Hello community, here is the log from the commit of package gnutls.1658 for openSUSE:12.1:Update checked in at 2013-05-17 19:05:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/gnutls.1658 (Old) and /work/SRC/openSUSE:12.1:Update/.gnutls.1658.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls.1658" Changes: -------- New Changes file: --- /dev/null 2013-05-15 01:32:43.420028506 +0200 +++ /work/SRC/openSUSE:12.1:Update/.gnutls.1658.new/gnutls.changes 2013-05-17 19:05:37.000000000 +0200 @@ -0,0 +1,693 @@ +------------------------------------------------------------------- +Thu May 2 13:00:02 UTC 2013 - [email protected] + +- Fix bug[ bnc#802651] CVE-2013-1619( gnutls): Luck-13 issue + Add patch file: CVE-2013-1619.patch + +------------------------------------------------------------------- +Thu Jan 31 09:25:02 UTC 2013 - [email protected] + +- fix bug[ bnc#752193], modify CVE-2012-1663.patch + update the bug fix CVE-2012-1663( gnutls double free) + +------------------------------------------------------------------- +Mon Apr 23 09:27:09 UTC 2012 - [email protected] + +- fix bug[bnc#752193] - VUL-0: gnutls double free + CVE-2012-1663 + +------------------------------------------------------------------- +Thu Apr 12 05:35:23 UTC 2012 - [email protected] + +- fix bug[bnc#753301] - VUL-0: gnutls/libtasn1 + "asn1_get_length_der()" DER decoding issue + CVE-2012-1569 + and bug[bnc#754223] - GenericBlockCipher heap corruption DoS + CVE-2012-1573 + +------------------------------------------------------------------- +Mon Feb 13 06:39:55 UTC 2012 - [email protected] + +- fix Bug[bnc#739898] - VUL-1: CVE-2012-0390: GnuTLS DTLS plaintext + recovery attack. + +------------------------------------------------------------------- +Mon Oct 17 13:21:57 UTC 2011 - [email protected] + +- Add gnutls-fix-crash-on-strcat.patch: make sure a string is + nul-terminated before using strcat on it. Fix bnc#724421. + +------------------------------------------------------------------- +Fri Sep 30 15:16:51 UTC 2011 - [email protected] + +- cross-build fix: configure with sysroot + +------------------------------------------------------------------- +Sat Sep 24 13:10:41 UTC 2011 - [email protected] + +- Add gnutls-fix-compression.patch: fix some + decompression/compression issues that caused connection failures + to some XMPP servers. Patch taken from git. + +------------------------------------------------------------------- +Fri Sep 23 10:38:45 CEST 2011 - [email protected] + +- added libgnutls-devel to baselibs.conf for 32bit Wine on 64bit build + +------------------------------------------------------------------- +Tue Sep 20 16:03:50 UTC 2011 - [email protected] + +- Update to version 3.0.3: + + libgnutls: + - Added gnutls_record_get_discarded() to return the number of + discarded records in a DTLS session. + - All functions related to RSA-EXPORT were deprecated. + - Memory leak fixes in credentials private key + deinitialization. + - Memory leak fixes in ECC ciphersuites. + - Do not send an empty extension structure in server hello. + This affected old implementations that do not support + extensions. + - Allow CA importing of 0 certificates to succeed. + - Added support for VIA padlock AES optimizations. (disabled by + default) + - Added support for elliptic curves in PKCS #11. + - Added gnutls_pkcs11_privkey_generate() to allow generating a + key in a token. + - gnutls_transport_set_lowat dummy macro was removed. + + p11tool: Added generate-rsa, generate-dsa and generate-ecc + options to allow generating private keys in the token. +- Changes from version 3.0.2: + + libgnutls: + - OpenPGP certificate type is not enabled by default. + - Added %NO_EXTENSIONS priority string. + - Corrected issue in gnutls_record_recv() triggered on + encryption or compression error. + - Compatibility fixes in CPU ID detection for i386 and old GCC. + - Corrected parsing of XMPP subject alternative names. + - Allow for out-of-order ChangeCipherSpec message in DTLS. + - gnutls_certificate_set_x509_key() and + gnutls_certificate_set_openpgp_key() operate as in 2.10.x and + allow the release of the private key during the lifetime of + the