Rebase to 3.8.10

Resolves: RHEL-125971

gnutls-3.7.3-fips-dsa-post.patch

@@ -1,29 +0,0 @@
-From 0a29639ad24072afbd79b2ceede9976e51b9e2af Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Fri, 1 Jul 2022 16:46:07 +0900
-Subject: [PATCH] fips: don't run POST for DSA
-
-Signed-off-by: rpm-build <<rpm-build>>
----
- lib/fips.c | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/lib/fips.c b/lib/fips.c
-index 656d43e..c776690 100644
---- a/lib/fips.c
-+++ b/lib/fips.c
-@@ -523,11 +523,6 @@ int _gnutls_fips_perform_self_checks2(void)
- 		return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
- 	}
- 
--	ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA);
--	if (ret < 0) {
--		return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
--	}
--
- 	ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
- 	if (ret < 0) {
- 		return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
--- 
-2.36.1
-

gnutls-3.7.6-fips-sha1-sigver.patch

@@ -1,109 +0,0 @@
-From cc7473a9ea185e072ab1bae0903c77bd7d7cf5bc Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 20 Nov 2023 07:45:42 +0900
-Subject: [PATCH] gnutls-3.7.6-fips-sha1-sigver.patch
-
-Signed-off-by: rpm-build <rpm-build>
----
- lib/nettle/pk.c   | 13 +++++--------
- lib/pubkey.c      |  3 ---
- tests/fips-test.c |  8 ++++----
- 3 files changed, 9 insertions(+), 15 deletions(-)
-
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index 4ddfcff..36a7c24 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -1609,10 +1609,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
- 		if (hash_len > vdata->size)
- 			hash_len = vdata->size;
- 
--		/* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
--			 * mode */
- 		switch (DIG_TO_MAC(sign_params->dsa_dig)) {
--		case GNUTLS_MAC_SHA1:
- 		case GNUTLS_MAC_SHA256:
- 		case GNUTLS_MAC_SHA384:
- 		case GNUTLS_MAC_SHA512:
-@@ -1683,8 +1680,8 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
- 			 * 2048-bit or one of the known lengths (1024, 1280,
- 			 * 1536, 1792; i.e., multiple of 256-bits).
- 			 *
--			 * In addition to this, only SHA-1 and SHA-2 are allowed
--			 * for SigVer; it is checked in _pkcs1_rsa_verify_sig in
-+			 * In addition to this, only SHA-2 is allowed for
-+			 * SigVer; it is checked in _pkcs1_rsa_verify_sig in
- 			 * lib/pubkey.c.
- 			 */
- 		if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
-@@ -1730,9 +1727,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
- 		}
- 
- 		/* RSA modulus size should be 2048-bit or larger in FIPS
--			 * 140-3.  In addition to this, only SHA-1 and SHA-2 are
--			 * allowed for SigVer, while Nettle only supports
--			 * SHA256, SHA384, and SHA512 for RSA-PSS (see
-+			 * 140-3.  In addition to this, only SHA-2 is allowed
-+			 * for SigVer, while Nettle only supports SHA256,
-+			 * SHA384, and SHA512 for RSA-PSS (see
- 			 * _rsa_pss_verify_digest in this file for the details).
- 			 */
- 		if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) {
-diff --git a/lib/pubkey.c b/lib/pubkey.c
-index 1139ad9..714806a 100644
---- a/lib/pubkey.c
-+++ b/lib/pubkey.c
-@@ -2452,10 +2452,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
- 	d.size = digest_size;
- 
- 	if (pk == GNUTLS_PK_RSA) {
--		/* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
--		 * mode */
- 		switch (me->id) {
--		case GNUTLS_MAC_SHA1:
- 		case GNUTLS_MAC_SHA256:
- 		case GNUTLS_MAC_SHA384:
- 		case GNUTLS_MAC_SHA512:
-diff --git a/tests/fips-test.c b/tests/fips-test.c
-index 180da05..09120c1 100644
---- a/tests/fips-test.c
-+++ b/tests/fips-test.c
-@@ -596,7 +596,7 @@ void doit(void)
- 	}
- 	FIPS_POP_CONTEXT(NOT_APPROVED);
- 
--	/* Verify a signature created with 2432-bit RSA and SHA-1; approved */
-+	/* Verify a signature created with 2432-bit RSA and SHA-1; not approved */
- 	FIPS_PUSH_CONTEXT();
- 	ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1,
- 					 GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
-@@ -604,7 +604,7 @@ void doit(void)
- 	if (ret < 0) {
- 		fail("gnutls_pubkey_verify_data2 failed\n");
- 	}
--	FIPS_POP_CONTEXT(APPROVED);
-+	FIPS_POP_CONTEXT(NOT_APPROVED);
- 	gnutls_free(signature.data);
- 	gnutls_pubkey_deinit(pubkey);
- 	gnutls_privkey_deinit(privkey);
-@@ -708,7 +708,7 @@ void doit(void)
- 	}
- 	FIPS_POP_CONTEXT(NOT_APPROVED);
- 
--	/* Verify a signature created with ECDSA and SHA-1; approved */
-+	/* Verify a signature created with ECDSA and SHA-1; not approved */
- 	FIPS_PUSH_CONTEXT();
- 	ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1,
- 					 GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
-@@ -716,7 +716,7 @@ void doit(void)
- 	if (ret < 0) {
- 		fail("gnutls_pubkey_verify_data2 failed\n");
- 	}
--	FIPS_POP_CONTEXT(APPROVED);
-+	FIPS_POP_CONTEXT(NOT_APPROVED);
- 	gnutls_free(signature.data);
- 
- 	/* Create a signature with ECDSA and SHA-1 (old API); not approved */
--- 
-2.41.0
-

