e9fe6a1 100644 --- a/lib/ext/record_size_limit.c +++ b/lib/ext/record_size_limit.c @@ -48,9 +48,10 @@ const hello_ext_entry_st ext_mod_record_size_limit = { static int _gnutls_record_size_limit_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { ssize_t new_size; + ssize_t data_size = _data_size; const version_entry_st *vers; DECR_LEN(data_size, 2); diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c index bb4a57e..6424f45 100644 --- a/lib/ext/safe_renegotiation.c +++ b/lib/ext/safe_renegotiation.c @@ -265,9 +265,10 @@ int _gnutls_ext_sr_send_cs(gnutls_session_t session) static int _gnutls_sr_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { unsigned int len; + ssize_t data_size = _data_size; sr_ext_st *priv; gnutls_ext_priv_data_t epriv; int set = 0, ret; diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c index 864a44b..dbcb397 100644 --- a/lib/ext/server_cert_type.c +++ b/lib/ext/server_cert_type.c @@ -73,6 +73,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, gnutls_certificate_type_t cert_type; uint8_t i, found = 0; + ssize_t len = data_size; const uint8_t* pdata = data; /* Only activate this extension if we have cert credentials set @@ -85,7 +86,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, /* Compare packet length with expected packet length. For the * client this is a single byte. */ - if (data_size != 1) { + if (len != 1) { return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } @@ -134,8 +135,8 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, } else { // server mode // Compare packet length with expected packet length. - DECR_LEN(data_size, 1); - if (data[0] != data_size) { + DECR_LEN(len, 1); + if (data[0] != len) { return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } @@ -143,7 +144,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, // Assign the contents of our data buffer to a gnutls_datum_t cert_types.data = (uint8_t*)pdata; // Need casting to get rid of 'discards const qualifier' warning - cert_types.size = data_size; + cert_types.size = len; // Store the server certificate types in our session _gnutls_hello_ext_set_datum(session, diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c index 0c63315..259dc99 100644 --- a/lib/ext/server_name.c +++ b/lib/ext/server_name.c @@ -66,10 +66,11 @@ const hello_ext_entry_st ext_mod_server_name = { */ static int _gnutls_server_name_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { const unsigned char *p; uint16_t len, type; + ssize_t data_size = _data_size; gnutls_datum_t name; if (session->security_parameters.entity == GNUTLS_SERVER) { diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 263273f..09e240c 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -78,7 +78,7 @@ static int unpack_ticket(const gnutls_datum_t *ticket_data, struct ticket_st *ticket) { const uint8_t * data = ticket_data->data; - size_t data_size = ticket_data->size; + ssize_t data_size = ticket_data->size; const uint8_t *encrypted_state; /* Format: @@ -136,11 +136,7 @@ pack_ticket(const struct ticket_st *ticket, gnutls_datum_t *ticket_data) _gnutls_write_uint16(ticket->encrypted_state_len, p); p += 2; - /* We use memmove instead of memcpy here because - * ticket->encrypted_state is allocated from - * ticket_data->data, and thus both memory areas may overlap. - */ - memmove(p, ticket->encrypted_state, ticket->encrypted_state_len); + memcpy(p, ticket->encrypted_state, ticket->encrypted_state_len); p += ticket->encrypted_state_len; memcpy(p, ticket->mac, TICKET_MAC_SIZE); @@ -371,10 +367,11 @@ unpack_session(gnutls_session_t session, const gnutls_datum_t *state) static int session_ticket_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { gnutls_datum_t ticket_data; gnutls_datum_t state; + ssize_t data_size = _data_size; int ret; if (session->internals.flags & GNUTLS_NO_TICKETS) diff --git a/lib/ext/signature.c b/lib/ext/signature.c index a90f58d..e734d2c 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -187,8 +187,9 @@ _gnutls_sign_algorithm_parse_data(gnutls_session_t session, static int _gnutls_signature_algorithm_recv_params(gnutls_session_t session, const uint8_t * data, - size_t data_size) + size_t _data_size) { + ssize_t data_size = _data_size; int ret; if (session->security_parameters.entity == GNUTLS_CLIENT) { diff --git a/lib/ext/srp.c b/lib/ext/srp.c index 07f6e68..8b58222 100644 --- a/lib/ext/srp.c +++ b/lib/ext/srp.c @@ -59,9 +59,10 @@ const hello_ext_entry_st ext_mod_srp = { static int _gnutls_srp_recv_params(gnutls_session_t session, const uint8_t * data, - size_t data_size) + size_t _data_size) { uint8_t len; + ssize_t data_size = _data_size; gnutls_ext_priv_data_t epriv; srp_ext_st *priv; diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c index 412e26d..3fc7ed3 100644 --- a/lib/ext/srtp.c +++ b/lib/ext/srtp.c @@ -162,12 +162,13 @@ const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile) static int _gnutls_srtp_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { unsigned int i; int ret; const uint8_t *p = data; - size_t len; + int len; + ssize_t data_size = _data_size; srtp_ext_st *priv; gnutls_ext_priv_data_t epriv; uint16_t profile; diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index cf9d5bd..d8779e8 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -86,8 +86,9 @@ client_send(gnutls_session_t session, static int server_recv(gnutls_session_t session, status_request_ext_st * priv, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t size) { + ssize_t data_size = size; unsigned rid_bytes = 0; /* minimum message is type (1) + responder_id_list (2) + diff --git a/lib/ext/supported_groups.c b/lib/ext/supported_groups.c index ef7859f..952d3bb 100644 --- a/lib/ext/supported_groups.c +++ b/lib/ext/supported_groups.c @@ -93,9 +93,10 @@ static unsigned get_min_dh(gnutls_session_t session) */ static int _gnutls_supported_groups_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { int i; + ssize_t data_size = _data_size; uint16_t len; const uint8_t *p = data; const gnutls_group_entry_st *group = NULL; diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c index 8d52fad..52828ee 100644 --- a/lib/ext/supported_versions.c +++ b/lib/ext/supported_versions.c @@ -54,11 +54,12 @@ const hello_ext_entry_st ext_mod_supported_versions = { static int supported_versions_recv_params(gnutls_session_t session, - const uint8_t * data, size_t data_size) + const uint8_t * data, size_t _data_size) { const version_entry_st *vers; + ssize_t data_size = _data_size; uint8_t major, minor; - size_t bytes; + ssize_t bytes; int ret; if (session->security_parameters.entity == GNUTLS_SERVER) { diff --git a/lib/extv.c b/lib/extv.c index 0c0c46f..bfdfdf9 100644 --- a/lib/extv.c +++ b/lib/extv.c @@ -105,7 +105,7 @@ int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb, const gnutls_datum_t *data, unsigned int flags) { if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) { - size_t size = data->size; + ssize_t size = data->size; size_t len; uint8_t *p = data->data; @@ -137,12 +137,12 @@ int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb, DECR_LEN(size, len); p += len; - if (size == 0) + if (size <= 0) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); return _gnutls_extv_parse(ctx, cb, p, size); } else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) { - size_t size = data->size; + ssize_t size = data->size; size_t len; uint8_t *p = data->data; @@ -181,7 +181,7 @@ int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb, DECR_LEN(size, len); p += len; - if (size == 0) + if (size <= 0) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); return _gnutls_extv_parse(ctx, cb, p, size); diff --git a/lib/fips.c b/lib/fips.c index 902af56..b92edbb 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -317,12 +317,6 @@ int _gnutls_fips_perform_self_checks2(void) goto error; } - ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC); - if (ret < 0) { - gnutls_assert(); - goto error; - } - ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM); if (ret < 0) { gnutls_assert(); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4b4dbdf..0e09425 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -238,15 +238,14 @@ typedef enum record_send_state_t { #define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y)) -#define DECR_LEN(len, x) DECR_LENGTH_RET(len, x, GNUTLS_E_UNEXPECTED_PACKET_LENGTH) +#define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0) #define DECR_LEN_FINAL(len, x) do { \ - if (len != x) \ + len-=x; \ + if (len != 0) \ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); \ - else \ - len = 0; \ } while (0) -#define DECR_LENGTH_RET(len, x, RET) DECR_LENGTH_COM(len, x, return RET) -#define DECR_LENGTH_COM(len, x, COM) do { if (leninternals.hsk_flags & HSK_HRR_RECEIVED) && - !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { + !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { ret = _gnutls_gen_client_random(session); if (ret < 0) { gnutls_assert(); diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index d880568..d4b7da6 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -371,10 +371,7 @@ int gnutls_privkey_status(gnutls_privkey_t key); * gnutls_privkey_flags: * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol. * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding. - * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make a signature on the hashed data with reproducible parameters. - * For RSA-PSS, that means to use empty salt instead of random value. For ECDSA/DSA, it uses the deterministic - * construction of random parameter according to RFC 6979. Note that - * this only supports the NIST curves and DSA subgroup bits up to 512. + * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make an RSA-PSS signature on the hashed data with reproducible parameters (zero salt). * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically * release it when the structure it was imported is released. * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import. diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 6909e10..4f70b4a 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -92,20 +92,6 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, const giovec_t *iov, int iovcnt, void *ctext, size_t *ctext_len); -int -gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle, - const void *nonce, size_t nonce_len, - const giovec_t *auth_iov, int auth_iovcnt, - const giovec_t *iov, int iovcnt, - void *tag, size_t *tag_size); - -int -gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle, - const void *nonce, size_t nonce_len, - const giovec_t *auth_iov, int auth_iovcnt, - const giovec_t *iov, int iovcnt, - void *tag, size_t tag_size); - void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle); /* Hash - MAC API */ diff --git a/lib/iov.c b/lib/iov.c deleted file mode 100644 index 1cd8d46..0000000 --- a/lib/iov.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#include "gnutls_int.h" -#include "iov.h" - -/** - * _gnutls_iov_iter_init: - * @iter: the iterator - * @iov: the data buffers - * @iov_count: the number of data buffers - * @block_size: block size to iterate - * - * Initialize the iterator. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise - * an error code is returned - */ -int -_gnutls_iov_iter_init(struct iov_iter_st *iter, - const giovec_t *iov, size_t iov_count, - size_t block_size) -{ - if (unlikely(block_size > MAX_CIPHER_BLOCK_SIZE)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - iter->iov = iov; - iter->iov_count = iov_count; - iter->iov_index = 0; - iter->iov_offset = 0; - iter->block_size = block_size; - iter->block_offset = 0; - return 0; -} - -/** - * _gnutls_iov_iter_next: - * @iter: the iterator - * @data: the return location of extracted data - * - * Retrieve block(s) pointed by @iter and advance it to the next - * position. It returns the number of bytes in @data. At the end of - * iteration, 0 is returned. - * - * If the data stored in @iter is not multiple of the block size, the - * remaining data is stored in the "block" field of @iter with the - * size stored in the "block_offset" field. - * - * Returns: On success, a value greater than or equal to zero is - * returned, otherwise a negative error code is returned - */ -ssize_t -_gnutls_iov_iter_next(struct iov_iter_st *iter, uint8_t **data) -{ - while (iter->iov_index < iter->iov_count) { - const giovec_t *iov = &iter->iov[iter->iov_index]; - uint8_t *p = iov->iov_base; - size_t len = iov->iov_len; - size_t block_left; - - if (unlikely(len < iter->iov_offset)) - return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - len -= iter->iov_offset; - p += iter->iov_offset; - - /* We have at least one full block, return a whole set - * of full blocks immediately. */ - if (iter->block_offset == 0 && len >= iter->block_size) { - if ((len % iter->block_size) == 0) { - iter->iov_index++; - iter->iov_offset = 0; - } else { - len -= (len % iter->block_size); - iter->iov_offset += len; - } - - /* Return the blocks. */ - *data = p; - return len; - } - - /* We can complete one full block to return. */ - block_left = iter->block_size - iter->block_offset; - if (len >= block_left) { - memcpy(iter->block + iter->block_offset, p, block_left); - if (len == block_left) { - iter->iov_index++; - iter->iov_offset = 0; - } else - iter->iov_offset += block_left; - iter->block_offset = 0; - - /* Return the filled block. */ - *data = iter->block; - return iter->block_size; - } - - /* Not enough data for a full block, store in temp - * memory and continue. */ - memcpy(iter->block + iter->block_offset, p, len); - iter->block_offset += len; - iter->iov_index++; - iter->iov_offset = 0; - } - - if (iter->block_offset > 0) { - size_t len = iter->block_offset; - - /* Return the incomplete block. */ - *data = iter->block; - iter->block_offset = 0; - return len; - } - - return 0; -} - -/** - * _gnutls_iov_iter_sync: - * @iter: the iterator - * @data: data returned by _gnutls_iov_iter_next - * @data_size: size of @data - * - * Flush the content of temp buffer (if any) to the data buffer. - */ -int -_gnutls_iov_iter_sync(struct iov_iter_st *iter, const uint8_t *data, - size_t data_size) -{ - size_t iov_index; - size_t iov_offset; - - /* We didn't return the cached block. */ - if (data != iter->block) - return 0; - - iov_index = iter->iov_index; - iov_offset = iter->iov_offset; - - /* When syncing a cache block we walk backwards because we only have a - * pointer to were the block ends in the iovec, walking backwards is - * fine as we are always writing a full block, so the whole content - * is written in the right places: - * iovec: |--0--|---1---|--2--|-3-| - * block: |-----------------------| - * 1st write |---| - * 2nd write |----- - * 3rd write |------- - * last write |----- - */ - while (data_size > 0) { - const giovec_t *iov; - uint8_t *p; - size_t to_write; - - while (iov_offset == 0) { - if (unlikely(iov_index == 0)) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - - iov_index--; - iov_offset = iter->iov[iov_index].iov_len; - } - - iov = &iter->iov[iov_index]; - p = iov->iov_base; - to_write = MIN(data_size, iov_offset); - - iov_offset -= to_write; - data_size -= to_write; - - memcpy(p + iov_offset, &iter->block[data_size], to_write); - } - - return 0; -} diff --git a/lib/iov.h b/lib/iov.h deleted file mode 100644 index 5b99034..0000000 --- a/lib/iov.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#ifndef GNUTLS_LIB_IOV_H -#define GNUTLS_LIB_IOV_H - -#include "gnutls_int.h" - -struct iov_iter_st { - const giovec_t *iov; - size_t iov_count; /* the number of iov */ - size_t iov_index; /* index of the current buffer */ - size_t iov_offset; /* byte offset in the current buffer */ - - uint8_t block[MAX_CIPHER_BLOCK_SIZE]; /* incomplete block for reading */ - size_t block_size; /* actual block size of the cipher */ - size_t block_offset; /* offset in block */ -}; - -int _gnutls_iov_iter_init(struct iov_iter_st *iter, - const giovec_t *iov, size_t iov_count, - size_t block_size); - -ssize_t _gnutls_iov_iter_next(struct iov_iter_st *iter, uint8_t **data); - -int _gnutls_iov_iter_sync(struct iov_iter_st *iter, const uint8_t *data, - size_t data_size); - -#endif /* GNUTLS_LIB_IOV_H */ diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 988bc41..836e75e 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1286,13 +1286,6 @@ GNUTLS_3_6_8 gnutls_ffdhe_8192_group_q; } GNUTLS_3_6_6; -GNUTLS_3_6_10 -{ - global: - gnutls_aead_cipher_encryptv2; - gnutls_aead_cipher_decryptv2; -} GNUTLS_3_6_8; - GNUTLS_FIPS140_3_4 { global: gnutls_cipher_self_test; @@ -1381,8 +1374,4 @@ GNUTLS_PRIVATE_3_4 { _gnutls_global_set_gettime_function; # Internal symbols needed by tests/tls13/anti_replay.c _gnutls_anti_replay_check; - # needed by tests/iov: - _gnutls_iov_iter_init; - _gnutls_iov_iter_next; - _gnutls_iov_iter_sync; } GNUTLS_3_4; diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index bd9dd75..1c60d32 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -45,10 +45,7 @@ libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c \ backport/xts.c backport/xts.h \ rnd.c int/rsa-fips.h int/rsa-keygen-fips186.c int/provable-prime.c \ int/dsa-fips.h int/dsa-keygen-fips186.c int/dsa-validate.c \ - int/tls1-prf.c int/tls1-prf.h \ - int/dsa-compute-k.c int/dsa-compute-k.h \ - int/ecdsa-compute-k.c int/ecdsa-compute-k.h \ - int/mpn-base256.c int/mpn-base256.h + int/tls1-prf.c int/tls1-prf.h if WINDOWS libcrypto_la_SOURCES += sysrng-windows.c diff --git a/lib/nettle/backport/cfb8.c b/lib/nettle/backport/cfb8.c index 1762192..e9816fe 100644 --- a/lib/nettle/backport/cfb8.c +++ b/lib/nettle/backport/cfb8.c @@ -110,12 +110,10 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f, src += i; dst += i; - if (i == block_size) - { - memcpy(buffer, buffer + block_size, block_size); - memcpy(buffer + block_size, src, - length < block_size ? length : block_size); - } + memcpy(buffer, buffer + block_size, block_size); + memcpy(buffer + block_size, src, + length < block_size ? length : block_size); + } memcpy(iv, buffer + i, block_size); diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c deleted file mode 100644 index 17d6331..0000000 --- a/lib/nettle/int/dsa-compute-k.