[gnutls-dev][andreas.trottmann@werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]

Nikos Mavroyanopoulos nmav@gnutls.org
Mon Mar 3 22:55:02 2003


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Mar 03, 2003 at 06:51:48PM +0100, Ivo Timmermans wrote:

Does the attached patch fix the problem? (it should)


> ----- Forwarded message from "Andreas U. Trottmann" <andreas.trottmann@werft22.com> -----
> 
> Subject: Bug#183176: libgnutls5: Crypts wrong on alpha
> Reply-To: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>,
> 	183176@bugs.debian.org
> From: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>
> To: Debian Bug Tracking System <submit@bugs.debian.org>
> Date: Mon, 03 Mar 2003 01:40:50 +0100
> X-Spam-Status: No, hits=-6.5 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND,AWL version=2.20
> 
> Package: libgnutls5
> Version: 0.8.1-0mywoody1
> Severity: normal
> 
> On (at least) alpha, gnutls seems to be broken. While it generally can
> communicate fine for short transactions, after a couple of kilobytes of
> data transferred it either generates something the other side can't
> decode, or it can't decode something received by the other side.
> 
> I'm reporting the bug against a self-compiled backport of libgnutls5
> 0.8.1-1 to woody, but it also is present in (at least) the libgnutls3
> shipped with woody, and presumably also with the "official" sid 0.8.1-1.
> I can't test this for lack of a sid alpha system, however.
> 
> 
> The bug can be reproduced easily, for example using one of the following 
> methods:
> 
>  * read your mail on an alpha machine with mutt on an IMAP server over ssl. 
>    After some succesful reading you *will* get 
>    "tls_socket_read (Decryption of the TLS record packet has failed.)"
>    and your IMAP connection will be aborted
> 
> - or -
> 
>  * create a text file of some MB (for example uuencode your linux
>    kernel > bigfile). Then, on an i386 machine, run "gnutls-serv". 
>    On an alpha machine, run "gnutls-cli -p 5556 < bigfile i386.host.name"
>    You will get, after some successful data transmission, on the server:
>    "*** gnutls error[-24]: Decryption of the TLS record packet has failed. 
>    (recv)"
>    and on the client:
>    "*** Received corrupted data(-10) - server has terminated the connection 
>    abnormally"
> 
> 
> - or -
> 
>  * on any machine (tested: i386 and alpha): create a example certificate,
>    put it in a file "server.crt", then run "openssl s_server".
>    Then, on your alpha machine, run "gnutls-cli -p 4433 < bigfile
>    server.host.name"
>    On the server you will soon get
>    "21579:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed
>    or bad record mac:s3_pkt.c:457:"
>    and on the client you will again get
>    "*** Received corrupted data(-9) - server has terminated the
>    connection abnormally"
>    
> 
> 
> To me, the facts that gnutls(alpha) to gnutls(i386) fails as well as
> gnutls(alpha) to openssl(alpha) makes it look like gnutls has some 
> issues on alpha, maybe regarding some effects of the 64 bit architecture.
> 
> Interestingly, gnutls(alpha) to gnutls(alpha) seems to work fine. So,
> apparently, the bug seems to affect encoding and decoding equally.
> 

-- 
Nikos Mavroyanopoulos

--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=koko

Index: defines.h
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/defines.h,v
retrieving revision 2.22
diff -u -u -r2.22 defines.h
--- defines.h	9 Jan 2003 21:52:41 -0000	2.22
+++ defines.h	3 Mar 2003 21:50:13 -0000
@@ -96,19 +96,12 @@
 
 #define SIZEOF_UNSIGNED_LONG_INT SIZEOF_UNSIGNED_LONG
 
-#if SIZEOF_UNSIGNED_LONG == 8
-# define HAVE_UINT64
-/* only used native uint64 in 64 bit machines */
-typedef unsigned long int uint64;
-#else
 /* some systems had problems with long long int, thus,
  * it is not used.
  */
 typedef struct {
 	unsigned char i[8];
 } uint64;
-#endif
-
 