gnutls-3.7.6-gmp-static.patch

@@ -1,189 +0,0 @@
-From 3c931abeb7e9bbf744cde83fbaaf3bb011107834 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Fri, 19 Aug 2022 12:32:27 +0900
-Subject: [PATCH] build: allow GMP to be statically linked
-
-Even though we set the custom allocator[1] to zeroize sensitive data,
-it can be easily invalidated if the application sets its own custom
-allocator.  An approach to prevent that is to link against a static
-library of GMP, so the use of GMP is privatized and the custom
-allocator configuration is not shared with other applications.
-
-This patch allows libgnutls to be linked with the static library of
-GMP.  Note that, to this work libgmp.a needs to be compiled with -fPIC
-and libhogweed in Nettle is also linked to the static library of GMP.
-
-1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- configure.ac   | 14 +++++++++++++-
- lib/fips.c     | 18 +++++++++++++++++-
- lib/fipshmac.c |  2 ++
- lib/global.c   |  2 ++
- 4 files changed, 34 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index f81d93edc0..b38583c554 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -786,6 +786,8 @@ LIBS=$save_LIBS
- AM_CONDITIONAL([NEED_SIV_GCM], [test "$ac_cv_func_nettle_siv_gcm_encrypt_message" != yes])
- 
- # Check sonames of the linked libraries needed for FIPS selftests.
-+save_CFLAGS=$CFLAGS
-+CFLAGS="$CFLAGS $GMP_CFLAGS"
- save_LIBS=$LIBS
- LIBS="$LIBS $GMP_LIBS"
- AC_MSG_CHECKING([gmp soname])
-@@ -799,9 +801,14 @@ if test -z "$gmp_so"; then
- 	gmp_so=none
- fi
- AC_MSG_RESULT($gmp_so)
--AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
-+if test "$gmp_so" != none; then
-+	AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
-+fi
- LIBS=$save_LIBS
-+CFLAGS=$save_CFLAGS
- 
-+save_CFLAGS=$CFLAGS
-+CFLAGS="$CFLAGS $NETTLE_CFLAGS"
- save_LIBS=$LIBS
- LIBS="$LIBS $NETTLE_LIBS"
- AC_MSG_CHECKING([nettle soname])
-@@ -817,7 +824,11 @@ fi
- AC_MSG_RESULT($nettle_so)
- AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library])
- LIBS=$save_LIBS
-+CFLAGS=$save_CFLAGS
- 
-+save_CFLAGS=$CFLAGS
-+# <nettle/bignum.h> includes <gmp.h>
-+CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS"
- save_LIBS=$LIBS
- LIBS="$LIBS $HOGWEED_LIBS"
- AC_MSG_CHECKING([hogweed soname])
-@@ -833,6 +844,7 @@ fi
- AC_MSG_RESULT($hogweed_so)
- AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library])
- LIBS=$save_LIBS
-+CFLAGS=$save_CFLAGS
- 
- gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"`
- AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library])
-diff --git a/lib/fips.c b/lib/fips.c
-index e337221267..c1859709da 100644
---- a/lib/fips.c
-+++ b/lib/fips.c
-@@ -157,7 +157,11 @@ void _gnutls_fips_mode_reset_zombie(void)
- #define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME
- #define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME
- #define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME
-+
-+/* GMP can be statically linked. */
-+#ifdef GMP_LIBRARY_SONAME
- #define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME
-+#endif
- 
- #define HMAC_SIZE 32
- #define HMAC_ALGO GNUTLS_MAC_SHA256
