rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS gnutls-3.8.10-3.el9

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-30 10:30:09 -04:00
parent 522f359629
commit 23d35acffc
21 changed files with 2398 additions and 4850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,3 +1,4 @@
SOURCES/gmp-6.2.1.tar.xz
SOURCES/gnutls-3.8.3.tar.xz
SOURCES/gnutls-3.8.3.tar.xz.sig
SOURCES/gnutls-3.8.10.tar.xz
SOURCES/gnutls-3.8.10.tar.xz.sig
SOURCES/leancrypto-1.5.0.tar.gz

5
.gnutls.metadata
View File

@ -1,3 +1,4 @@
0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz
806156ac9563caab642d6274496b9cc5b2117612 SOURCES/gnutls-3.8.3.tar.xz
dd7822b360953108a86dc3dbc7d07214563cc678 SOURCES/gnutls-3.8.3.tar.xz.sig
cdd236faa328ac3ad9c80a1c745461a75dcbc41b SOURCES/gnutls-3.8.10.tar.xz
adfe4a10d0a148ac7bd4b183d2d33ce23c428901 SOURCES/gnutls-3.8.10.tar.xz.sig
749aad01194f16924737d354711a9978471bdad8 SOURCES/leancrypto-1.5.0.tar.gz

29
SOURCES/gnutls-3.7.3-fips-dsa-post.patch
View File

@ -1,29 +0,0 @@
From 0a29639ad24072afbd79b2ceede9976e51b9e2af Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 1 Jul 2022 16:46:07 +0900
Subject: [PATCH] fips: don't run POST for DSA
Signed-off-by: rpm-build <<rpm-build>>
---
lib/fips.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/lib/fips.c b/lib/fips.c
index 656d43e..c776690 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -523,11 +523,6 @@ int _gnutls_fips_perform_self_checks2(void)
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
}
- ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA);
- if (ret < 0) {
- return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
- }
-
ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
if (ret < 0) {
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
--
2.36.1

109
SOURCES/gnutls-3.7.6-fips-sha1-sigver.patch
View File

@ -1,109 +0,0 @@
From cc7473a9ea185e072ab1bae0903c77bd7d7cf5bc Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 20 Nov 2023 07:45:42 +0900
Subject: [PATCH] gnutls-3.7.6-fips-sha1-sigver.patch
Signed-off-by: rpm-build <rpm-build>
---
lib/nettle/pk.c | 13 +++++--------
lib/pubkey.c | 3 ---
tests/fips-test.c | 8 ++++----
3 files changed, 9 insertions(+), 15 deletions(-)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 4ddfcff..36a7c24 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1609,10 +1609,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
if (hash_len > vdata->size)
hash_len = vdata->size;
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
- * mode */
switch (DIG_TO_MAC(sign_params->dsa_dig)) {
- case GNUTLS_MAC_SHA1:
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
@@ -1683,8 +1680,8 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
* 2048-bit or one of the known lengths (1024, 1280,
* 1536, 1792; i.e., multiple of 256-bits).
*
- * In addition to this, only SHA-1 and SHA-2 are allowed
- * for SigVer; it is checked in _pkcs1_rsa_verify_sig in
+ * In addition to this, only SHA-2 is allowed for
+ * SigVer; it is checked in _pkcs1_rsa_verify_sig in
* lib/pubkey.c.
*/
if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
@@ -1730,9 +1727,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
}
/* RSA modulus size should be 2048-bit or larger in FIPS
- * 140-3. In addition to this, only SHA-1 and SHA-2 are
- * allowed for SigVer, while Nettle only supports
- * SHA256, SHA384, and SHA512 for RSA-PSS (see
+ * 140-3. In addition to this, only SHA-2 is allowed
+ * for SigVer, while Nettle only supports SHA256,
+ * SHA384, and SHA512 for RSA-PSS (see
* _rsa_pss_verify_digest in this file for the details).
*/
if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) {
diff --git a/lib/pubkey.c b/lib/pubkey.c
index 1139ad9..714806a 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -2452,10 +2452,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
d.size = digest_size;
if (pk == GNUTLS_PK_RSA) {
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
- * mode */
switch (me->id) {
- case GNUTLS_MAC_SHA1:
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
diff --git a/tests/fips-test.c b/tests/fips-test.c
index 180da05..09120c1 100644
--- a/tests/fips-test.c
+++ b/tests/fips-test.c
@@ -596,7 +596,7 @@ void doit(void)
}
FIPS_POP_CONTEXT(NOT_APPROVED);
- /* Verify a signature created with 2432-bit RSA and SHA-1; approved */
+ /* Verify a signature created with 2432-bit RSA and SHA-1; not approved */
FIPS_PUSH_CONTEXT();
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1,
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
@@ -604,7 +604,7 @@ void doit(void)
if (ret < 0) {
fail("gnutls_pubkey_verify_data2 failed\n");
}
- FIPS_POP_CONTEXT(APPROVED);
+ FIPS_POP_CONTEXT(NOT_APPROVED);
gnutls_free(signature.data);
gnutls_pubkey_deinit(pubkey);
gnutls_privkey_deinit(privkey);
@@ -708,7 +708,7 @@ void doit(void)
}
FIPS_POP_CONTEXT(NOT_APPROVED);
- /* Verify a signature created with ECDSA and SHA-1; approved */
+ /* Verify a signature created with ECDSA and SHA-1; not approved */
FIPS_PUSH_CONTEXT();
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1,
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
@@ -716,7 +716,7 @@ void doit(void)
if (ret < 0) {
fail("gnutls_pubkey_verify_data2 failed\n");
}
- FIPS_POP_CONTEXT(APPROVED);
+ FIPS_POP_CONTEXT(NOT_APPROVED);
gnutls_free(signature.data);
/* Create a signature with ECDSA and SHA-1 (old API); not approved */
--
2.41.0

189
SOURCES/gnutls-3.7.6-gmp-static.patch
View File

@ -1,189 +0,0 @@
From 3c931abeb7e9bbf744cde83fbaaf3bb011107834 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 19 Aug 2022 12:32:27 +0900
Subject: [PATCH] build: allow GMP to be statically linked
Even though we set the custom allocator[1] to zeroize sensitive data,
it can be easily invalidated if the application sets its own custom
allocator. An approach to prevent that is to link against a static
library of GMP, so the use of GMP is privatized and the custom
allocator configuration is not shared with other applications.
This patch allows libgnutls to be linked with the static library of
GMP. Note that, to this work libgmp.a needs to be compiled with -fPIC
and libhogweed in Nettle is also linked to the static library of GMP.
1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
configure.ac | 14 +++++++++++++-
lib/fips.c | 18 +++++++++++++++++-
lib/fipshmac.c | 2 ++
lib/global.c | 2 ++
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index f81d93edc0..b38583c554 100644
--- a/configure.ac
+++ b/configure.ac
@@ -786,6 +786,8 @@ LIBS=$save_LIBS
AM_CONDITIONAL([NEED_SIV_GCM], [test "$ac_cv_func_nettle_siv_gcm_encrypt_message" != yes])
# Check sonames of the linked libraries needed for FIPS selftests.
+save_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $GMP_CFLAGS"
save_LIBS=$LIBS
LIBS="$LIBS $GMP_LIBS"
AC_MSG_CHECKING([gmp soname])
@@ -799,9 +801,14 @@ if test -z "$gmp_so"; then
gmp_so=none
fi
AC_MSG_RESULT($gmp_so)
-AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
+if test "$gmp_so" != none; then
+ AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
+fi
LIBS=$save_LIBS
+CFLAGS=$save_CFLAGS
+save_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $NETTLE_CFLAGS"
save_LIBS=$LIBS
LIBS="$LIBS $NETTLE_LIBS"
AC_MSG_CHECKING([nettle soname])
@@ -817,7 +824,11 @@ fi
AC_MSG_RESULT($nettle_so)
AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library])
LIBS=$save_LIBS
+CFLAGS=$save_CFLAGS
+save_CFLAGS=$CFLAGS
+# <nettle/bignum.h> includes <gmp.h>
+CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS"
save_LIBS=$LIBS
LIBS="$LIBS $HOGWEED_LIBS"
AC_MSG_CHECKING([hogweed soname])
@@ -833,6 +844,7 @@ fi
AC_MSG_RESULT($hogweed_so)
AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library])
LIBS=$save_LIBS
+CFLAGS=$save_CFLAGS
gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"`
AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library])
diff --git a/lib/fips.c b/lib/fips.c
index e337221267..c1859709da 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -157,7 +157,11 @@ void _gnutls_fips_mode_reset_zombie(void)
#define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME
#define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME
#define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME
+
+/* GMP can be statically linked. */
+#ifdef GMP_LIBRARY_SONAME
#define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME
+#endif
#define HMAC_SIZE 32
#define HMAC_ALGO GNUTLS_MAC_SHA256
@@ -173,14 +177,18 @@ struct hmac_file {
struct hmac_entry gnutls;
struct hmac_entry nettle;
struct hmac_entry hogweed;
+#ifdef GMP_LIBRARY_SONAME
struct hmac_entry gmp;
+#endif
};
struct lib_paths {
char gnutls[GNUTLS_PATH_MAX];
char nettle[GNUTLS_PATH_MAX];
char hogweed[GNUTLS_PATH_MAX];
+#ifdef GMP_LIBRARY_SONAME
char gmp[GNUTLS_PATH_MAX];
+#endif
};
/*
@@ -244,8 +252,10 @@ static int handler(void *user, const char *section, const char *name,
return lib_handler(&p->nettle, section, name, value);
} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
return lib_handler(&p->hogweed, section, name, value);
+#ifdef GMP_LIBRARY_SONAME
} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
return lib_handler(&p->gmp, section, name, value);
+#endif
} else {
return 0;
}
@@ -393,8 +403,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
+#ifdef GMP_LIBRARY_SONAME
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+#endif
return 0;
}
@@ -415,10 +427,12 @@ static int load_lib_paths(struct lib_paths *paths)
_gnutls_debug_log("Hogweed library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#ifdef GMP_LIBRARY_SONAME
if (paths->gmp[0] == '\0') {
_gnutls_debug_log("Gmp library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#endif
return GNUTLS_E_SUCCESS;
}
@@ -471,9 +485,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
if (ret < 0)
return ret;
- ret = check_lib_hmac(&hmac.gmp, paths.gmp);
+#ifdef GMP_LIBRARY_SONAME
+ ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
if (ret < 0)
return ret;
+#endif
return 0;
}
diff --git a/lib/fipshmac.c b/lib/fipshmac.c
index 51f38f18e5..6a4883a131 100644
--- a/lib/fipshmac.c
+++ b/lib/fipshmac.c
@@ -107,8 +107,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
return print_lib(path, soname);
if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
return print_lib(path, soname);
+#ifdef GMP_LIBRARY_SONAME
if (!strcmp(soname, GMP_LIBRARY_SONAME))
return print_lib(path, soname);
+#endif
return 0;
}
diff --git a/lib/global.c b/lib/global.c
index 924ec945de..c197fd0e5f 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -564,7 +564,9 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
+#ifdef GMP_LIBRARY_SONAME
{ "libgmp-soname", GMP_LIBRARY_SONAME },
+#endif
{ "hardware-features", HW_FEATURES },
{ "tls-features", TLS_FEATURES },
{ "default-system-config", SYSTEM_PRIORITY_FILE },
--
2.41.0