 #if SIZEOF_UNSIGNED_LONG == 4
 typedef unsigned long int uint32;
Index: gnutls_num.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_num.c,v
retrieving revision 2.13
diff -u -u -r2.13 gnutls_num.c
--- gnutls_num.c	2 Dec 2002 07:13:35 -0000	2.13
+++ gnutls_num.c	3 Mar 2003 21:50:18 -0000
@@ -1,7 +1,7 @@
 /*
- * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
+ *  Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
  *
- * This file is part of GNUTLS.
+ *  This file is part of GNUTLS.
  *
  *  The GNUTLS library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public   
@@ -27,16 +27,8 @@
 #include <gnutls_num.h>
 #include <gnutls_errors.h>
 
-
-#ifndef HAVE_UINT64
-
 /* This function will set the uint64 x to zero 
  */
-int _gnutls_uint64zero( uint64 *x) {
-
-	memset( x->i, 0, 8);
-	return 0;
-}
 
 /* This function will add one to uint64 x.
  * Returns 0 on success, or -1 if the uint64 max limit
@@ -59,8 +51,6 @@
 	return 0;
 }
 
-#endif /* HAVE_UINT64 */
-
 uint32 _gnutls_uint24touint32( uint24 num) {
 uint32 ret=0;
 
@@ -163,34 +153,13 @@
 #endif
 }
 
-uint64 _gnutls_conv_uint64( const uint64* data) {
-#ifdef HAVE_UINT64
-# ifndef WORDS_BIGENDIAN
-	return byteswap64(*data);
-# else
-	return *data;
-# endif /* WORDS_BIGENDIAN */
-#else
-	uint64 ret;
-
-	memcpy( ret.i, data->i, 8);
-	return ret;
-#endif /* HAVE_UINT64 */
-}
-
 uint32 _gnutls_uint64touint32( const uint64* num) {
 uint32 ret;
 
-#ifdef HAVE_UINT64
-	ret = (uint32) *num;
-
-#else /* no native uint64 */
-
 	memcpy( &ret, &num->i[4], 4);
-# ifndef WORDS_BIGENDIAN
+#ifndef WORDS_BIGENDIAN
 	ret = byteswap32(ret);
-# endif
-#endif /* HAVE_UINT64 */
+#endif
 
  return ret;
 }
Index: gnutls_num.h
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_num.h,v
retrieving revision 2.13
diff -u -u -r2.13 gnutls_num.h
--- gnutls_num.h	8 Sep 2002 20:48:30 -0000	2.13
+++ gnutls_num.h	3 Mar 2003 21:50:18 -0000
@@ -1,21 +1,21 @@
 /*
- *      Copyright (C) 2000 Nikos Mavroyanopoulos
+ *  Copyright (C) 2000,2003 Nikos Mavroyanopoulos
  *
- * This file is part of GNUTLS.
+ *  This file is part of GNUTLS.
  *
- * GNUTLS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ *  GNUTLS is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
  *
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ *  GNUTLS is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
  *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
 #include <gnutls_int.h>
@@ -37,25 +37,12 @@
 uint16 _gnutls_read_uint16( const opaque* data);
 uint32 _gnutls_conv_uint32( uint32 data);
 uint16 _gnutls_conv_uint16( uint16 data);
-uint64 _gnutls_conv_uint64( const uint64 *data);
 uint32 _gnutls_read_uint24( const opaque* data);
 void _gnutls_write_uint24( uint32 num, opaque* data);
 void _gnutls_write_uint32( uint32 num, opaque* data);
 void _gnutls_write_uint16( uint16 num, opaque* data);
 uint32 _gnutls_uint64touint32( const uint64*);
 
-#ifndef HAVE_UINT64
-int _gnutls_uint64zero( uint64 *);
 int _gnutls_uint64pp( uint64 *);
+# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
 # define UINT64DATA(x) x.i
-
-#else
-# define UINT64DATA(x) &x
-# define rotl64(x,n)   (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n))))
-# define rotr64(x,n)   (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n))))
-# define byteswap64(x)  ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL))
-
-# define _gnutls_uint64pp(x) ((++(*x)==0) ? -1 : 0)
-# define _gnutls_uint64zero(x) (*x) = 0
-
-#endif

--6c2NcOVqGQ03X4Wi--