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include "dsa-compute-k.h" - -#include "gnutls_int.h" -#include "mem.h" -#include "mpn-base256.h" -#include - -#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS) - -/* The maximum size of q, choosen from the fact that we support - * 521-bit elliptic curve generator and 512-bit DSA subgroup at - * maximum. */ -#define MAX_Q_BITS 521 -#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8) -#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS) - -#define MAX_HASH_BITS (MAX_HASH_SIZE * 8) -#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS) - -int -_gnutls_dsa_compute_k(mpz_t k, - const mpz_t q, - const mpz_t x, - gnutls_mac_algorithm_t mac, - const uint8_t *digest, - size_t length) -{ - uint8_t V[MAX_HASH_SIZE]; - uint8_t K[MAX_HASH_SIZE]; - uint8_t xp[MAX_Q_SIZE]; - uint8_t tp[MAX_Q_SIZE]; - mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)]; - mp_bitcnt_t q_bits = mpz_sizeinbase (q, 2); - mp_size_t qn = mpz_size(q); - mp_bitcnt_t h_bits = length * 8; - mp_size_t hn = BITS_TO_LIMBS(h_bits); - size_t nbytes = (q_bits + 7) / 8; - const uint8_t c0 = 0x00; - const uint8_t c1 = 0x01; - mp_limb_t cy; - gnutls_hmac_hd_t hd; - int ret = 0; - - if (unlikely(q_bits > MAX_Q_BITS)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (unlikely(length > MAX_HASH_SIZE)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - /* int2octets(x) */ - mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn); - - /* bits2octets(h) */ - mpn_set_base256(h, hn, digest, length); - - if (hn < qn) - /* qlen > blen: add zero bits to the left */ - mpn_zero(&h[hn], qn - hn); - else if (h_bits > q_bits) { - /* qlen < blen: keep the leftmost qlen bits. We do this in 2 - * steps because mpn_rshift only accepts shift count in the - * range 1 to mp_bits_per_limb-1. - */ - mp_bitcnt_t shift = h_bits - q_bits; - - if (shift / GMP_NUMB_BITS > 0) { - mpn_copyi(h, &h[shift / GMP_NUMB_BITS], qn); - hn -= shift / GMP_NUMB_BITS; - } - - if (shift % GMP_NUMB_BITS > 0) - mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS); - } - - cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn); - /* Fall back to addmul_1, if nettle is linked with mini-gmp. */ -#ifdef mpn_cnd_add_n - mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn); -#else - mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0); -#endif - mpn_get_base256(tp, nbytes, h, qn); - - /* Step b */ - memset(V, c1, length); - - /* Step c */ - memset(K, c0, length); - - /* Step d */ - ret = gnutls_hmac_init(&hd, mac, K, length); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, V, length); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, &c0, 1); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, xp, nbytes); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, tp, nbytes); - if (ret < 0) - goto out; - gnutls_hmac_deinit(hd, K); - - /* Step e */ - ret = gnutls_hmac_fast(mac, K, length, V, length, V); - if (ret < 0) - goto out; - - /* Step f */ - ret = gnutls_hmac_init(&hd, mac, K, length); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, V, length); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, &c1, 1); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, xp, nbytes); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, tp, nbytes); - if (ret < 0) - goto out; - gnutls_hmac_deinit(hd, K); - - /* Step g */ - ret = gnutls_hmac_fast(mac, K, length, V, length, V); - if (ret < 0) - goto out; - - /* Step h */ - for (;;) { - /* Step 1 */ - size_t tlen = 0; - - /* Step 2 */ - while (tlen < nbytes) { - size_t remaining = MIN(nbytes - tlen, length); - ret = gnutls_hmac_fast(mac, K, length, V, length, V); - if (ret < 0) - goto out; - memcpy (&tp[tlen], V, remaining); - tlen += remaining; - } - - /* Step 3 */ - mpn_set_base256 (h, qn, tp, tlen); - if (tlen * 8 > q_bits) - mpn_rshift (h, h, qn, tlen * 8 - q_bits); - /* Check if k is in [1,q-1] */ - if (!mpn_zero_p (h, qn) && - mpn_cmp (h, mpz_limbs_read(q), qn) < 0) { - mpn_copyi(mpz_limbs_write(k, qn), h, qn); - mpz_limbs_finish(k, qn); - break; - } - - ret = gnutls_hmac_init(&hd, mac, K, length); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, V, length); - if (ret < 0) - goto out; - ret = gnutls_hmac(hd, &c0, 1); - if (ret < 0) - goto out; - gnutls_hmac_deinit(hd, K); - - ret = gnutls_hmac_fast(mac, K, length, V, length, V); - if (ret < 0) - goto out; - } - - out: - zeroize_key(xp, sizeof(xp)); - zeroize_key(tp, sizeof(tp)); - - return ret; -} diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h deleted file mode 100644 index 64e90e0..0000000 --- a/lib/nettle/int/dsa-compute-k.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#ifndef GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H -#define GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H - -#include -#include /* includes gmp.h */ - -int -_gnutls_dsa_compute_k(mpz_t k, - const mpz_t q, - const mpz_t x, - gnutls_mac_algorithm_t mac, - const uint8_t *digest, - size_t length); - -#endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */ diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c deleted file mode 100644 index 94914eb..0000000 --- a/lib/nettle/int/ecdsa-compute-k.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include "ecdsa-compute-k.h" - -#include "dsa-compute-k.h" -#include "gnutls_int.h" - -static inline int -_gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve) -{ - switch (curve) { -#ifdef ENABLE_NON_SUITEB_CURVES - case GNUTLS_ECC_CURVE_SECP192R1: - mpz_init_set_str(*q, - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836" - "146BC9B1B4D22831", - 16); - return 0; - case GNUTLS_ECC_CURVE_SECP224R1: - mpz_init_set_str(*q, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2" - "E0B8F03E13DD29455C5C2A3D", - 16); - return 0; -#endif - case GNUTLS_ECC_CURVE_SECP256R1: - mpz_init_set_str(*q, - "FFFFFFFF00000000FFFFFFFFFFFFFFFF" - "BCE6FAADA7179E84F3B9CAC2FC632551", - 16); - return 0; - case GNUTLS_ECC_CURVE_SECP384R1: - mpz_init_set_str(*q, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFC7634D81F4372DDF" - "581A0DB248B0A77AECEC196ACCC52973", - 16); - return 0; - case GNUTLS_ECC_CURVE_SECP521R1: - mpz_init_set_str(*q, - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFA51868783BF2F966B7FCC0148F709A" - "5D03BB5C9B8899C47AEBB6FB71E91386" - "409", - 16); - return 0; - default: - return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); - } -} - -int -_gnutls_ecdsa_compute_k (mpz_t k, - gnutls_ecc_curve_t curve, - const mpz_t x, - gnutls_mac_algorithm_t mac, - const uint8_t *digest, - size_t length) -{ - mpz_t q; - int ret; - - ret = _gnutls_ecc_curve_to_dsa_q(&q, curve); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = _gnutls_dsa_compute_k (k, q, x, mac, digest, length); - mpz_clear(q); - return ret; -} diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h deleted file mode 100644 index 7ca401d..0000000 --- a/lib/nettle/int/ecdsa-compute-k.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#ifndef GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H -#define GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H - -#include -#include /* includes gmp.h */ - -int -_gnutls_ecdsa_compute_k (mpz_t k, - gnutls_ecc_curve_t curve, - const mpz_t x, - gnutls_mac_algorithm_t mac, - const uint8_t *digest, - size_t length); - -#endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */ diff --git a/lib/nettle/int/mpn-base256.c b/lib/nettle/int/mpn-base256.c deleted file mode 100644 index 88dd00b..0000000 --- a/lib/nettle/int/mpn-base256.c +++ /dev/null @@ -1,97 +0,0 @@ -/* gmp-glue.c - - Copyright (C) 2013 Niels Möller - Copyright (C) 2013 Red Hat - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include "mpn-base256.h" - -void -mpn_set_base256 (mp_limb_t *rp, mp_size_t rn, - const uint8_t *xp, size_t xn) -{ - size_t xi; - mp_limb_t out; - unsigned bits; - for (xi = xn, out = bits = 0; xi > 0 && rn > 0; ) - { - mp_limb_t in = xp[--xi]; - out |= (in << bits) & GMP_NUMB_MASK; - bits += 8; - if (bits >= GMP_NUMB_BITS) - { - *rp++ = out; - rn--; - - bits -= GMP_NUMB_BITS; - out = in >> (8 - bits); - } - } - if (rn > 0) - { - *rp++ = out; - if (--rn > 0) - mpn_zero (rp, rn); - } -} - -void -mpn_get_base256 (uint8_t *rp, size_t rn, - const mp_limb_t *xp, mp_size_t xn) -{ - unsigned bits; - mp_limb_t in; - for (bits = in = 0; xn > 0 && rn > 0; ) - { - if (bits >= 8) - { - rp[--rn] = in; - in >>= 8; - bits -= 8; - } - else - { - uint8_t old = in; - in = *xp++; - xn--; - rp[--rn] = old | (in << bits); - in >>= (8 - bits); - bits += GMP_NUMB_BITS - 8; - } - } - while (rn > 0) - { - rp[--rn] = in; - in >>= 8; - } -} diff --git a/lib/nettle/int/mpn-base256.h b/lib/nettle/int/mpn-base256.h deleted file mode 100644 index b5ca4af..0000000 --- a/lib/nettle/int/mpn-base256.h +++ /dev/null @@ -1,48 +0,0 @@ -/* gmp-glue.h - - Copyright (C) 2013 Niels Möller - Copyright (C) 2013 Red Hat - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -*/ - -#ifndef NETTLE_GMP_GLUE_H_INCLUDED -#define NETTLE_GMP_GLUE_H_INCLUDED - -#include - -/* Like mpn_set_str, but always writes rn limbs. If input is larger, - higher bits are ignored. */ -void -mpn_set_base256 (mp_limb_t *rp, mp_size_t rn, - const uint8_t *xp, size_t xn); - -void -mpn_get_base256 (uint8_t *rp, size_t rn, - const mp_limb_t *xp, mp_size_t xn); - -#endif /* NETTLE_GMP_GLUE_H_INCLUDED */ diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 772fcdc..08117c2 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -54,8 +54,6 @@ #include "gost/gostdsa.h" #include "gost/ecc-gost-curve.h" #endif -#include "int/ecdsa-compute-k.h" -#include "int/dsa-compute-k.h" #include #include @@ -88,21 +86,6 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t * data) } } -static void rnd_mpz_func(void *_ctx, size_t length, uint8_t * data) -{ - mpz_t *k = _ctx; - nettle_mpz_get_str_256 (length, data, *k); -} - -static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t * data) -{ - if (unlikely(_gnutls_get_lib_state() != LIB_STATE_SELFTEST)) { - _gnutls_switch_lib_state(LIB_STATE_ERROR); - } - - memset(data, 0xAA, length); -} - static void ecc_scalar_zclear (struct ecc_scalar *s) { @@ -444,7 +427,6 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA: { struct rsa_public_key pub; - nettle_random_func *random_func; ret = _rsa_params_to_pubkey(pk_params, &pub); if (ret < 0) { @@ -452,12 +434,8 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, goto cleanup; } - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) - random_func = rnd_nonce_func_fallback; - else - random_func = rnd_nonce_func; ret = - rsa_encrypt(&pub, NULL, random_func, + rsa_encrypt(&pub, NULL, rnd_nonce_func, plaintext->size, plaintext->data, p); if (ret == 0 || HAVE_LIB_ERROR()) { @@ -510,7 +488,6 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, struct rsa_public_key pub; size_t length; bigint_t c; - nettle_random_func *random_func; _rsa_params_to_privkey(pk_params, &priv); ret = _rsa_params_to_pubkey(pk_params, &pub); @@ -541,12 +518,8 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, goto cleanup; } - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) - random_func = rnd_nonce_func_fallback; - else - random_func = rnd_nonce_func; ret = - rsa_decrypt_tr(&pub, &priv, NULL, random_func, + rsa_decrypt_tr(&pub, &priv, NULL, rnd_nonce_func, &length, plaintext->data, TOMPZ(c)); _gnutls_mpi_release(&c); @@ -592,7 +565,6 @@ _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo, bigint_t c; uint32_t is_err; int ret; - nettle_random_func *random_func; if (algo != GNUTLS_PK_RSA || plaintext == NULL) { gnutls_assert(); @@ -612,11 +584,7 @@ _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo, return gnutls_assert_val (GNUTLS_E_MPI_SCAN_FAILED); } - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) - random_func = rnd_nonce_func_fallback; - else - random_func = rnd_nonce_func; - ret = rsa_sec_decrypt(&pub, &priv, NULL, random_func, + ret = rsa_sec_decrypt(&pub, &priv, NULL, rnd_nonce_func, plaintext_size, plaintext, TOMPZ(c)); /* after this point, any conditional on failure that cause differences * in execution may create a timing or cache access pattern side @@ -727,14 +695,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); } - /* deterministic ECDSA/DSA is prohibited under FIPS except in - * the selftests */ - if (_gnutls_fips_mode_enabled() && - _gnutls_get_lib_state() != LIB_STATE_SELFTEST && - (algo == GNUTLS_PK_DSA || algo == GNUTLS_PK_ECDSA) && - (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - switch (algo) { case GNUTLS_PK_EDDSA_ED25519: /* we do EdDSA */ { @@ -822,9 +782,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, struct dsa_signature sig; int curve_id = pk_params->curve; const struct ecc_curve *curve; - mpz_t k; - void *random_ctx; - nettle_random_func *random_func; curve = get_supported_nist_curve(curve_id); if (curve == NULL) @@ -851,24 +808,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, hash_len = vdata->size; } - mpz_init(k); - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST || - (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) { - ret = _gnutls_ecdsa_compute_k(k, - curve_id, - pk_params->params[ECC_K], - sign_params->dsa_dig, - vdata->data, - vdata->size); - if (ret < 0) - goto ecdsa_cleanup; - random_ctx = &k; - random_func = rnd_mpz_func; - } else { - random_ctx = NULL; - random_func = rnd_nonce_func; - } - ecdsa_sign(&priv, random_ctx, random_func, hash_len, + ecdsa_sign(&priv, NULL, rnd_nonce_func, hash_len, vdata->data, &sig); /* prevent memory leaks */ @@ -884,7 +824,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ecdsa_cleanup: dsa_signature_clear(&sig); ecc_scalar_zclear(&priv); - mpz_clear(k); if (ret < 0) { gnutls_assert(); @@ -897,9 +836,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, struct dsa_params pub; bigint_t priv; struct dsa_signature sig; - mpz_t k; - void *random_ctx; - nettle_random_func *random_func; memset(&priv, 0, sizeof(priv)); memset(&pub, 0, sizeof(pub)); @@ -920,27 +856,8 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, hash_len = vdata->size; } - mpz_init(k); - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST || - (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) { - ret = _gnutls_dsa_compute_k(k, - pub.q, - TOMPZ(priv), - sign_params->dsa_dig, - vdata->data, - vdata->size); - if (ret < 0) - goto dsa_fail; - /* cancel-out dsa_sign's addition of 1 to random data */ - mpz_sub_ui (k, k, 1); - random_ctx = &k; - random_func = rnd_mpz_func; - } else { - random_ctx = NULL; - random_func = rnd_nonce_func; - } ret = - dsa_sign(&pub, TOMPZ(priv), random_ctx, random_func, + dsa_sign(&pub, TOMPZ(priv), NULL, rnd_nonce_func, hash_len, vdata->data, &sig); if (ret == 0 || HAVE_LIB_ERROR()) { gnutls_assert(); @@ -954,7 +871,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, dsa_fail: dsa_signature_clear(&sig); - mpz_clear(k); if (ret < 0) { gnutls_assert(); @@ -966,7 +882,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, { struct rsa_private_key priv; struct rsa_public_key pub; - nettle_random_func *random_func; mpz_t s; _rsa_params_to_privkey(pk_params, &priv); @@ -977,12 +892,8 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, mpz_init(s); - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) - random_func = rnd_nonce_func_fallback; - else - random_func = rnd_nonce_func; ret = - rsa_pkcs1_sign_tr(&pub, &priv, NULL, random_func, + rsa_pkcs1_sign_tr(&pub, &priv, NULL, rnd_nonce_func, vdata->size, vdata->data, s); if (ret == 0 || HAVE_LIB_ERROR()) { gnutls_assert(); diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c index ccb92d2..ee68cf6 100644 --- a/lib/nettle/rnd-fips.c +++ b/lib/nettle/rnd-fips.c @@ -27,13 +27,12 @@ #include "gnutls_int.h" #include "errors.h" -#include +#include +#include +#include #include #include -/* The block size is chosen arbitrarily */ -#define ENTROPY_BLOCK_SIZE SHA256_DIGEST_SIZE - /* This provides a random generator for gnutls. It uses * two instances of the DRBG-AES-CTR generator, one for * nonce level and another for the other levels of randomness. @@ -42,13 +41,11 @@ struct fips_ctx { struct drbg_aes_ctx nonce_context; struct drbg_aes_ctx normal_context; unsigned int forkid; - uint8_t entropy_hash[SHA256_DIGEST_SIZE]; }; static int _rngfips_ctx_reinit(struct fips_ctx *fctx); static int _rngfips_ctx_init(struct fips_ctx *fctx); -static int drbg_reseed(struct fips_ctx *fctx, struct drbg_aes_ctx *ctx); -static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length); +static int drbg_reseed(struct drbg_aes_ctx *ctx); static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx, void *buffer, size_t length) @@ -62,7 +59,7 @@ static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx, } if (ctx->reseed_counter > DRBG_AES_RESEED_TIME) { - ret = drbg_reseed(fctx, ctx); + ret = drbg_reseed(ctx); if (ret < 0) return gnutls_assert_val(ret); } @@ -74,111 +71,54 @@ static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx, return 0; } -static int get_entropy(struct fips_ctx *fctx, uint8_t *buffer, size_t length) -{ - int ret; - uint8_t block[ENTROPY_BLOCK_SIZE]; - uint8_t hash[SHA256_DIGEST_SIZE]; - struct sha256_ctx ctx; - size_t total = 0; - - /* For FIPS 140-2 4.9.2 continuous random number generator - * test, iteratively fetch fixed sized block from the system - * RNG and compare consecutive blocks. - * - * Note that we store the hash of the entropy block rather - * than the block itself for backward secrecy. - */ - while (total < length) { - ret = _rnd_get_system_entropy(block, ENTROPY_BLOCK_SIZE); - if (ret < 0) - return gnutls_assert_val(ret); - - sha256_init(&ctx); - sha256_update(&ctx, sizeof(block), block); - sha256_digest(&ctx, sizeof(hash), hash); - - if (memcmp(hash, fctx->entropy_hash, sizeof(hash)) == 0) { - _gnutls_switch_lib_state(LIB_STATE_ERROR); - return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); - } - memcpy(fctx->entropy_hash, hash, sizeof(hash)); - - memcpy(buffer, block, MIN(length - total, sizeof(block))); - total += sizeof(block); - buffer += sizeof(block); - } - zeroize_key(block, sizeof(block)); - - return 0; -} - #define PSTRING "gnutls-rng" #define PSTRING_SIZE (sizeof(PSTRING)-1) -static int drbg_init(struct fips_ctx *fctx, struct drbg_aes_ctx *ctx) +static int drbg_init(struct drbg_aes_ctx *ctx) { uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; - ret = get_entropy(fctx, buffer, sizeof(buffer)); + /* Get a key from the standard RNG or from the entropy source. */ + ret = _rnd_get_system_entropy(buffer, sizeof(buffer)); if (ret < 0) return gnutls_assert_val(ret); - ret = drbg_aes_init(ctx, sizeof(buffer), buffer, - PSTRING_SIZE, (void*)PSTRING); - zeroize_key(buffer, sizeof(buffer)); + ret = drbg_aes_init(ctx, sizeof(buffer), buffer, PSTRING_SIZE, (void*)PSTRING); if (ret == 0) return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); - return GNUTLS_E_SUCCESS; + zeroize_key(buffer, sizeof(buffer)); + + return 0; } /* Reseed a generator. */ -static int drbg_reseed(struct fips_ctx *fctx, struct drbg_aes_ctx *ctx) +static int drbg_reseed(struct drbg_aes_ctx *ctx) { uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; - ret = get_entropy(fctx, buffer, sizeof(buffer)); + /* The other two generators are seeded from /dev/random. */ + ret = _rnd_get_system_entropy(buffer, sizeof(buffer)); if (ret < 0) return gnutls_assert_val(ret); - ret = drbg_aes_reseed(ctx, sizeof(buffer), buffer, 0, NULL); - zeroize_key(buffer, sizeof(buffer)); - if (ret == 0) - return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); + drbg_aes_reseed(ctx, sizeof(buffer), buffer, 0, NULL); - return GNUTLS_E_SUCCESS; + return 0; } static int _rngfips_ctx_init(struct fips_ctx *fctx) { - uint8_t block[ENTROPY_BLOCK_SIZE]; - struct sha256_ctx ctx; int ret; - /* For FIPS 140-2 4.9.2 continuous random number generator - * test, get the initial entropy from the system RNG and keep - * it for comparison. - * - * Note that we store the hash of the entropy block rather - * than the block itself for backward secrecy. - */ - ret = _rnd_get_system_entropy(block, sizeof(block)); - if (ret < 