27
SOURCES/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
View File

@ -1,27 +0,0 @@
From 7d98e7768f3e4e1f981f76e27338ae7118ee2c39 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 22 Jan 2024 15:17:04 +0900
Subject: [PATCH] gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
---
tests/gnutls_ktls.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
index ccbe566..8b8992d 100644
--- a/tests/gnutls_ktls.c
+++ b/tests/gnutls_ktls.c
@@ -347,10 +347,8 @@ void doit(void)
{
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
- run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305");
#if defined(__linux__)
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-CCM");
--
2.43.0

1630
SOURCES/gnutls-3.8.10-CVE-2025-14831.patch Normal file
View File

File diff suppressed because it is too large Load Diff

411
SOURCES/gnutls-3.8.10-CVE-2025-9820.patch Normal file
View File

@ -0,0 +1,411 @@
From f23de850c8f37bd498bbdb1adc491ee05614ca11 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 6 Feb 2026 15:43:54 +0100
Subject: [PATCH 1/2] tests/pkcs11/pkcs11-mock4: add, modified for 3.8.10
---
tests/Makefile.am | 6 ++
tests/pkcs11/pkcs11-mock4.c | 125 ++++++++++++++++++++++++++++++++++++
2 files changed, 131 insertions(+)
create mode 100644 tests/pkcs11/pkcs11-mock4.c
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9e5c7de84..62c4ec2f9 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -358,6 +358,11 @@ libpkcs11mock3_la_SOURCES = pkcs11/pkcs11-mock3.c
libpkcs11mock3_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version
libpkcs11mock3_la_LIBADD = ../gl/libgnu.la
+noinst_LTLIBRARIES += libpkcs11mock4.la
+libpkcs11mock4_la_SOURCES = pkcs11/pkcs11-mock4.c
+libpkcs11mock4_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version
+libpkcs11mock4_la_LIBADD = ../gl/libgnu.la
+
pkcs11_cert_import_url_exts_SOURCES = pkcs11/pkcs11-cert-import-url-exts.c
pkcs11_cert_import_url_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la
@@ -655,6 +660,7 @@ TESTS_ENVIRONMENT += \
P11MOCKLIB1=$(abs_builddir)/.libs/libpkcs11mock1.so \
P11MOCKLIB2=$(abs_builddir)/.libs/libpkcs11mock2.so \
P11MOCKLIB3=$(abs_builddir)/.libs/libpkcs11mock3.so \
+ P11MOCKLIB4=$(abs_builddir)/.libs/libpkcs11mock4.so \
PKCS12_MANY_CERTS_FILE=$(srcdir)/cert-tests/data/pkcs12_5certs.p12 \
PKCS12FILE=$(srcdir)/cert-tests/data/client.p12 \
PKCS12PASSWORD=foobar \
diff --git a/tests/pkcs11/pkcs11-mock4.c b/tests/pkcs11/pkcs11-mock4.c
new file mode 100644
index 000000000..a6dd21cdd
--- /dev/null
+++ b/tests/pkcs11/pkcs11-mock4.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2025 Red Hat, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <dlfcn.h>
+#include <p11-kit/pkcs11.h>
+#include <p11-kit/pkcs11x.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include "softhsm.h"
+
+/* This provides a mock PKCS #11 module that delegates all the
+ * operations to SoftHSM except that it returns CKR_CANT_LOCK upon
+ * C_Initialize if CKF_OS_LOCKING_OK is set.
+ */
+
+static void *dl;
+static CK_C_Initialize base_C_Initialize;
+static CK_FUNCTION_LIST override_funcs;
+
+#ifdef __sun
+#pragma fini(mock_deinit)
+#pragma init(mock_init)
+#define _CONSTRUCTOR
+#define _DESTRUCTOR
+#else
+#define _CONSTRUCTOR __attribute__((constructor))
+#define _DESTRUCTOR __attribute__((destructor))
+#endif
+
+#define LOCK_FLAGS (CKF_LIBRARY_CANT_CREATE_OS_THREADS | CKF_OS_LOCKING_OK)
+
+static CK_RV override_C_Initialize(void *args)
+{
+ CK_C_INITIALIZE_ARGS *init_args = args;
+ static bool first = true;
+
+ // we don't have threadsafe initialization/fallback in 3.8.10...
+ /*
+ if (first) {
+ assert(init_args &&
+ (init_args->flags & LOCK_FLAGS) == LOCK_FLAGS);
+ first = false;
+ return CKR_CANT_LOCK;
+ } else {
+ assert(!init_args ||
+ (init_args->flags & LOCK_FLAGS) != LOCK_FLAGS);
+ }
+ */
+ // ... so we expect 3.8.10 behaviour
+ assert(first);
+ assert(init_args);
+ assert(!(init_args->flags & LOCK_FLAGS) != LOCK_FLAGS);
+ first = false;
+
+ return base_C_Initialize(args);
+}
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST **function_list)
+{
+ CK_C_GetFunctionList func;
+ CK_FUNCTION_LIST *funcs;
+
+ assert(dl);
+
+ func = dlsym(dl, "C_GetFunctionList");
+ if (func == NULL) {
+ return CKR_GENERAL_ERROR;
+ }
+
+ func(&funcs);
+
+ base_C_Initialize = funcs->C_Initialize;
+
+ memcpy(&override_funcs, funcs, sizeof(CK_FUNCTION_LIST));
+ override_funcs.C_Initialize = override_C_Initialize;
+ *function_list = &override_funcs;
+
+ return CKR_OK;
+}
+
+static _CONSTRUCTOR void mock_init(void)
+{
+ const char *lib;
+
+ /* suppress compiler warning */
+ (void)set_softhsm_conf;
+
+ lib = softhsm_lib();
+
+ dl = dlopen(lib, RTLD_NOW);
+ if (dl == NULL)
+ exit(77);
+}
+
+static _DESTRUCTOR void mock_deinit(void)
+{
+ dlclose(dl);
+}
--
2.52.0
From 87fc01fb853911e412e0fe238b069a68376ad8de Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 18 Nov 2025 13:17:55 +0900
Subject: [PATCH 2/2] pkcs11: avoid stack overwrite when initializing a token
If gnutls_pkcs11_token_init is called with label longer than 32
characters, the internal storage used to blank-fill it would
overflow. This adds a guard to prevent that.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/pkcs11_write.c | 5 +-
tests/Makefile.am | 4 +-
tests/pkcs11/long-label.c | 164 ++++++++++++++++++++++++++++++++++++++
3 files changed, 170 insertions(+), 3 deletions(-)
create mode 100644 tests/pkcs11/long-label.c
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index f5e9058e0..64b85a2df 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -28,6 +28,7 @@
#include "pkcs11x.h"
#include "x509/common.h"
#include "pk.h"
+#include "minmax.h"
static const ck_bool_t tval = 1;
static const ck_bool_t fval = 0;
@@ -1172,7 +1173,7 @@ int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags)
* gnutls_pkcs11_token_init:
* @token_url: A PKCS #11 URL specifying a token
* @so_pin: Security Officer's PIN
- * @label: A name to be used for the token
+ * @label: A name to be used for the token, at most 32 characters
*
* This function will initialize (format) a token. If the token is
* at a factory defaults state the security officer's PIN given will be
@@ -1210,7 +1211,7 @@ int gnutls_pkcs11_token_init(const char *token_url, const char *so_pin,
/* so it seems memset has other uses than zeroing! */
memset(flabel, ' ', sizeof(flabel));
if (label != NULL)
- memcpy(flabel, label, strlen(label));
+ memcpy(flabel, label, MIN(sizeof(flabel), strlen(label)));
rv = pkcs11_init_token(module, slot, (uint8_t *)so_pin, strlen(so_pin),
(uint8_t *)flabel);
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 62c4ec2f9..0e4d04342 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -508,13 +508,15 @@ pathbuf_CPPFLAGS = $(AM_CPPFLAGS) \
if ENABLE_PKCS11
if !WINDOWS
ctests += tls13/post-handshake-with-cert-pkcs11 pkcs11/tls-neg-pkcs11-no-key \
- global-init-override pkcs11/distrust-after
+ global-init-override pkcs11/distrust-after pkcs11/long-label
tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES = libpkcs11mock2.la libutils.la
tls13_post_handshake_with_cert_pkcs11_LDADD = $(LDADD) $(LIBDL)
pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES = libpkcs11mock2.la libutils.la
pkcs11_tls_neg_pkcs11_no_key_LDADD = $(LDADD) $(LIBDL)
pkcs11_distrust_after_DEPENDENCIES = libpkcs11mock3.la libutils.la
pkcs11_distrust_after_LDADD = $(LDADD) $(LIBDL)
+pkcs11_long_label_DEPENDENCIES = libpkcs11mock4.la libutils.la
+pkcs11_long_label_LDADD = $(LDADD) $(LIBDL)
endif
endif
diff --git a/tests/pkcs11/long-label.c b/tests/pkcs11/long-label.c
new file mode 100644
index 000000000..a70bc9728
--- /dev/null
+++ b/tests/pkcs11/long-label.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright (C) 2025 Red Hat, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#if defined(_WIN32)
+
+int main(void)
+{
+ exit(77);
+}
+
+#else
+
+#include <string.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+
+#include "cert-common.h"
+#include "pkcs11/softhsm.h"
+#include "utils.h"
+
+/* This program tests that a token can be initialized with
+ * a label longer than 32 characters.
+ */
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "server|<%d>| %s", level, str);
+}
+
+#define PIN "1234"
+
+#define CONFIG_NAME "softhsm-long-label"
+#define CONFIG CONFIG_NAME ".config"
+
+static int pin_func(void *userdata, int attempt, const char *url,
+ const char *label, unsigned flags, char *pin,
+ size_t pin_max)
+{
+ if (attempt == 0) {
+ strcpy(pin, PIN);
+ return 0;
+ }
+ return -1;
+}
+
+static void test(const char *provider)
+{
+ int ret;
+ size_t i;
+
+ gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+
+ success("test with %s\n", provider);
+
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ /* point to SoftHSM token that libpkcs11mock4.so internally uses */
+ setenv(SOFTHSM_ENV, CONFIG, 1);
+
+ gnutls_pkcs11_set_pin_function(pin_func, NULL);
+
+ ret = gnutls_pkcs11_add_provider(provider, "trusted");
+ if (ret != 0) {
+ fail("gnutls_pkcs11_add_provider: %s\n", gnutls_strerror(ret));
+ }
+
+ /* initialize softhsm token */
+ ret = gnutls_pkcs11_token_init(
+ SOFTHSM_URL, PIN,
+ "this is a very long label whose length exceeds 32");
+ if (ret < 0) {
+ fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret));
+ }
+
+ for (i = 0;; i++) {
+ char *url = NULL;
+
+ ret = gnutls_pkcs11_token_get_url(i, 0, &url);
+ if (ret < 0)
+ break;
+ if (strstr(url,
+ "token=this%20is%20a%20very%20long%20label%20whose"))
+ break;
+ }
+ if (ret < 0)
+ fail("gnutls_pkcs11_token_get_url: %s\n", gnutls_strerror(ret));
+
+ gnutls_pkcs11_deinit();
+}
+
+void doit(void)
+{
+ const char *bin;
+ const char *lib;
+ char buf[128];
+
+ if (gnutls_fips140_mode_enabled())
+ exit(77);
+
+ /* this must be called once in the program */
+ global_init();
+
+ /* we call gnutls_pkcs11_init manually */
+ gnutls_pkcs11_deinit();
+
+ /* check if softhsm module is loadable */
+ lib = softhsm_lib();
+
+ /* initialize SoftHSM token that libpkcs11mock4.so internally uses */
+ bin = softhsm_bin();
+
+ set_softhsm_conf(CONFIG);
+ snprintf(buf, sizeof(buf),
+ "%s --init-token --slot 0 --label test --so-pin " PIN
+ " --pin " PIN,
+ bin);
+ system(buf);
+
+ test(lib);
+
+ lib = getenv("P11MOCKLIB4");
+ if (lib == NULL) {
+ fail("P11MOCKLIB4 is not set\n");
+ }
+
+ set_softhsm_conf(CONFIG);
+ snprintf(buf, sizeof(buf),
+ "%s --init-token --slot 0 --label test --so-pin " PIN
+ " --pin " PIN,
+ bin);
+ system(buf);
+
+ test(lib);
+}
+#endif /* _WIN32 */
--
2.52.0

