|
|
127c81 |
diff -ur gnutls-3.1.18.orig/lib/gnutls_ecc.c gnutls-3.1.18/lib/gnutls_ecc.c
|
|
|
127c81 |
--- gnutls-3.1.18.orig/lib/gnutls_ecc.c 2013-04-02 22:27:35.000000000 +0200
|
|
|
127c81 |
+++ gnutls-3.1.18/lib/gnutls_ecc.c 2014-01-02 09:13:27.383415863 +0100
|
|
|
127c81 |
@@ -129,6 +129,12 @@
|
|
|
9199b3 |
goto cleanup;
|
|
|
9199b3 |
}
|
|
|
9199b3 |
params->params_nr++;
|
|
|
9199b3 |
+
|
|
|
9199b3 |
+ if (_gnutls_mpi_get_nbits(params->params[ECC_PRIME]) < 256)
|
|
|
9199b3 |
+ {
|
|
|
9199b3 |
+ ret = gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
|
|
|
9199b3 |
+ goto cleanup;
|
|
|
9199b3 |
+ }
|
|
|
9199b3 |
|
|
|
9199b3 |
val_size = sizeof(val);
|
|
|
9199b3 |
ret = _gnutls_hex2bin(st->order, strlen(st->order), val, &val_size);
|
|
|
127c81 |
diff -ur gnutls-3.1.18.orig/lib/gnutls_priority.c gnutls-3.1.18/lib/gnutls_priority.c
|
|
|
127c81 |
--- gnutls-3.1.18.orig/lib/gnutls_priority.c 2013-11-19 18:36:38.000000000 +0100
|
|
|
127c81 |
+++ gnutls-3.1.18/lib/gnutls_priority.c 2014-01-02 09:13:27.384415875 +0100
|
|
|
127c81 |
@@ -245,8 +245,6 @@
|
|
|
127c81 |
}
|
|
|
127c81 |
|
|
|
127c81 |
static const int supported_ecc_normal[] = {
|
|
|
127c81 |
- GNUTLS_ECC_CURVE_SECP192R1,
|
|
|
127c81 |
- GNUTLS_ECC_CURVE_SECP224R1,
|
|
|
127c81 |
GNUTLS_ECC_CURVE_SECP256R1,
|
|
|
127c81 |
GNUTLS_ECC_CURVE_SECP384R1,
|
|
|
127c81 |
GNUTLS_ECC_CURVE_SECP521R1,
|
|
|
127c81 |
diff -ur gnutls-3.1.18.orig/lib/nettle/ecc_mulmod_cached.c gnutls-3.1.18/lib/nettle/ecc_mulmod_cached.c
|
|
|
127c81 |
--- gnutls-3.1.18.orig/lib/nettle/ecc_mulmod_cached.c 2013-04-02 22:27:35.000000000 +0200
|
|
|
127c81 |
+++ gnutls-3.1.18/lib/nettle/ecc_mulmod_cached.c 2014-01-02 10:26:08.425986981 +0100
|
|
|
127c81 |
@@ -42,6 +42,7 @@
|
|
|
9199b3 |
|
|
|
9199b3 |
/* global cache */
|
|
|
9199b3 |
static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache = NULL;
|
|
|
9199b3 |
+static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache_last = NULL;
|
|
|
9199b3 |
|
|
|
9199b3 |
/* free single cache entry */
|
|
|
9199b3 |
static void
|
|
|
127c81 |
@@ -63,13 +64,15 @@
|
|
|
9199b3 |
gnutls_ecc_curve_cache_entry_t *p = ecc_wmnaf_cache;
|
|
|
9199b3 |
if (p)
|
|
|
9199b3 |
{
|
|
|
9199b3 |
- for (; p->id != GNUTLS_ECC_CURVE_INVALID; ++p)
|
|
|
9199b3 |
+ for (; p <= ecc_wmnaf_cache_last; ++p)
|
|
|
9199b3 |
{
|
|
|
9199b3 |
- _ecc_wmnaf_cache_entry_free (p);
|
|
|
9199b3 |
+ if (p->id != GNUTLS_ECC_CURVE_INVALID)
|
|
|
9199b3 |
+ _ecc_wmnaf_cache_entry_free (p);
|
|
|
9199b3 |
}
|
|
|
9199b3 |
|
|
|
9199b3 |
free (ecc_wmnaf_cache);
|
|
|
127c81 |
ecc_wmnaf_cache = NULL;
|
|
|
127c81 |
+ ecc_wmnaf_cache_last = NULL;
|
|
|
127c81 |
}
|
|
|
127c81 |
}
|
|
|
127c81 |
|
|
|
127c81 |
@@ -198,7 +201,7 @@
|
|
|
9199b3 |
const gnutls_ecc_curve_t *p;
|
|
|
9199b3 |
|
|
|
9199b3 |
ret = (gnutls_ecc_curve_cache_entry_t *)
|
|
|
9199b3 |
- malloc (MAX_ALGOS * sizeof (gnutls_ecc_curve_cache_entry_t));
|
|
|
9199b3 |
+ calloc (MAX_ALGOS, sizeof (gnutls_ecc_curve_cache_entry_t));
|
|
|
9199b3 |
if (ret == NULL)
|
|
|
9199b3 |
return GNUTLS_E_MEMORY_ERROR;
|
|
|