certificate structure. + + gnutls-cli: Benchmark applications were incorporated with it. +- Changes from version 3.0.1: + + libgnutls: + - gnutls_certificate_set_x509_key_file() and friends support + server name indication. If multiple certificates are set + using these functions the proper one will be selected during + a handshake. + - Added AES-256-GCM which was left out from the previous + release. + - When asking for a PKCS# 11 PIN multiple times, the flags in + the callback were not being updated to reflect for PIN low + count or final try. + - Do not allow second instances of PKCS #11 modules. + - Fixed alignment issue in AES-NI code. + - The config file at gnutls_pkcs11_init() is being read if + provided. + - Ensure that a certificate list specified using + gnutls_certificate_set_x509_key() and friends, is sorted + according to TLS specification (from subject to issuer). + - Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for + gnutls_x509_crt_list_import. It checks whether the list to be + imported is properly sorted. + + crywrap: Added to the distribution. It is an application that + proxies TLS session to a port using a plaintext service. + + Many GTK-DOC improvements. + + Updated translations. +- Drop 0001-Included-appro-s-updates-to-AES-NI.patch, + 0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch, + 0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch, + 0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch: all fixed + upstream. +- Drop call to autoreconf: it was only needed for the patches. +- Add libidn-devel BuildRequires for the new crywrap tool. + +------------------------------------------------------------------- +Mon Aug 29 08:00:03 UTC 2011 - [email protected] + +- update baselibs.conf + +------------------------------------------------------------------- +Wed Aug 17 22:29:31 UTC 2011 - [email protected] + +- Update to version 3.0.0. many fixes see NEWS for details This + changelog only describes important package changes or features. +* Main reason for update is to support Intel AES-NI CPU extensions. +* Bump sonames in the library package accordingly +* C++ apps must now buildrequire libgnutls++-devel +* Software using the openssl emulation must buildrequire + libgnutls-openssl-devel or better use openssl directly. +* Upstream no longer uses libgcrypt but libnettle. +* Upstream now requires the use of p11-kit +* Add post-release upstream patches critical for improving AES-NI + support. + +------------------------------------------------------------------- +Thu Jun 23 07:09:28 UTC 2011 - [email protected] + +- update to stable version 2.10.5 + ** libgnutls: Corrected verification of finished messages. + + ** libgnutls: Corrected signature generation and verification + in the Certificate Verify message when in TLS 1.2. Reported + by Todd A. Ouska. + + ** pkg-config gnutls.pc improvements. + The file uses 'Requires.private' for libtasn1 and libz when needed, + instead of Libs.private. From Andreas Metzler. + + ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. + + ** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. + This makes us comply with RFC3279. Reported by Michael Rommel. + + ** libgnutls: Reverted default behavior for verification and + introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default + V1 trusted CAs are allowed, unless the new flag is specified. + + ** minitasn1: Updated to Libtasn1 2.9. + + ** bgnutls: Correctly add leading zero to PKCS #8 encoded DSA key. + Reported by Jeffrey Walton. + + ** libgnutls: Corrected memory leak in extension data calculation. + Reported by Mike Blumenkrantz. + + ** libgnutls: Remove trailing comma in enums in gnutls.h and x509.h. + + ** API and ABI modifications: + No changes since last version. + +------------------------------------------------------------------- +Mon Oct 11 03:05:58 UTC 2010 - [email protected] + +- update to latest stable version 2.10.2 + * tons of changes, see NEWS + +------------------------------------------------------------------- +Sat Apr 24 11:38:17 UTC 2010 - [email protected] + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Apr 15 16:47:31 CEST 2010 - [email protected] + +- updated to stable 2.8.6 ++++ 496 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.gnutls.1658.new/gnutls.changes New: ---- CVE-2012-0390.patch CVE-2012-1569.patch CVE-2012-1573.patch CVE-2012-1663.patch CVE-2013-1619.patch baselibs.conf gnutls-3.0.3.tar.xz gnutls-fix-compression.patch gnutls-fix-crash-on-strcat.patch gnutls.changes gnutls.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ # # spec file for package gnutls # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define gnutls_sover 28 %define gnutlsxx_sover 28 %define gnutls_ossl_sover 27 %define gnutls_extra_sover 28 Name: gnutls Version: 3.0.3 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ Group: Productivity/Networking/Security Url: http://www.gnutls.org/ Source0: %{name}-%{version}.tar.xz Source1: baselibs.conf # PATCH-FIX-UPSTREAM gnutls-fix-compression.patch [email protected] -- Taken from git, fix decompression/compression Patch0: gnutls-fix-compression.patch # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 [email protected] -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17 Patch1: gnutls-fix-crash-on-strcat.patch Patch2: CVE-2012-0390.patch Patch3: CVE-2012-1569.patch Patch4: CVE-2012-1573.patch Patch5: CVE-2012-1663.patch Patch6: CVE-2013-1619.patch BuildRequires: gcc-c++ BuildRequires: libidn-devel BuildRequires: libnettle-devel >= 2.2 BuildRequires: libtasn1-devel BuildRequires: p11-kit-devel BuildRequires: pkg-config BuildRequires: xz BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: gnutls-64bit %endif %description The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls%{gnutls_sover} Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ Group: Productivity/Networking/Security %description -n libgnutls%{gnutls_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutlsxx%{gnutlsxx_sover} Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ Group: Productivity/Networking/Security %description -n libgnutlsxx%{gnutlsxx_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-extra%{gnutls_extra_sover} Summary: The GNU Transport Layer Security Library License: GPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls-extra%{gnutls_extra_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-openssl%{gnutls_ossl_sover} Summary: The GNU Transport Layer Security Library License: GPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls-openssl%{gnutls_ossl_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %package -n libgnutls-devel Summary: Development package for gnutls License: LGPL-2.1+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: glibc-devel Requires: libgnutls%{gnutls_sover} = %{version} %description -n libgnutls-devel Files needed for software development using gnutls. %package -n libgnutlsxx-devel Summary: Development package for gnutls License: LGPL-2.1+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: libgnutls-devel = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel %description -n libgnutlsxx-devel Files needed for software development using gnutls. %package -n libgnutls-openssl-devel Summary: Development package for gnutls License: LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} %description -n libgnutls-openssl-devel Files needed for software development using gnutls. %package -n libgnutls-extra-devel Summary: The GNU Transport Layer Security Library License: GPL-3.0+ Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} Requires: libgnutls-extra%{gnutls_extra_sover} = %{version} # gnutls-devel last used in 10.3 Obsoletes: gnutls-devel < %{version} Provides: gnutls-devel = %{version} # bug437293 %ifarch ppc64 Obsoletes: gnutls-devel-64bit %endif # %description -n libgnutls-extra-devel The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %build %configure \ --disable-static \ --with-pic \ --disable-rpath \ --disable-silent-rules \ --with-sysroot=/%{?_sysroot} make %{?