20
SOURCES/gnutls-3.8.3-keyupdate.patch → SOURCES/gnutls-3.8.10-keyupdate.patch
View File

@ -1,4 +1,4 @@
From 3f5dd79d8abd40193ab3ce9b3ee9a30bf77b34ba Mon Sep 17 00:00:00 2001
From 5376a0cabf94314316005e6bf411ffcc7628b386 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 22 Jul 2025 10:49:33 +0900
Subject: [PATCH 1/3] key_update: fix state transition in KTLS code path
@ -22,10 +22,10 @@ index d37f79a550..ebc75addec 100644
session->internals.record_key_update_buffer.data,
session->internals.record_key_update_buffer
--
2.50.1
GitLab
From fee06c4ac19129e0f5f4b639919a4ff244bf174c Mon Sep 17 00:00:00 2001
From 30c264b661d49d135ef342426c6c4cd853209c06 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 31 Jul 2025 15:34:48 +0900
Subject: [PATCH 2/3] constate: switch epoch lookup to linear search
@ -119,10 +119,10 @@ index ca253a2bea..b091d891ff 100644
_gnutls_record_log("REC[%p]: End of epoch cleanup\n", session);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index e9ec36d585..cc5d965593 100644
index 539486bc7d..e083520055 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -860,9 +860,6 @@ typedef struct {
@@ -876,9 +876,6 @@ typedef struct {
/* The epoch that the next handshake will initialize. */
uint16_t epoch_next;
@ -133,10 +133,10 @@ index e9ec36d585..cc5d965593 100644
* moved here from internals in order to be restored
* on resume;
--
2.50.1
GitLab
From 0d25525656d3bcf2d8ca9d17d5ebe7cb738ed4c2 Mon Sep 17 00:00:00 2001
From 1d830baac2f8a08a40b13e9eecfcc64ad032e7b5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 19 Jul 2025 07:08:24 +0900
Subject: [PATCH 3/3] key_update: rework the rekeying logic
@ -158,10 +158,10 @@ Signed-off-by: Daiki Ueno <ueno@gnu.org>
2 files changed, 47 insertions(+), 27 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index cc5d965593..a7684f75c1 100644
index e083520055..f3caea1170 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1652,7 +1652,7 @@ typedef struct {
@@ -1672,7 +1672,7 @@ typedef struct {
} internals_st;
/* Maximum number of epochs we keep around. */
@ -291,5 +291,5 @@ index 41243651b5..beee1dc41a 100644
return gnutls_assert_val(ret);
--
2.50.1
GitLab

51
SOURCES/gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch Normal file
View File

@ -0,0 +1,51 @@
commit b493de9ba31636de2f3b0c1dafab39b6412550bd
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Nov 19 10:46:52 2025 +0100
Revert "pkcs12: enable PBMAC1 by default in FIPS mode"
This reverts commit e52c7ca885798c40efb4ed6505e0690fc38c7dde.
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index a71f3ee561..18aae0bd49 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -997,12 +997,6 @@ int gnutls_pkcs12_generate_mac3(gnutls_pkcs12_t pkcs12,
if (me->oid == NULL)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- /* Enable PBMAC1 by default in FIPS mode; otherwise the MAC
- * calculation will be FIPS non-compliant.
- */
- if (_gnutls_fips_mode_enabled())
- flags |= GNUTLS_PKCS12_USE_PBMAC1;
-
/* Generate the salt.
*/
salt.data = salt_data;
diff --git a/tests/cert-tests/pkcs12-pbmac1.sh b/tests/cert-tests/pkcs12-pbmac1.sh
index 0c2a16b52c..ef72c0a1c4 100644
--- a/tests/cert-tests/pkcs12-pbmac1.sh
+++ b/tests/cert-tests/pkcs12-pbmac1.sh
@@ -109,21 +109,6 @@ if test ${rc} != 0; then
exit 1
fi
-# check if PBMAC1 is used by default in FIPS mode
-if test "$GNUTLS_FORCE_FIPS_MODE" = 1; then
- ${VALGRIND} "$CERTTOOL" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "$srcdir/../certs/cert-ecc256.pem" --load-privkey "$srcdir/../certs/ecc256.pem" --outder --outfile "$TMPFILE" >/dev/null
- rc=$?
- if test $rc != 0; then
- echo "PKCS12 FATAL encoding"
- exit 1
- fi
- ${VALGRIND} "$CERTTOOL" -d 99 --p12-info --inder --password 1234 \
- --infile "$TMPFILE" | grep "^ MAC: PBMAC1" || {
- echo "Generated PKCS12 file doesn't use PBMAC1 in FIPS mode"
- exit 1
- }
-fi
-
rm -rf "${testdir}"
exit 0

75
SOURCES/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch Normal file
View File

@ -0,0 +1,75 @@
commit bf374b4151c7f6cf4b94e9eb911ceb730904a44c
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Nov 19 10:48:51 2025 +0100
Revert "fips: Allow SigVer only with RSA keys with modulus >= 2048 bits"
This reverts commit da1df0a3167ec96605fed267d97f9081cf498eec.
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 5986a410c2..d14efbaaf0 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -2474,12 +2474,16 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
bits = mpz_sizeinbase(pub.n, 2);
- /* In FIPS 140-3, RSA key size should be larger than 2048-bit.
+ /* In FIPS 140-3, RSA key size should be larger than
+ * 2048-bit or one of the known lengths (1024, 1280,
+ * 1536, 1792; i.e., multiple of 256-bits).
+ *
* In addition to this, only SHA-2 is allowed
* for SigVer; it is checked in _pkcs1_rsa_verify_sig in
* lib/pubkey.c.
*/
- if (unlikely(bits < 2048)) {
+ if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
+ bits != 1536 && bits != 1792)) {
not_approved = true;
}
diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
index 61a76d3c09..d134a35f8c 100644
--- a/tests/fips-rsa-sizes.c
+++ b/tests/fips-rsa-sizes.c
@@ -250,24 +250,35 @@ void doit(void)
assert(gnutls_fips140_context_init(&fips_context) == 0);
+ /* 512-bit RSA: no generate, no sign, no verify */
generate_unsuccessfully(&privkey, &pubkey, 512);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 512-bit RSA again (to be safer about going in and out of FIPS) */
generate_unsuccessfully(&privkey, &pubkey, 512);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 600-bit RSA: no generate, no sign, no verify */
generate_unsuccessfully(&privkey, &pubkey, 600);
sign_verify_unsuccessfully(privkey, pubkey);
+
+ /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 768);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 1024-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1024);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 1280-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1280);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */
generate_unsuccessfully(&privkey, &pubkey, 1500);
sign_verify_unsuccessfully(privkey, pubkey);
+ /* 1536-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1536);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 1792-bit RSA exception: nogenerate, nosign, verify */
generate_unsuccessfully(&privkey, &pubkey, 1792);
- sign_verify_unsuccessfully(privkey, pubkey);
+ nosign_verify(privkey, pubkey);
+ /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */
generate_unsuccessfully(&privkey, &pubkey, 2000);
sign_verify_unsuccessfully(privkey, pubkey);

114
SOURCES/gnutls-3.8.10-tests-ktls.patch Normal file
View File

@ -0,0 +1,114 @@
From e0eb2bbb212a5c9d72311c59e7235832a0075dcc Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 9 Jul 2025 18:54:48 +0900
Subject: [PATCH] add tests/ktls_utils.h
Signed-off-by: rpm-build <rpm-build>
---
tests/ktls_utils.h | 94 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
create mode 100644 tests/ktls_utils.h
diff --git a/tests/ktls_utils.h b/tests/ktls_utils.h
new file mode 100644
index 0000000..231618d
--- /dev/null
+++ b/tests/ktls_utils.h
@@ -0,0 +1,94 @@
+#ifndef GNUTLS_TESTS_KTLS_UTILS_H
+#define GNUTLS_TESTS_KTLS_UTILS_H
+
+#include <fcntl.h>
+#include <signal.h>
+
+#include <netinet/in.h>
+
+#include <sys/socket.h>
+#include <sys/wait.h>
+
+/* Sets the NONBLOCK flag on the socket(fd) */
+inline static int set_nonblocking(int fd)
+{
+ int flags = fcntl(fd, F_GETFL, 0);
+ if (flags == -1) {
+ return 1;
+ }
+
+ if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
+ return 2;
+ }
+
+ return 0;
+}
+
+/* Creates a pair of TCP connected sockets */
+static int create_socket_pair(int *client_fd, int *server_fd)
+{
+ int ret;
+ struct sockaddr_in saddr;
+ socklen_t addrlen;
+ int listener;
+
+ listener = socket(AF_INET, SOCK_STREAM, 0);
+ if (listener == -1) {
+ fail("error in listener(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ int opt = 0;
+ setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+
+ memset(&saddr, 0, sizeof(saddr));
+ saddr.sin_family = AF_INET;
+ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ saddr.sin_port = 0;
+
+ ret = bind(listener, (struct sockaddr *)&saddr, sizeof(saddr));
+ if (ret == -1) {
+ fail("error in bind(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ addrlen = sizeof(saddr);
+ ret = getsockname(listener, (struct sockaddr *)&saddr, &addrlen);
+ if (ret == -1) {
+ fail("error in getsockname(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ ret = listen(listener, 1);
+ if (ret == -1) {
+ fail("error in listen(): %s\n", strerror(errno));
+ close(listener);
+ return 1;
+ }
+
+ *client_fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (*client_fd < 0) {
+ fail("error in socket(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ ret = connect(*client_fd, (struct sockaddr *)&saddr, addrlen);
+ if (ret < 0) {
+ fail("error in connect(): %s\n", strerror(errno));
+ close(listener);
+ close(*client_fd);
+ return 1;
+ }
+
+ *server_fd = accept(listener, NULL, NULL);
+ if (*server_fd < 0) {
+ fail("error in accept(): %s\n", strerror(errno));
+ close(listener);
+ close(*client_fd);
+ return 1;
+ }
+
+ return 0;
+}
+
+#endif //GNUTLS_TESTS_KTLS_UTILS_H
--
2.49.0

40
SOURCES/gnutls-3.8.3-cve-2025-32988.patch
View File

@ -1,40 +0,0 @@
From f1fe8d2a7669c4cdcdaaabd8969d358040c142ad Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 7 Jul 2025 10:44:12 +0900
Subject: [PATCH] x509: avoid double free when exporting othernames in SAN
Previously, the _gnutls_write_new_othername function, called by
gnutls_x509_ext_export_subject_alt_names to export "otherName" in a
certificate's SAN extension, freed the caller allocated ASN.1
structure upon error, resulting in a potential double-free.
Reported by OpenAI Security Research Team.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/x509/extensions.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 6c2da8fd10..e8be12eaf5 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -754,7 +754,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
result = asn1_write_value(ext, name2, oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
@@ -763,7 +762,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
result = asn1_write_value(ext, name2, data, data_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
--
2.50.0

32
SOURCES/gnutls-3.8.3-cve-2025-32989.patch
View File

@ -1,32 +0,0 @@
From 639a551c6d4707c7fb880412d695dbdd31f60cf3 Mon Sep 17 00:00:00 2001
From: Andrew Hamilton <adhamilt@gmail.com>
Date: Mon, 7 Jul 2025 10:23:59 +0900
Subject: [PATCH] x509: fix read buffer overrun in SCT timestamps
Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct
when processing x509 Signed Certificate Timestamps with certain
malformed data. Spotted by oss-fuzz at:
https://issues.oss-fuzz.com/issues/42530513
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/x509/x509_ext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index ad3af1430a..9a36f3536b 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -3759,7 +3759,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext,
}
length = _gnutls_read_uint16(scts_content.data);
- if (length < 4) {
+ if (length < 4 || length > scts_content.size) {
gnutls_free(scts_content.data);
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
--
2.50.0

2092
SOURCES/gnutls-3.8.3-cve-2025-32990.patch
View File

File diff suppressed because it is too large Load Diff

282
SOURCES/gnutls-3.8.3-cve-2025-6395.patch
View File

@ -1,282 +0,0 @@
From 853a64f5e92bedd2ebf97baadba39f2d2bfa95ef Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 7 Jul 2025 11:15:45 +0900
Subject: [PATCH] handshake: clear HSK_PSK_SELECTED is when resetting binders
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
second Client Hello omits PSK, the server would result in a NULL
pointer dereference as the PSK binder information is cleared while the
HSK_PSK_SELECTED flag is still set. This makes sure that
HSK_PSK_SELECTED flag is always cleared when the PSK binders are
reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
only during a handshake; after that, whether PSK is used can be
checked with gnutls_auth_client_get_type.
Reported by Stefan Bühler.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
.gitignore | 1 +
lib/handshake.c | 25 +++-
lib/state.c | 4 +-
tests/Makefile.am | 2 +
tests/tls13/hello_retry_request_psk.c | 173 ++++++++++++++++++++++++++
5 files changed, 201 insertions(+), 4 deletions(-)
create mode 100644 tests/tls13/hello_retry_request_psk.c
diff --git a/lib/handshake.c b/lib/handshake.c
index 722307be7c..489d021945 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -589,9 +589,28 @@ static int set_auth_types(gnutls_session_t session)
/* Under TLS1.3 this returns a KX which matches the negotiated
* groups from the key shares; if we are resuming then the KX seen
* here doesn't match the original session. */
- if (!session->internals.resumed)
- kx = gnutls_kx_get(session);
- else
+ if (!session->internals.resumed) {
+ const gnutls_group_entry_st *group = get_group(session);
+
+ if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+ if (group) {
+ kx = group->pk == GNUTLS_PK_DH ?
+ GNUTLS_KX_DHE_PSK :
+ GNUTLS_KX_ECDHE_PSK;
+ } else {
+ kx = GNUTLS_KX_PSK;
+ }
+ } else if (group) {
+ /* Not necessarily be RSA, but just to
+ * make _gnutls_map_kx_get_cred below
+ * work.
+ */
+ kx = group->pk == GNUTLS_PK_DH ?
+ GNUTLS_KX_DHE_RSA :
+ GNUTLS_KX_ECDHE_RSA;
+ } else
+ kx = GNUTLS_KX_UNKNOWN;
+ } else
kx = GNUTLS_KX_UNKNOWN;
} else {
/* TLS1.2 or earlier, kx is associated with ciphersuite */
diff --git a/lib/state.c b/lib/state.c
index ec514c0cd2..10ec0eadb6 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -202,7 +202,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
const gnutls_group_entry_st *group = get_group(session);
if (ver->tls13_sem) {
- if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+ if (gnutls_auth_client_get_type(session) ==
+ GNUTLS_CRD_PSK) {
if (group) {
if (group->pk == GNUTLS_PK_DH)
return GNUTLS_KX_DHE_PSK;
@@ -349,6 +350,7 @@ void reset_binders(gnutls_session_t session)
_gnutls_free_temp_key_datum(&session->key.binders[0].psk);
_gnutls_free_temp_key_datum(&session->key.binders[1].psk);
memset(session->key.binders, 0, sizeof(session->key.binders));
+ session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
}
/* Check whether certificate credentials of type @cert_type are set
diff --git a/tests/Makefile.am b/tests/Makefile.am
index babf3be108..f6a16552d1 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -128,6 +128,8 @@ ctests += tls13/hello_retry_request
ctests += tls13/hello_retry_request_resume
+ctests += tls13/hello_retry_request_psk
+
ctests += tls13/psk-ext
ctests += tls13/key_update
diff --git a/tests/tls13/hello_retry_request_psk.c b/tests/tls13/hello_retry_request_psk.c
new file mode 100644
index 0000000000..a20cb0d965
--- /dev/null
+++ b/tests/tls13/hello_retry_request_psk.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2017-2025 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#include <string.h>
+#include <gnutls/gnutls.h>
+#include <assert.h>
+
+#include "cert-common.h"
+#include "utils.h"
+#include "tls13/ext-parse.h"
+#include "eagain-common.h"
+
+/* This program exercises the case where a TLS 1.3 handshake ends up
+ * with HRR, and the first CH includes PSK while the 2nd CH omits
+ * it */
+
+const char *testname = "hello entry request";
+
+const char *side = "";
+
+#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__)
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+struct ctx_st {
+ unsigned hrr_seen;
+ unsigned hello_counter;
+};
+
+static int pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t *key)
+{
+ if (debug)
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
+}
+
+static int hello_callback(gnutls_session_t session, unsigned int htype,
+ unsigned post, unsigned int incoming,
+ const gnutls_datum_t *msg)
+{
+ struct ctx_st *ctx = gnutls_session_get_ptr(session);
+ assert(ctx != NULL);
+
+ if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST)
+ ctx->hrr_seen = 1;
+
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+ if (post == GNUTLS_HOOK_POST)
+ ctx->hello_counter++;
+ else {
+ /* Unset the PSK credential to omit the extension */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL);
+ }
+ }
+
+ return 0;
+}
+
+void doit(void)
+{
+ int sret, cret;
+ gnutls_psk_server_credentials_t scred;
+ gnutls_psk_client_credentials_t ccred;
+ gnutls_certificate_credentials_t ccred2;
+ gnutls_session_t server, client;
+ /* Need to enable anonymous KX specifically. */
+ const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
+
+ struct ctx_st ctx;
+ memset(&ctx, 0, sizeof(ctx));
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(9);
+
+ /* Init server */
+ assert(gnutls_psk_allocate_server_credentials(&scred) >= 0);
+ gnutls_psk_set_server_credentials_function(scred, pskfunc);
+
+ gnutls_init(&server, GNUTLS_SERVER);
+
+ assert(gnutls_priority_set_direct(
+ server,
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK",
+ NULL) >= 0);
+
+ gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0);
+ gnutls_psk_set_client_credentials(ccred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+ assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0);
+
+ assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_KEY_SHARE_TOP) >= 0);
+
+ gnutls_session_set_ptr(client, &ctx);
+
+ cret = gnutls_priority_set_direct(
+ client,
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK",
+ NULL);
+ if (cret < 0)
+ myfail("cannot set TLS 1.3 priorities\n");
+
+ gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY,
+ GNUTLS_HOOK_BOTH, hello_callback);
+
+ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ assert(ctx.hrr_seen != 0);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_psk_free_server_credentials(scred);
+ gnutls_psk_free_client_credentials(ccred);
+ gnutls_certificate_free_credentials(ccred2);
+
+ gnutls_global_deinit();
+ reset_buffers();
+}
--
2.50.0