0) - return gnutls_assert_val(ret); - sha256_init(&ctx); - sha256_update(&ctx, sizeof(block), block); - zeroize_key(block, sizeof(block)); - sha256_digest(&ctx, sizeof(fctx->entropy_hash), fctx->entropy_hash); - /* normal */ - ret = drbg_init(fctx, &fctx->normal_context); + ret = drbg_init(&fctx->normal_context); if (ret < 0) return gnutls_assert_val(ret); /* nonce */ - ret = drbg_init(fctx, &fctx->nonce_context); + ret = drbg_init(&fctx->nonce_context); if (ret < 0) return gnutls_assert_val(ret); @@ -192,12 +132,12 @@ static int _rngfips_ctx_reinit(struct fips_ctx *fctx) int ret; /* normal */ - ret = drbg_reseed(fctx, &fctx->normal_context); + ret = drbg_reseed(&fctx->normal_context); if (ret < 0) return gnutls_assert_val(ret); /* nonce */ - ret = drbg_reseed(fctx, &fctx->nonce_context); + ret = drbg_reseed(&fctx->nonce_context); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 2ef0e3e..de5309b 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1617,13 +1617,7 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input, info, flags); if (ret < 0) { gnutls_assert(); - pkcs11_close_session(&sinfo); - - /* treat the error as fatal only if - * the token requires login */ - if (l_tinfo.flags & CKF_LOGIN_REQUIRED) - return ret; - continue; + return ret; } ret = diff --git a/lib/privkey.c b/lib/privkey.c index 1a2009e..8b3e355 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -43,7 +43,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer, const gnutls_sign_entry_st *se, const gnutls_datum_t * hash_data, gnutls_datum_t * signature, - gnutls_x509_spki_st * params); + gnutls_x509_spki_st * params, unsigned flags); /** * gnutls_privkey_get_type: @@ -1134,8 +1134,6 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer, return ret; } - FIX_SIGN_PARAMS(params, flags, hash); - return privkey_sign_and_hash_data(signer, _gnutls_pk_to_sign_entry(params.pk, hash), data, signature, ¶ms); } @@ -1188,8 +1186,6 @@ gnutls_privkey_sign_data2(gnutls_privkey_t signer, return ret; } - FIX_SIGN_PARAMS(params, flags, se->hash); - return privkey_sign_and_hash_data(signer, se, data, signature, ¶ms); } @@ -1249,9 +1245,7 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer, return ret; } - FIX_SIGN_PARAMS(params, flags, se->hash); - - return privkey_sign_prehashed(signer, se, hash_data, signature, ¶ms); + return privkey_sign_prehashed(signer, se, hash_data, signature, ¶ms, flags); } int @@ -1374,10 +1368,8 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, if (unlikely(se == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - FIX_SIGN_PARAMS(params, flags, hash_algo); - return privkey_sign_prehashed(signer, se, - hash_data, signature, ¶ms); + hash_data, signature, ¶ms, flags); } static int @@ -1385,7 +1377,8 @@ privkey_sign_prehashed(gnutls_privkey_t signer, const gnutls_sign_entry_st *se, const gnutls_datum_t * hash_data, gnutls_datum_t * signature, - gnutls_x509_spki_st * params) + gnutls_x509_spki_st * params, + unsigned flags) { int ret; gnutls_datum_t digest; @@ -1491,6 +1484,8 @@ privkey_sign_raw_data(gnutls_privkey_t key, 0, data, signature); } else if (key->key.ext.sign_hash_func) { + unsigned int flags = 0; + if (se->pk == GNUTLS_PK_RSA) { se = _gnutls_sign_to_entry(GNUTLS_SIGN_RSA_RAW); assert(se != NULL); @@ -1499,7 +1494,7 @@ privkey_sign_raw_data(gnutls_privkey_t key, /* se may not be set here if we are doing legacy RSA */ return key->key.ext.sign_hash_func(key, se->id, key->key.ext.userdata, - 0, + flags, data, signature); } else { if (!PK_IS_OK_FOR_EXT2(se->pk)) diff --git a/lib/sslv2_compat.c b/lib/sslv2_compat.c index 9d247ba..6122d10 100644 --- a/lib/sslv2_compat.c +++ b/lib/sslv2_compat.c @@ -87,13 +87,14 @@ _gnutls_handshake_select_v2_suite(gnutls_session_t session, */ int _gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data, - unsigned int len) + unsigned int datalen) { uint16_t session_id_len = 0; int pos = 0; int ret = 0, sret = 0; uint16_t sizeOfSuites; uint8_t rnd[GNUTLS_RANDOM_SIZE], major, minor; + int len = datalen; int neg_version; const version_entry_st *vers; uint16_t challenge; diff --git a/lib/stek.c b/lib/stek.c index 5ab9e7d..2f885ce 100644 --- a/lib/stek.c +++ b/lib/stek.c @@ -323,13 +323,20 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con if (unlikely(session == NULL || key == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (unlikely(session->key.totp.last_result != 0)) - return GNUTLS_E_INVALID_REQUEST; + if (session->key.totp.last_result == 0) { + int64_t t; + memcpy(session->key.initial_stek, key->data, key->size); + t = totp_next(session); + if (t < 0) + return gnutls_assert_val(t); - memcpy(session->key.initial_stek, key->data, key->size); + session->key.totp.last_result = t; + session->key.totp.was_rotated = 0; - session->key.totp.was_rotated = 0; - return 0; + return GNUTLS_E_SUCCESS; + } + + return GNUTLS_E_INVALID_REQUEST; } /* diff --git a/lib/supplemental.c b/lib/supplemental.c index 07b38cc..cd90fa1 100644 --- a/lib/supplemental.c +++ b/lib/supplemental.c @@ -192,14 +192,14 @@ _gnutls_parse_supplemental(gnutls_session_t session, const uint8_t * data, int datalen) { const uint8_t *p = data; - size_t dsize = datalen; + ssize_t dsize = datalen; size_t total_size; DECR_LEN(dsize, 3); total_size = _gnutls_read_uint24(p); p += 3; - if (dsize != total_size) { + if (dsize != (ssize_t) total_size) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index 8a1a118..bd25723 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -360,12 +360,11 @@ static int parse_cert_extension(void *_ctx, unsigned tls_id, const uint8_t *data static int parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size) { - int ret; - size_t len; + int len, ret; uint8_t *p = data; cert_auth_info_t info; gnutls_certificate_credentials_t cred; - size_t size; + ssize_t dsize = data_size, size; int i; unsigned npeer_certs, npeer_ocsp, j; crt_cert_ctx_st ctx; @@ -396,31 +395,31 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size) if (info == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); - DECR_LEN(data_size, 3); + DECR_LEN(dsize, 3); size = _gnutls_read_uint24(p); p += 3; - if (size != data_size) + if (size != dsize) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); if (size == 0) return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); - i = data_size; + i = dsize; while (i > 0) { - DECR_LEN(data_size, 3); + DECR_LEN(dsize, 3); len = _gnutls_read_uint24(p); if (len == 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - DECR_LEN(data_size, len); + DECR_LEN(dsize, len); p += len + 3; i -= len + 3; - DECR_LEN(data_size, 2); + DECR_LEN(dsize, 2); len = _gnutls_read_uint16(p); - DECR_LEN(data_size, len); + DECR_LEN(dsize, len); i -= len + 2; p += len + 2; @@ -428,7 +427,7 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size) nentries++; } - if (data_size != 0) + if (dsize != 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); /* this is unnecessary - keeping to avoid a regression due to a re-org diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c index c6f6e0a..d542a21 100644 --- a/lib/tls13/key_update.c +++ b/lib/tls13/key_update.c @@ -117,6 +117,8 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1; else if (session->internals.rsend_state == RECORD_SEND_CORKED) session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU; + else + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); break; default: diff --git a/lib/tls13/psk_ext_parser.c b/lib/tls13/psk_ext_parser.c index 33ebc04..6e3a12f 100644 --- a/lib/tls13/psk_ext_parser.c +++ b/lib/tls13/psk_ext_parser.c @@ -28,8 +28,10 @@ * are present, or 0, on success. */ int _gnutls13_psk_ext_parser_init(psk_ext_parser_st *p, - const unsigned char *data, size_t len) + const unsigned char *data, size_t _len) { + ssize_t len = _len; + if (!p || !data || !len) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); diff --git a/lib/tls13/psk_ext_parser.h b/lib/tls13/psk_ext_parser.h index f46b211..30b47e9 100644 --- a/lib/tls13/psk_ext_parser.h +++ b/lib/tls13/psk_ext_parser.h @@ -25,10 +25,10 @@ struct psk_ext_parser_st { const unsigned char *identities_data; - size_t identities_len; + ssize_t identities_len; const unsigned char *binders_data; - size_t binders_len; + ssize_t binders_len; }; typedef struct psk_ext_parser_st psk_ext_parser_st; diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index 072a56d..146aee9 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -105,7 +105,7 @@ unpack_ticket(gnutls_session_t session, gnutls_datum_t *packed, tls13_ticket_st gnutls_mac_algorithm_t kdf; const mac_entry_st *prf; uint8_t *p; - size_t len; + ssize_t len; uint64_t v; int ret; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 4ca6753..c8899f8 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -2642,8 +2642,6 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, if (se == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - FIX_SIGN_PARAMS(params, flags, dig); - result = privkey_sign_and_hash_data(key, se, &tbs, &signature, ¶ms); gnutls_free(tbs.data); diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 98669e8..21fff7b 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -2532,8 +2532,6 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, goto cleanup; } - FIX_SIGN_PARAMS(params, flags, dig); - ret = privkey_sign_and_hash_data(signer_key, se, &sigdata, &signature, ¶ms); if (ret < 0) { diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 461524f..8f7a96f 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -175,8 +175,6 @@ _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name, return