diff --git a/gnutls-3.7.3-fips-dsa-post.patch b/gnutls-3.7.3-fips-dsa-post.patch deleted file mode 100644 index 7d1aea2..0000000 --- a/gnutls-3.7.3-fips-dsa-post.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0a29639ad24072afbd79b2ceede9976e51b9e2af Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Fri, 1 Jul 2022 16:46:07 +0900 -Subject: [PATCH] fips: don't run POST for DSA - -Signed-off-by: rpm-build <> ---- - lib/fips.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/lib/fips.c b/lib/fips.c -index 656d43e..c776690 100644 ---- a/lib/fips.c -+++ b/lib/fips.c -@@ -523,11 +523,6 @@ int _gnutls_fips_perform_self_checks2(void) - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); - } - -- ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA); -- if (ret < 0) { -- return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); -- } -- - ret = gnutls_pk_self_test(0, GNUTLS_PK_EC); - if (ret < 0) { - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); --- -2.36.1 - diff --git a/gnutls-3.7.6-fips-sha1-sigver.patch b/gnutls-3.7.6-fips-sha1-sigver.patch deleted file mode 100644 index e71b739..0000000 --- a/gnutls-3.7.6-fips-sha1-sigver.patch +++ /dev/null @@ -1,109 +0,0 @@ -From cc7473a9ea185e072ab1bae0903c77bd7d7cf5bc Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Nov 2023 07:45:42 +0900 -Subject: [PATCH] gnutls-3.7.6-fips-sha1-sigver.patch - -Signed-off-by: rpm-build ---- - lib/nettle/pk.c | 13 +++++-------- - lib/pubkey.c | 3 --- - tests/fips-test.c | 8 ++++---- - 3 files changed, 9 insertions(+), 15 deletions(-) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 4ddfcff..36a7c24 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -1609,10 +1609,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, - if (hash_len > vdata->size) - hash_len = vdata->size; - -- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy -- * mode */ - switch (DIG_TO_MAC(sign_params->dsa_dig)) { -- case GNUTLS_MAC_SHA1: - case GNUTLS_MAC_SHA256: - case GNUTLS_MAC_SHA384: - case GNUTLS_MAC_SHA512: -@@ -1683,8 +1680,8 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, - * 2048-bit or one of the known lengths (1024, 1280, - * 1536, 1792; i.e., multiple of 256-bits). - * -- * In addition to this, only SHA-1 and SHA-2 are allowed -- * for SigVer; it is checked in _pkcs1_rsa_verify_sig in -+ * In addition to this, only SHA-2 is allowed for -+ * SigVer; it is checked in _pkcs1_rsa_verify_sig in - * lib/pubkey.c. - */ - if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 && -@@ -1730,9 +1727,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, - } - - /* RSA modulus size should be 2048-bit or larger in FIPS -- * 140-3. In addition to this, only SHA-1 and SHA-2 are -- * allowed for SigVer, while Nettle only supports -- * SHA256, SHA384, and SHA512 for RSA-PSS (see -+ * 140-3. In addition to this, only SHA-2 is allowed -+ * for SigVer, while Nettle only supports SHA256, -+ * SHA384, and SHA512 for RSA-PSS (see - * _rsa_pss_verify_digest in this file for the details). - */ - if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) { -diff --git a/lib/pubkey.c b/lib/pubkey.c -index 1139ad9..714806a 100644 ---- a/lib/pubkey.c -+++ b/lib/pubkey.c -@@ -2452,10 +2452,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, - d.size = digest_size; - - if (pk == GNUTLS_PK_RSA) { -- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy -- * mode */ - switch (me->id) { -- case