Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Hello, I would like two fix two issues in jessie: #788704 VIA PadLock accelerated AES-CBC segfaults This pretty much breaks gnutls on VIA processors. GNUTLS-SA-2015-2. This might allow MD5 signatures, although they are disabled by default. (Detailed info in the security tracker) cu Andreas
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .changes but not in first
-----------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/19/9507b75b771cb8812cfc5c8cf71dafdca1df5b.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/2a/a4cffaae3da79a8a598d38c390d3680ed8d4e0.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/3a/de719f2cb8de710a6e76c760ae6f5dd075bb50.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/6a/132f304c835850511dd42e554102c87a2d0a7d.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/6c/3d041458d07b8453df429e0402181a7bd2e028.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/83/ab48a29622fb1eaf335e14e6f56d383c5a9c61.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/9f/818d387ca338b648a60f366308fcf64b28df00.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/a5/5c0ed6fe07f50a219891a2c7ae208841c43058.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/b2/b41fd24df64b4ea7a1d88e14a37214fb80ef9d.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/ba/5cae3e35a26a050d0cfccbc80b81a8a37558e9.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/c4/4292da922a90ca6a10a2a537a255ee3811d410.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/dc/8d343feb72ecaff4fd8d36f4d5d16a4ce61ab4.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/e5/d51af6b35bc09447a83ce5502142d51015ead9.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/e6/0658b27cba00eeff605e9b5f946bbfb34280e8.debug
Files in first .changes but not in second
-----------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/10/71641470893eedfb2ae95761f7a2831487578d.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/3c/00675566a5e060c9ab422431b1f6ace9e3d641.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/40/f65be6b49ba1dd1642c3a70301392728b0fa87.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/59/c0c76a47a76592ba690534af3dd8ed20716910.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/5c/15ca854181b7052a65e0e3c6bb62621e8a4796.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/86/5ba1447f92d3238aaeab5c35384f8d4ddc19f8.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/99/7b28d24819d51167eb04275b0e7781a0553677.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/ad/926b5ff6550801a0e64d7feb12bebb4f19f71b.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/b8/f5d939008965aa0fec40eb47dea7fbd36412e2.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/c4/edae6e65800cadeb0413c787c930f525569125.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/d5/6fdefdf070278c961828fef13aa01e98b0ff68.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/d8/2b478365792d82cde3c23dbba294f2f73aa6bd.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/fc/4f758dce13ac4fe7dadc3dc350d84cbe9bfad6.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/fe/3a9f524b65ebc37a28595af328de4bb9557359.debug
Control files of package gnutls-bin: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-891-] {+892+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package gnutls-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package guile-gnutls: lines which differ (wdiff format)
------------------------------------------------------------------------
Installed-Size: [-357-] {+358+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package libgnutls-deb0-28: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package libgnutls-openssl27: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} libc6 (>= 2.4)
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package libgnutls28-dbg: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1)-] {+3.3.8-6+deb8u2)+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package libgnutls28-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} libgnutlsxx28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev (>= 3.9), libp11-kit-dev, libgnutls-openssl27 (= [-3.3.8-6+deb8u1)-] {+3.3.8-6+deb8u2)+}
Installed-Size: [-2447-] {+2448+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
Control files of package libgnutlsxx28: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} libc6 (>= 2.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1)
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
diff -Nru gnutls28-3.3.8/debian/changelog gnutls28-3.3.8/debian/changelog
--- gnutls28-3.3.8/debian/changelog 2015-04-27 19:40:34.000000000 +0200
+++ gnutls28-3.3.8/debian/changelog 2015-06-20 15:46:27.000000000 +0200
@@ -1,3 +1,19 @@
+gnutls28 (3.3.8-6+deb8u2) jessie; urgency=medium
+
+ * Pull 50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch from
+ upstream version 3.3.12 to fix a crash in VIA PadLock asm. (Thanks, Peter
+ Lebbing). Closes: #788704
+ * Pull 51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
+ 51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
+ 51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch (the
+ latter unfuzzed) from GnuTLS 3.3.15 to fix GNUTLS-SA-2015-2. - A
+ ServerKeyExchange signature sent by the server was not verified to be in
+ the acceptable by the client set of algorithms. That had the effect of
+ allowing MD5 signatures (which are disabled by default) in the
+ ServerKeyExchange message.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jun 2015 15:46:15 +0200
+
gnutls28 (3.3.8-6+deb8u1) jessie; urgency=medium
* Reupload 3.3.8-7 unchanged for first point release:
diff -Nru gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch
--- gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch 2015-06-20 12:14:07.000000000 +0200
@@ -0,0 +1,59 @@
+From 023156ae2504c1911f8f2e66a0ebde316931671c Mon Sep 17 00:00:00 2001
+From: Matthias-Christian Ott <ott@mirix.org>
+Date: Tue, 30 Dec 2014 11:57:36 +0200
+Subject: [PATCH 1/2] Handle zero length plaintext for VIA PadLock functions
+
+If the plaintext is shorter than the block size of the used cipher,
+_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
+textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the
+plaintext length (last parameter) is greater than zero and segfault
+otherwise. The assembler code for both functions is automatically
+generated and imported from OpenSSL, so to ease maintenance the length
+should be validated in the functions that call padlock_ecb_encrypt or
+padlock_cbc_encrypt.
+---
+ lib/accelerated/x86/aes-gcm-padlock.c | 3 ++-
+ lib/accelerated/x86/aes-padlock.c | 6 ++++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c
+index e1ad566..9e92292 100644
+--- a/lib/accelerated/x86/aes-gcm-padlock.c
++++ b/lib/accelerated/x86/aes-gcm-padlock.c
+@@ -54,7 +54,8 @@ static void padlock_aes_encrypt(void *_ctx,
+
+ pce = ALIGN16(&ctx->expanded_key);
+
+- padlock_ecb_encrypt(dst, src, pce, length);
++ if (length > 0)
++ padlock_ecb_encrypt(dst, src, pce, length);
+ }
+
+ static void padlock_aes_set_encrypt_key(struct padlock_ctx *_ctx,
+diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
+index bccbd10..8ed10d8 100644
+--- a/lib/accelerated/x86/aes-padlock.c
++++ b/lib/accelerated/x86/aes-padlock.c
+@@ -132,7 +132,8 @@ padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size,
+
+ pce = ALIGN16(&ctx->expanded_key);
+
+- padlock_cbc_encrypt(dst, src, pce, src_size);
++ if (src_size > 0)
++ padlock_cbc_encrypt(dst, src, pce, src_size);
+
+ return 0;
+ }
+@@ -147,7 +148,8 @@ padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size,
+
+ pcd = ALIGN16(&ctx->expanded_key);
+
+- padlock_cbc_encrypt(dst, src, pcd, src_size);
++ if (src_size > 0)
++ padlock_cbc_encrypt(dst, src, pcd, src_size);
+
+ return 0;
+ }
+--
+2.1.4
+
diff -Nru gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
--- gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch 2015-06-20 12:13:31.000000000 +0200
@@ -0,0 +1,47 @@
+From 1e013f4c660fa79c2398dbcfd4f0e054c724c5ec Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 25 Apr 2015 19:14:07 +0200