result; } - FIX_SIGN_PARAMS(params, flags, dig); - if (_gnutls_pk_is_not_prehashed(params.pk)) { result = privkey_sign_raw_data(issuer_key, se, &tbs, &signature, ¶ms); } else { diff --git a/tests/Makefile.am b/tests/Makefile.am index 9d8f44c..ca04818 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -119,8 +119,6 @@ ctests += tls13/psk-ext ctests += tls13/key_update -ctests += tls13/key_update_multiple - ctests += tls13/key_limits ctests += tls13/multi-ocsp @@ -211,8 +209,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei tls13-server-kx-neg gnutls_ext_raw_parse_dtls key-export-pkcs8 \ null_retrieve_function tls-record-size-limit tls-crt_type-neg \ resume-with-stek-expiration resume-with-previous-stek rawpk-api \ - tls-record-size-limit-asym dh-compute ecdh-compute \ - sign-verify-deterministic iov aead-cipher-vec + tls-record-size-limit-asym dh-compute ecdh-compute if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp @@ -454,10 +451,6 @@ tls13_anti_replay_CPPFLAGS = $(AM_CPPFLAGS) \ -I$(top_builddir)/gl \ $(NETTLE_CFLAGS) -iov_CPPFLAGS = $(AM_CPPFLAGS) \ - -I$(top_srcdir)/gl \ - -I$(top_builddir)/gl - if ENABLE_PKCS11 if !WINDOWS ctests += tls13/post-handshake-with-cert-pkcs11 pkcs11/tls-neg-pkcs11-no-key @@ -500,7 +493,7 @@ dist_check_SCRIPTS += p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh if HAVE_PKCS11_TRUST_STORE if P11KIT_0_23_11_API dist_check_SCRIPTS += p11-kit-load.sh -indirect_tests += pkcs11/list-tokens pkcs11/list-objects +indirect_tests += pkcs11/list-tokens endif endif diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c deleted file mode 100644 index 10e3db8..0000000 --- a/tests/aead-cipher-vec.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include - -#include -#include -#include -#include "utils.h" - -static void tls_log_func(int level, const char *str) -{ - fprintf(stderr, "<%d>| %s", level, str); -} - -/* Test whether gnutls_aead_cipher_{en,de}crypt_vec works */ -static void start(const char *name, int algo) -{ - int ret; - gnutls_aead_cipher_hd_t ch; - uint8_t key16[64]; - uint8_t iv16[32]; - uint8_t auth[128]; - uint8_t data[64+56+36]; - gnutls_datum_t key, iv; - giovec_t iov[3]; - giovec_t auth_iov[2]; - uint8_t tag[64]; - size_t tag_size = 0; - - key.data = key16; - key.size = gnutls_cipher_get_key_size(algo); - assert(key.size <= sizeof(key16)); - - iv.data = iv16; - iv.size = gnutls_cipher_get_iv_size(algo); - assert(iv.size <= sizeof(iv16)); - - memset(iv.data, 0xff, iv.size); - memset(key.data, 0xfe, key.size); - memset(data, 0xfa, sizeof(data)); - memset(auth, 0xaa, sizeof(auth)); - - iov[0].iov_base = data; - iov[0].iov_len = 64; - iov[1].iov_base = data + 64; - iov[1].iov_len = 56; - iov[2].iov_base = data + 64 + 56; - iov[2].iov_len = 36; - - auth_iov[0].iov_base = auth; - auth_iov[0].iov_len = 64; - auth_iov[1].iov_base = auth + 64; - auth_iov[1].iov_len = 64; - - success("trying %s\n", name); - - ret = - gnutls_aead_cipher_init(&ch, algo, &key); - if (ret < 0) - fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret)); - - ret = gnutls_aead_cipher_encryptv2(ch, - iv.data, iv.size, - auth_iov, 2, - iov, 3, - tag, &tag_size); - if (ret < 0) - fail("could not encrypt data: %s\n", gnutls_strerror(ret)); - - ret = gnutls_aead_cipher_decryptv2(ch, - iv.data, iv.size, - auth_iov, 2, - iov, 3, - tag, tag_size); - if (ret < 0) - fail("could not decrypt data: %s\n", gnutls_strerror(ret)); - - gnutls_aead_cipher_deinit(ch); -} - -void -doit(void) -{ - int ret; - - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(4711); - - ret = global_init(); - if (ret < 0) { - fail("Cannot initialize library\n"); /*errcode 1 */ - } - - start("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM); - start("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM); - start("aes-128-ccm", GNUTLS_CIPHER_AES_128_CCM); - if (!gnutls_fips140_mode_enabled()) - start("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305); - - gnutls_global_deinit(); -} diff --git a/tests/iov.c b/tests/iov.c deleted file mode 100644 index 2acd2b5..0000000 --- a/tests/iov.c +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright (C) 2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include "gnutls_int.h" -#include "../lib/iov.h" - -#include "utils.h" - -struct exp_st { - ssize_t ret; - size_t iov_index; - size_t iov_offset; -}; - -struct test_st { - const char *name; - const giovec_t *iov; - size_t iovcnt; - size_t block_size; - const struct exp_st *exp; - size_t expcnt; -}; - -static const giovec_t iov16[] = { - {(void *) "0123456789012345", 16}, - {(void *) "0123456789012345", 16}, - {(void *) "0123456789012345", 16}, - {(void *) "0123456789012345", 16} -}; - -static const struct exp_st exp16_64[] = { - {64, 4, 0}, - {0, 0, 0} -}; - -static const struct exp_st exp16_32[] = { - {32, 2, 0}, - {32, 4, 0}, - {0, 0, 0} -}; - -static const struct exp_st exp16_16[] = { - {16, 1, 0}, - {16, 2, 0}, - {16, 3, 0}, - {16, 4, 0}, - {0, 0, 0} -}; - -static const struct exp_st exp16_4[] = { - {16, 1, 0}, - {16, 2, 0}, - {16, 3, 0}, - {16, 4, 0}, - {0, 0, 0} -}; - -static const struct exp_st exp16_3[] = { - {15, 0, 15}, - {3, 1, 2}, - {12, 1, 14}, - {3, 2, 1}, - {15, 3, 0}, - {15, 3, 15}, - {1, 4, 0}, - {0, 0, 0} -}; - -static const giovec_t iov8[] = { - {(void *) "01234567", 8}, - {(void *) "01234567", 8}, - {(void *) "01234567", 8}, - {(void *) "01234567", 8} -}; - -static const struct exp_st exp8_64[] = { - {32, 4, 0}, - {0, 0, 0} -}; - -static const giovec_t iov_odd[] = { - {(void *) "0", 1}, - {(void *) "012", 3}, - {(void *) "01234", 5}, - {(void *) "0123456", 7}, - {(void *) "012345678", 9}, - {(void *) "01234567890", 11}, - {(void *) "0123456789012", 13}, - {(void *) "012345678901234", 15} -}; - -static const struct exp_st exp_odd_16[] = { - {16, 4, 0}, - {16, 5, 7}, - {16, 6, 12}, - {16, 8, 0}, - {0, 0, 0} -}; - -static const giovec_t iov_skip[] = { - {(void *) "0123456789012345", 16}, - {(void *) "01234567", 8}, - {(void *) "", 0}, - {(void *) "", 0}, - {(void *) "0123456789012345", 16} -}; - -static const struct exp_st exp_skip_16[] = { - {16, 1, 0}, - {16, 4, 8}, - {8, 5, 0}, - {0, 0, 0} -}; - -static const giovec_t iov_empty[] = { - {(void *) "", 0}, - {(void *) "", 0}, - {(void *) "", 0}, - {(void *) "", 0} -}; - -static const struct exp_st exp_empty_16[] = { - {0, 0, 0} -}; - -static const struct test_st tests[] = { - { "16/64", iov16, sizeof(iov16)/sizeof(iov16[0]), 64, - exp16_64, sizeof(exp16_64)/sizeof(exp16_64[0]) }, - { "16/32", iov16, sizeof(iov16)/sizeof(iov16[0]), 32, - exp16_32, sizeof(exp16_32)/sizeof(exp16_32[0]) }, - { "16/16", iov16, sizeof(iov16)/sizeof(iov16[0]), 16, - exp16_16, sizeof(exp16_16)/sizeof(exp16_16[0]) }, - { "16/4", iov16, sizeof(iov16)/sizeof(iov16[0]), 4, - exp16_4, sizeof(exp16_4)/sizeof(exp16_4[0]) }, - { "16/3", iov16, sizeof(iov16)/sizeof(iov16[0]), 3, - exp16_3, sizeof(exp16_3)/sizeof(exp16_3[0]) }, - { "8/64", iov8, sizeof(iov8)/sizeof(iov8[0]), 64, - exp8_64, sizeof(exp8_64)/sizeof(exp8_64[0]) }, - { "odd/16", iov_odd, sizeof(iov_odd)/sizeof(iov_odd[0]), 16, - exp_odd_16, sizeof(exp_odd_16)/sizeof(exp_odd_16[0]) }, - { "skip/16", iov_skip, sizeof(iov_skip)/sizeof(iov_skip[0]), 16, - exp_skip_16, sizeof(exp_skip_16)/sizeof(exp_skip_16[0]) }, - { "empty/16", iov_empty, sizeof(iov_empty)/sizeof(iov_empty[0]), 16, - exp_empty_16, sizeof(exp_empty_16)/sizeof(exp_empty_16[0]) }, -}; - -static void -copy(giovec_t *dst, uint8_t *buffer, const giovec_t *src, size_t iovcnt) -{ - uint8_t *p = buffer; - size_t i; - - for (i = 0; i < iovcnt; i++) { - dst[i].iov_base = p; - dst[i].iov_len = src[i].iov_len; - memcpy(dst[i].iov_base, src[i].iov_base, src[i].iov_len); - p += src[i].iov_len; - } -} - -static void -translate(uint8_t *data, size_t len) -{ - for (; len > 0; len--) { - uint8_t *p = &data[len - 1]; - if (*p >= '0' && *p <= '9') - *p = 'A' + *p - '0'; - else if (*p >= 'A' && *p <= 'Z') - *p = '0' + *p - 'A'; - } -} - -#define MAX_BUF 1024 -#define MAX_IOV 16 - -void -doit (void) -{ - uint8_t buffer[MAX_BUF]; - size_t i; - - for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - giovec_t iov[MAX_IOV]; - struct iov_iter_st iter; - const struct exp_st *exp = tests[i].exp; - uint8_t *data; - size_t j; - - copy(iov, buffer, tests[i].iov, tests[i].iovcnt); - - success("%s\n", tests[i].name); - assert(_gnutls_iov_iter_init(&iter, - iov, tests[i].iovcnt, - tests[i].block_size) == 0); - for (j = 0; j < tests[i].expcnt; j++) { - ssize_t ret; - - ret = _gnutls_iov_iter_next(&iter, &data); - if (ret != exp[j].ret) - fail("iov_iter_next: %d != %d\n", - (int) ret, (int) exp[j].ret); - else if (debug) - success("iov_iter_next: %d == %d\n", - (int) ret, (int) exp[j].ret); - if (ret == 0) - break; - if (ret > 0) { - if (iter.iov_index != exp[j].iov_index) - fail("iter.iov_index: %u != %u\n", - (unsigned) iter.iov_index, (unsigned) exp[j].iov_index); - else if (debug) - success("iter.iov_index: %u == %u\n", - (unsigned) iter.iov_index, (unsigned) exp[j].iov_index); - if (iter.iov_offset != exp[j].iov_offset) - fail("iter.iov_offset: %u != %u\n", - (unsigned) iter.iov_offset, (unsigned) exp[j].iov_offset); - else if (debug) - success("iter.iov_offset: %u == %u\n", - (unsigned) iter.iov_offset, (unsigned) exp[j].iov_offset); - if (iter.block_offset != 0) - fail("iter.block_offset: %u != 0\n", - (unsigned) iter.block_offset); - else if (debug) - success("iter.block_offset: %u == 0\n", - (unsigned) iter.block_offset); - - translate(data, ret); - - ret = _gnutls_iov_iter_sync(&iter, data, ret); - if (ret < 0) - fail("sync failed\n"); - } - } - - for (j = 0; j < tests[i].iovcnt; j++) { - translate(iov[j].iov_base, iov[j].iov_len); - - if (memcmp(iov[j].iov_base, tests[i].iov[j].iov_base, - iov[j].iov_len) != 0) - fail("iov doesn't match: %*s != %*s\n", - (int)iov[j].iov_len, - (char *)iov[j].iov_base, - (int)tests[i].iov[j].iov_len, - (char *)tests[i].iov[j].iov_len); - } - } -} diff --git a/tests/p11-kit-load.sh b/tests/p11-kit-load.sh index 419900f..3201a2c 100755 --- a/tests/p11-kit-load.sh +++ b/tests/p11-kit-load.sh @@ -22,7 +22,6 @@ srcdir="${srcdir:-.