import gnutls-3.6.16-4.el8
This commit is contained in:
parent
b2fe796223
commit
4f0c06e3ae
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/gnutls-3.6.14.tar.xz
|
SOURCES/gnutls-3.6.16.tar.xz
|
||||||
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
bea1b5abcb691acf014e592f41d0a9580a41216a SOURCES/gnutls-3.6.14.tar.xz
|
6ba8fb898dcf4b4046b60662ba97df835593e687 SOURCES/gnutls-3.6.16.tar.xz
|
||||||
648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
@ -1,36 +0,0 @@
|
|||||||
From cf1de82bedd01c01e70921699c84a473b08d0dab Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Mon, 1 Jun 2020 17:23:59 +0200
|
|
||||||
Subject: [PATCH] serv: omit upper bound of --maxearlydata option definition
|
|
||||||
|
|
||||||
It turned out that AutoGen treats numbers that exceed INT_MAX in a
|
|
||||||
platform dependent way. In this case, 4294967295 (UINT_MAX) is
|
|
||||||
treated as is on 64-bit platforms, while it is interpreted as "-1" on
|
|
||||||
32-bit platforms. This causes a problem when the program
|
|
||||||
documentation is compiled under multilib environment.
|
|
||||||
|
|
||||||
Reported by Ivan Molodetskikh in:
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1841844
|
|
||||||
and the cause was identified by Anderson Toshiyuki Sasaki.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
src/serv-args.def | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/serv-args.def b/src/serv-args.def
|
|
||||||
index 996fbe36b..a584085e2 100644
|
|
||||||
--- a/src/serv-args.def
|
|
||||||
+++ b/src/serv-args.def
|
|
||||||
@@ -51,7 +51,7 @@ flag = {
|
|
||||||
flag = {
|
|
||||||
name = maxearlydata;
|
|
||||||
arg-type = number;
|
|
||||||
- arg-range = "1->4294967295";
|
|
||||||
+ arg-range = "1->";
|
|
||||||
descrip = "The maximum early data size to accept";
|
|
||||||
doc = "";
|
|
||||||
};
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,87 +0,0 @@
|
|||||||
diff -up ./doc/doxygen/Doxyfile.orig ./doc/doxygen/Doxyfile
|
|
||||||
diff -up ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig ./lib/nettle/ecc/ecc-gostdsa-verify.c
|
|
||||||
--- ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig 2020-06-03 15:05:27.000000000 +0200
|
|
||||||
+++ ./lib/nettle/ecc/ecc-gostdsa-verify.c 2021-04-01 11:24:42.820992320 +0200
|
|
||||||
@@ -63,6 +63,8 @@ ecc_gostdsa_verify (const struct ecc_cur
|
|
||||||
const mp_limb_t *rp, const mp_limb_t *sp,
|
|
||||||
mp_limb_t *scratch)
|
|
||||||
{
|
|
||||||
+ mp_limb_t cy;
|
|
||||||
+
|
|
||||||
/* Procedure, according to GOST R 34.10. q denotes the group
|
|
||||||
order.
|
|
||||||
|
|
||||||
@@ -101,11 +103,17 @@ ecc_gostdsa_verify (const struct ecc_cur
|
|
||||||
ecc->q.invert (&ecc->q, vp, hp, vp + 2*ecc->p.size);
|
|
||||||
|
|
||||||
/* z1 = s / h, P1 = z1 * G */
|
|
||||||
- ecc_mod_mul (&ecc->q, z1, sp, vp);
|
|
||||||
+ ecc_mod_mul (&ecc->q, z1 + ecc->q.size, sp, vp);
|
|
||||||
+ /* Ensure canonical reduction */
|
|
||||||
+ cy = mpn_sub_n (z1, z1 + ecc->q.size, ecc->q.m, ecc->q.size);
|
|
||||||
+ cnd_copy (cy, z1, z1 + ecc->q.size, ecc->q.size);
|
|
||||||
|
|
||||||
/* z2 = - r / h, P2 = z2 * Y */
|
|
||||||
- ecc_mod_mul (&ecc->q, z2, rp, vp);
|
|
||||||
- mpn_sub_n (z2, ecc->q.m, z2, ecc->p.size);
|
|
||||||
+ mpn_sub_n (hp, ecc->q.m, rp, ecc->p.size);
|
|
||||||
+ ecc_mod_mul (&ecc->q, z2 + ecc->q.size, hp, vp);
|
|
||||||
+ /* Ensure canonical reduction */
|
|
||||||
+ cy = mpn_sub_n (z2, z2 + ecc->q.size, ecc->q.m, ecc->q.size);
|
|
||||||
+ cnd_copy (cy, z2, z2 + ecc->q.size, ecc->q.size);
|
|
||||||
|
|
||||||
/* Total storage: 5*ecc->p.size + ecc->mul_itch */
|
|
||||||
ecc->mul (ecc, P2, z2, pp, z2 + ecc->p.size);
|
|
||||||
diff -up ./lib/nettle/ecc/eddsa-hash.c.orig ./lib/nettle/ecc/eddsa-hash.c
|
|
||||||
--- ./lib/nettle/ecc/eddsa-hash.c.orig 2020-06-03 15:05:28.000000000 +0200
|
|
||||||
+++ ./lib/nettle/ecc/eddsa-hash.c 2021-04-01 11:24:42.821992314 +0200
|
|
||||||
@@ -43,13 +43,14 @@
|
|
||||||
#include <nettle/ecc.h>
|
|
||||||
#include "ecc-internal.h"
|
|
||||||
|
|
||||||
-/* Convert hash digest to integer, and reduce modulo q, to m->size
|
|
||||||
- limbs. Needs space for 2*m->size + 1 at rp. */
|
|
||||||
+/* Convert hash digest to integer, and reduce canonically modulo q.