GNUTLS_MAC_SHA1: - case GNUTLS_MAC_SHA256: - case GNUTLS_MAC_SHA384: - case GNUTLS_MAC_SHA512: -diff --git a/tests/fips-test.c b/tests/fips-test.c -index 180da05..09120c1 100644 ---- a/tests/fips-test.c -+++ b/tests/fips-test.c -@@ -596,7 +596,7 @@ void doit(void) - } - FIPS_POP_CONTEXT(NOT_APPROVED); - -- /* Verify a signature created with 2432-bit RSA and SHA-1; approved */ -+ /* Verify a signature created with 2432-bit RSA and SHA-1; not approved */ - FIPS_PUSH_CONTEXT(); - ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, - GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, -@@ -604,7 +604,7 @@ void doit(void) - if (ret < 0) { - fail("gnutls_pubkey_verify_data2 failed\n"); - } -- FIPS_POP_CONTEXT(APPROVED); -+ FIPS_POP_CONTEXT(NOT_APPROVED); - gnutls_free(signature.data); - gnutls_pubkey_deinit(pubkey); - gnutls_privkey_deinit(privkey); -@@ -708,7 +708,7 @@ void doit(void) - } - FIPS_POP_CONTEXT(NOT_APPROVED); - -- /* Verify a signature created with ECDSA and SHA-1; approved */ -+ /* Verify a signature created with ECDSA and SHA-1; not approved */ - FIPS_PUSH_CONTEXT(); - ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1, - GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, -@@ -716,7 +716,7 @@ void doit(void) - if (ret < 0) { - fail("gnutls_pubkey_verify_data2 failed\n"); - } -- FIPS_POP_CONTEXT(APPROVED); -+ FIPS_POP_CONTEXT(NOT_APPROVED); - gnutls_free(signature.data); - - /* Create a signature with ECDSA and SHA-1 (old API); not approved */ --- -2.41.0 - diff --git a/gnutls-3.7.6-gmp-static.patch b/gnutls-3.7.6-gmp-static.patch deleted file mode 100644 index 0b94c8d..0000000 --- a/gnutls-3.7.6-gmp-static.patch +++ /dev/null @@ -1,189 +0,0 @@ -From 3c931abeb7e9bbf744cde83fbaaf3bb011107834 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 19 Aug 2022 12:32:27 +0900 -Subject: [PATCH] build: allow GMP to be statically linked - -Even though we set the custom allocator[1] to zeroize sensitive data, -it can be easily invalidated if the application sets its own custom -allocator. An approach to prevent that is to link against a static -library of GMP, so the use of GMP is privatized and the custom -allocator configuration is not shared with other applications. - -This patch allows libgnutls to be linked with the static library of -GMP. Note that, to this work libgmp.a needs to be compiled with -fPIC -and libhogweed in Nettle is also linked to the static library of GMP. - -1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554 - -Signed-off-by: Daiki Ueno ---- - configure.ac | 14 +++++++++++++- - lib/fips.c | 18 +++++++++++++++++- - lib/fipshmac.c | 2 ++ - lib/global.c | 2 ++ - 4 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f81d93edc0..b38583c554 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -786,6 +786,8 @@ LIBS=$save_LIBS - AM_CONDITIONAL([NEED_SIV_GCM], [test "$ac_cv_func_nettle_siv_gcm_encrypt_message" != yes]) - - # Check sonames of the linked libraries needed for FIPS selftests. -+save_CFLAGS=$CFLAGS -+CFLAGS="$CFLAGS $GMP_CFLAGS" - save_LIBS=$LIBS - LIBS="$LIBS $GMP_LIBS" - AC_MSG_CHECKING([gmp soname]) -@@ -799,9 +801,14 @@ if test -z "$gmp_so"; then - gmp_so=none - fi - AC_MSG_RESULT($gmp_so) --AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library]) -+if test "$gmp_so" != none; then -+ AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library]) -+fi - LIBS=$save_LIBS -+CFLAGS=$save_CFLAGS - -+save_CFLAGS=$CFLAGS -+CFLAGS="$CFLAGS $NETTLE_CFLAGS" - save_LIBS=$LIBS - LIBS="$LIBS $NETTLE_LIBS" - AC_MSG_CHECKING([nettle soname]) -@@ -817,7 +824,11 @@ fi - AC_MSG_RESULT($nettle_so) - AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library]) - LIBS=$save_LIBS -+CFLAGS=$save_CFLAGS - -+save_CFLAGS=$CFLAGS -+# includes -+CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS" - save_LIBS=$LIBS - LIBS="$LIBS $HOGWEED_LIBS" - AC_MSG_CHECKING([hogweed soname]) -@@ -833,6 +844,7 @@ fi - AC_MSG_RESULT($hogweed_so) - AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library]) - LIBS=$save_LIBS -+CFLAGS=$save_CFLAGS - - gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"` - AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library]) -diff --git a/lib/fips.c b/lib/fips.c -index e337221267..c1859709da 100644 ---- a/lib/fips.c -+++ b/lib/fips.c -@@ -157,7 +157,11 @@ void _gnutls_fips_mode_reset_zombie(void) - #define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME - #define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME - #define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME -+ -+/* GMP can be statically linked. */ -+#ifdef GMP_LIBRARY_SONAME - #define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME -+#endif - - #define HMAC_SIZE 32 - #define HMAC_ALGO GNUTLS_MAC_SHA256 -@@ -173,14 +177,18 @@ struct hmac_file { - struct hmac_entry gnutls; - struct hmac_entry nettle; - struct hmac_entry hogweed; -+#ifdef GMP_LIBRARY_SONAME - struct hmac_entry gmp; -+#endif - }; - - struct lib_paths { - char gnutls[GNUTLS_PATH_MAX]; - char nettle[GNUTLS_PATH_MAX]; - char hogweed[GNUTLS_PATH_MAX]; -+#ifdef GMP_LIBRARY_SONAME - char gmp[GNUTLS_PATH_MAX]; -+#endif - }; - - /* -@@ -244,8 +252,10 @@ static int handler(void *user, const char *section, const char *name, - return lib_handler(&p->nettle, section, name, value); - } else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) { - return lib_handler(&p->hogweed, section, name, value); -+#ifdef GMP_LIBRARY_SONAME - } else if (!strcmp(section, GMP_LIBRARY_NAME)) { - return lib_handler(&p->gmp, section, name, value); -+#endif - } else { - return 0; - } -@@ -393,8 +403,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data) - _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path); - else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) - _gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path); -+#ifdef GMP_LIBRARY_SONAME - else if (!strcmp(soname, GMP_LIBRARY_SONAME)) - _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path); -+#endif - return 0; - } - -@@ -415,10 +427,12 @@ static int load_lib_paths(struct lib_paths *paths) - _gnutls_debug_log("Hogweed library path was not found\n"); - return gnutls_assert_val(GNUTLS_E_FILE_ERROR); - } -+#ifdef GMP_LIBRARY_SONAME - if (paths->gmp[0] == '\0') { - _gnutls_debug_log("Gmp library path was not found\n"); - return gnutls_assert_val(GNUTLS_E_FILE_ERROR); - } -+#endif - - return GNUTLS_E_SUCCESS; - } -@@ -471,9 +485,11 @@ static int check_binary_integrity(void) - ret = check_lib_hmac(&hmac.hogweed, paths.hogweed); - if (ret < 0) - return ret; -- ret = check_lib_hmac(&hmac.gmp, paths.gmp); -+#ifdef GMP_LIBRARY_SONAME -+ ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init"); - if (ret < 0) - return ret; -+#endif - - return 0; - } -diff --git a/lib/fipshmac.c b/lib/fipshmac.c -index 51f38f18e5..6a4883a131 100644 ---- a/lib/fipshmac.c -+++ b/lib/fipshmac.c -@@ -107,8 +107,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data) - return print_lib(path, soname); - if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) - return print_lib(path, soname); -+#ifdef GMP_LIBRARY_SONAME - if (!strcmp(soname, GMP_LIBRARY_SONAME)) - return print_lib(path, soname); -+#endif - return 0; - } - -diff --git a/lib/global.c b/lib/global.c -index 924ec945de..c197fd0e5f 100644 ---- a/lib/global.c -+++ b/lib/global.c -@@ -564,7 +564,9 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = { - { "libgnutls-soname", GNUTLS_LIBRARY_SONAME }, - { "libnettle-soname", NETTLE_LIBRARY_SONAME }, - { "libhogweed-soname", HOGWEED_LIBRARY_SONAME }, -+#ifdef GMP_LIBRARY_SONAME - { "libgmp-soname", GMP_LIBRARY_SONAME }, -+#endif - { "hardware-features", HW_FEATURES }, - { "tls-features", TLS_FEATURES }, - { "default-system-config", SYSTEM_PRIORITY_FILE }, --- -2.41.0 - diff --git a/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch b/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch deleted file mode 100644 index 301f211..0000000 --- a/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7d98e7768f3e4e1f981f76e27338ae7118ee2c39 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 22 Jan 2024 15:17:04 +0900 -Subject: [PATCH] gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch - ---- - tests/gnutls_ktls.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c -index ccbe566..8b8992d 100644 ---- a/tests/gnutls_ktls.c -+++ b/tests/gnutls_ktls.c -@@ -347,10 +347,8 @@ void doit(void) - { - run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM"); -- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM"); -- run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305"); - #if defined(__linux__) - run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CCM"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-CCM"); --- -2.43.0 - diff --git a/gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch b/gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch new file mode 100644 index 0000000..879fa61 --- /dev/null +++ b/gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch @@ -0,0 +1,51 @@ +commit b493de9ba31636de2f3b0c1dafab39b6412550bd +Author: Alexander Sosedkin +Date: Wed Nov 19 10:46:52 2025 +0100 + + Revert "pkcs12: enable PBMAC1 by default in FIPS mode" + + This reverts commit e52c7ca885798c40efb4ed6505e0690fc38c7dde. + +diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c +index a71f3ee561..18aae0bd49 100644 +--- a/lib/x509/pkcs12.c ++++ b/lib/x509/pkcs12.c +@@ -997,12 +997,6 @@ int gnutls_pkcs12_generate_mac3(gnutls_pkcs12_t pkcs12, + if (me->oid == NULL) + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + +- /* Enable PBMAC1 by default in FIPS mode; otherwise the MAC +- * calculation will be FIPS non-compliant. +- */ +- if (_gnutls_fips_mode_enabled()) +- flags |= GNUTLS_PKCS12_USE_PBMAC1; +- + /* Generate the salt. + */ + salt.data = salt_data; +diff --git a/tests/cert-tests/pkcs12-pbmac1.sh b/tests/cert-tests/pkcs12-pbmac1.sh +index 0c2a16b52c..ef72c0a1c4 100644 +--- a/tests/cert-tests/pkcs12-pbmac1.sh ++++ b/tests/cert-tests/pkcs12-pbmac1.sh +@@ -109,21 +109,6 @@ if test ${rc} != 0; then + exit 1 + fi + +-# check if PBMAC1 is used by default in FIPS mode +-if test "$GNUTLS_FORCE_FIPS_MODE" = 1; then +- ${VALGRIND} "$CERTTOOL" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "$srcdir/../certs/cert-ecc256.pem" --load-privkey "$srcdir/../certs/ecc256.pem" --outder --outfile "$TMPFILE" >/dev/null +- rc=$? +- if test $rc != 0; then +- echo "PKCS12 FATAL encoding" +- exit 1 +- fi +- ${VALGRIND} "$CERTTOOL" -d 99 --p12-info --inder --password 1234 \ +- --infile "$TMPFILE" | grep "^ MAC: PBMAC1" || { +- echo "Generated PKCS12 file doesn't use PBMAC1 in FIPS mode" +- exit 1 +- } +-fi +- + rm -rf "${testdir}" + + exit 0 diff --git a/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch b/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch new file mode 100644 index 0000000..1b53dc6 --- /dev/null +++ b/gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch @@ -0,0 +1,75 @@ +commit bf374b4151c7f6cf4b94e9eb911ceb730904a44c +Author: Alexander Sosedkin +Date: Wed Nov 19 10:48:51 2025 +0100 + + Revert "fips: Allow SigVer only with RSA keys with modulus >= 2048 bits" + + This reverts commit da1df0a3167ec96605fed267d97f9081cf498eec. + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 5986a410c2..d14efbaaf0 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -2474,12 +2474,16 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + + bits = mpz_sizeinbase(pub.n, 2); + +- /* In FIPS 140-3, RSA key size should be larger than 2048-bit. ++ /* In FIPS 140-3, RSA key size should be larger than ++ * 2048-bit or one of the known lengths (1024, 1280, ++ * 1536, 1792; i.e., multiple of 256-bits). ++ * + * In addition to this, only SHA-2 is allowed + * for SigVer; it is checked in _pkcs1_rsa_verify_sig in + * lib/pubkey.c. + */ +- if (unlikely(bits < 2048)) { ++ if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 && ++ bits != 1536 && bits != 1792)) { + not_approved = true; + } + +diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c +index 61a76d3c09..d134a35f8c 100644 +--- a/tests/fips-rsa-sizes.c ++++ b/tests/fips-rsa-sizes.c +@@ -250,24 +250,35 @@ void doit(void) + + assert(gnutls_fips140_context_init(&fips_context) == 0); + ++ /* 512-bit RSA: no generate, no sign, no verify */ + generate_unsuccessfully(&privkey, &pubkey, 512); + sign_verify_unsuccessfully(privkey, pubkey); ++ /* 512-bit RSA again (to be safer about going in and out of FIPS) */ + generate_unsuccessfully(&privkey, &pubkey, 512); + sign_verify_unsuccessfully(privkey, pubkey); ++ /* 600-bit RSA: no generate, no sign, no verify */ + generate_unsuccessfully(&privkey, &pubkey, 600); + sign_verify_unsuccessfully(privkey, pubkey); ++ ++ /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 768); + sign_verify_unsuccessfully(privkey, pubkey); ++ /* 1024-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1024); +- sign_verify_unsuccessfully(privkey, pubkey); ++ nosign_verify(privkey, pubkey); ++ /* 1280-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1280); +- sign_verify_unsuccessfully(privkey, pubkey); ++ nosign_verify(privkey, pubkey); ++ /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */ + generate_unsuccessfully(&privkey, &pubkey, 1500); + sign_verify_unsuccessfully(privkey, pubkey); ++ /* 1536-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1536); +- sign_verify_unsuccessfully(privkey, pubkey); ++ nosign_verify(privkey, pubkey); ++ /* 1792-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1792); +- sign_verify_unsuccessfully(privkey, pubkey); ++ nosign_verify(privkey, pubkey); ++ /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */ + generate_unsuccessfully(&privkey, &pubkey, 2000); + sign_verify_unsuccessfully(privkey, pubkey); + diff --git a/gnutls-3.8.10-tests-ktls.patch b/gnutls-3.8.10-tests-ktls.patch new file mode 100644 index 0000000..1b23124 --- /dev/null +++ b/gnutls-3.8.10-tests-ktls.patch @@ -0,0 +1,114 @@ +From e0eb2bbb212a5c9d72311c59e7235832a0075dcc Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 9 Jul 2025 18:54:48 +0900 +Subject: [PATCH] add tests/ktls_utils.h + +Signed-off-by: rpm-build +--- + tests/ktls_utils.h | 94 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 94 insertions(+) + create mode 100644 tests/ktls_utils.h + +diff --git a/tests/ktls_utils.h b/tests/ktls_utils.h +new file mode 100644 +index 0000000..231618d +--- /dev/null ++++ b/tests/ktls_utils.h +@@ -0,0 +1,94 @@ ++#ifndef GNUTLS_TESTS_KTLS_UTILS_H ++#define GNUTLS_TESTS_KTLS_UTILS_H ++ ++#include ++#include ++ ++#include ++ ++#include ++#include ++ ++/* Sets the NONBLOCK flag on the socket(fd) */ ++inline static int set_nonblocking(int fd) ++{ ++ int flags = fcntl(fd, F_GETFL, 0); ++ if (flags == -1) { ++ return 1; ++ } ++ ++ if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { ++ return 2; ++ } ++ ++ return 0; ++} ++ ++/* Creates a pair of TCP connected sockets */ ++static int create_socket_pair(int *client_fd, int *server_fd) ++{ ++ int ret; ++ struct sockaddr_in saddr; ++ socklen_t addrlen; ++ int listener; ++ ++ listener = socket(AF_INET, SOCK_STREAM, 0); ++ if (listener == -1) { ++ fail("error in listener(): %s\n", strerror(errno)); ++ return 1; ++ } ++ ++ int opt = 0; ++ setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); ++ ++ memset(&saddr, 0, sizeof(saddr)); ++ saddr.sin_family = AF_INET; ++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); ++ saddr.sin_port = 0; ++ ++ ret = bind(listener, (struct sockaddr *)&saddr, sizeof(saddr)); ++ if (ret == -1) { ++ fail("error in bind(): %s\n", strerror(errno)); ++ return 1; ++ } ++ ++ addrlen = sizeof(saddr); ++ ret = getsockname(listener, (struct sockaddr *)&saddr, &addrlen); ++ if (ret == -1) { ++ fail("error in getsockname(): %s\n", strerror(errno)); ++ return 1; ++ } ++ ++ ret = listen(listener, 1); ++ if (ret == -1) { ++ fail("error in listen(): %s\n", strerror(errno)); ++ close(listener); ++ return 1; ++ } ++ ++ *client_fd = socket(AF_INET, SOCK_STREAM, 0); ++ if (*client_fd < 0) { ++ fail("error in socket(): %s\n", strerror(errno)); ++ return 1; ++ } ++ ++ ret = connect(*client_fd, (struct sockaddr *)&saddr, addrlen); ++ if (ret < 0) { ++ fail("error in connect(): %s\n", strerror(errno)); ++ close(listener); ++ close(*client_fd); ++ return 1; ++ } ++ ++ *server_fd = accept(listener, NULL, NULL); ++ if (*server_fd < 0) { ++ fail("error in accept(): %s\n", strerror(errno)); ++ close(listener); ++ close(*client_fd); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++#endif //GNUTLS_TESTS_KTLS_UTILS_H +-- +2.49.0 + diff --git a/gnutls.spec b/gnutls.spec index 81bb212..d51fee8 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -12,29 +12,23 @@ sha256sum:close() print(string.sub(hash, 0, 16)) } -Version: 3.8.3 -Release: 9%{?dist} +Version: 3.8.10 +Release: 1%{?dist} # not upstreamed Patch: gnutls-3.2.7-rpath.patch Patch: gnutls-3.7.2-enable-intel-cet.patch Patch: gnutls-3.7.2-no-explicit-init.patch Patch: gnutls-3.7.3-disable-config-reload.patch -Patch: gnutls-3.7.3-fips-dsa-post.patch Patch: gnutls-3.7.6-drbg-reseed.patch -Patch: gnutls-3.7.6-fips-sha1-sigver.patch -Patch: gnutls-3.7.6-gmp-static.patch -Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch # upstreamed -Patch: gnutls-3.8.3-ktls-utsname.patch -Patch: gnutls-3.8.3-deterministic-ecdsa-fixes.patch -Patch: gnutls-3.8.3-verify-chain.patch -Patch: gnutls-3.8.9-CVE-2024-12243.patch -Patch: gnutls-3.8.3-cve-2025-32988.patch -Patch: gnutls-3.8.3-cve-2025-32989.patch -Patch: gnutls-3.8.3-cve-2025-32990.patch -Patch: gnutls-3.8.3-cve-2025-6395.patch -Patch: gnutls-3.8.3-keyupdate.patch +Patch: gnutls-3.8.10-tests-ktls.patch + +# reverts +# * e52c7ca885 pkcs12: enable PBMAC1 by default in FIPS mode +Patch: gnutls-3.8.10-rhel9-revert-pbmac1-fips-default.patch +# * da1df0a31 fips: Allow SigVer only with RSA keys with modulus >= 2048 bits +Patch: gnutls-3.8.10-rhel9-revert-rsa-less-than-2048.patch %bcond_without bootstrap %bcond_without dane @@ -48,7 +42,8 @@ Patch: gnutls-3.8.3-keyupdate.patch %bcond_with tpm12 %bcond_without tpm2 %bcond_with gost -%bcond_with certificate_compression +%bcond_without certificate_compression +%bcond_without leancrypto %bcond_without tests %bcond_without srp %bcond_without heartbeat @@ -63,10 +58,14 @@ BuildRequires: readline-devel, libtasn1-devel >= 4.3 BuildRequires: zlib-devel, brotli-devel, libzstd-devel %endif %if %{with bootstrap} -BuildRequires: automake, autoconf, gperf, libtool +BuildRequires: automake, autoconf271, gperf, libtool + %endif BuildRequires: texinfo BuildRequires: nettle-devel >= 3.10.1 +%if %{with leancrypto} +BuildRequires: meson +%endif %if %{with tpm12} BuildRequires: trousers-devel >= 0.3.11.2 %endif @@ -75,7 +74,7 @@ BuildRequires: tpm2-tss-devel >= 3.0.3 %endif BuildRequires: libidn2-devel BuildRequires: libunistring-devel -BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++ +BuildRequires: net-tools, softhsm, gcc, gcc-c++ BuildRequires: gnupg2 BuildRequires: git-core @@ -95,7 +94,7 @@ BuildRequires: unbound-devel unbound-libs %if %{with guile} BuildRequires: guile22-devel %endif -BuildRequires: make +BuildRequires: make gtk-doc URL: http://www.gnutls.org/ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig @@ -105,6 +104,10 @@ Source100: gmp-6.2.1.tar.xz # Taken from the main gmp package Source101: gmp-6.2.1-intel-cet.patch +%if %{with leancrypto} +Source200: leancrypto-1.5.0.tar.gz +%endif + # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -208,6 +211,13 @@ patch -p1 < %{SOURCE101} popd %endif +%if %{with leancrypto} +mkdir -p bundled_leancrypto +pushd bundled_leancrypto +tar --strip-components=1 -xf %{SOURCE200} +popd +%endif + %build %ifarch aarch64 ppc64le %define _lto_cflags %{nil} @@ -215,7 +225,7 @@ popd %if %{with fips} pushd bundled_gmp -autoreconf -ifv +/opt/rh/autoconf271/bin/autoreconf -ifv %configure --disable-cxx --disable-shared --enable-fat --with-pic %make_build popd @@ -224,8 +234,41 @@ export GMP_CFLAGS="-I$PWD/bundled_gmp" export GMP_LIBS="$PWD/bundled_gmp/.libs/libgmp.a" %endif +%if %{with leancrypto} +pushd bundled_leancrypto +%set_build_flags +meson setup -Dprefix="$PWD/install" -Dlibdir="$PWD/install/lib" \ + -Ddefault_library=static \ + -Dascon=disabled -Dascon_keccak=disabled \ + -Dbike_5=disabled -Dbike_3=disabled -Dbike_1=disabled \ + -Dkyber_x25519=disabled -Ddilithium_ed25519=disabled \ + -Dx509_parser=disabled -Dx509_generator=disabled \ + -Dpkcs7_parser=disabled -Dpkcs7_generator=disabled \ + -Dsha2-256=disabled \ + -Dchacha20=disabled -Dchacha20_drng=disabled \ + -Ddrbg_hash=disabled -Ddrbg_hmac=disabled \ + -Dhash_crypt=disabled \ + -Dhmac=disabled -Dhkdf=disabled \ + -Dkdf_ctr=disabled -Dkdf_fb=disabled -Dkdf_dpi=disabled \ + -Dpbkdf2=disabled \ + -Dkmac_drng=disabled -Dcshake_drng=disabled \ + -Dhotp=disabled -Dtotp=disabled \ + -Daes_block=disabled -Daes_cbc=disabled -Daes_ctr=disabled \ + -Daes_kw=disabled -Dapps=disabled \ + _build +meson compile -v -C _build +meson install -C _build + +popd + +export LEANCRYPTO_DIR="$PWD/bundled_leancrypto/install" + +export LEANCRYPTO_CFLAGS="-I$LEANCRYPTO_DIR/include" +export LEANCRYPTO_LIBS="$LEANCRYPTO_DIR/lib/libleancrypto.a" +%endif + %if %{with bootstrap} -autoreconf -fi +/opt/rh/autoconf271/bin/autoreconf -fi %endif sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure @@ -248,13 +291,14 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name" %endif %configure \ + --enable-dsa \ %if %{with fips} --enable-fips140-mode \ --with-fips140-module-name="$FIPS_MODULE_NAME" \ --with-fips140-module-version=%{version}-%{srpmhash} \ %endif %if %{with gost} - --enable-gost \ + --enable-gost \ %else --disable-gost \ %endif @@ -299,13 +343,22 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name" --disable-libdane \ %endif %if %{with certificate_compression} - --with-zlib --with-brotli --with-zstd \ + --with-zlib=dlopen --with-brotli=dlopen --with-zstd=dlopen \ %else --without-zlib --without-brotli --without-zstd \ +%endif +%if %{with leancrypto} + --with-leancrypto \ +%else + --without-leancrypto \ %endif --disable-rpath \ --with-default-priority-string="@SYSTEM" +%if %{with leancrypto} +sed -i '/^Requires.private:/s/leancrypto[ ,]*//g' lib/gnutls.pc +%endif + # build libgnutlsxx.so with older SONAME make %{?_smp_mflags} V=1 CXX_LT_CURRENT=29 CXX_LT_REVISION=0 CXX_LT_AGE=1 @@ -376,7 +429,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x %{_libdir}/.libgnutls.so.30*.hmac %endif %doc README.md AUTHORS NEWS THANKS -%license LICENSE doc/COPYING doc/COPYING.LESSER +%license COPYING COPYING.LESSERv2 %files c++ %{_libdir}/libgnutlsxx.so.* @@ -421,6 +474,11 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x %endif %changelog +* Thu Nov 6 2025 Alexander Sosedkin - 3.8.10-1 +- rebase to 3.8.10 +- revert defaulting to PBMAC1 in FIPS mode +- revert unapproving 1024-, 1280-, 1536- and 1792-bit RSA verification + * Tue Aug 5 2025 Daiki Ueno - 3.8.3-9 - key_update: rework the rekeying logic (RHEL-107499) diff --git a/sources b/sources index 0fee923..23e55e4 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 -SHA512 (gnutls-3.8.3.tar.xz) = 74eddba01ce4c2ffdca781c85db3bb52c85f1db3c09813ee2b8ceea0608f92ca3912fd9266f55deb36a8ba4d01802895ca5d5d219e7d9caec45e1a8534e45a84 -SHA512 (gnutls-3.8.3.tar.xz.sig) = 5b2ca0648ca5feeda1de933de2bbaf71fadb70e830a8f0d494d2f0380b6d0d7b79445257cc79e59bba1a7ff639ab4573da3e3e124eb80c20ac6141e29a4827ff +SHA512 (leancrypto-1.5.0.tar.gz) = 1170a502f58c9bce424578cece64a3ebf856620adc02f390b8877981bccf0c2bf35e64b1628094a06c069ec38a3be5889be22516d45d85f4e75b40085d9001c9 +SHA512 (gnutls-3.8.10.tar.xz) = d453bd4527af95cb3905ce8753ceafd969e3f442ad1d148544a233ebf13285b999930553a805a0511293cc25390bb6a040260df5544a7c55019640f920ad3d92 +SHA512 (gnutls-3.8.10.tar.xz.sig) = 72d6dd2c23f768f5041c3dca0f49b3f60cd01fc960ce77f097094a2aae6d76fddeb6295c425e3750c711d5f700957a62268aecc4873e53c31abb60eecf0fd4a8