}" builddir="${builddir:-.}" CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}" DIFF="${DIFF:-diff}" PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}" TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp" @@ -91,12 +90,6 @@ if test $? != 0; then exit 1 fi -GNUTLS_PIN="${PIN}" ${P11TOOL} --login --label GnuTLS-Test-RSA --generate-privkey rsa --provider "${SOFTHSM_MODULE}" pkcs11: --outfile /dev/null -if test $? != 0; then - echo "failed to generate privkey" - exit 1 -fi - FILTERTOKEN="sed s/token=.*//g" # Check whether both are listed @@ -182,22 +175,6 @@ if test "$nr" != 2;then exit 1 fi -# Check whether public key and privkey are listed. -nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test|sort -u|wc -l) -if test "$nr" != 2;then - echo "Error in test 8: did not find all objects" - ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test - exit 1 -fi - -# Check whether all privkeys are listed even if trust module is registered. -nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:|sort -u|wc -l) -if test "$nr" != 1;then - echo "Error in test 9: did not find privkey objects" - ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11: - exit 1 -fi - rm -f ${P11DIR}/* rm -rf ${TMP_SOFTHSM_DIR} diff --git a/tests/pkcs11/list-objects.c b/tests/pkcs11/list-objects.c deleted file mode 100644 index ab30cd5..0000000 --- a/tests/pkcs11/list-objects.c +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (C) 2016-2017 Red Hat, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#define P11_KIT_FUTURE_UNSTABLE_API -#include -#include "cert-common.h" - -/* lists the registered PKCS#11 modules by p11-kit. - */ - -static void tls_log_func(int level, const char *str) -{ - fprintf(stderr, "|<%d>| %s", level, str); -} - -static const char *opt_pin; - -static -int pin_func(void* userdata, int attempt, const char* url, const char *label, - unsigned flags, char *pin, size_t pin_max) -{ - if (attempt == 0) { - strcpy(pin, opt_pin); - return 0; - } - return -1; -} - -int main(int argc, char **argv) -{ - int ret; - unsigned i; - int opt; - char *url, *mod; - unsigned flags; - unsigned obj_flags = 0; - int attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; - gnutls_pkcs11_obj_t *crt_list; - unsigned int crt_list_size = 0; - const char *envvar; - - ret = gnutls_global_init(); - if (ret != 0) { - fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); - } - - gnutls_global_set_log_function(tls_log_func); - - while((opt = getopt(argc, argv, "o:t:")) != -1) { - switch(opt) { - case 'o': - mod = strdup(optarg); - p11_kit_override_system_files(NULL, NULL, mod, mod, NULL); - break; - case 't': - /* specify the object type to list */ - if (strcmp(optarg, "all") == 0) - attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; - else if (strcmp(optarg, "privkey") == 0) - attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; - else { - fprintf(stderr, "Unknown object type %s\n", optarg); - exit(1); - } - break; - default: - fprintf(stderr, "Unknown option %c\n", (char)opt); - exit(1); - } - } - - if (optind == argc) { - fprintf(stderr, "specify URL\n"); - exit(1); - } - url = argv[optind]; - - envvar = getenv("GNUTLS_PIN"); - if (envvar && *envvar != '\0') { - opt_pin = envvar; - obj_flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - gnutls_pkcs11_set_pin_function(pin_func, NULL); - } - - ret = gnutls_pkcs11_token_get_flags(url, &flags); - if (ret < 0) { - flags = 0; - } - - ret = - gnutls_pkcs11_obj_list_import_url2(&crt_list, &crt_list_size, - url, attrs, obj_flags); - if (ret != 0) { - fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); - } - - for (i = 0; i < crt_list_size; i++) { - char *output; - - ret = - gnutls_pkcs11_obj_export_url(crt_list[i], 0, - &output); - if (ret != 0) { - fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fprintf(stdout, "%s\n", output); - gnutls_free(output); - gnutls_pkcs11_obj_deinit(crt_list[i]); - } - gnutls_free(crt_list); - - gnutls_global_deinit(); -} diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c index 05c1c90..f212b18 100644 --- a/tests/resume-with-previous-stek.c +++ b/tests/resume-with-previous-stek.c @@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio) serverx509cred = NULL; } - if (num_stek_rotations != 3) - fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations); + if (num_stek_rotations != 2) + fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations); if (serverx509cred) gnutls_certificate_free_credentials(serverx509cred); diff --git a/tests/rng-no-onload.c b/tests/rng-no-onload.c index a485a44..ac01be2 100644 --- a/tests/rng-no-onload.c +++ b/tests/rng-no-onload.c @@ -50,20 +50,18 @@ static int _rnd_called = 0; int __attribute__ ((visibility ("protected"))) gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) { - static unsigned int value = 0; - _rnd_called = 1; - /* Increment 'value' in each call up to 255, then start again from 0 */ - value = (value + 1) & 0xFF; - - memset(data, value, len); - + memset(data, 0xff, len); return 0; } void doit(void) { + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + global_init(); if (_rnd_called != 0) diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c deleted file mode 100644 index 6e90728..0000000 --- a/tests/sign-verify-deterministic.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright (C) 2017-2019 Red Hat, Inc. - * - * Author: Nikos Mavrogiannopoulos, Daiki Ueno - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#ifndef _WIN32 -# include -# include -# include -#endif -#include -#include -#include -#include -#include "utils.h" - -/* verifies whether the sign-data and verify-data APIs - * operate as expected with deterministic ECDSA/DSA (RFC 6979) */ - -static void tls_log_func(int level, const char *str) -{ - fprintf(stderr, "<%d> %s", level, str); -} - -struct _key_tests_st { - const char *name; - gnutls_datum_t key; - gnutls_datum_t msg; - gnutls_datum_t sig; - gnutls_pk_algorithm_t pk; - gnutls_digest_algorithm_t digest; - gnutls_sign_algorithm_t sigalgo; - unsigned int sign_flags; -}; - -/* Test vectors from RFC 6979 */ -static const char dsa_privkey_rfc6979[] = - "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIBugIBAAKBgQCG9coD3P6yJQY/+DCgx2m53Z1hU62R184n94fEMni0R+ZTO4ax\n" - "i+1uiki3hKFMJSxb4Nv2C4bWOFvS8S+3Y+2Ic6v9P1ui4KjApZCC6sBWk15Sna98\n" - "YQRniZx3re38hGyIGHC3sZsrWPm+BSGhcALjvda4ZoXukLPZobAreCsXeQIVAJlv\n" - "ln9sjjiNnijQHiBfupV6VpixAoGAB7D5JUYVC2JRS7dx4qDAzjh/A72mxWtQUgn/\n" - "Jf08Ez2Ju82X6QTgkRTZp9796t/JB46lRNLkAa7sxAu5+794/YeZWhChwny3eJtZ\n" - "S6fvtcQyap/lmgcOE223cXVGStykF75dzi9A0QpGo6OUPyarf9nAOY/4x27gpWgm\n" - "qKiPHb0CgYBd9eAd7THQKX4nThaRwZL+WGj++eGahHdkVLEAzxb2U5IZWji5BSPi\n" - "VC7mGHHARAy4fDIvxLTS7F4efsdm4b6NTOk1Q33BHDyP1CYziTPr/nOcs0ZfTTZo\n" - "xeRzUIJTseaC9ly9xPrpPC6iEjkOVJBahuIiMXC0Tqp9pd2f/Pt/OwIUQRYCyxmm\n" - "zMNElNedmO8eftWvJfc=\n" - "-----END DSA PRIVATE KEY-----\n"; - -static const char ecdsa_secp256r1_privkey_rfc6979[] = - "-----BEGIN EC PRIVATE KEY-----\n" - "MHgCAQEEIQDJr6nYRbp1FmtcIVdnsdaTTlDD2zbomxJ7imIrEg9nIaAKBggqhkjO\n" - "PQMBB6FEA0IABGD+1LolWp0xyWHrdMY1bWjASbiSO2H6bOZpYi5g8p+2eQP+EAi4\n" - "vJmkGunpVii8ZPLxsgwtfp9Rd6PClNRGIpk=\n" - "-----END EC PRIVATE KEY-----\n"; - -static const char sample[] = "sample"; - -static const -struct _key_tests_st tests[] = { - { - .name = "dsa key", - .key = {(void *) dsa_privkey_rfc6979, sizeof(dsa_privkey_rfc6979)-1}, - .msg = {(void *) sample, sizeof(sample)-1}, - .sig = {(void *) "\x30\x2d\x02\x15\x00\x81\xf2\xf5\x85\x0b\xe5\xbc\x12\x3c\x43\xf7\x1a\x30\x33\xe9\x38\x46\x11\xc5\x45\x02\x14\x4c\xdd\x91\x4b\x65\xeb\x6c\x66\xa8\xaa\xad\x27\x29\x9b\xee\x6b\x03\x5f\x5e\x89", 47}, - .pk = GNUTLS_PK_DSA, - .digest = GNUTLS_DIG_SHA256, - .sigalgo = GNUTLS_SIGN_DSA_SHA256, - .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE - }, - { - .name = "ecdsa key", - .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, - .msg = {(void *) sample, sizeof(sample)-1}, - .sig = {(void *) "\x30\x46\x02\x21\x00\xef\xd4\x8b\x2a\xac\xb6\xa8\xfd\x11\x40\xdd\x9c\xd4\x5e\x81\xd6\x9d\x2c\x87\x7b\x56\xaa\xf9\x91\xc3\x4d\x0e\xa8\x4e\xaf\x37\x16\x02\x21\x00\xf7\xcb\x1c\x94\x2d\x65\x7c\x41\xd4\x36\xc7\xa1\xb6\xe2\x9f\x65\xf3\xe9\x00\xdb\xb9\xaf\xf4\x06\x4d\xc4\xab\x2f\x84\x3a\xcd\xa8", 72}, - .pk = GNUTLS_PK_ECDSA, - .digest = GNUTLS_DIG_SHA256, - .sigalgo = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, - .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE - }, - { - .name = "ecdsa key", - .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, - .msg = {(void *) sample, sizeof(sample)-1}, - .sig = {(void *) "\x30\x46\x02\x21\x00\xef\xd4\x8b\x2a\xac\xb6\xa8\xfd\x11\x40\xdd\x9c\xd4\x5e\x81\xd6\x9d\x2c\x87\x7b\x56\xaa\xf9\x91\xc3\x4d\x0e\xa8\x4e\xaf\x37\x16\x02\x21\x00\xf7\xcb\x1c\x94\x2d\x65\x7c\x41\xd4\x36\xc7\xa1\xb6\xe2\x9f\x65\xf3\xe9\x00\xdb\xb9\xaf\xf4\x06\x4d\xc4\xab\x2f\x84\x3a\xcd\xa8", 72}, - .pk = GNUTLS_PK_ECDSA, - .digest = GNUTLS_DIG_SHA256, - .sigalgo = GNUTLS_SIGN_ECDSA_SHA256, - .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE - }, - { - .name = "ecdsa key (q bits < h bits)", - .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, - .msg = {(void *) sample, sizeof(sample)-1}, - .sig = {(void *) "\x30\x44\x02\x20\x0e\xaf\xea\x03\x9b\x20\xe9\xb4\x23\x09\xfb\x1d\x89\xe2\x13\x05\x7c\xbf\x97\x3d\xc0\xcf\xc8\xf1\x29\xed\xdd\xc8\x00\xef\x77\x19\x02\x20\x48\x61\xf0\x49\x1e\x69\x98\xb9\x45\x51\x93\xe3\x4e\x7b\x0d\x28\x4d\xdd\x71\x49\xa7\x4b\x95\xb9\x26\x1f\x13\xab\xde\x94\x09\x54", 70}, - .pk = GNUTLS_PK_ECDSA, - .digest = GNUTLS_DIG_SHA384, - .sigalgo = GNUTLS_SIGN_ECDSA_SHA384, - .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE - }, - { - .name = "ecdsa key (q bits > h bits)", - .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, - .msg = {(void *) sample, sizeof(sample)-1}, - .sig = {(void *) "\x30\x45\x02\x20\x53\xb2\xff\xf5\xd1\x75\x2b\x2c\x68\x9d\xf2\x57\xc0\x4c\x40\xa5\x87\xfa\xba\xbb\x3f\x6f\xc2\x70\x2f\x13\x43\xaf\x7c\xa9\xaa\x3f\x02\x21\x00\xb9\xaf\xb6\x4f\xdc\x03\xdc\x1a\x13\x1c\x7d\x23\x86\xd1\x1e\x34\x9f\x07\x0a\xa4\x32\xa4\xac\xc9\x18\xbe\xa9\x88\xbf\x75\xc7\x4c", 71}, - .pk = GNUTLS_PK_ECDSA, - .digest = GNUTLS_DIG_SHA224, - .sigalgo = GNUTLS_SIGN_ECDSA_SHA224, - .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE - } -}; - -#define testfail(fmt, ...) \ - fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) - -void doit(void) -{ - gnutls_pubkey_t pubkey; - gnutls_privkey_t privkey; - gnutls_datum_t signature; - int ret; - size_t i; - - global_init(); - - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(6); - - for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { - success("testing: %s - %s", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); - - ret = gnutls_pubkey_init(&pubkey); - if (ret < 0) - testfail("gnutls_pubkey_init\n"); - - ret = gnutls_privkey_init(&privkey); - if (ret < 0) - testfail("gnutls_privkey_init\n"); - - signature.data = NULL; - signature.size = 0; - - ret = gnutls_privkey_import_x509_raw(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM, NULL, 0); - if (ret < 0) - testfail("gnutls_privkey_import_x509_raw\n"); - - ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, - &tests[i].msg, &signature); - if (gnutls_fips140_mode_enabled()) { - /* deterministic ECDSA/DSA is prohibited under FIPS */ - if (ret != GNUTLS_E_INVALID_REQUEST) - testfail("gnutls_privkey_sign_data unexpectedly succeeds\n"); - success(" - skipping\n"); - goto next; - } else { - if (ret < 0) - testfail("gnutls_privkey_sign_data\n"); - } - - if (signature.size != tests[i].sig.size || - memcmp(signature.data, tests[i].sig.data, signature.size) != 0) - testfail("signature does not match"); - - ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); - if (ret < 0) - testfail("gnutls_pubkey_import_privkey\n"); - - ret = - gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, &tests[i].msg, - &signature); - if (ret < 0) - testfail("gnutls_pubkey_verify_data2\n"); - success(" - pass"); - - next: - gnutls_free(signature.data); - gnutls_privkey_deinit(privkey); - gnutls_pubkey_deinit(pubkey); - } - - gnutls_global_deinit(); -} diff --git a/tests/tls13/key_update_multiple.c b/tests/tls13/key_update_multiple.c deleted file mode 100644 index 8b2c2db..0000000 --- a/tests/tls13/key_update_multiple.c +++ /dev/null @@ -1,232 +0,0 @@ -/* - * Copyright (C) 2017-2019 Red Hat, Inc. - * - * Author: Daiki Ueno - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include "cert-common.h" - -#include "utils.h" -#include "virt-time.h" -#define RANDOMIZE -#include "eagain-common.h" - -const char *side = ""; - -/* This program tests whether multiple key update messages are handled - * properly with rate-limit. */ - -static void tls_log_func(int level, const char *str) -{ - fprintf(stderr, "%s|<%d>| %s", side, level, str); -} - -#define MAX_BUF 1024 -#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." - -/* These must match the definitions in lib/tls13/key_update.c. */ -#define KEY_UPDATES_WINDOW 1000 -#define KEY_UPDATES_PER_WINDOW 8 - -static unsigned key_update_msg_inc = 0; -static unsigned key_update_msg_out = 0; - -static int hsk_callback(gnutls_session_t session, unsigned int htype, - unsigned post, unsigned int incoming, const gnutls_datum_t *msg) -{ - assert(post == GNUTLS_HOOK_PRE); - - assert(msg->size == 1); - - if (htype == GNUTLS_HANDSHAKE_KEY_UPDATE) { - if (incoming) - key_update_msg_inc++; - else - key_update_msg_out++; - } - - return 0; -} - -static void run(const char *name, bool exceed_limit) -{ - /* Server stuff. */ - gnutls_certificate_credentials_t ccred; - gnutls_certificate_credentials_t scred; - gnutls_session_t server; - int sret, cret; - /* Client stuff. */ - gnutls_session_t client; - /* Need to enable anonymous KX specifically. */ - char buffer[MAX_BUF + 1]; - int ret, transferred = 0; - size_t i; - - success("%s\n", name); - - /* General init. */ - global_init(); - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(9); - - /* Init server */ - assert(gnutls_certificate_allocate_credentials(&scred) >= 0); - assert(gnutls_certificate_set_x509_key_mem(scred, - &server_ca3_localhost_cert, - &server_ca3_key, - GNUTLS_X509_FMT_PEM) >= 0); - - assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); - ret = - gnutls_priority_set_direct(server, - "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", - NULL); - if (ret < 0) - exit(1); - - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); - gnutls_transport_set_push_function(server, server_push); - gnutls_transport_set_pull_function(server, server_pull); - gnutls_transport_set_ptr(server, server); - - /* Init client */ - assert(gnutls_certificate_allocate_credentials(&ccred) >= 0); - assert(gnutls_certificate_set_x509_trust_mem - (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); - - gnutls_init(&client, GNUTLS_CLIENT); - ret = - gnutls_priority_set_direct(client, - "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", - NULL); - assert(ret >= 0); - - ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); - if (ret < 0) - exit(1); - - gnutls_transport_set_push_function(client, client_push); - gnutls_transport_set_pull_function(client, client_pull); - gnutls_transport_set_ptr(client, client); - - - HANDSHAKE(client, server); - if (debug) - success("Handshake established\n"); - - key_update_msg_inc = 0; - key_update_msg_out = 0; - - gnutls_handshake_set_hook_function(client, -1, GNUTLS_HOOK_PRE, hsk_callback); - - /* schedule multiple key updates */ - for (i = 0; i < KEY_UPDATES_PER_WINDOW; i++) { - do { - ret = gnutls_session_key_update(client, 1); - } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - if (ret < 0) - fail("error in key update: %s\n", gnutls_strerror(ret)); - } - - /* server receives the client key update and sends data */ - TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); - TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); - EMPTY_BUF(server, client, buffer, MAX_BUF); - - if (key_update_msg_out != KEY_UPDATES_PER_WINDOW) - fail("unexpected number of key updates are sent: %d\n", - key_update_msg_out); - else { - if (debug) - success("successfully sent %d key updates\n", - KEY_UPDATES_PER_WINDOW); - } - if (key_update_msg_inc != 1) - fail("unexpected number of key updates received: %d\n", - key_update_msg_inc); - else { - if (debug) - success("successfully received 1 key update\n"); - } - - if (exceed_limit) { - /* excessive key update in the same time window should - * be rejected by the peer */ - do { - ret = gnutls_session_key_update(client, 1); - } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - - /* server receives the client key update and sends data */ - ret = record_send_loop(client, MSG, strlen(MSG), 0); - assert(ret == strlen(MSG)); - ret = gnutls_record_recv(server, buffer, MAX_BUF); - if (ret != GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS) - fail("server didn't reject excessive number of key updates\n"); - else { - if (debug) - success("server rejected excessive number of key updates\n"); - } - } else { - virt_sec_sleep(KEY_UPDATES_WINDOW / 1000 + 1); - - /* the time window should be rolled over now */ - do { - ret = gnutls_session_key_update(client, 1); - } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - if (ret < 0) - fail("error in key update: %s\n", gnutls_strerror(ret)); - - /* server receives the client key update and sends data */ - TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); - TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); - EMPTY_BUF(server, client, buffer, MAX_BUF); - } - - gnutls_bye(client, GNUTLS_SHUT_WR); - gnutls_bye(server, GNUTLS_SHUT_WR); - - gnutls_deinit(client); - gnutls_deinit(server); - - gnutls_certificate_free_credentials(scred); - gnutls_certificate_free_credentials(ccred); - - gnutls_global_deinit(); - reset_buffers(); -} - -void doit(void) -{ - virt_time_init(); - - run("not exceeding limit", 0); - run("exceeding limit", 1); -} diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c index bc31962..414b1db 100644 --- a/tests/tls13/prf-early.c +++ b/tests/tls13/prf-early.c @@ -123,10 +123,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size) } \ } -#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04" -#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f" -#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec" -#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0" +#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68" +#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b" +#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62" +#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b" static int handshake_callback_called;