418
SOURCES/gnutls-3.8.3-deterministic-ecdsa-fixes.patch
View File

@ -1,418 +0,0 @@
From 1c4701ffc342259fc5965d5a0de90d87f780e3e5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jan 2024 17:56:58 +0900
Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA
This removes function calls that potentially leak bit-length of a
private key used to calculate a nonce in deterministic ECDSA. Namely:
- _gnutls_dsa_compute_k has been rewritten to work on always
zero-padded mp_limb_t arrays instead of mpz_t
- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
by a byte array instead of an mpz_t value
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/int/dsa-compute-k.c | 70 +++++++++++++++++++++----------
lib/nettle/int/dsa-compute-k.h | 23 +++++++++-
lib/nettle/int/ecdsa-compute-k.c | 28 +++----------
lib/nettle/int/ecdsa-compute-k.h | 4 +-
lib/nettle/pk.c | 65 +++++++++++++++++++++-------
tests/sign-verify-deterministic.c | 2 +-
6 files changed, 127 insertions(+), 65 deletions(-)
diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
index 8ff5739c2b..2fcb2bb80e 100644
--- a/lib/nettle/int/dsa-compute-k.c
+++ b/lib/nettle/int/dsa-compute-k.c
@@ -31,19 +31,30 @@
#include "mpn-base256.h"
#include <string.h>
-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+/* For mini-gmp */
+#ifndef GMP_LIMB_BITS
+#define GMP_LIMB_BITS GMP_NUMB_BITS
+#endif
-/* The maximum size of q, chosen from the fact that we support
- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
- * maximum. */
-#define MAX_Q_BITS 521
-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+static inline int is_zero_limb(mp_limb_t x)
+{
+ x |= (x << 1);
+ return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
+}
+
+static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
+{
+ volatile mp_limb_t w;
+ mp_size_t i;
-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+ for (i = 0, w = 0; i < n; i++)
+ w |= ap[i];
-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ return is_zero_limb(w);
+}
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
gnutls_mac_algorithm_t mac, const uint8_t *digest,
size_t length)
{
@@ -51,9 +62,6 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
uint8_t K[MAX_HASH_SIZE];
uint8_t xp[MAX_Q_SIZE];
uint8_t tp[MAX_Q_SIZE];
- mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)];
- mp_bitcnt_t q_bits = mpz_sizeinbase(q, 2);
- mp_size_t qn = mpz_size(q);
mp_bitcnt_t h_bits = length * 8;
mp_size_t hn = BITS_TO_LIMBS(h_bits);
size_t nbytes = (q_bits + 7) / 8;
@@ -62,6 +70,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
mp_limb_t cy;
gnutls_hmac_hd_t hd;
int ret = 0;
+ mp_limb_t scratch[MAX_Q_LIMBS];
if (unlikely(q_bits > MAX_Q_BITS))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -69,7 +78,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* int2octets(x) */
- mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
+ mpn_get_base256(xp, nbytes, x, qn);
/* bits2octets(h) */
mpn_set_base256(h, hn, digest, length);
@@ -93,12 +102,12 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
}
- cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
+ cy = mpn_sub_n(h, h, q, qn);
/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
#ifdef mpn_cnd_add_n
- mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
+ mpn_cnd_add_n(cy, h, h, q, qn);
#else
- mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
+ mpn_addmul_1(h, q, qn, cy != 0);
#endif
mpn_get_base256(tp, nbytes, h, qn);
@@ -174,12 +183,8 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
if (tlen * 8 > q_bits)
mpn_rshift(h, h, qn, tlen * 8 - q_bits);
/* Check if k is in [1,q-1] */
- if (!mpn_zero_p(h, qn) &&
- mpn_cmp(h, mpz_limbs_read(q), qn) < 0) {
- mpn_copyi(mpz_limbs_write(k, qn), h, qn);
- mpz_limbs_finish(k, qn);
+ if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
break;
- }
ret = gnutls_hmac_init(&hd, mac, K, length);
if (ret < 0)
@@ -203,3 +208,24 @@ out:
return ret;
}
+
+/* cancel-out dsa_sign's addition of 1 to random data */
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ /* Fall back to sub_1, if nettle is linked with mini-gmp. */
+#ifdef mpn_sec_sub_1
+ mp_limb_t t[MAX_Q_LIMBS];
+
+ mpn_sec_sub_1(h, h, n, 1, t);
+#else
+ mpn_sub_1(h, h, n, 1);
+#endif
+ mpn_get_base256(k, nbytes, h, n);
+}
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ mpn_get_base256(k, nbytes, h, n);
+}
diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
index 49d243acb4..2f0667a01e 100644
--- a/lib/nettle/int/dsa-compute-k.h
+++ b/lib/nettle/int/dsa-compute-k.h
@@ -26,8 +26,29 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+
+/* The maximum size of q, chosen from the fact that we support
+ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
+ * maximum. */
+#define MAX_Q_BITS 521
+#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
+#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+
+#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
+#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+
+#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
gnutls_mac_algorithm_t mac, const uint8_t *digest,
size_t length);
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
#endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
index 3b7f886160..4e25235c40 100644
--- a/lib/nettle/int/ecdsa-compute-k.c
+++ b/lib/nettle/int/ecdsa-compute-k.c
@@ -29,38 +29,38 @@
#include "dsa-compute-k.h"
#include "gnutls_int.h"
-static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)
{
switch (curve) {
#ifdef ENABLE_NON_SUITEB_CURVES
case GNUTLS_ECC_CURVE_SECP192R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
"146BC9B1B4D22831",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP224R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
"E0B8F03E13DD29455C5C2A3D",
16);
return 0;
#endif
case GNUTLS_ECC_CURVE_SECP256R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFF00000000FFFFFFFFFFFFFFFF"
"BCE6FAADA7179E84F3B9CAC2FC632551",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP384R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFC7634D81F4372DDF"
"581A0DB248B0A77AECEC196ACCC52973",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP521R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFA51868783BF2F966B7FCC0148F709A"
@@ -73,19 +73,3 @@ static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
}
-
-int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x,
- gnutls_mac_algorithm_t mac, const uint8_t *digest,
- size_t length)
-{
- mpz_t q;
- int ret;
-
- ret = _gnutls_ecc_curve_to_dsa_q(&q, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_dsa_compute_k(k, q, x, mac, digest, length);
- mpz_clear(q);
- return ret;
-}
diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h
index be8beddb5d..207685763f 100644
--- a/lib/nettle/int/ecdsa-compute-k.h
+++ b/lib/nettle/int/ecdsa-compute-k.h
@@ -26,8 +26,6 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x,
- gnutls_mac_algorithm_t mac, const uint8_t *digest,
- size_t length);
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve);
#endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 305548f4d1..dd6b9936a8 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -103,10 +103,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t *data)
}
}
-static void rnd_mpz_func(void *_ctx, size_t length, uint8_t *data)
+static void rnd_datum_func(void *ctx, size_t length, uint8_t *data)
{
- mpz_t *k = _ctx;
- nettle_mpz_get_str_256(length, data, *k);
+ gnutls_datum_t *d = ctx;
+
+ if (length > d->size) {
+ memset(data, 0, length - d->size);
+ memcpy(data + (length - d->size), d->data, d->size);
+ } else {
+ memcpy(data, d->data, length);
+ }
}
static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t *data)
@@ -1403,7 +1409,10 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_signature sig;
int curve_id = pk_params->curve;
const struct ecc_curve *curve;
- mpz_t k;
+ mpz_t q;
+ /* 521-bit elliptic curve generator at maximum */
+ uint8_t buf[(521 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1447,17 +1456,32 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
not_approved = true;
}
- mpz_init(k);
+ mpz_init(q);
+
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
- ret = _gnutls_ecdsa_compute_k(
- k, curve_id, pk_params->params[ECC_K],
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
+ ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id);
+ if (ret < 0)
+ goto ecdsa_cleanup;
+
+ ret = _gnutls_dsa_compute_k(
+ h, mpz_limbs_read(q), priv.p,
+ ecc_size(priv.ecc), ecc_bit_size(priv.ecc),
DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
vdata->size);
if (ret < 0)
goto ecdsa_cleanup;
+
+ k.data = buf;
+ k.size = (ecc_bit_size(priv.ecc) + 7) / 8;
+
+ _gnutls_ecdsa_compute_k_finish(k.data, k.size, h,
+ ecc_size(priv.ecc));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1476,7 +1500,7 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
ecdsa_cleanup:
dsa_signature_clear(&sig);
ecc_scalar_zclear(&priv);
- mpz_clear(k);
+ mpz_clear(q);
if (ret < 0) {
gnutls_assert();
@@ -1488,7 +1512,9 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_params pub;
bigint_t priv;
struct dsa_signature sig;
- mpz_t k;
+ /* 512-bit DSA subgroup at maximum */
+ uint8_t buf[(512 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1515,19 +1541,27 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
hash_len = vdata->size;
}
- mpz_init(k);
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
ret = _gnutls_dsa_compute_k(
- k, pub.q, TOMPZ(priv),
+ h, mpz_limbs_read(pub.q),
+ mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q),
+ mpz_sizeinbase(pub.q, 2),
DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
vdata->size);
if (ret < 0)
goto dsa_fail;
- /* cancel-out dsa_sign's addition of 1 to random data */
- mpz_sub_ui(k, k, 1);
+
+ k.data = buf;
+ k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8;
+
+ _gnutls_dsa_compute_k_finish(k.data, k.size, h,
+ mpz_size(pub.q));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1544,7 +1578,6 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
dsa_fail:
dsa_signature_clear(&sig);
- mpz_clear(k);
if (ret < 0) {
gnutls_assert();
diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c
index 6969b57a11..bdd5a49c7d 100644
--- a/tests/sign-verify-deterministic.c
+++ b/tests/sign-verify-deterministic.c
@@ -198,7 +198,7 @@ void doit(void)
&tests[i].msg, &signature);
if (ret < 0)
testfail("gnutls_pubkey_verify_data2\n");
- success(" - pass");
+ success(" - pass\n");
next:
gnutls_free(signature.data);
--
2.44.0

