Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:Staging:N
gnutls
gnutls-CVE-2020-13777.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-CVE-2020-13777.patch of Package gnutls
From c2646aeee94e71cb15c90a3147cf3b5b0ca158ca Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@gnu.org> Date: Tue, 2 Jun 2020 20:53:11 +0200 Subject: [PATCH 1/2] stek: differentiate initial state from valid time window of TOTP There was a confusion in the TOTP implementation in stek.c. When the mechanism is initialized at the first time, it records the timestamp but doesn't initialize the key. This removes the timestamp recording at the initialization phase, so the key is properly set later. Signed-off-by: Daiki Ueno <ueno@gnu.org> --- lib/stek.c | 17 +++++------------ tests/resume-with-previous-stek.c | 4 ++-- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/lib/stek.c b/lib/stek.c index 2f885cee37..5ab9e7d2d1 100644 --- a/lib/stek.c +++ b/lib/stek.c @@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con if (unlikely(session == NULL || key == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (session->key.totp.last_result == 0) { - int64_t t; - memcpy(session->key.initial_stek, key->data, key->size); - t = totp_next(session); - if (t < 0) - return gnutls_assert_val(t); + if (unlikely(session->key.totp.last_result != 0)) + return GNUTLS_E_INVALID_REQUEST; - session->key.totp.last_result = t; - session->key.totp.was_rotated = 0; - - return GNUTLS_E_SUCCESS; - } + memcpy(session->key.initial_stek, key->data, key->size); - return GNUTLS_E_INVALID_REQUEST; + session->key.totp.was_rotated = 0; + return 0; } /* diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c index f212b188b9..05c1c90868 100644 --- a/tests/resume-with-previous-stek.c +++ b/tests/resume-with-previous-stek.c @@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio) serverx509cred = NULL; } - if (num_stek_rotations != 2) - fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations); + if (num_stek_rotations != 3) + fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations); if (serverx509cred) gnutls_certificate_free_credentials(serverx509cred); -- 2.25.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor