[gnutls-dev][andreas.trottmann@werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]
Nikos Mavroyanopoulos
nmav@gnutls.org
Mon Mar 3 22:55:02 2003
--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Mar 03, 2003 at 06:51:48PM +0100, Ivo Timmermans wrote:
Does the attached patch fix the problem? (it should)
> ----- Forwarded message from "Andreas U. Trottmann" <andreas.trottmann@werft22.com> -----
>
> Subject: Bug#183176: libgnutls5: Crypts wrong on alpha
> Reply-To: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>,
> 183176@bugs.debian.org
> From: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>
> To: Debian Bug Tracking System <submit@bugs.debian.org>
> Date: Mon, 03 Mar 2003 01:40:50 +0100
> X-Spam-Status: No, hits=-6.5 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND,AWL version=2.20
>
> Package: libgnutls5
> Version: 0.8.1-0mywoody1
> Severity: normal
>
> On (at least) alpha, gnutls seems to be broken. While it generally can
> communicate fine for short transactions, after a couple of kilobytes of
> data transferred it either generates something the other side can't
> decode, or it can't decode something received by the other side.
>
> I'm reporting the bug against a self-compiled backport of libgnutls5
> 0.8.1-1 to woody, but it also is present in (at least) the libgnutls3
> shipped with woody, and presumably also with the "official" sid 0.8.1-1.
> I can't test this for lack of a sid alpha system, however.
>
>
> The bug can be reproduced easily, for example using one of the following
> methods:
>
> * read your mail on an alpha machine with mutt on an IMAP server over ssl.
> After some succesful reading you *will* get
> "tls_socket_read (Decryption of the TLS record packet has failed.)"
> and your IMAP connection will be aborted
>
> - or -
>
> * create a text file of some MB (for example uuencode your linux
> kernel > bigfile). Then, on an i386 machine, run "gnutls-serv".
> On an alpha machine, run "gnutls-cli -p 5556 < bigfile i386.host.name"
> You will get, after some successful data transmission, on the server:
> "*** gnutls error[-24]: Decryption of the TLS record packet has failed.
> (recv)"
> and on the client:
> "*** Received corrupted data(-10) - server has terminated the connection
> abnormally"
>
>
> - or -
>
> * on any machine (tested: i386 and alpha): create a example certificate,
> put it in a file "server.crt", then run "openssl s_server".
> Then, on your alpha machine, run "gnutls-cli -p 4433 < bigfile
> server.host.name"
> On the server you will soon get
> "21579:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed
> or bad record mac:s3_pkt.c:457:"
> and on the client you will again get
> "*** Received corrupted data(-9) - server has terminated the
> connection abnormally"
>
>
>
> To me, the facts that gnutls(alpha) to gnutls(i386) fails as well as
> gnutls(alpha) to openssl(alpha) makes it look like gnutls has some
> issues on alpha, maybe regarding some effects of the 64 bit architecture.
>
> Interestingly, gnutls(alpha) to gnutls(alpha) seems to work fine. So,
> apparently, the bug seems to affect encoding and decoding equally.
>
--
Nikos Mavroyanopoulos
--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=koko
Index: defines.h
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/defines.h,v
retrieving revision 2.22
diff -u -u -r2.22 defines.h
--- defines.h 9 Jan 2003 21:52:41 -0000 2.22
+++ defines.h 3 Mar 2003 21:50:13 -0000
@@ -96,19 +96,12 @@
#define SIZEOF_UNSIGNED_LONG_INT SIZEOF_UNSIGNED_LONG
-#if SIZEOF_UNSIGNED_LONG == 8
-# define HAVE_UINT64
-/* only used native uint64 in 64 bit machines */
-typedef unsigned long int uint64;
-#else
/* some systems had problems with long long int, thus,
* it is not used.
*/
typedef struct {
unsigned char i[8];
} uint64;
-#endif
-
#if SIZEOF_UNSIGNED_LONG == 4
typedef unsigned long int uint32;
Index: gnutls_num.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_num.c,v
retrieving revision 2.13
diff -u -u -r2.13 gnutls_num.c
--- gnutls_num.c 2 Dec 2002 07:13:35 -0000 2.13
+++ gnutls_num.c 3 Mar 2003 21:50:18 -0000
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
*
- * This file is part of GNUTLS.
+ * This file is part of GNUTLS.
*
* The GNUTLS library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -27,16 +27,8 @@
#include <gnutls_num.h>
#include <gnutls_errors.h>
-
-#ifndef HAVE_UINT64
-
/* This function will set the uint64 x to zero
*/
-int _gnutls_uint64zero( uint64 *x) {
-
- memset( x->i, 0, 8);
- return 0;
-}
/* This function will add one to uint64 x.
* Returns 0 on success, or -1 if the uint64 max limit
@@ -59,8 +51,6 @@
return 0;
}
-#endif /* HAVE_UINT64 */
-
uint32 _gnutls_uint24touint32( uint24 num) {
uint32 ret=0;
@@ -163,34 +153,13 @@
#endif
}
-uint64 _gnutls_conv_uint64( const uint64* data) {
-#ifdef HAVE_UINT64
-# ifndef WORDS_BIGENDIAN
- return byteswap64(*data);
-# else
- return *data;
-# endif /* WORDS_BIGENDIAN */
-#else
- uint64 ret;
-
- memcpy( ret.i, data->i, 8);
- return ret;
-#endif /* HAVE_UINT64 */
-}
-
uint32 _gnutls_uint64touint32( const uint64* num) {
uint32 ret;
-#ifdef HAVE_UINT64
- ret = (uint32) *num;
-
-#else /* no native uint64 */
-
memcpy( &ret, &num->i[4], 4);
-# ifndef WORDS_BIGENDIAN
+#ifndef WORDS_BIGENDIAN
ret = byteswap32(ret);
-# endif
-#endif /* HAVE_UINT64 */
+#endif
return ret;
}
Index: gnutls_num.h
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_num.h,v
retrieving revision 2.13
diff -u -u -r2.13 gnutls_num.h
--- gnutls_num.h 8 Sep 2002 20:48:30 -0000 2.13
+++ gnutls_num.h 3 Mar 2003 21:50:18 -0000
@@ -1,21 +1,21 @@
/*
- * Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2003 Nikos Mavroyanopoulos
*
- * This file is part of GNUTLS.
+ * This file is part of GNUTLS.
*
- * GNUTLS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
*
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <gnutls_int.h>
@@ -37,25 +37,12 @@
uint16 _gnutls_read_uint16( const opaque* data);
uint32 _gnutls_conv_uint32( uint32 data);
uint16 _gnutls_conv_uint16( uint16 data);
-uint64 _gnutls_conv_uint64( const uint64 *data);
uint32 _gnutls_read_uint24( const opaque* data);
void _gnutls_write_uint24( uint32 num, opaque* data);
void _gnutls_write_uint32( uint32 num, opaque* data);
void _gnutls_write_uint16( uint16 num, opaque* data);
uint32 _gnutls_uint64touint32( const uint64*);
-#ifndef HAVE_UINT64
-int _gnutls_uint64zero( uint64 *);
int _gnutls_uint64pp( uint64 *);
+# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
# define UINT64DATA(x) x.i
-
-#else
-# define UINT64DATA(x) &x
-# define rotl64(x,n) (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n))))
-# define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n))))
-# define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL))
-
-# define _gnutls_uint64pp(x) ((++(*x)==0) ? -1 : 0)
-# define _gnutls_uint64zero(x) (*x) = 0
-
-#endif
--6c2NcOVqGQ03X4Wi--