+Subject: [PATCH 1/3] _gnutls_session_sign_algo_enabled: do not consider any
+ values from the extension data to decide acceptable algorithms
+
+---
+ lib/ext/signature.c | 18 +-----------------
+ 1 file changed, 1 insertion(+), 17 deletions(-)
+
+diff --git a/lib/ext/signature.c b/lib/ext/signature.c
+index fb971f5..6f3066e 100644
+--- a/lib/ext/signature.c
++++ b/lib/ext/signature.c
+@@ -313,28 +313,12 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session,
+ gnutls_sign_algorithm_t sig)
+ {
+ unsigned i;
+- int ret;
+ const version_entry_st *ver = get_version(session);
+- sig_ext_st *priv;
+- extension_priv_data_t epriv;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+- ret =
+- _gnutls_ext_get_session_data(session,
+- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+- &epriv);
+- if (ret < 0) {
+- gnutls_assert();
+- return 0;
+- }
+- priv = epriv.ptr;
+-
+- if (!_gnutls_version_has_selectable_sighash(ver)
+- || priv->sign_algorithms_size == 0)
+- /* none set, allow all */
+- {
++ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ return 0;
+ }
+
+--
+2.1.4
+
diff -Nru gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
--- gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch 2015-06-20 12:13:31.000000000 +0200
@@ -0,0 +1,37 @@
+From a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 25 Apr 2015 19:34:34 +0200
+Subject: [PATCH 2/3] before falling back to SHA1 as signature algorithm in TLS
+ 1.2 check if it is enabled
+
+---
+ lib/ext/signature.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext/signature.c b/lib/ext/signature.c
+index 6f3066e..5ecc76a 100644
+--- a/lib/ext/signature.c
++++ b/lib/ext/signature.c
+@@ -282,7 +282,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow SHA-1 only */
+ {
+- return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
++ ret = gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
++ if (_gnutls_session_sign_algo_enabled(session, ret) < 0)
++ goto fail;
++ return ret;
+ }
+
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+@@ -301,6 +304,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
+ }
+ }
+
++ fail:
+ return GNUTLS_SIGN_UNKNOWN;
+ }
+
+--
+2.1.4
+
diff -Nru gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch
--- gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch 2015-06-20 13:15:33.000000000 +0200
@@ -0,0 +1,395 @@
+From 3d333e59621f6cf9381c846c405b23d79020d031 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 25 Apr 2015 20:00:04 +0200
+Subject: [PATCH 3/3] tests: added reproducer for the MD5 acceptance issue
+
+Reported by Karthikeyan Bhargavan.
+http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
+
+Conflicts:
+ tests/Makefile.am
+---
+ tests/Makefile.am | 2 +-
+ tests/sign-md5-rep.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 366 insertions(+), 1 deletion(-)
+ create mode 100644 tests/sign-md5-rep.c
+
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -84,7 +84,7 @@ ctests = mini-record-2 simple gc set_pkc
+ mini-cert-status mini-rsa-psk global-init sec-params \
+ fips-test mini-global-load name-constraints x509-extensions \
+ long-session-id mini-x509-callbacks-intr \
+- crlverify init_fds
++ crlverify init_fds sign-md5-rep
+
+ if ENABLE_OCSP
+ ctests += ocsp
+--- /dev/null
++++ b/tests/sign-md5-rep.c
+@@ -0,0 +1,365 @@
++/*
++ * Copyright (C) 2015 Nikos Mavrogiannopoulos
++ *
++ * Author: Nikos Mavrogiannopoulos
++ *
++ * This file is part of GnuTLS.
++ *
++ * GnuTLS is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuTLS is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GnuTLS; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++
++#if defined(_WIN32)
++
++int main()
++{
++ exit(77);
++}
++
++#else
++
++#include <string.h>
++#include <sys/types.h>
++#include <netinet/in.h>
++#include <sys/socket.h>
++#include <sys/wait.h>
++#include <arpa/inet.h>
++#include <unistd.h>
++#include <gnutls/gnutls.h>
++#include <gnutls/dtls.h>
++#include <signal.h>
++
++#include "utils.h"
++
++static void terminate(void);
++
++/* This program tests whether EtM is negotiated as expected.