-@@ -173,14 +177,18 @@ struct hmac_file {
- 	struct hmac_entry gnutls;
- 	struct hmac_entry nettle;
- 	struct hmac_entry hogweed;
-+#ifdef GMP_LIBRARY_SONAME
- 	struct hmac_entry gmp;
-+#endif
- };
- 
- struct lib_paths {
- 	char gnutls[GNUTLS_PATH_MAX];
- 	char nettle[GNUTLS_PATH_MAX];
- 	char hogweed[GNUTLS_PATH_MAX];
-+#ifdef GMP_LIBRARY_SONAME
- 	char gmp[GNUTLS_PATH_MAX];
-+#endif
- };
- 
- /*
-@@ -244,8 +252,10 @@ static int handler(void *user, const char *section, const char *name,
- 		return lib_handler(&p->nettle, section, name, value);
- 	} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
- 		return lib_handler(&p->hogweed, section, name, value);
-+#ifdef GMP_LIBRARY_SONAME
- 	} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
- 		return lib_handler(&p->gmp, section, name, value);
-+#endif
- 	} else {
- 		return 0;
- 	}
-@@ -393,8 +403,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
- 		_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
- 	else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
- 		_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
-+#ifdef GMP_LIBRARY_SONAME
- 	else if (!strcmp(soname, GMP_LIBRARY_SONAME))
- 		_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
-+#endif
- 	return 0;
- }
- 
-@@ -415,10 +427,12 @@ static int load_lib_paths(struct lib_paths *paths)
- 		_gnutls_debug_log("Hogweed library path was not found\n");
- 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- 	}
-+#ifdef GMP_LIBRARY_SONAME
- 	if (paths->gmp[0] == '\0') {
- 		_gnutls_debug_log("Gmp library path was not found\n");
- 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- 	}
-+#endif
- 
- 	return GNUTLS_E_SUCCESS;
- }
-@@ -471,9 +485,11 @@ static int check_binary_integrity(void)
- 	ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
- 	if (ret < 0)
- 		return ret;
--	ret = check_lib_hmac(&hmac.gmp, paths.gmp);
-+#ifdef GMP_LIBRARY_SONAME
-+	ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
- 	if (ret < 0)
- 		return ret;
-+#endif
- 
- 	return 0;
- }
-diff --git a/lib/fipshmac.c b/lib/fipshmac.c
-index 51f38f18e5..6a4883a131 100644
---- a/lib/fipshmac.c
-+++ b/lib/fipshmac.c
-@@ -107,8 +107,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
- 		return print_lib(path, soname);
- 	if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
- 		return print_lib(path, soname);
-+#ifdef GMP_LIBRARY_SONAME
- 	if (!strcmp(soname, GMP_LIBRARY_SONAME))
- 		return print_lib(path, soname);
-+#endif
- 	return 0;
- }
- 
-diff --git a/lib/global.c b/lib/global.c
-index 924ec945de..c197fd0e5f 100644
---- a/lib/global.c
-+++ b/lib/global.c
-@@ -564,7 +564,9 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
- 	{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
- 	{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
- 	{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
-+#ifdef GMP_LIBRARY_SONAME
- 	{ "libgmp-soname", GMP_LIBRARY_SONAME },
-+#endif
- 	{ "hardware-features", HW_FEATURES },
- 	{ "tls-features", TLS_FEATURES },
- 	{ "default-system-config", SYSTEM_PRIORITY_FILE },
--- 
-2.41.0
-

gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch

@@ -1,27 +0,0 @@
-From 7d98e7768f3e4e1f981f76e27338ae7118ee2c39 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 22 Jan 2024 15:17:04 +0900
-Subject: [PATCH] gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
-
----
- tests/gnutls_ktls.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
-index ccbe566..8b8992d 100644
---- a/tests/gnutls_ktls.c
-+++ b/tests/gnutls_ktls.c
-@@ -347,10 +347,8 @@ void doit(void)
- {
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
--	run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
--	run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305");
- #if defined(__linux__)
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CCM");
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-CCM");
--- 
-2.43.0
-

gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch

@@ -0,0 +1,51 @@
+commit b493de9ba31636de2f3b0c1dafab39b6412550bd
+Author: Alexander Sosedkin <asosedkin@redhat.com>
+Date:   Wed Nov 19 10:46:52 2025 +0100
+
+    Revert "pkcs12: enable PBMAC1 by default in FIPS mode"
+    
+    This reverts commit e52c7ca885798c40efb4ed6505e0690fc38c7dde.
+
+diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
+index a71f3ee561..18aae0bd49 100644
+--- a/lib/x509/pkcs12.c
++++ b/lib/x509/pkcs12.c
+@@ -997,12 +997,6 @@ int gnutls_pkcs12_generate_mac3(gnutls_pkcs12_t pkcs12,
+ 	if (me->oid == NULL)
+ 		return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ 
+-	/* Enable PBMAC1 by default in FIPS mode; otherwise the MAC
+-	 * calculation will be FIPS non-compliant.
+-	 */
+-	if (_gnutls_fips_mode_enabled())
+-		flags |= GNUTLS_PKCS12_USE_PBMAC1;
+-
+ 	/* Generate the salt.
+ 	 */
+ 	salt.data = salt_data;
+diff --git a/tests/cert-tests/pkcs12-pbmac1.sh b/tests/cert-tests/pkcs12-pbmac1.sh
+index 0c2a16b52c..ef72c0a1c4 100644
+--- a/tests/cert-tests/pkcs12-pbmac1.sh
++++ b/tests/cert-tests/pkcs12-pbmac1.sh
+@@ -109,21 +109,6 @@ if test ${rc} != 0; then
+ 	exit 1
+ fi
+ 
+-# check if PBMAC1 is used by default in FIPS mode
+-if test "$GNUTLS_FORCE_FIPS_MODE" = 1; then
+-	${VALGRIND} "$CERTTOOL" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "$srcdir/../certs/cert-ecc256.pem" --load-privkey "$srcdir/../certs/ecc256.pem" --outder --outfile "$TMPFILE" >/dev/null
+-	rc=$?
+-	if test $rc != 0; then
+-		echo "PKCS12 FATAL encoding"
+-		exit 1
+-	fi
+-	${VALGRIND} "$CERTTOOL" -d 99 --p12-info --inder --password 1234 \
+-		    --infile "$TMPFILE" | grep "^	MAC: PBMAC1" || {
+-		echo "Generated PKCS12 file doesn't use PBMAC1 in FIPS mode"
+-		exit 1
+-	}
+-fi
+-
+ rm -rf "${testdir}"
+ 
+ exit 0

gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch

@@ -0,0 +1,75 @@
+commit bf374b4151c7f6cf4b94e9eb911ceb730904a44c
+Author: Alexander Sosedkin <asosedkin@redhat.com>
+Date:   Wed Nov 19 10:48:51 2025 +0100
+
+    Revert "fips: Allow SigVer only with RSA keys with modulus >= 2048 bits"
+    
+    This reverts commit da1df0a3167ec96605fed267d97f9081cf498eec.
+
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index 5986a410c2..d14efbaaf0 100644
+--- a/lib/nettle/pk.c
++++ b/lib/nettle/pk.c
+@@ -2474,12 +2474,16 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
+ 
+ 		bits = mpz_sizeinbase(pub.n, 2);
+ 
+-		/* In FIPS 140-3, RSA key size should be larger than 2048-bit.
++		/* In FIPS 140-3, RSA key size should be larger than
++			 * 2048-bit or one of the known lengths (1024, 1280,
++			 * 1536, 1792; i.e., multiple of 256-bits).
++			 *
+ 			 * In addition to this, only SHA-2 is allowed
+ 			 * for SigVer; it is checked in _pkcs1_rsa_verify_sig in
+ 			 * lib/pubkey.c.
+ 			 */
+-		if (unlikely(bits < 2048)) {
++		if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
++			     bits != 1536 && bits != 1792)) {
+ 			not_approved = true;
+ 		}
+ 
+diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
+index 61a76d3c09..d134a35f8c 100644
+--- a/tests/fips-rsa-sizes.c
++++ b/tests/fips-rsa-sizes.c
+@@ -250,24 +250,35 @@ void doit(void)
+ 
+ 	assert(gnutls_fips140_context_init(&fips_context) == 0);
+ 
++	/* 512-bit RSA: no generate, no sign, no verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 512);
+ 	sign_verify_unsuccessfully(privkey, pubkey);
++	/* 512-bit RSA again (to be safer about going in and out of FIPS) */
+ 	generate_unsuccessfully(&privkey, &pubkey, 512);
+ 	sign_verify_unsuccessfully(privkey, pubkey);
++	/* 600-bit RSA: no generate, no sign, no verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 600);
+ 	sign_verify_unsuccessfully(privkey, pubkey);
++
++	/* 768-bit RSA not-an-exception: nogenerate, nosign, verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 768);
+ 	sign_verify_unsuccessfully(privkey, pubkey);
++	/* 1024-bit RSA exception: nogenerate, nosign, verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 1024);
+-	sign_verify_unsuccessfully(privkey, pubkey);
++	nosign_verify(privkey, pubkey);
++	/* 1280-bit RSA exception: nogenerate, nosign, verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 1280);
+-	sign_verify_unsuccessfully(privkey, pubkey);
++	nosign_verify(privkey, pubkey);
++	/* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 1500);
+ 	sign_verify_unsuccessfully(privkey, pubkey);
++	/* 1536-bit RSA exception: nogenerate, nosign, verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 1536);
+-	sign_verify_unsuccessfully(privkey, pubkey);
++	nosign_verify(privkey, pubkey);
++	/* 1792-bit RSA exception: nogenerate, nosign, verify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 1792);
+-	sign_verify_unsuccessfully(privkey, pubkey);
++	nosign_verify(privkey, pubkey);
++	/* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */
+ 	generate_unsuccessfully(&privkey, &pubkey, 2000);
+ 	sign_verify_unsuccessfully(privkey, pubkey);
+ 

