upstream/oracle/userland-gate: components/gnutls/patches/04-cve-2013-1619.patch@29a9d33b67fa (annotated)

4068 29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	1	Source:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	2	http://www.gnutls.org/security.html
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	3	Info:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	4	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	5	The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	6	before 3.1.7 does not properly consider timing side-channel attacks on a
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	7	noncompliant MAC check operation during the processing of malformed CBC
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	8	padding, which allows remote attackers to conduct distinguishing attacks and
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	9	plaintext-recovery attacks via statistical analysis of timing data for crafted
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	10	packets, a related issue to CVE-2013-0169.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	11	Status:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	12	Need to determine if this patch has been sent upstream.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	13
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	14	--- gnutls-2.8.6/lib/gnutls_cipher.c.orig 2013-05-21 14:38:08.865598248 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	15	+++ gnutls-2.8.6/lib/gnutls_cipher.c 2013-05-21 15:51:24.878786918 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	16	@@ -418,6 +418,49 @@ _gnutls_compressed2ciphertext (gnutls_se
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	17	return length;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	18	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	19
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	20	+static void dummy_wait(gnutls_session_t session, gnutls_datum_t* plaintext,
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	21	+ unsigned pad_failed, unsigned int pad, unsigned total, int ver)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	22	+{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	23	+ /* this hack is only needed on CBC ciphers */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	24	+ if (_gnutls_cipher_is_block (session->security_parameters.read_bulk_cipher_algorithm) == CIPHER_BLOCK)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	25	+ {
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	26	+ uint8_t MAC[MAX_HASH_SIZE];
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	27	+ unsigned len;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	28	+ digest_hd_st td;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	29	+ int ret;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	30	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	31	+ ret = mac_init (&td, session->security_parameters.read_mac_algorithm,
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	32	+ session->connection_state.read_mac_secret.data,
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	33	+ session->connection_state.read_mac_secret.size, ver);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	34	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	35	+ if (ret < 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	36	+ return;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	37	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	38	+ /* force an additional hash compression function evaluation to prevent timing
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	39	+ * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	40	+ */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	41	+ if (pad_failed == 0 && pad > 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	42	+ {
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	43	+ len = _gnutls_get_hash_block_len(session->security_parameters.read_mac_algorithm);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	44	+ if (len > 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	45	+ {
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	46	+ /* This is really specific to the current hash functions.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	47	+ * It should be removed once a protocol fix is in place.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	48	+ */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	49	+ if ((pad+total) % len > len-9 && total % len <= len-9)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	50	+ {
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	51	+ if (len < plaintext->size)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	52	+ _gnutls_hmac (&td, plaintext->data, len);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	53	+ else
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	54	+ _gnutls_hmac (&td, plaintext->data, plaintext->size);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	55	+ }
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	56	+ }
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	57	+ }
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	58	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	59	+ mac_deinit (&td, MAC, ver);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	60	+ }
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	61	+}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	62	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	63	/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	64	* Returns the actual compressed packet size.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	65	*/
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	66	@@ -429,11 +472,12 @@ _gnutls_ciphertext2compressed (gnutls_se
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	67	{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	68	uint8_t MAC[MAX_HASH_SIZE];
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	69	uint16_t c_length;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	70	- uint8_t pad;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	71	+ unsigned int pad = 0;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	72	int length;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	73	digest_hd_st td;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	74	uint16_t blocksize;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	75	int ret, i, pad_failed = 0;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	76	+ int preamble_size = 0;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	77	uint8_t major, minor;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	78	gnutls_protocol_t ver;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	79	int hash_size =
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	80	@@ -509,31 +553,23 @@ _gnutls_ciphertext2compressed (gnutls_se
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	81	return GNUTLS_E_DECRYPTION_FAILED;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	82	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	83
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	84	- pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	85	+ pad = ciphertext.data[ciphertext.size - 1]; /* pad */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	86
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	87	- if ((int) pad > (int) ciphertext.size - hash_size)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	88	- {
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	89	- gnutls_assert ();
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	90	- _gnutls_record_log
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	91	- ("REC[%p]: Short record length %d > %d - %d (under attack?)\n",
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	92	- session, pad, ciphertext.size, hash_size);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	93	- /* We do not fail here. We check below for the
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	94	- * the pad_failed. If zero means success.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	95	- */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	96	- pad_failed = GNUTLS_E_DECRYPTION_FAILED;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	97	- }
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	98	-
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	99	- length = ciphertext.size - hash_size - pad;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	100	-
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	101	- /* Check the pading bytes (TLS 1.x)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	102	+ /* Check the pading bytes (TLS 1.x).
