[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] scratch/tzz/nettle d805ea6: WIP: GnuTLS: no need to wipe I
From: |
Teodor Zlatanov |
Subject: |
[Emacs-diffs] scratch/tzz/nettle d805ea6: WIP: GnuTLS: no need to wipe IV or AUTH |
Date: |
Mon, 17 Apr 2017 19:20:41 -0400 (EDT) |
branch: scratch/tzz/nettle
commit d805ea69f1f635639e90650cf7c4e64e92d72c00
Author: Ted Zlatanov <address@hidden>
Commit: Ted Zlatanov <address@hidden>
WIP: GnuTLS: no need to wipe IV or AUTH
---
src/gnutls.c | 13 ++-----------
test/lisp/net/gnutls-tests.el | 22 ++++++++++++++++++----
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/src/gnutls.c b/src/gnutls.c
index 496d268..79bf802 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1830,9 +1830,6 @@ gnutls_symmetric_aead (bool encrypting,
gnutls_cipher_algorithm_t gca,
storage, &storage_length);
}
- if (!NILP (aead_auth) && STRINGP (XCAR (aead_auth)))
- Fclear_string (XCAR (aead_auth));
-
if (ret < GNUTLS_E_SUCCESS)
{
memset (storage, 0, storage_length);
@@ -1977,8 +1974,6 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
aead_auth);
if (STRINGP (XCAR (key)))
Fclear_string (XCAR (key));
- if (STRINGP (XCAR (iv)))
- Fclear_string (XCAR (iv));
return aead_output;
}
@@ -2029,12 +2024,9 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
if (STRINGP (XCAR (key)))
Fclear_string (XCAR (key));
- if (STRINGP (XCAR (iv)))
- Fclear_string (XCAR (iv));
if (ret < GNUTLS_E_SUCCESS)
{
- Fclear_string (storage);
gnutls_cipher_deinit (hcipher);
const char* str = gnutls_strerror (ret);
if (!str)
@@ -2055,7 +2047,7 @@ DEFUN ("gnutls-symmetric-encrypt",
Fgnutls_symmetric_encrypt, Sgnutls_symmetric_
Returns nil on error. INPUT, KEY, and IV can be strings or buffers or
lists.
-IV, KEY, and AEAD_AUTH will be wiped by the function.
+KEY will be wiped by the function if it's a string.
INPUT and KEY and IV and AEAD_AUTH can be a list in the format
(BUFFER-OR-STRING START END CODING-SYSTEM NOERROR) and
@@ -2082,8 +2074,7 @@ strings. AEAD_AUTH may be a unibyte string or omitted
(nil).
Returns nil on error. INPUT, KEY, and IV can be strings or buffers or
lists.
-IV, KEY, and AEAD_AUTH will be wiped by the function if they are
-strings.
+KEY will be wiped by the function if it's a string.
INPUT and KEY and IV and AEAD_AUTH can be a list in the format
(BUFFER-OR-STRING START END CODING-SYSTEM NOERROR) and
diff --git a/test/lisp/net/gnutls-tests.el b/test/lisp/net/gnutls-tests.el
index dc1c85f..806a961 100644
--- a/test/lisp/net/gnutls-tests.el
+++ b/test/lisp/net/gnutls-tests.el
@@ -94,6 +94,20 @@
(should (plist-get plist prop)))
(should (eq 'gnutls-symmetric-cipher (plist-get plist :type)))))))
+;; (ert-deftest test-gnutls-000-data-extractions ()
+;; "Test the GnuTLS data extractions against the built-in `secure-hash'."
+;; (skip-unless (gnutls-available-p))
+;; (setq gnutls-tests-message-prefix "data extraction: ")
+;; (dolist (input (delete "" gnutls-tests-mondo-strings))
+;; ;; Test buffer extraction
+;; (with-temp-buffer
+;; (insert input)
+;; (dolist (range '((0 1)))
+;; (let ((spec (append (list (current-buffer)) range)))
+;; (should (gnutls-tests-hexstring-equal
+;; (gnutls-hash-digest 'MD5 spec)
+;; (secure-hash 'md5 spec nil nil t))))))))
+
(ert-deftest test-gnutls-001-hashes-internal-digests ()
"Test the GnuTLS hash digests against the built-in `secure-hash'."
(skip-unless (gnutls-available-p))
@@ -198,8 +212,8 @@
(key (gnutls-tests-pad-or-trim key (plist-get cplist
:cipher-keysize)))
(input (gnutls-tests-pad-to-multiple input (plist-get
cplist :cipher-blocksize)))
(iv (gnutls-tests-pad-or-trim iv (plist-get cplist
:cipher-ivsize)))
- (data (gnutls-symmetric-encrypt cplist (copy-sequence key)
(copy-sequence iv) input))
- (reverse (gnutls-symmetric-decrypt cplist (copy-sequence
key) (copy-sequence iv) data)))
+ (data (gnutls-symmetric-encrypt cplist (copy-sequence key)
iv input))
+ (reverse (gnutls-symmetric-decrypt cplist (copy-sequence
key) iv data)))
(gnutls-tests-message "%s %S" cipher cplist)
(gnutls-tests-message "key %S IV %S input %S => hexdata %S and
reverse %S" key iv input (encode-hex-string data) reverse)
(should-not (gnutls-tests-hexstring-equal input data))
@@ -234,8 +248,8 @@
(key (gnutls-tests-pad-or-trim key (plist-get cplist
:cipher-keysize)))
(input (gnutls-tests-pad-to-multiple input (plist-get
cplist :cipher-blocksize)))
(iv (gnutls-tests-pad-or-trim iv (plist-get cplist
:cipher-ivsize)))
- (data (gnutls-symmetric-encrypt cplist (copy-sequence
key) (copy-sequence iv) input (copy-sequence auth)))
- (reverse (gnutls-symmetric-decrypt cplist (copy-sequence
key) (copy-sequence iv) data (copy-sequence auth))))
+ (data (gnutls-symmetric-encrypt cplist (copy-sequence
key) iv input (copy-sequence auth)))
+ (reverse (gnutls-symmetric-decrypt cplist (copy-sequence
key) iv data auth)))
(gnutls-tests-message "%s %S" cipher cplist)
(gnutls-tests-message "key %S IV %S input %S auth %S =>
hexdata %S and reverse %S" key iv input auth (encode-hex-string data) reverse)
(should-not (gnutls-tests-hexstring-equal input data))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] scratch/tzz/nettle d805ea6: WIP: GnuTLS: no need to wipe IV or AUTH,
Teodor Zlatanov <=