_smp_mflags} # 17-ago-2011, Test suite passes in factory, just not #in the build system due to some broken code requiring both networking #and fixes. #make check %install %make_install rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in} find doc/examples -perm -111 -exec rm {} \; rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files rm -f %{buildroot}%{_libdir}/*.la %find_lang libgnutls --all-name %clean rm -rf %{buildroot} %post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %post -n libgnutls-extra%{gnutls_extra_sover} -p /sbin/ldconfig %postun -n libgnutls-extra%{gnutls_extra_sover} -p /sbin/ldconfig %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %postun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %files -f libgnutls.lang %defattr(-, root, root) %doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/crywrap %{_bindir}/gnutls-cli %{_bindir}/gnutls-cli-debug %{_bindir}/gnutls-serv %{_bindir}/psktool %{_bindir}/p11tool %{_bindir}/srptool %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} %defattr(-,root,root) %{_libdir}/libgnutls.so.%{gnutls_sover}* %files -n libgnutls-extra%{gnutls_extra_sover} %defattr(-,root,root) %{_libdir}/libgnutls-extra.so.%{gnutls_extra_sover}* %files -n libgnutls-openssl%{gnutls_ossl_sover} %defattr(-,root,root) %{_libdir}/libgnutls-openssl.so.%{gnutls_ossl_sover}* %files -n libgnutlsxx%{gnutlsxx_sover} %defattr(-,root,root) %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel %defattr(-, root, root) %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h %{_includedir}/%{name}/compat.h %{_includedir}/%{name}/dtls.h %{_includedir}/%{name}/gnutls.h %{_includedir}/%{name}/openpgp.h %{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/x509.h %{_libdir}/libgnutls.so %{_libdir}/pkgconfig/gnutls.pc %{_mandir}/man3/* %{_infodir}/*.* %doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/* %files -n libgnutlsxx-devel %defattr(-, root, root) %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h %files -n libgnutls-openssl-devel %defattr(-, root, root) %{_libdir}/libgnutls-openssl.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/openssl.h %files -n libgnutls-extra-devel %defattr(-, root, root) %dir %{_includedir}/%{name} %{_includedir}/%{name}/extra.h %{_libdir}/libgnutls-extra.so %{_libdir}/pkgconfig/gnutls-extra.pc %changelog ++++++ CVE-2012-0390.patch ++++++ Index: gnutls-3.0.3/lib/gnutls_cipher.c =================================================================== --- gnutls-3.0.3.orig/lib/gnutls_cipher.c +++ gnutls-3.0.3/lib/gnutls_cipher.c @@ -559,7 +559,12 @@ ciphertext_to_compressed (gnutls_session } if (length < 0) - length = 0; + { + /* Setting a proper length to prevent timing differences in + * processing of records with invalid encryption. + */ + length = ciphertext->size - tag_size; + } /* Pass the type, version, length and compressed through * MAC. ++++++ CVE-2012-1569.patch ++++++ Index: gnutls-3.0.3/lib/minitasn1/decoding.c =================================================================== --- gnutls-3.0.3.orig/lib/minitasn1/decoding.c +++ gnutls-3.0.3/lib/minitasn1/decoding.c @@ -55,12 +55,13 @@ _asn1_error_description_tag_error (ASN1_ * Extract a length field from DER data. * * Returns: Return the decoded length value, or -1 on indefinite - * length, or -2 when the value was too big. + * length, or -2 when the value was too big to fit in a int, or -4 + * when the decoded length value plus @len would exceed @der_len. **/ signed long asn1_get_length_der (const unsigned char *der, int der_len, int *len) { - unsigned long ans; + int ans; int k, punt; *len = 0; @@ -83,7 +84,7 @@ asn1_get_length_der (const unsigned char ans = 0; while (punt <= k && punt < der_len) { - unsigned long last = ans; + int last = ans; ans = ans * 256 + der[punt++]; if (ans < last) @@ -93,10 +94,13 @@ asn1_get_length_der (const unsigned char } else { /* indefinite length method */ - ans = -1; + *len = punt; + return -1; } *len = punt; + if (ans + *len < ans || ans + *len > der_len) + return -4; return ans; } } ++++++ CVE-2012-1573.patch ++++++ Index: gnutls-3.0.3/lib/gnutls_cipher.c =================================================================== --- gnutls-3.0.3.orig/lib/gnutls_cipher.c +++ gnutls-3.0.3/lib/gnutls_cipher.c @@ -502,7 +502,7 @@ ciphertext_to_compressed (gnutls_session break; case CIPHER_BLOCK: - if (ciphertext->size < MAX(blocksize, tag_size) || (ciphertext->size % blocksize != 0)) + if (ciphertext->size < blocksize || (ciphertext->size % blocksize != 0)) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); /* ignore the IV in TLS 1.1+ @@ -514,14 +514,11 @@ ciphertext_to_compressed (gnutls_session ciphertext->size -= blocksize; ciphertext->data += blocksize; - - if (ciphertext->size == 0) - { - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } } + if (ciphertext->size < tag_size) + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + /* we don't use the auth_cipher interface here, since * TLS with block ciphers is impossible to be used under such * an API. (the length of plaintext is required to calculate ++++++ CVE-2012-1663.patch ++++++ Index: gnutls-3.0.3/lib/auth/cert.c =================================================================== --- gnutls-3.0.3.orig/lib/auth/cert.c +++ gnutls-3.0.3/lib/auth/cert.c @@ -1157,6 +1157,7 @@ _gnutls_proc_x509_server_certificate (gn if (ret < 0) { gnutls_assert (); + peer_certificate_list_size = j; goto cleanup; } Index: gnutls-3.0.3/lib/gnutls_pcert.c =================================================================== --- gnutls-3.0.3.orig/lib/gnutls_pcert.c +++ gnutls-3.0.3/lib/gnutls_pcert.c @@ -89,6 +89,7 @@ size_t sz; if (ret < 0) { gnutls_pubkey_deinit(pcert->pubkey); + pcert->pubkey = NULL; ret = gnutls_assert_val(ret); goto cleanup; } @@ -96,7 +97,7 @@ size_t sz; return 0; cleanup: - gnutls_free(pcert->cert.data); + _gnutls_free_datum(&pcert->cert); return ret; } @@ -278,6 +279,7 @@ size_t sz; if (ret < 0) { gnutls_pubkey_deinit(pcert->pubkey); + pcert->pubkey = NULL; ret = gnutls_assert_val(ret); goto cleanup; } @@ -285,7 +287,7 @@ size_t sz; return 0; cleanup: - gnutls_free(pcert->cert.data); + _gnutls_free_datum(&pcert->cert); return ret; } @@ -368,8 +370,7 @@ gnutls_pcert_deinit (gnutls_pcert_st *pc { gnutls_pubkey_deinit(pcert->pubkey); pcert->pubkey = NULL; - gnutls_free(pcert->cert.data); - pcert->cert.data = NULL; + _gnutls_free_datum(&pcert->cert); } /* Converts the first certificate for the cert_auth_info structure ++++++ CVE-2013-1619.patch ++++++ Index: gnutls-3.0.3/lib/gnutls_cipher.c =================================================================== --- gnutls-3.0.3.orig/lib/gnutls_cipher.c +++ gnutls-3.0.3/lib/gnutls_cipher.c @@ -422,6 +422,36 @@ compressed_to_ciphertext (gnutls_session return length; } +static void dummy_wait(record_parameters_st * params, gnutls_datum_t* plaintext, + unsigned pad_failed, unsigned int pad, unsigned total) +{ + /* this hack is only needed on CBC ciphers */ + if (_gnutls_cipher_is_block (params->cipher_algorithm) == CIPHER_BLOCK) + { + unsigned len; + + /* force an additional hash compression function evaluation to prevent timing + * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad. + */ + if (pad_failed == 0 && pad > 0) + { + len = _gnutls_get_hash_block_len(params->mac_algorithm); + if (len > 0) + { + /* This is really specific to the current hash functions. + * It should be removed once a protocol fix is in place. + */ + if ((pad+total) % len > len-9 && total % len <= len-9) + { + if (len < plaintext->size) + _gnutls_auth_cipher_add_auth (¶ms->read.cipher_state, plaintext->data, len); + else + _gnutls_auth_cipher_add_auth (¶ms->read.cipher_state, plaintext->data, plaintext->size); + } + } + } + } +} /* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size. * Returns the actual compressed packet size. @@ -435,10 +465,12 @@ ciphertext_to_compressed (gnutls_session uint64* sequence) { uint8_t tag[MAX_HASH_SIZE]; - uint8_t pad; + unsigned int pad = 0, i; int length, length_to_decrypt; uint16_t blocksize; - int ret, i, pad_failed = 0; + int ret; + unsigned int tmp_pad_failed = 0; + unsigned int pad_failed = 0; opaque preamble[MAX_PREAMBLE_SIZE]; int preamble_size; int ver = gnutls_protocol_get_version (session); @@ -516,7 +548,7 @@ ciphertext_to_compressed (gnutls_session ciphertext->data += blocksize; } - if (ciphertext->size < tag_size) + if (ciphertext->size < tag_size+1) return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); /* we don't use the auth_cipher interface here, since @@ -529,40 +561,30 @@ ciphertext_to_compressed (gnutls_session ciphertext->data, ciphertext->size)) < 0) return gnutls_assert_val(ret); - pad = ciphertext->data[ciphertext->size - 1] + 1; /* pad */ - - if ((int) pad > (int) ciphertext->size - tag_size) - { - gnutls_assert (); - _gnutls_record_log - ("REC[%p]: Short record length %d > %d - %d (under attack?)