[nmav@gnutls.org: Re: [gnutls-dev][andreas.trottmann@werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]]
Andreas U. Trottmann
andreas.trottmann@werft22.com
Wed Mar 5 18:26:01 2003
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by igloo.linux.gr id h24BfkkQ005714
Hello,
The attached patch from Nikos Mavroyanopoulos against gnutnls 0.8.1=20
(to be applied in the "lib" subdirectory) seems to fix the problems=20
for me.
I think it would be a good idea to make a new debian package
incorporating it, until the patch (or something equivalent) is
incorporated in a new upstream release.
A big thanks to Nikos and Ivo for the fast resolution of the problem!
--=20
Andreas Trottmann
Ideen Werft22 GmbH
Tel +41 (0)56 210 91 37
Fax +41 (0)56 210 91 34
Mobile +41 (0)79 229 88 55
Werft22 sdreamt auch an der CeBIT in Hannover vom 12.-19. M=E4rz 2003,
Halle/Stand 011 F15
--0F1p//8PRICkK4MW
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <nmav@gnutls.org>
Received: from crystal.i-net.gr (d95.pat3.nas.panafonet.gr [213.249.24.95])
by reflection.aart.ch (8.12.3/8.12.3/Debian -4) with ESMTP id h2479DeY002369
for <andreas.trottmann@werft22.com>; Tue, 4 Mar 2003 08:09:17 +0100
Received: from nmav by crystal.i-net.gr with local (Exim 3.36 #1 (Debian))
id 18q6Yv-0001tI-00
for <andreas.trottmann@werft22.com>; Tue, 04 Mar 2003 09:10:05 +0200
Date: Tue, 4 Mar 2003 09:10:05 +0200
From: Nikos Mavroyanopoulos <nmav@gnutls.org>
To: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>
Subject: Re: [gnutls-dev][andreas.trottmann@werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]
Message-ID: <20030304071005.GA3836@gnutls.org>
References: <20030303175148.GB16706@juarez> <20030303215524.GA1421@gnutls.org> <20030303220637.GA12433@gnutls.org> <20030303230902.GA11769@clockwork.aart.ch>
Mime-Version: 1.0
X-Security: MIME headers sanitized on reflection
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.138 $Date: 2003-01-26 11:25:54-08
X-Security: The postmaster has not enabled quarantine of poisoned messages.
Content-Type: multipart/mixed; boundary="liOOAslEiF7prFVr"
Content-Disposition: inline
In-Reply-To: <20030303230902.GA11769@clockwork.aart.ch>
X-PGP-KeyID: B15C37D1
X-Request-PGP: finger:nmav@members.hellug.gr
User-Agent: Mutt/1.5.3i
Sender: Nikos Mavroyanopoulos <nmav@gnutls.org>
X-AntiVirus: scanned for viruses by AMaViS 0.2.0-pre6 (http://aachalon.de/AMaViS/)
X-Spam-Status: No, hits=-5.2 required=7.0
tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,PATCH_UNIFIED_DIFF,
QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_02_03,USER_AGENT,
USER_AGENT_MUTT
version=2.44
--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Tue, Mar 04, 2003 at 12:09:44AM +0100, Andreas U. Trottmann wrote:
> > I attach a working patch.
> Thank you very much for your fast reaction! Unfortunately, it doesn't
> help...
> gnutls 0.5.1 patched with the attached patch compiles cleanly, but using
> the patched library results in immediate failure:
> Using gnutls-cli immediately exits (after the first connection) with
Ooops. Yes there was a problem with this patch. I attach you a
corrected one, which was tested except for alpha (actually now the
code for 64 bit arithmetic is the same for both 32 bit and 64 bit
machines).
> --
> Andreas Trottmann
> Ideen Werft22 GmbH
> Tel +41 (0)56 210 91 37
> Fax +41 (0)56 210 91 34
> Mobile +41 (0)79 229 88 55
--
Nikos Mavroyanopoulos
--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="diff2"
Index: defines.h
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/defines.h,v
retrieving revision 2.22
diff -u -u -r2.22 defines.h
--- defines.h 9 Jan 2003 21:52:41 -0000 2.22
+++ defines.h 4 Mar 2003 07:04:12 -0000
@@ -96,19 +96,12 @@
#define SIZEOF_UNSIGNED_LONG_INT SIZEOF_UNSIGNED_LONG
-#if SIZEOF_UNSIGNED_LONG == 8
-# define HAVE_UINT64
-/* only used native uint64 in 64 bit machines */
-typedef unsigned long int uint64;
-#else
/* some systems had problems with long long int, thus,
* it is not used.
*/
typedef struct {
unsigned char i[8];
} uint64;
-#endif
-
#if SIZEOF_UNSIGNED_LONG == 4
typedef unsigned long int uint32;
Index: gnutls_cipher.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_cipher.c,v
retrieving revision 2.65
diff -u -u -r2.65 gnutls_cipher.c
--- gnutls_cipher.c 3 Mar 2003 16:08:21 -0000 2.65
+++ gnutls_cipher.c 4 Mar 2003 07:04:13 -0000
@@ -241,7 +241,6 @@
uint8 MAC[MAX_HASH_SIZE];
uint16 c_length;
uint8 pad;
- uint64 seq_num;
int length,ret;
GNUTLS_MAC_HANDLE td;
uint8 type = _type;
@@ -271,11 +270,9 @@
}
c_length = _gnutls_conv_uint16(compressed.size);
- seq_num =
- _gnutls_conv_uint64(&session->connection_state.write_sequence_number);
if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */
- _gnutls_hmac(td, UINT64DATA(seq_num), 8);
+ _gnutls_hmac(td, UINT64DATA(session->connection_state.write_sequence_number), 8);
_gnutls_hmac(td, &type, 1);
if ( ver != GNUTLS_SSL3) { /* TLS 1.0 only */
@@ -332,7 +329,6 @@
uint8 MAC[MAX_HASH_SIZE];
uint16 c_length;
uint8 pad;
- uint64 seq_num;
uint16 length;
GNUTLS_MAC_HANDLE td;
uint16 blocksize;
@@ -431,13 +427,12 @@
c_length = _gnutls_conv_uint16((uint16) length);
- seq_num = _gnutls_conv_uint64( &session->connection_state.read_sequence_number);
/* Pass the type, version, length and compressed through
* MAC.