gnutls-3.8.10-tests-ktls.patch

@@ -0,0 +1,114 @@
+From e0eb2bbb212a5c9d72311c59e7235832a0075dcc Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 9 Jul 2025 18:54:48 +0900
+Subject: [PATCH] add tests/ktls_utils.h
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ tests/ktls_utils.h | 94 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 94 insertions(+)
+ create mode 100644 tests/ktls_utils.h
+
+diff --git a/tests/ktls_utils.h b/tests/ktls_utils.h
+new file mode 100644
+index 0000000..231618d
+--- /dev/null
++++ b/tests/ktls_utils.h
+@@ -0,0 +1,94 @@
++#ifndef GNUTLS_TESTS_KTLS_UTILS_H
++#define GNUTLS_TESTS_KTLS_UTILS_H
++
++#include <fcntl.h>
++#include <signal.h>
++
++#include <netinet/in.h>
++
++#include <sys/socket.h>
++#include <sys/wait.h>
++
++/* Sets the NONBLOCK flag on the socket(fd) */
++inline static int set_nonblocking(int fd)
++{
++	int flags = fcntl(fd, F_GETFL, 0);
++	if (flags == -1) {
++		return 1;
++	}
++
++	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
++		return 2;
++	}
++
++	return 0;
++}
++
++/* Creates a pair of TCP connected sockets */
++static int create_socket_pair(int *client_fd, int *server_fd)
++{
++	int ret;
++	struct sockaddr_in saddr;
++	socklen_t addrlen;
++	int listener;
++
++	listener = socket(AF_INET, SOCK_STREAM, 0);
++	if (listener == -1) {
++		fail("error in listener(): %s\n", strerror(errno));
++		return 1;
++	}
++
++	int opt = 0;
++	setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
++
++	memset(&saddr, 0, sizeof(saddr));
++	saddr.sin_family = AF_INET;
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++	saddr.sin_port = 0;
++
++	ret = bind(listener, (struct sockaddr *)&saddr, sizeof(saddr));
++	if (ret == -1) {
++		fail("error in bind(): %s\n", strerror(errno));
++		return 1;
++	}
++
++	addrlen = sizeof(saddr);
++	ret = getsockname(listener, (struct sockaddr *)&saddr, &addrlen);
++	if (ret == -1) {
++		fail("error in getsockname(): %s\n", strerror(errno));
++		return 1;
++	}
++
++	ret = listen(listener, 1);
++	if (ret == -1) {
++		fail("error in listen(): %s\n", strerror(errno));
++		close(listener);
++		return 1;
++	}
++
++	*client_fd = socket(AF_INET, SOCK_STREAM, 0);
++	if (*client_fd < 0) {
++		fail("error in socket(): %s\n", strerror(errno));
++		return 1;
++	}
++
++	ret = connect(*client_fd, (struct sockaddr *)&saddr, addrlen);
++	if (ret < 0) {
++		fail("error in connect(): %s\n", strerror(errno));
++		close(listener);
++		close(*client_fd);
++		return 1;
++	}
++
++	*server_fd = accept(listener, NULL, NULL);
++	if (*server_fd < 0) {
++		fail("error in accept(): %s\n", strerror(errno));
++		close(listener);
++		close(*client_fd);
++		return 1;
++	}
++
++	return 0;
++}
++
++#endif //GNUTLS_TESTS_KTLS_UTILS_H
+-- 
+2.49.0
+

gnutls.spec

@@ -12,29 +12,23 @@ sha256sum:close()
 print(string.sub(hash, 0, 16))
 }
 
-Version: 3.8.3
-Release: 9%{?dist}
+Version: 3.8.10
+Release: 1%{?dist}
 # not upstreamed
 Patch: gnutls-3.2.7-rpath.patch
 Patch: gnutls-3.7.2-enable-intel-cet.patch
 Patch: gnutls-3.7.2-no-explicit-init.patch
 Patch: gnutls-3.7.3-disable-config-reload.patch
-Patch: gnutls-3.7.3-fips-dsa-post.patch
 Patch: gnutls-3.7.6-drbg-reseed.patch
-Patch: gnutls-3.7.6-fips-sha1-sigver.patch
-Patch: gnutls-3.7.6-gmp-static.patch
-Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
 
 # upstreamed
-Patch: gnutls-3.8.3-ktls-utsname.patch
-Patch: gnutls-3.8.3-deterministic-ecdsa-fixes.patch
-Patch: gnutls-3.8.3-verify-chain.patch
-Patch: gnutls-3.8.9-CVE-2024-12243.patch
-Patch: gnutls-3.8.3-cve-2025-32988.patch
-Patch: gnutls-3.8.3-cve-2025-32989.patch
-Patch: gnutls-3.8.3-cve-2025-32990.patch
-Patch: gnutls-3.8.3-cve-2025-6395.patch
-Patch: gnutls-3.8.3-keyupdate.patch
+Patch: gnutls-3.8.10-tests-ktls.patch
+
+# reverts
+# * e52c7ca885 pkcs12: enable PBMAC1 by default in FIPS mode
+Patch: gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch
+# * da1df0a31 fips: Allow SigVer only with RSA keys with modulus >= 2048 bits
+Patch: gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch
 