\n", - session, pad, ciphertext->size, tag_size); - /* We do not fail here. We check below for the - * the pad_failed. If zero means success. - */ - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } - - length = ciphertext->size - tag_size - pad; + pad = ciphertext->data[ciphertext->size - 1]; /* pad */ - /* Check the pading bytes (TLS 1.x) + /* Check the pading bytes (TLS 1.x). + * Note that we access all 256 bytes of ciphertext for padding check + * because there is a timing channel in that memory access (in certain CPUs). */ if (ver != GNUTLS_SSL3 && pad_failed == 0) - for (i = 2; i < pad; i++) + for (i = 2; i <= MIN(256, ciphertext->size); i++) { - if (ciphertext->data[ciphertext->size - i] != - ciphertext->data[ciphertext->size - 1]) - pad_failed = GNUTLS_E_DECRYPTION_FAILED; + tmp_pad_failed |= (ciphertext->data[ciphertext->size - i] != pad); + pad_failed |= ((i<= (1+pad)) & (tmp_pad_failed)); } - if (length < 0) + if (pad_failed != 0 || (1+pad > ((int) ciphertext->size - tag_size))) { - /* Setting a proper length to prevent timing differences in - * processing of records with invalid encryption. + /* We do not fail here. We check below for the + * the pad_failed. If zero means success. */ - length = ciphertext->size - tag_size; + pad_failed = 1; + pad = 0; } + length = ciphertext->size - tag_size - pad - 1; + /* Pass the type, version, length and compressed through * MAC. */ @@ -581,16 +603,17 @@ ciphertext_to_compressed (gnutls_session if (ret < 0) return gnutls_assert_val(ret); - /* This one was introduced to avoid a timing attack against the TLS - * 1.0 protocol. - */ if (pad_failed != 0) return gnutls_assert_val(pad_failed); - /* HMAC was not the same. - */ if (memcmp (tag, &ciphertext->data[length], tag_size) != 0) - return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + { + gnutls_datum_t compressed = {compress_data, compress_size}; + /* HMAC was not the same. */ + dummy_wait(params, &compressed, pad_failed, pad, length+preamble_size); + + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + } /* copy the decrypted stuff to compress_data. */ @@ -602,3 +625,4 @@ ciphertext_to_compressed (gnutls_session return length; } + Index: gnutls-3.0.3/lib/gnutls_hash_int.h =================================================================== --- gnutls-3.0.3.orig/lib/gnutls_hash_int.h +++ gnutls-3.0.3/lib/gnutls_hash_int.h @@ -179,4 +179,25 @@ inline static int IS_SHA(gnutls_digest_a return 0; } +/* We shouldn't need to know that, but a work-around in decoding + * TLS record padding requires that. + */ +inline static size_t +_gnutls_get_hash_block_len (gnutls_digest_algorithm_t algo) +{ + switch (algo) + { + case GNUTLS_DIG_MD5: + case GNUTLS_DIG_SHA1: + case GNUTLS_DIG_RMD160: + case GNUTLS_DIG_SHA256: + case GNUTLS_DIG_SHA384: + case GNUTLS_DIG_SHA512: + case GNUTLS_DIG_SHA224: + return 64; + default: + return 0; + } +} + #endif /* GNUTLS_HASH_INT_H */ ++++++ baselibs.conf ++++++ libgnutls28 obsoletes "gnutls-<targettype>" libgnutls-devel requires -libgnutls-<targettype> requires "libgnutls28-<targettype> = <version>" ++++++ gnutls-fix-compression.patch ++++++ ++++ 842 lines (skipped) ++++++ gnutls-fix-crash-on-strcat.patch ++++++ >From 7043a8e9e314b0c2eb7ac5c2278a0b103f6a758a Mon Sep 17 00:00:00 2001 From: Vincent Untz <[email protected]> Date: Mon, 17 Oct 2011 15:15:46 +0200 Subject: [PATCH] Correctly terminate a string with \0 before concatenating to it Fix a potential crash: https://bugzilla.novell.com/show_bug.cgi?id=724421 --- lib/x509/common.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/lib/x509/common.c b/lib/x509/common.c index 6bb4746..0651d2e 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -390,6 +390,7 @@ _gnutls_x509_data2hex (const opaque * data, size_t data_size, if (out) { out[0] = '#'; + out[1] = '\0'; _gnutls_str_cat (out, *sizeof_out, res); } -- 1.7.7 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
