Enable allowlisting configuration mode

Resolves: #1975421
Signed-off-by: Daiki Ueno <dueno@redhat.com>

gnutls-3.7.2-key-share-ecdhx.patch

@@ -0,0 +1,92 @@
+From c9e072236c4e1c290f38aee819ecaff8398e2a16 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 25 Jun 2021 08:39:12 +0200
+Subject: [PATCH] key_share: treat X25519 and X448 as same PK type when
+ advertising
+
+Previously, if both X25519 and X448 groups were enabled in the
+priority string, the client sent both algorithms in a key_share
+extension, while it was only capable of handling one algorithm from
+the same (Edwards curve) category.  This adds an extra check so the
+client should send either X25519 or X448.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/key_share.c     | 24 +++++++++++++++++++++---
+ tests/tls13/key_share.c |  3 +++
+ 2 files changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
+index a8c4bb5cf..a4db3af95 100644
+--- a/lib/ext/key_share.c
++++ b/lib/ext/key_share.c
+@@ -656,6 +656,18 @@ key_share_recv_params(gnutls_session_t session,
+ 	return 0;
+ }
+ 
++static inline bool
++pk_type_is_ecdhx(gnutls_pk_algorithm_t pk)
++{
++	return pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448;
++}
++
++static inline bool
++pk_type_equal(gnutls_pk_algorithm_t a, gnutls_pk_algorithm_t b)
++{
++	return a == b || (pk_type_is_ecdhx(a) && pk_type_is_ecdhx(b));
++}
++
+ /* returns data_size or a negative number on failure
+  */
+ static int
+@@ -710,12 +722,18 @@ key_share_send_params(gnutls_session_t session,
+ 			/* generate key shares for out top-(max_groups) groups
+ 			 * if they are of different PK type. */
+ 			for (i = 0; i < session->internals.priorities->groups.size; i++) {
++				unsigned int j;
++
+ 				group = session->internals.priorities->groups.entry[i];
+ 
+-				if (generated == 1 && group->pk == selected_groups[0])
+-					continue;
+-				else if (generated == 2 && (group->pk == selected_groups[1] || group->pk == selected_groups[0]))
++				for (j = 0; j < generated; j++) {
++					if (pk_type_equal(group->pk, selected_groups[j])) {
++						break;
++					}
++				}
++				if (j < generated) {
+ 					continue;
++				}
+ 
+ 				selected_groups[generated] = group->pk;
+ 
+diff --git a/tests/tls13/key_share.c b/tests/tls13/key_share.c
+index 7f8f6295c..816a7d9b5 100644
+--- a/tests/tls13/key_share.c
++++ b/tests/tls13/key_share.c
+@@ -124,6 +124,7 @@ unsigned int tls_id_to_group[] = {
+ 	[23] = GNUTLS_GROUP_SECP256R1,
+ 	[24] = GNUTLS_GROUP_SECP384R1,
+ 	[29] = GNUTLS_GROUP_X25519,
++	[30] = GNUTLS_GROUP_X448,
+ 	[0x100] = GNUTLS_GROUP_FFDHE2048,
+ 	[0x101] = GNUTLS_GROUP_FFDHE3072
+ };
+@@ -315,11 +316,13 @@ void doit(void)
+ 	start("two groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2);
+ 	start("two groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2);
+ 	start("two groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X25519, 2);
++	start("two groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X448, 2);
+ 	start("two groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_FFDHE2048, 2);
+ 
+ 	start("three groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3);
+ 	start("three groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3);
+ 	start("three groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X25519, 3);
++	start("three groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X448, 3);
+ 	start("three groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_FFDHE2048, 3);
+ 
+ 	/* test default behavior */
+-- 
+2.31.1
+

gnutls.spec

@@ -1,8 +1,10 @@
 # This spec file has been automatically updated
 Version:	3.7.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
+Patch3:	gnutls-3.7.2-config-allowlisting.patch
+Patch4:	gnutls-3.7.2-key-share-ecdhx.patch
 %bcond_with bootstrap
 %bcond_without dane
 %if 0%{?rhel}
@@ -162,6 +164,10 @@ rm -f lib/minitasn1/*.c lib/minitasn1/*.h
 
 echo "SYSTEM=NORMAL" >> tests/system.prio
 
+%if !%{with bootstrap}
+touch doc/stamp* doc/*.texi doc/*.info doc/*.html doc/manpages/stamp_mans
+%endif
+
 # Note that we explicitly enable SHA1, as SHA1 deprecation is handled
 # via the crypto policies
 
@@ -295,6 +301,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %endif
 
 %changelog
+* Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-3
+- Enable allowlisting configuration mode (#1975421)
+
 * Sat Jun 26 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-2
 - Remove %%defattr invocations which are no longer necessary
 - libpkcs11mock1.* is not installed anymore