36
SOURCES/gnutls-3.8.3-ktls-utsname.patch
View File

@ -1,36 +0,0 @@
From 945c2f10eeda441f32404d1328761e311915add0 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 23 Jan 2024 11:54:32 +0900
Subject: [PATCH] ktls: fix kernel version checking using utsname
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/system/ktls.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
index 8efb913cda..432c70c5a2 100644
--- a/lib/system/ktls.c
+++ b/lib/system/ktls.c
@@ -482,7 +482,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- if (strcmp(utsname.sysname, "Linux") == 0) {
+ if (strcmp(utsname.sysname, "Linux") != 0) {
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -495,6 +495,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
+ _gnutls_debug_log("Linux kernel version %lu.%lu has been detected\n",
+ major, minor);
+
/* setsockopt(SOL_TLS, TLS_RX) support added in 5.10 */
if (major < 5 || (major == 5 && minor < 10)) {
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
--
2.43.0

410
SOURCES/gnutls-3.8.3-verify-chain.patch
View File

@ -1,410 +0,0 @@
From e369e67a62f44561d417cb233acc566cc696d82d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 29 Jan 2024 13:52:46 +0900
Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: remove length limit of
input
Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the
chain verification logic crashed with assertion failure. This patch
removes the restriction while keeping the maximum number of
retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/gnutls_int.h | 5 +-
lib/x509/common.c | 10 +-
lib/x509/verify-high.c | 51 ++++++----
tests/test-chains.h | 211 ++++++++++++++++++++++++++++++++++++++++-
4 files changed, 258 insertions(+), 19 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index d8561ebe3a..8cf9a87157 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -232,7 +232,10 @@ typedef enum record_send_state_t {
#define MAX_PK_PARAM_SIZE 2048
-/* defaults for verification functions
+/* Defaults for verification functions.
+ *
+ * update many_icas in tests/test-chains.h when increasing
+ * DEFAULT_MAX_VERIFY_DEPTH.
*/
#define DEFAULT_MAX_VERIFY_DEPTH 16
#define DEFAULT_MAX_VERIFY_BITS (MAX_PK_PARAM_SIZE * 8)
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 2cc83c9155..705aa868bc 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1725,7 +1725,15 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist,
bool insorted[DEFAULT_MAX_VERIFY_DEPTH]; /* non zero if clist[i] used in sorted list */
gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
- assert(clist_size <= DEFAULT_MAX_VERIFY_DEPTH);
+ /* Limit the number of certificates in the chain, to avoid DoS
+ * because of the O(n^2) sorting below. FIXME: Switch to a
+ * topological sort algorithm which should be linear to the
+ * number of certificates and subject-issuer relationships.
+ */
+ if (clist_size > DEFAULT_MAX_VERIFY_DEPTH) {
+ _gnutls_debug_log("too many certificates; skipping sorting\n");
+ return 1;
+ }
for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++) {
issuer[i] = -1;
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 4e7361eb63..aacc24a7d8 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -25,7 +25,7 @@
#include "errors.h"
#include <libtasn1.h>
#include "global.h"
-#include "num.h" /* MAX */
+#include "num.h" /* MIN */
#include "tls-sig.h"
#include "str.h"
#include "datum.h"
@@ -1361,7 +1361,8 @@ int gnutls_x509_trust_list_verify_crt2(
int ret = 0;
unsigned int i;
size_t hash;
- gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
+ gnutls_x509_crt_t *cert_list_copy = NULL;
+ unsigned int cert_list_max_size = 0;
gnutls_x509_crt_t retrieved[DEFAULT_MAX_VERIFY_DEPTH];
unsigned int retrieved_size = 0;
const char *hostname = NULL, *purpose = NULL, *email = NULL;
@@ -1421,16 +1422,28 @@ int gnutls_x509_trust_list_verify_crt2(
}
}
- memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t));
- cert_list = sorted;
+ /* Allocate extra for retrieved certificates. */
+ if (!INT_ADD_OK(cert_list_size, DEFAULT_MAX_VERIFY_DEPTH,
+ &cert_list_max_size))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ cert_list_copy = _gnutls_reallocarray(NULL, cert_list_max_size,
+ sizeof(gnutls_x509_crt_t));
+ if (!cert_list_copy)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(cert_list_copy, cert_list,
+ cert_list_size * sizeof(gnutls_x509_crt_t));
+ cert_list = cert_list_copy;
records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq,
cert_hashcode, NULL, false);
- if (records == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ if (records == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
- for (i = 0; i < cert_list_size &&
- cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) {
+ for (i = 0; i < cert_list_size;) {
unsigned int sorted_size = 1;
unsigned int j, k;
gnutls_x509_crt_t issuer;
@@ -1442,8 +1455,7 @@ int gnutls_x509_trust_list_verify_crt2(
assert(sorted_size > 0);
- /* Remove duplicates. Start with index 1, as the first element
- * may be re-checked after issuer retrieval. */
+ /* Remove duplicates. */
for (j = 0; j < sorted_size; j++) {
if (gl_list_search(records, cert_list[i + j])) {
if (i + j < cert_list_size - 1) {
@@ -1495,13 +1507,15 @@ int gnutls_x509_trust_list_verify_crt2(
ret = retrieve_issuers(
list, cert_list[i - 1], &retrieved[retrieved_size],
- DEFAULT_MAX_VERIFY_DEPTH -
- MAX(retrieved_size, cert_list_size));
+ MIN(DEFAULT_MAX_VERIFY_DEPTH - retrieved_size,
+ cert_list_max_size - cert_list_size));
if (ret < 0) {
break;
} else if (ret > 0) {
assert((unsigned int)ret <=
- DEFAULT_MAX_VERIFY_DEPTH - cert_list_size);
+ DEFAULT_MAX_VERIFY_DEPTH - retrieved_size);
+ assert((unsigned int)ret <=
+ cert_list_max_size - cert_list_size);
memmove(&cert_list[i + ret], &cert_list[i],
(cert_list_size - i) *
sizeof(gnutls_x509_crt_t));
@@ -1517,8 +1531,10 @@ int gnutls_x509_trust_list_verify_crt2(
}
cert_list_size = shorten_clist(list, cert_list, cert_list_size);
- if (cert_list_size <= 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ if (cert_list_size <= 0) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ goto cleanup;
+ }
hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data,
cert_list[cert_list_size - 1]->raw_issuer_dn.size);
@@ -1661,10 +1677,13 @@ int gnutls_x509_trust_list_verify_crt2(
}
cleanup:
+ gnutls_free(cert_list_copy);
for (i = 0; i < retrieved_size; i++) {
gnutls_x509_crt_deinit(retrieved[i]);
}
- gl_list_free(records);
+ if (records) {
+ gl_list_free(records);
+ }
return ret;
}
diff --git a/tests/test-chains.h b/tests/test-chains.h
index 3e559fecd5..a7fe1cdecc 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -23,7 +23,7 @@
#ifndef GNUTLS_TESTS_TEST_CHAINS_H
#define GNUTLS_TESTS_TEST_CHAINS_H
-#define MAX_CHAIN 10
+#define MAX_CHAIN 17
static const char *chain_with_no_subject_id_in_ca_ok[] = {
"-----BEGIN CERTIFICATE-----\n"
@@ -4383,6 +4383,213 @@ static const char *cross_signed_ca[] = {
NULL
};
+/* This assumes DEFAULT_MAX_VERIFY_DEPTH to be 16 */
+static const char *many_icas[] = {
+ /* Server */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBqzCCAV2gAwIBAgIUIK3+SD3GmqJlRLZ/ESyhTzkSDL8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYD\n"
+ "VQQDEw90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQAWGjx45NIJiKFsNBxxRRjm\n"
+ "NxUT5KYK7xXr5HPVywwgLaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGC\n"
+ "D3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8E\n"
+ "BAMCB4AwHQYDVR0OBBYEFKgNAQWZPx76/vXqQOdIi5mTftsaMB8GA1UdIwQYMBaA\n"
+ "FDaPsY6WAGuRtrhYJE6Gk/bg5qbdMAUGAytlcANBAMIDh8aGcIIFDTUrzfV7tnkX\n"
+ "hHrxyFKBH/cApf6xcJQTfDXm23po627Ibp+WgLaWMY08Fn9Y2V6Ev8ADfqXNbQ8=\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA16 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUSnE0PKdm/dsnZSWBh5Ct4pS6DcwwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAxq9SI8vp0QH1dDBBuZW+t+bLLROppQbjSQ4O1BEonDOjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2j7GOlgBrkba4\n"
+ "WCROhpP24Oam3TAfBgNVHSMEGDAWgBRvdUKX0aw3nfUIdvivXGSfRO7zyjAFBgMr\n"
+ "ZXADQQBsI2Hc7X5hXoHTvk01qMc5a1I27QHAFRARJnvIQ15wxNS2LVLzGk+AUmwr\n"