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	103	+ * Note that we access all 256 bytes of ciphertext for padding check
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	104	+ * because there is a timing channel in that memory access (in certain CPUs).
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	105	*/
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	106	if (ver >= GNUTLS_TLS1 && pad_failed == 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	107	- for (i = 2; i < pad; i++)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	108	+ for (i = 2; i <= pad; i++)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	109	{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	110	- if (ciphertext.data[ciphertext.size - i] !=
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	111	- ciphertext.data[ciphertext.size - 1])
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	112	+ if (ciphertext.data[ciphertext.size - i] != pad)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	113	pad_failed = GNUTLS_E_DECRYPTION_FAILED;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	114	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	115	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	116	+ if (pad_failed)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	117	+ pad = 0;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	118	+ length = ciphertext.size - hash_size - pad - 1;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	119	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	120	break;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	121	default:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	122	gnutls_assert ();
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	123	@@ -552,14 +588,19 @@ _gnutls_ciphertext2compressed (gnutls_se
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	124	_gnutls_hmac (&td,
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	125	UINT64DATA (session->connection_state.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	126	read_sequence_number), 8);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	127	+ preamble_size += 8;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	128
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	129	_gnutls_hmac (&td, &type, 1);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	130	+ preamble_size++;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	131	if (ver >= GNUTLS_TLS1)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	132	{ /* TLS 1.x */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	133	_gnutls_hmac (&td, &major, 1);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	134	+ preamble_size++;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	135	_gnutls_hmac (&td, &minor, 1);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	136	+ preamble_size++;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	137	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	138	_gnutls_hmac (&td, &c_length, 2);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	139	+ preamble_size += 2;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	140
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	141	if (length > 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	142	_gnutls_hmac (&td, ciphertext.data, length);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	143	@@ -567,21 +608,19 @@ _gnutls_ciphertext2compressed (gnutls_se
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	144	mac_deinit (&td, MAC, ver);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	145	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	146
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	147	- /* This one was introduced to avoid a timing attack against the TLS
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	148	- * 1.0 protocol.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	149	- */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	150	- if (pad_failed != 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	151	- return pad_failed;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	152	-
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	153	/* HMAC was not the same.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	154	*/
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	155	- if (memcmp (MAC, &ciphertext.data[length], hash_size) != 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	156	+ if (memcmp (MAC, &ciphertext.data[length], hash_size) != 0 \|\| pad_failed != 0)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	157	{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	158	+ gnutls_datum_t compressed = {compress_data, compress_size};
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	159	+ /* HMAC was not the same. */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	160	+ dummy_wait(session, &compressed, pad_failed, pad, length+preamble_size, ver);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	161	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	162	gnutls_assert ();
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	163	return GNUTLS_E_DECRYPTION_FAILED;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	164	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	165
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	166	- /* copy the decrypted stuff to compress_data.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	167	+ /* copy the decrypted stuff to compressed_data.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	168	*/
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	169	if (compress_size < length)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	170	{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	171	--- gnutls-2.8.6/lib/gnutls_hash_int.h.orig 2013-05-21 15:51:50.195114457 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	172	+++ gnutls-2.8.6/lib/gnutls_hash_int.h 2013-05-21 15:53:44.212046617 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	173	@@ -92,4 +92,25 @@ void _gnutls_mac_deinit_ssl3_handshake (
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	174
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	175	int _gnutls_hash_copy (digest_hd_st* dst_handle, digest_hd_st * src_handle);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	176
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	177	+/* We shouldn't need to know that, but a work-around in decoding
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	178	+ * TLS record padding requires that.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	179	+ */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	180	+inline static size_t
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	181	+_gnutls_get_hash_block_len (gnutls_digest_algorithm_t algo)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	182	+{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	183	+ switch (algo)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	184	+ {
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	185	+ case GNUTLS_DIG_MD5:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	186	+ case GNUTLS_DIG_SHA1:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	187	+ case GNUTLS_DIG_RMD160:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	188	+ case GNUTLS_DIG_SHA256:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	189	+ case GNUTLS_DIG_SHA384:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	190	+ case GNUTLS_DIG_SHA512:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	191	+ case GNUTLS_DIG_SHA224:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	192	+ return 64;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	193	+ default:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	194	+ return 0;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	195	+ }
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	196	+}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	197	+
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	198	#endif /* GNUTLS_HASH_INT_H */

author	Ann Lai <ann.lai@oracle.com>
	Wed, 08 Apr 2015 10:31:09 -0700
changeset 4068	29a9d33b67fa
permissions	-rw-r--r--