++ */
++
++static void server_log_func(int level, const char *str)
++{
++ fprintf(stderr, "server|<%d>| %s", level, str);
++}
++
++static void client_log_func(int level, const char *str)
++{
++ fprintf(stderr, "client|<%d>| %s", level, str);
++}
++
++static unsigned char server_cert_pem[] =
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
++ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
++ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
++ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
++ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
++ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
++ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
++ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
++ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
++ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
++ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
++ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
++ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
++
++const gnutls_datum_t server_cert = { server_cert_pem,
++ sizeof(server_cert_pem)
++};
++
++static unsigned char server_key_pem[] =
++ "-----BEGIN RSA PRIVATE KEY-----\n"
++ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
++ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
++ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
++ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
++ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
++ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
++ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
++ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
++ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
++ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
++ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
++ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
++ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
++ "-----END RSA PRIVATE KEY-----\n";
++
++const gnutls_datum_t server_key = { server_key_pem,
++ sizeof(server_key_pem)
++};
++
++
++static int handshake_callback(gnutls_session_t session, unsigned int htype,
++ unsigned post, unsigned int incoming, const gnutls_datum_t *msg)
++{
++ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL);
++ return 0;
++}
++
++
++/* A very basic TLS client, with anonymous authentication.
++ */
++
++#define MAX_BUF 1024
++
++static void client(int fd)
++{
++ int ret;
++ char buffer[MAX_BUF + 1];
++ gnutls_certificate_credentials_t x509_cred;
++ gnutls_session_t session;
++ /* Need to enable anonymous KX specifically. */
++
++ global_init();
++
++ if (debug) {
++ gnutls_global_set_log_function(client_log_func);
++ gnutls_global_set_log_level(7);
++ }
++
++ gnutls_certificate_allocate_credentials(&x509_cred);
++
++ /* Initialize TLS session
++ */
++ gnutls_init(&session, GNUTLS_CLIENT);
++
++ /* Use default priorities */
++ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL);
++
++ /* put the anonymous credentials to the current session
++ */
++ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
++
++ gnutls_transport_set_int(session, fd);
++ gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
++ GNUTLS_HOOK_PRE,
++ handshake_callback);
++
++ /* Perform the TLS handshake
++ */
++ do {
++ ret = gnutls_handshake(session);
++ }
++ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
++
++ if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) {
++ /* success */
++ goto end;
++ }
++
++ if (ret < 0) {
++ fail("client: Handshake failed: %s\n", gnutls_strerror(ret));
++ exit(1);
++ } else {
++ if (debug)
++ success("client: Handshake was completed\n");
++ }
++
++ if (gnutls_sign_algorithm_get(session) == GNUTLS_SIGN_RSA_MD5) {
++ fail("client: MD5 was negotiated\n");
++ exit(1);
++ }
++ success("client: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session)));
++
++ if (debug)
++ success("client: TLS version is: %s\n",
++ gnutls_protocol_get_name
++ (gnutls_protocol_get_version(session)));
++
++ do {
++ do {
++ ret = gnutls_record_recv(session, buffer, MAX_BUF);
++ } while (ret == GNUTLS_E_AGAIN
++ || ret == GNUTLS_E_INTERRUPTED);
++ } while (ret > 0);
++
++ if (ret == 0) {
++ if (debug)
++ success
++ ("client: Peer has closed the TLS connection\n");
++ goto end;
++ } else if (ret < 0) {
++ if (ret != 0) {
++ fail("client: Error: %s\n", gnutls_strerror(ret));
++ exit(1);
++ }
++ }
++
++ gnutls_bye(session, GNUTLS_SHUT_WR);
++
++ end:
++
++ close(fd);
++
++ gnutls_deinit(session);
++
++ gnutls_certificate_free_credentials(x509_cred);
++
++ gnutls_global_deinit();
++}
++
++
++/* These are global */
++pid_t child;
++
++static void terminate(void)
++{
++ kill(child, SIGTERM);
++ exit(1);
++}
++
++static void server(int fd)
++{
++ int ret;
++ char buffer[MAX_BUF + 1];
++ gnutls_session_t session;
++ gnutls_certificate_credentials_t x509_cred;
++ unsigned to_send = sizeof(buffer)/4;
++
++ /* this must be called once in the program
++ */
++ global_init();
++ memset(buffer, 0, sizeof(buffer));
++
++ if (debug) {
++ gnutls_global_set_log_function(server_log_func);
++ gnutls_global_set_log_level(4711);
++ }
++
++ gnutls_certificate_allocate_credentials(&x509_cred);
++ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
++ &server_key,
++ GNUTLS_X509_FMT_PEM);
++
++ gnutls_init(&session, GNUTLS_SERVER);
++
++ /* avoid calling all the priority functions, since the defaults
++ * are adequate.