9199b3 |
|
|
|
127c81 |
@@ -207,12 +210,16 @@
|
|
|
9199b3 |
|
|
|
9199b3 |
for (j = 0; *p; ++p, ++j)
|
|
|
9199b3 |
{
|
|
|
9199b3 |
- if ((err = _ecc_wmnaf_cache_entry_init (ret + *p - 1, *p)) != 0)
|
|
|
9199b3 |
+ gnutls_ecc_curve_cache_entry_t *entry;
|
|
|
9199b3 |
+
|
|
|
9199b3 |
+ entry = ret + *p - 1;
|
|
|
9199b3 |
+ if ((err = _ecc_wmnaf_cache_entry_init (entry, *p)) != 0)
|
|
|
9199b3 |
goto done;
|
|
|
9199b3 |
+ if (ecc_wmnaf_cache_last < entry)
|
|
|
9199b3 |
+ ecc_wmnaf_cache_last = entry;
|
|
|
9199b3 |
}
|
|
|
9199b3 |
|
|
|
9199b3 |
- /* nullify last cache entry id */
|
|
|
9199b3 |
- ret[j].id = GNUTLS_ECC_CURVE_INVALID;
|
|
|
9199b3 |
+ /* no need to nullify last cache entry id, done by calloc */
|
|
|
9199b3 |
|
|
|
9199b3 |
err = GNUTLS_E_SUCCESS;
|
|
|
9199b3 |
|
|
|
127c81 |
@@ -223,11 +230,13 @@
|
|
|
9199b3 |
int i;
|
|
|
9199b3 |
for (i = 0; i < j; ++i)
|
|
|
9199b3 |
{
|
|
|
9199b3 |
- _ecc_wmnaf_cache_entry_free (ret + i);
|
|
|
9199b3 |
+ --p;
|
|
|
9199b3 |
+ _ecc_wmnaf_cache_entry_free (ret + *p - 1);
|
|
|
9199b3 |
}
|
|
|
9199b3 |
|
|
|
9199b3 |
free (ret);
|
|
|
127c81 |
ecc_wmnaf_cache = NULL;
|
|
|
127c81 |
+ ecc_wmnaf_cache_last = NULL;
|
|
|
127c81 |
}
|
|
|
127c81 |
return err;
|
|
|
127c81 |
}
|
|
|
127c81 |
@@ -445,9 +454,11 @@
|
|
|
9199b3 |
if (k == NULL || G == NULL || R == NULL || modulus == NULL)
|
|
|
9199b3 |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
|
9199b3 |
|
|
|
9199b3 |
- for (i = 0; (id = ecc_wmnaf_cache[i].id); ++i)
|
|
|
9199b3 |
+ for (i = 0; ecc_wmnaf_cache + i <= ecc_wmnaf_cache_last; ++i)
|
|
|
9199b3 |
{
|
|
|
9199b3 |
- if (!(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) &&
|
|
|
9199b3 |
+ id = ecc_wmnaf_cache[i].id;
|
|
|
9199b3 |
+ if (id &&
|
|
|
9199b3 |
+ !(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) &&
|
|
|
9199b3 |
!(mpz_cmp (G->y, ecc_wmnaf_cache[i].pos[0]->y)))
|
|
|
9199b3 |
{
|
|
|
9199b3 |
break;
|
|
|
127c81 |
diff -ur gnutls-3.1.18.orig/tests/mini-xssl.c gnutls-3.1.18/tests/mini-xssl.c
|
|
|
127c81 |
--- gnutls-3.1.18.orig/tests/mini-xssl.c 2013-05-30 08:50:22.000000000 +0200
|
|
|
127c81 |
+++ gnutls-3.1.18/tests/mini-xssl.c 2014-01-02 09:13:27.384415875 +0100
|
|
|
9199b3 |
@@ -27,7 +27,8 @@
|
|
|
9199b3 |
#include <stdio.h>
|
|
|
9199b3 |
#include <stdlib.h>
|
|
|
9199b3 |
|
|
|
9199b3 |
-#if defined(_WIN32)
|
|
|
9199b3 |
+/* uses unsupported curves */
|
|
|
9199b3 |
+#if 1
|
|
|
9199b3 |
|
|
|
9199b3 |
int main()
|
|
|
9199b3 |
{
|
|
|
127c81 |
diff -ur gnutls-3.1.18.orig/tests/pkcs12_simple.c gnutls-3.1.18/tests/pkcs12_simple.c
|
|
|
127c81 |
--- gnutls-3.1.18.orig/tests/pkcs12_simple.c 2013-05-21 20:27:20.000000000 +0200
|
|
|
127c81 |
+++ gnutls-3.1.18/tests/pkcs12_simple.c 2014-01-02 09:13:27.384415875 +0100
|
|
|
127c81 |
@@ -50,6 +50,9 @@
|
|
|
9199b3 |
gnutls_x509_privkey_t pkey;
|
|
|
9199b3 |
int ret;
|
|
|
9199b3 |
|
|
|
9199b3 |
+ /* uses unsupported curves */
|
|
|
9199b3 |
+ exit(77);
|
|
|
9199b3 |
+
|
|
|
9199b3 |
ret = global_init ();
|
|
|
9199b3 |
if (ret < 0)
|
|
|
9199b3 |
fail ("global_init failed %d\n", ret);
|