*/
if (td != GNUTLS_MAC_FAILED) {
- _gnutls_hmac(td, UINT64DATA(seq_num), 8);
+ _gnutls_hmac(td, UINT64DATA(session->connection_state.read_sequence_number), 8);
_gnutls_hmac(td, &type, 1);
if ( ver != GNUTLS_SSL3) { /* TLS 1.0 only */
Index: gnutls_constate.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_constate.c,v
retrieving revision 2.33
diff -u -u -r2.33 gnutls_constate.c
--- gnutls_constate.c 20 Jan 2003 16:46:20 -0000 2.33
+++ gnutls_constate.c 4 Mar 2003 07:04:14 -0000
@@ -450,7 +450,7 @@
int mac_size;
int rc;
- _gnutls_uint64zero(&session->connection_state.read_sequence_number);
+ _gnutls_uint64zero(session->connection_state.read_sequence_number);
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
@@ -632,7 +632,7 @@
int mac_size;
int rc;
- _gnutls_uint64zero(&session->connection_state.write_sequence_number);
+ _gnutls_uint64zero(session->connection_state.write_sequence_number);
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
Index: gnutls_num.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_num.c,v
retrieving revision 2.13
diff -u -u -r2.13 gnutls_num.c
--- gnutls_num.c 2 Dec 2002 07:13:35 -0000 2.13
+++ gnutls_num.c 4 Mar 2003 07:04:17 -0000
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
*
- * This file is part of GNUTLS.
+ * This file is part of GNUTLS.
*
* The GNUTLS library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -27,16 +27,8 @@
#include <gnutls_num.h>
#include <gnutls_errors.h>
-
-#ifndef HAVE_UINT64
-
/* This function will set the uint64 x to zero
*/
-int _gnutls_uint64zero( uint64 *x) {
-
- memset( x->i, 0, 8);
- return 0;
-}
/* This function will add one to uint64 x.
* Returns 0 on success, or -1 if the uint64 max limit
@@ -59,8 +51,6 @@
return 0;
}
-#endif /* HAVE_UINT64 */
-
uint32 _gnutls_uint24touint32( uint24 num) {
uint32 ret=0;
@@ -163,34 +153,13 @@
#endif
}
-uint64 _gnutls_conv_uint64( const uint64* data) {
-#ifdef HAVE_UINT64
-# ifndef WORDS_BIGENDIAN
- return byteswap64(*data);
-# else
- return *data;
-# endif /* WORDS_BIGENDIAN */
-#else
- uint64 ret;
-
- memcpy( ret.i, data->i, 8);
- return ret;
-#endif /* HAVE_UINT64 */
-}
-
uint32 _gnutls_uint64touint32( const uint64* num) {
uint32 ret;
-#ifdef HAVE_UINT64
- ret = (uint32) *num;
-
-#else /* no native uint64 */
-
memcpy( &ret, &num->i[4], 4);
-# ifndef WORDS_BIGENDIAN
+#ifndef WORDS_BIGENDIAN
ret = byteswap32(ret);
-# endif
-#endif /* HAVE_UINT64 */
+#endif
return ret;
}
Index: gnutls_num.h
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_num.h,v
retrieving revision 2.13
diff -u -u -r2.13 gnutls_num.h
--- gnutls_num.h 8 Sep 2002 20:48:30 -0000 2.13
+++ gnutls_num.h 4 Mar 2003 07:04:17 -0000
@@ -1,21 +1,21 @@
/*
- * Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2003 Nikos Mavroyanopoulos
*
- * This file is part of GNUTLS.
+ * This file is part of GNUTLS.
*
- * GNUTLS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
*
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <gnutls_int.h>
@@ -37,25 +37,12 @@
uint16 _gnutls_read_uint16( const opaque* data);
uint32 _gnutls_conv_uint32( uint32 data);
uint16 _gnutls_conv_uint16( uint16 data);
-uint64 _gnutls_conv_uint64( const uint64 *data);
uint32 _gnutls_read_uint24( const opaque* data);
void _gnutls_write_uint24( uint32 num, opaque* data);
void _gnutls_write_uint32( uint32 num, opaque* data);
void _gnutls_write_uint16( uint16 num, opaque* data);
uint32 _gnutls_uint64touint32( const uint64*);
-#ifndef HAVE_UINT64
-int _gnutls_uint64zero( uint64 *);
int _gnutls_uint64pp( uint64 *);
+# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
# define UINT64DATA(x) x.i
-
-#else
-# define UINT64DATA(x) &x
-# define rotl64(x,n) (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n))))
-# define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n))))
-# define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL))
-
-# define _gnutls_uint64pp(x) ((++(*x)==0) ? -1 : 0)
-# define _gnutls_uint64zero(x) (*x) = 0
-
-#endif
--liOOAslEiF7prFVr--
--0F1p//8PRICkK4MW--