 %bcond_without bootstrap
 %bcond_without dane
@@ -48,7 +42,8 @@ Patch: gnutls-3.8.3-keyupdate.patch
 %bcond_with tpm12
 %bcond_without tpm2
 %bcond_with gost
-%bcond_with certificate_compression
+%bcond_without certificate_compression
+%bcond_without leancrypto
 %bcond_without tests
 %bcond_without srp
 %bcond_without heartbeat
@@ -63,10 +58,14 @@ BuildRequires: readline-devel, libtasn1-devel >= 4.3
 BuildRequires: zlib-devel, brotli-devel, libzstd-devel
 %endif
 %if %{with bootstrap}
-BuildRequires: automake, autoconf, gperf, libtool
+BuildRequires: automake, autoconf271, gperf, libtool
+
 %endif
 BuildRequires: texinfo
 BuildRequires: nettle-devel >= 3.10.1
+%if %{with leancrypto}
+BuildRequires: meson
+%endif
 %if %{with tpm12}
 BuildRequires: trousers-devel >= 0.3.11.2
 %endif
@@ -75,7 +74,7 @@ BuildRequires: tpm2-tss-devel >= 3.0.3
 %endif
 BuildRequires: libidn2-devel
 BuildRequires: libunistring-devel
-BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++
+BuildRequires: net-tools, softhsm, gcc, gcc-c++
 BuildRequires: gnupg2
 BuildRequires: git-core
 
@@ -95,7 +94,7 @@ BuildRequires: unbound-devel unbound-libs
 %if %{with guile}
 BuildRequires: guile22-devel
 %endif
-BuildRequires: make
+BuildRequires: make gtk-doc
 URL: http://www.gnutls.org/
 Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
 Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig
@@ -105,6 +104,10 @@ Source100:	gmp-6.2.1.tar.xz
 # Taken from the main gmp package
 Source101:	gmp-6.2.1-intel-cet.patch
 
+%if %{with leancrypto}
+Source200:	leancrypto-1.5.0.tar.gz
+%endif
+
 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130424
 
@@ -208,6 +211,13 @@ patch -p1 < %{SOURCE101}
 popd
 %endif
 
+%if %{with leancrypto}
+mkdir -p bundled_leancrypto
+pushd bundled_leancrypto
+tar --strip-components=1 -xf %{SOURCE200}
+popd
+%endif
+
 %build
 %ifarch aarch64 ppc64le
 %define _lto_cflags %{nil}
@@ -215,7 +225,7 @@ popd
 
 %if %{with fips}
 pushd bundled_gmp
-autoreconf -ifv
+/opt/rh/autoconf271/bin/autoreconf -ifv
 %configure --disable-cxx --disable-shared --enable-fat --with-pic
 %make_build
 popd
@@ -224,8 +234,41 @@ export GMP_CFLAGS="-I$PWD/bundled_gmp"
 export GMP_LIBS="$PWD/bundled_gmp/.libs/libgmp.a"
 %endif
 
+%if %{with leancrypto}
+pushd bundled_leancrypto
+%set_build_flags
+meson setup -Dprefix="$PWD/install" -Dlibdir="$PWD/install/lib" \
+        -Ddefault_library=static \
+        -Dascon=disabled -Dascon_keccak=disabled \
+        -Dbike_5=disabled -Dbike_3=disabled -Dbike_1=disabled \
+        -Dkyber_x25519=disabled -Ddilithium_ed25519=disabled \
+        -Dx509_parser=disabled -Dx509_generator=disabled \
+        -Dpkcs7_parser=disabled -Dpkcs7_generator=disabled \
+        -Dsha2-256=disabled \
+        -Dchacha20=disabled -Dchacha20_drng=disabled \
+        -Ddrbg_hash=disabled -Ddrbg_hmac=disabled \
+        -Dhash_crypt=disabled \
+        -Dhmac=disabled -Dhkdf=disabled \
+        -Dkdf_ctr=disabled -Dkdf_fb=disabled -Dkdf_dpi=disabled \
+        -Dpbkdf2=disabled \
+        -Dkmac_drng=disabled -Dcshake_drng=disabled \
+        -Dhotp=disabled -Dtotp=disabled \
+        -Daes_block=disabled -Daes_cbc=disabled -Daes_ctr=disabled \
+        -Daes_kw=disabled -Dapps=disabled \
+        _build
+meson compile -v -C _build
+meson install -C _build
+
+popd
+
+export LEANCRYPTO_DIR="$PWD/bundled_leancrypto/install"
+
+export LEANCRYPTO_CFLAGS="-I$LEANCRYPTO_DIR/include"
+export LEANCRYPTO_LIBS="$LEANCRYPTO_DIR/lib/libleancrypto.a"
+%endif
+
 %if %{with bootstrap}
-autoreconf -fi
+/opt/rh/autoconf271/bin/autoreconf -fi
 %endif
 