+ "sOhBKAcVfS55uWtYdjoWQ80h238H\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA15 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUQk4XkgQVImnp6OPZas7ctwgBza4wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAs3yVKLJd3sKbNVmj6Bxy2j1x025rksyQpZZWnCx5a+CjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRvdUKX0aw3nfUI\n"
+ "dvivXGSfRO7zyjAfBgNVHSMEGDAWgBRhGfUXYPh4YQsdtTWYUozLphGgfzAFBgMr\n"
+ "ZXADQQBXTtm56x6/pHXdW8dTvZLc/8RufNQrMlc23TCgX0apUnrZdTsNAb7OE4Uu\n"
+ "9PBuxK+CC9NL/BL2hXsKvAT+NWME\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA14 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUKfwz7UUYRvYlvqwmnLJlTOS9o1AwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAXbUetQ08t+F4+IcKL++HpeclqTxXZ7cG4mwqvHmTUEWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRhGfUXYPh4YQsd\n"
+ "tTWYUozLphGgfzAfBgNVHSMEGDAWgBQYRQqO+V1kefF7QvNnFU1fX5H9+jAFBgMr\n"
+ "ZXADQQAiSHNMTLPFP3oa6q13Dj8jSxF9trQDJGM1ArWffFcPZUt2U4/ODHdcMTHx\n"
+ "kGwhIj+ghBlu6ykgu6J2wewCUooC\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA13 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUUKOs59gyCPAZzoC7zMZQSh6AnQgwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAmvqhj5GYqsXIpsr1BXBfD+2mTP/m/TEpKIYSZHM62dijYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQYRQqO+V1kefF7\n"
+ "QvNnFU1fX5H9+jAfBgNVHSMEGDAWgBQ27HzvP5hl2xR+LOzRcPfmY5ndXjAFBgMr\n"
+ "ZXADQQBrB3NkrYC7EQ74qgeesVOE71rW012dPOOKPAV0laR+JLEgsv9sfus+AdBF\n"
+ "WBNwR3KeYBTi/MFDuecxBHU2m5gD\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA12 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUUQooGfH21+sR7/pSgCWm13gg2H4wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAK2of/B4wMpk6k/KdugC5dMS+jo2fseUM7/PvXkE6HASjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ27HzvP5hl2xR+\n"
+ "LOzRcPfmY5ndXjAfBgNVHSMEGDAWgBSJDHU0Mj1Xr0e8ErCnRK24w7XwTTAFBgMr\n"
+ "ZXADQQDY8d2bAZpj7oGhdl2dBsCE48jEWj49da0PbgN12koAj3gf4hjMPd8G7p5z\n"
+ "8RsURAwQmCkE8ShvdNw/Qr2tDL0E\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA11 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUW9Dw0hU2pfjXhb5Stip+mk9SndIwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAn5ISjLVV6RBWsnxDWHDicpye7SjFwGOTwzF01/psiJ2jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSJDHU0Mj1Xr0e8\n"
+ "ErCnRK24w7XwTTAfBgNVHSMEGDAWgBSR9UU27RI0XohiEgHDxNo/9HP4djAFBgMr\n"
+ "ZXADQQCfQg6MDHk71vhyrEo4/5PcLb2Li5F/FKURyux7snv2TbkSdInloAqca9UR\n"
+ "DtqHSLCNLXCNdSPr5QwIt5p29rsE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA10 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUR4uTedG8e6MibKViQ3eX7QzXG1swBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAnslX04kSVOL5LAf1e+Ze3ggNnDJcEAxLDk8I/IhyjTyjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSR9UU27RI0Xohi\n"
+ "EgHDxNo/9HP4djAfBgNVHSMEGDAWgBRC7US5gJYnvd5F7EN+C4anMgd2NzAFBgMr\n"
+ "ZXADQQDo+jHt07Tvz3T5Lbz6apBrSln8xKYfJk2W1wP85XAnf7sZT9apM1bS4EyD\n"
+ "Kckw+KG+9x7myOZz6AXJgZB5OGAO\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA9 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUSIIIRjrNpE+kEPkiJMOqaNAazvQwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAZKy7p1Gn4W/reRxKJN99+QkHt2q9aELktCKe5PqrX5ejYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRC7US5gJYnvd5F\n"
+ "7EN+C4anMgd2NzAfBgNVHSMEGDAWgBSOhR7Ornis2x8g0J+bvTTwMnW60zAFBgMr\n"
+ "ZXADQQA0MEcC4FgKZEAfalVpApU2to0G158MVz/WTNcSc7fnl8ifJ/g56dVHL1jr\n"
+ "REvC/S28dn/CGAlbVXUAgxnHAbgE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA8 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUGGFSgD95vOTSj7iFxfXA5vq6vsYwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAg3W/bTdW0fR32NeZEVMXICpa30d7rSdddLOYDvqqUO+jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSOhR7Ornis2x8g\n"
+ "0J+bvTTwMnW60zAfBgNVHSMEGDAWgBT3zK8Hbn9aVTAOOFY6RSxJ2o5x2jAFBgMr\n"
+ "ZXADQQBl4gnzE463iMFg57gPvjHdVzA39sJBpiu0kUGfRcLnoRI/VOaLcx7WnJ9+\n"
+ "c3KxPZBec76EdIoQDkTmI6m2FIAM\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA7 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUGktMGXhNuaMhKyAlecymmLD+/GIwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEA/Z1oc76hOQ0Hi+2hePaGIntnMIDqBlb7RDMjRpYONP2jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT3zK8Hbn9aVTAO\n"
+ "OFY6RSxJ2o5x2jAfBgNVHSMEGDAWgBSPae3JUN3jP0NgUJqDV3eYxcaM3DAFBgMr\n"
+ "ZXADQQBMkwKaUZlvG/hax8rv3nnDv8kJOr6KVHBnxSx3hZ+8HIBT7GFm1+YDeYOB\n"
+ "jhNg66kyeFPGXXBCe+mvNQFFjCEE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA6 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUKn3gz5lAUpKqWlHKLKYDbOJ4rygwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAZ/eD4eTe91ddvHusm7YlLPxU4ByGFc6suAmlP1CxXkWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSPae3JUN3jP0Ng\n"
+ "UJqDV3eYxcaM3DAfBgNVHSMEGDAWgBT9f/qSI/jhxvGI7aMtkpraDcjBnjAFBgMr\n"
+ "ZXADQQAMRnkmRhnLGdmJaY8B42gfyaAsqCMyds/Tw4OHYy+N48XuAxRjKkhf3szC\n"
+ "0lY71oU043mNP1yx/dzAuCTrVSgI\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA5 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUEgEYbBXXEyGv3vOq10JQv1SBiUUwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAs2xEDPw8RVal53nX9GVwUd1blq1wjtVFC8S1V7up7MWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT9f/qSI/jhxvGI\n"
+ "7aMtkpraDcjBnjAfBgNVHSMEGDAWgBRBVkLu9BmCKz7HNI8md4vPpoE/7jAFBgMr\n"
+ "ZXADQQCCufAyLijtzzmeCuO3K50rBSbGvB3FQfep7g6kVsQKM3bw/olWK5/Ji0dD\n"
+ "ubJ0cFl1FmfAda7aVxLBtJOvO6MI\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA4 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIULj8GkaHw+92HuOTnXnXlxCy3VrEwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAiedxh4dvtwDellMAHc/pZH0MAOXobRenTUgF1yj5l12jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRBVkLu9BmCKz7H\n"
+ "NI8md4vPpoE/7jAfBgNVHSMEGDAWgBSDtNRgQ36KwW/ASaMyr6WeDt0STDAFBgMr\n"
+ "ZXADQQDL8U2ckzur7CktdrVUNvfLhVCOz33d/62F28vQFHUa8h/4h+Mi1MMbXOKT\n"
+ "1bL2TvpFpU7Fx/vcIPXDielVqr4C\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA3 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUQXl74TDDw6MQRMbQUSPa6Qrvba8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEA7l0jQ0f4fJRw7Qja/Hz2qn8y91SI7CokxhSf+FT+9M6jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSDtNRgQ36KwW/A\n"
+ "SaMyr6WeDt0STDAfBgNVHSMEGDAWgBQ2inEK4KH6ATftmybxKE1dZUzOozAFBgMr\n"
+ "ZXADQQCnP7Oqx1epGnFnO7TrTJwcUukXDEYsINve2GeUsi8HEIeKKlMcLZ2Cnaj7\n"
+ "5v9NGuWh3QJpmmSGpEemiv8dJc4A\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA2 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUP7Nmof8H2F1LyDkjqlYIUpGdXE8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAkW9Rod3CXAnha6nlaHkDbCOegq94lgmjqclA9sOIt3yjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2inEK4KH6ATft\n"
+ "mybxKE1dZUzOozAfBgNVHSMEGDAWgBRPq/CQlK/zuXkjZvTCibu+vejD+jAFBgMr\n"
+ "ZXADQQBU+A+uF0yrtO/yv9cRUdCoL3Y1NKM35INg8BQDnkv724cW9zk1x0q9Fuou\n"
+ "zvfSVb8S3vT8fF5ZDOxarQs6ZH0C\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA1 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBXTCCAQ+gAwIBAgIUfUWP+AQHpdFTRKTf21mMzjaJsp0wBQYDK2VwMBkxFzAV\n"
+ "BgNVBAMTDkdudVRMUyB0ZXN0IENBMCAXDTI0MDMxMjIyNTMzOVoYDzk5OTkxMjMx\n"
+ "MjM1OTU5WjAdMRswGQYDVQQDDBJHbnVUTFMgdGVzdCBJQ0EgJGkwKjAFBgMrZXAD\n"
+ "IQAVmfBAvLbT+pTD24pQrr6S0jEIFIV/qOv93yYvAUzpzKNjMGEwDwYDVR0TAQH/\n"
+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFE+r8JCUr/O5eSNm9MKJ\n"
+ "u7696MP6MB8GA1UdIwQYMBaAFAFpt5wrFsqCtHc4PpluPDvwcxQLMAUGAytlcANB\n"
+ "AC6+XZnthjlUD0TbBKRF3qT5if3Pp29Bgvutw8859unzUZW8FkHg5KeDBj9ncgJc\n"
+ "O2tFnNH2hV6LDPJzU0rtLQc=\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
+static const char *many_icas_ca[] = {
+ /* CA (self-signed) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBNzCB6qADAgECAhRjaokcQwcrtW8tjuVFz3A33F8POjAFBgMrZXAwGTEXMBUG\n"
+ "A1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjQwMzEyMjI1MzM5WhgPOTk5OTEyMzEy\n"
+ "MzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMCowBQYDK2VwAyEAvoxP\n"
+ "TNdbWktxA8qQNNH+25Cx9rzP+DxLGeI/7ODwrQGjQjBAMA8GA1UdEwEB/wQFMAMB\n"
+ "Af8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQBabecKxbKgrR3OD6Zbjw78HMU\n"
+ "CzAFBgMrZXADQQCP5IUD74M7WrUx20uqzrzuj+s2jnBVmLQfWf/Ucetx+oTRFeq4\n"
+ "xZB/adWhycSeJUAB1zKqYUV9hgT8FWHbnHII\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-variable"
@@ -4696,6 +4903,8 @@ static struct {
1620118136, 1 },
{ "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0,
1704955300 },
+ { "many intermediates - ok", many_icas, many_icas_ca, 0, 0, 0,
+ 1710284400 },
{ NULL, NULL, NULL, 0, 0 }
};
--
2.44.0