++ */
++ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL);
++
++ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
++
++ gnutls_transport_set_int(session, fd);
++
++ do {
++ ret = gnutls_handshake(session);
++ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
++ if (ret < 0) {
++ close(fd);
++ gnutls_deinit(session);
++ fail("server: Handshake has failed (%s)\n\n",
++ gnutls_strerror(ret));
++ terminate();
++ }
++
++
++ if (debug) {
++ success("server: Handshake was completed\n");
++ success("server: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session)));
++ }
++
++ if (debug)
++ success("server: TLS version is: %s\n",
++ gnutls_protocol_get_name
++ (gnutls_protocol_get_version(session)));
++
++ do {
++ do {
++ ret =
++ gnutls_record_send(session, buffer,
++ sizeof(buffer));
++ } while (ret == GNUTLS_E_AGAIN
++ || ret == GNUTLS_E_INTERRUPTED);
++
++ if (ret < 0) {
++ fail("Error sending %d byte packet: %s\n", to_send,
++ gnutls_strerror(ret));
++ terminate();
++ }
++ to_send++;
++ }
++ while (to_send < 64);
++
++ to_send = -1;
++ /* do not wait for the peer to close the connection.
++ */
++ gnutls_bye(session, GNUTLS_SHUT_WR);
++
++ close(fd);
++ gnutls_deinit(session);
++
++ gnutls_certificate_free_credentials(x509_cred);
++
++ gnutls_global_deinit();
++
++ if (debug)
++ success("server: finished\n");
++}
++
++static void ch_handler(int sig)
++{
++ int status;
++ wait(&status);
++ if (WEXITSTATUS(status) != 0 ||
++ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
++ if (WIFSIGNALED(status))
++ fail("Child died with sigsegv\n");
++ else
++ fail("Child died with status %d\n",
++ WEXITSTATUS(status));
++ terminate();
++ }
++ return;
++}
++
++void doit(void)
++{
++ int fd[2];
++ int ret;
++
++ signal(SIGCHLD, ch_handler);
++
++ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
++ if (ret < 0) {
++ perror("socketpair");
++ exit(1);
++ }
++
++ child = fork();
++ if (child < 0) {
++ perror("fork");
++ fail("fork");
++ exit(1);
++ }
++
++ if (child) {
++ /* parent */
++ close(fd[1]);
++ client(fd[0]);
++ kill(child, SIGTERM);
++ } else {
++ close(fd[0]);
++ server(fd[1]);
++ exit(0);
++ }
++}
++
++#endif /* _WIN32 */
diff -Nru gnutls28-3.3.8/debian/patches/series gnutls28-3.3.8/debian/patches/series
--- gnutls28-3.3.8/debian/patches/series 2015-04-27 19:34:44.000000000 +0200
+++ gnutls28-3.3.8/debian/patches/series 2015-06-20 13:41:02.000000000 +0200
@@ -9,3 +9,7 @@
40_no_more_ssl3.diff
45_eliminated-double-free.diff
46_Better-fix-for-the-double-free.diff
+50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch
+51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
+51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
+51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch
Attachment:
signature.asc
Description: Digital signature