 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
@@ -248,13 +291,14 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
 %endif
 
 %configure \
+	   --enable-dsa \
 %if %{with fips}
            --enable-fips140-mode \
            --with-fips140-module-name="$FIPS_MODULE_NAME" \
            --with-fips140-module-version=%{version}-%{srpmhash} \
 %endif
 %if %{with gost}
-    	   --enable-gost \
+	   --enable-gost \
 %else
 	   --disable-gost \
 %endif
@@ -299,13 +343,22 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
            --disable-libdane \
 %endif
 %if %{with certificate_compression}
-	   --with-zlib --with-brotli --with-zstd \
+	   --with-zlib=dlopen --with-brotli=dlopen --with-zstd=dlopen \
 %else
 	   --without-zlib --without-brotli --without-zstd \
+%endif
+%if %{with leancrypto}
+           --with-leancrypto \
+%else
+           --without-leancrypto \
 %endif
            --disable-rpath \
            --with-default-priority-string="@SYSTEM"
 
+%if %{with leancrypto}
+sed -i '/^Requires.private:/s/leancrypto[ ,]*//g' lib/gnutls.pc
+%endif
+
 # build libgnutlsxx.so with older SONAME
 make %{?_smp_mflags} V=1 CXX_LT_CURRENT=29 CXX_LT_REVISION=0 CXX_LT_AGE=1
 
@@ -376,7 +429,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
 %{_libdir}/.libgnutls.so.30*.hmac
 %endif
 %doc README.md AUTHORS NEWS THANKS
-%license LICENSE doc/COPYING doc/COPYING.LESSER
+%license COPYING COPYING.LESSERv2
 
 %files c++
 %{_libdir}/libgnutlsxx.so.*
@@ -421,6 +474,11 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
 %endif
 
 %changelog
+* Thu Nov  6 2025 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-1
+- rebase to 3.8.10
+- revert defaulting to PBMAC1 in FIPS mode
+- revert unapproving 1024-, 1280-, 1536- and 1792-bit RSA verification
+
 * Tue Aug  5 2025 Daiki Ueno <dueno@redhat.com> - 3.8.3-9
 - key_update: rework the rekeying logic (RHEL-107499)
 

sources

@@ -1,3 +1,4 @@
 SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
-SHA512 (gnutls-3.8.3.tar.xz) = 74eddba01ce4c2ffdca781c85db3bb52c85f1db3c09813ee2b8ceea0608f92ca3912fd9266f55deb36a8ba4d01802895ca5d5d219e7d9caec45e1a8534e45a84
-SHA512 (gnutls-3.8.3.tar.xz.sig) = 5b2ca0648ca5feeda1de933de2bbaf71fadb70e830a8f0d494d2f0380b6d0d7b79445257cc79e59bba1a7ff639ab4573da3e3e124eb80c20ac6141e29a4827ff
+SHA512 (leancrypto-1.5.0.tar.gz) = 1170a502f58c9bce424578cece64a3ebf856620adc02f390b8877981bccf0c2bf35e64b1628094a06c069ec38a3be5889be22516d45d85f4e75b40085d9001c9
+SHA512 (gnutls-3.8.10.tar.xz) = d453bd4527af95cb3905ce8753ceafd969e3f442ad1d148544a233ebf13285b999930553a805a0511293cc25390bb6a040260df5544a7c55019640f920ad3d92
+SHA512 (gnutls-3.8.10.tar.xz.sig) = 72d6dd2c23f768f5041c3dca0f49b3f60cd01fc960ce77f097094a2aae6d76fddeb6295c425e3750c711d5f700957a62268aecc4873e53c31abb60eecf0fd4a8