1148
SOURCES/gnutls-3.8.9-CVE-2024-12243.patch
View File

File diff suppressed because it is too large Load Diff

125
SPECS/gnutls.spec
View File

@ -12,29 +12,35 @@ sha256sum:close()
print(string.sub(hash, 0, 16))
}
Version: 3.8.3
Release: 9%{?dist}
Version: 3.8.10
Release: 3%{?dist}
# not upstreamed
Patch: gnutls-3.2.7-rpath.patch
Patch: gnutls-3.7.2-enable-intel-cet.patch
Patch: gnutls-3.7.2-no-explicit-init.patch
Patch: gnutls-3.7.3-disable-config-reload.patch
Patch: gnutls-3.7.3-fips-dsa-post.patch
Patch: gnutls-3.7.6-drbg-reseed.patch
Patch: gnutls-3.7.6-fips-sha1-sigver.patch
Patch: gnutls-3.7.6-gmp-static.patch
Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
# upstreamed
Patch: gnutls-3.8.3-ktls-utsname.patch
Patch: gnutls-3.8.3-deterministic-ecdsa-fixes.patch
Patch: gnutls-3.8.3-verify-chain.patch
Patch: gnutls-3.8.9-CVE-2024-12243.patch
Patch: gnutls-3.8.3-cve-2025-32988.patch
Patch: gnutls-3.8.3-cve-2025-32989.patch
Patch: gnutls-3.8.3-cve-2025-32990.patch
Patch: gnutls-3.8.3-cve-2025-6395.patch
Patch: gnutls-3.8.3-keyupdate.patch
# * 5376a0cabf@3.8.11: key_update: fix state transition in KTLS code path
# * 30c264b661@3.8.11: constate: switch epoch lookup to linear search
# * 1d830baac2@3.8.11: key_update: rework the rekeying logic
Patch: gnutls-3.8.10-keyupdate.patch
# * 0992505881@3.8.11: tests: distribute ktls_utils.h
Patch: gnutls-3.8.10-tests-ktls.patch
# reverts
# * e52c7ca885 pkcs12: enable PBMAC1 by default in FIPS mode
Patch: gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch
# * da1df0a31 fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
Patch: gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch
# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041
Patch: gnutls-3.8.10-CVE-2025-9820.patch
# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062
Patch: gnutls-3.8.10-CVE-2025-14831.patch
# intentionally omitted: CVE-2026-1584, since 3.8.10 is not vulnerable
%bcond_without bootstrap
%bcond_without dane
@ -48,7 +54,8 @@ Patch: gnutls-3.8.3-keyupdate.patch
%bcond_with tpm12
%bcond_without tpm2
%bcond_with gost
%bcond_with certificate_compression
%bcond_without certificate_compression
%bcond_without leancrypto
%bcond_without tests
%bcond_without srp
%bcond_without heartbeat
@ -63,10 +70,14 @@ BuildRequires: readline-devel, libtasn1-devel >= 4.3
BuildRequires: zlib-devel, brotli-devel, libzstd-devel
%endif
%if %{with bootstrap}
BuildRequires: automake, autoconf, gperf, libtool
BuildRequires: automake, autoconf271, gperf, libtool
%endif
BuildRequires: texinfo
BuildRequires: nettle-devel >= 3.10.1
%if %{with leancrypto}
BuildRequires: meson
%endif
%if %{with tpm12}
BuildRequires: trousers-devel >= 0.3.11.2
%endif
@ -75,7 +86,7 @@ BuildRequires: tpm2-tss-devel >= 3.0.3
%endif
BuildRequires: libidn2-devel
BuildRequires: libunistring-devel
BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++
BuildRequires: net-tools, softhsm, gcc, gcc-c++
BuildRequires: gnupg2
BuildRequires: git-core
@ -95,7 +106,7 @@ BuildRequires: unbound-devel unbound-libs
%if %{with guile}
BuildRequires: guile22-devel
%endif
BuildRequires: make
BuildRequires: make gtk-doc
URL: http://www.gnutls.org/
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig
@ -105,6 +116,10 @@ Source100: gmp-6.2.1.tar.xz
# Taken from the main gmp package
Source101: gmp-6.2.1-intel-cet.patch
%if %{with leancrypto}
Source200: leancrypto-1.5.0.tar.gz
%endif
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
@ -208,6 +223,13 @@ patch -p1 < %{SOURCE101}
popd
%endif
%if %{with leancrypto}
mkdir -p bundled_leancrypto
pushd bundled_leancrypto
tar --strip-components=1 -xf %{SOURCE200}
popd
%endif
%build
%ifarch aarch64 ppc64le
%define _lto_cflags %{nil}
@ -215,7 +237,7 @@ popd
%if %{with fips}
pushd bundled_gmp
autoreconf -ifv
/opt/rh/autoconf271/bin/autoreconf -ifv
%configure --disable-cxx --disable-shared --enable-fat --with-pic
%make_build
popd
@ -224,8 +246,41 @@ export GMP_CFLAGS="-I$PWD/bundled_gmp"
export GMP_LIBS="$PWD/bundled_gmp/.libs/libgmp.a"
%endif
%if %{with leancrypto}
pushd bundled_leancrypto
%set_build_flags
meson setup -Dprefix="$PWD/install" -Dlibdir="$PWD/install/lib" \
-Ddefault_library=static \
-Dascon=disabled -Dascon_keccak=disabled \
-Dbike_5=disabled -Dbike_3=disabled -Dbike_1=disabled \
-Dkyber_x25519=disabled -Ddilithium_ed25519=disabled \
-Dx509_parser=disabled -Dx509_generator=disabled \
-Dpkcs7_parser=disabled -Dpkcs7_generator=disabled \
-Dsha2-256=disabled \
-Dchacha20=disabled -Dchacha20_drng=disabled \
-Ddrbg_hash=disabled -Ddrbg_hmac=disabled \
-Dhash_crypt=disabled \
-Dhmac=disabled -Dhkdf=disabled \
-Dkdf_ctr=disabled -Dkdf_fb=disabled -Dkdf_dpi=disabled \
-Dpbkdf2=disabled \
-Dkmac_drng=disabled -Dcshake_drng=disabled \
-Dhotp=disabled -Dtotp=disabled \
-Daes_block=disabled -Daes_cbc=disabled -Daes_ctr=disabled \
-Daes_kw=disabled -Dapps=disabled \
_build
meson compile -v -C _build
meson install -C _build
popd
export LEANCRYPTO_DIR="$PWD/bundled_leancrypto/install"
export LEANCRYPTO_CFLAGS="-I$LEANCRYPTO_DIR/include"
export LEANCRYPTO_LIBS="$LEANCRYPTO_DIR/lib/libleancrypto.a"
%endif
%if %{with bootstrap}
autoreconf -fi
/opt/rh/autoconf271/bin/autoreconf -fi
%endif
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
@ -248,13 +303,14 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
%endif
%configure \
--enable-dsa \
%if %{with fips}
--enable-fips140-mode \
--with-fips140-module-name="$FIPS_MODULE_NAME" \
--with-fips140-module-version=%{version}-%{srpmhash} \
%endif
%if %{with gost}
--enable-gost \
--enable-gost \
%else
--disable-gost \
%endif
@ -299,13 +355,22 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
--disable-libdane \
%endif
%if %{with certificate_compression}
--with-zlib --with-brotli --with-zstd \
--with-zlib=dlopen --with-brotli=dlopen --with-zstd=dlopen \
%else
--without-zlib --without-brotli --without-zstd \
%endif
%if %{with leancrypto}
--with-leancrypto \
%else
--without-leancrypto \
%endif
--disable-rpath \
--with-default-priority-string="@SYSTEM"
%if %{with leancrypto}
sed -i '/^Requires.private:/s/leancrypto[ ,]*//g' lib/gnutls.pc
%endif
# build libgnutlsxx.so with older SONAME
make %{?_smp_mflags} V=1 CXX_LT_CURRENT=29 CXX_LT_REVISION=0 CXX_LT_AGE=1
@ -376,7 +441,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
%{_libdir}/.libgnutls.so.30*.hmac
%endif
%doc README.md AUTHORS NEWS THANKS
%license LICENSE doc/COPYING doc/COPYING.LESSER
%license COPYING COPYING.LESSERv2
%files c++
%{_libdir}/libgnutlsxx.so.*
@ -421,6 +486,18 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
%endif
%changelog
* Fri Feb 6 2026 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-3
- Fix PKCS#11 token initialization label overflow (CVE-2025-9820)
- Fix name constraint processing performance issue (CVE-2025-14831)
* Wed Jan 14 2026 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-2
- Reinstate and update the prematurely dropped rekeying patch
* Thu Nov 6 2025 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-1
- Rebase to 3.8.10
- Revert defaulting to PBMAC1 in FIPS mode
- Revert unapproving 1024-, 1280-, 1536- and 1792-bit RSA verification
* Tue Aug 5 2025 Daiki Ueno <dueno@redhat.com> - 3.8.3-9
- key_update: rework the rekeying logic (RHEL-107499)