|
|
||||||
+ Needs space for 2*m->size + 1 at rp. */
|
|
||||||
void
|
|
||||||
_eddsa_hash (const struct ecc_modulo *m,
|
|
||||||
mp_limb_t *rp, size_t digest_size, const uint8_t *digest)
|
|
||||||
{
|
|
||||||
mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS;
|
|
||||||
+ mp_limb_t cy;
|
|
||||||
|
|
||||||
mpn_set_base256_le (rp, nlimbs, digest, digest_size);
|
|
||||||
|
|
||||||
@@ -74,4 +75,8 @@ _eddsa_hash (const struct ecc_modulo *m,
|
|
||||||
assert (hi == 0);
|
|
||||||
}
|
|
||||||
m->mod (m, rp);
|
|
||||||
+ /* Ensure canonical reduction. */
|
|
||||||
+ cy = mpn_sub_n (rp + m->size, rp, m->m, m->size);
|
|
||||||
+ cnd_copy (cy, rp + m->size, rp, m->size);
|
|
||||||
+ mpn_copyi (rp, rp + m->size, m->size);
|
|
||||||
}
|
|
||||||
diff -up ./lib/nettle/ecc/gostdsa-vko.c.orig ./lib/nettle/ecc/gostdsa-vko.c
|
|
||||||
--- ./lib/nettle/ecc/gostdsa-vko.c.orig 2020-06-03 15:05:28.000000000 +0200
|
|
||||||
+++ ./lib/nettle/ecc/gostdsa-vko.c 2021-04-01 11:24:42.821992314 +0200
|
|
||||||
@@ -64,6 +64,7 @@ gostdsa_vko (const struct ecc_scalar *pr
|
|
||||||
mp_size_t size = ecc->p.size;
|
|
||||||
mp_size_t itch = 4*size + ecc->mul_itch;
|
|
||||||
mp_limb_t *scratch;
|
|
||||||
+ mp_limb_t cy;
|
|
||||||
|
|
||||||
if (itch < 5*size + ecc->h_to_a_itch)
|
|
||||||
itch = 5*size + ecc->h_to_a_itch;
|
|
||||||
@@ -87,7 +88,11 @@ gostdsa_vko (const struct ecc_scalar *pr
|
|
||||||
if (mpn_zero_p (UKM, size))
|
|
||||||
UKM[0] = 1;
|
|
||||||
|
|
||||||
- ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */
|
|
||||||
+ ecc_mod_mul (&ecc->q, TEMP + ecc->q.size, priv->p, UKM); /* TEMP = UKM * priv */
|
|
||||||
+ /* Ensure canonical reduction */
|
|
||||||
+ cy = mpn_sub_n (TEMP, TEMP + ecc->q.size, ecc->q.m, ecc->q.size);
|
|
||||||
+ cnd_copy (cy, TEMP, TEMP + ecc->q.size, ecc->q.size);
|
|
||||||
+
|
|
||||||
ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */
|
|
||||||
ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */
|
|
||||||
mpn_get_base256_le (out, bsize, TEMP, size);
|
|
@ -1,676 +0,0 @@
|
|||||||
From bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 10 Jul 2020 09:35:49 +0200
|
|
||||||
Subject: [PATCH 1/5] dh: check validity of Z before export
|
|
||||||
|
|
||||||
SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the
|
|
||||||
calculated shared secret is verified before the data is returned to the
|
|
||||||
caller. This patch adds the validation check.
|
|
||||||
|
|
||||||
Suggested by Stephan Mueller.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/nettle/pk.c | 26 +++++++++++++++++---------
|
|
||||||
1 file changed, 17 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
|
||||||
index 57a8560ed..08c7d4860 100644
|
|
||||||
--- a/lib/nettle/pk.c
|
|
||||||
+++ b/lib/nettle/pk.c
|
|
||||||
@@ -288,7 +288,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
|
||||||
switch (algo) {
|
|
||||||
case GNUTLS_PK_DH: {
|
|
||||||
bigint_t f, x, q, prime;
|
|
||||||
- bigint_t k = NULL, ff = NULL, r = NULL;
|
|
||||||
+ bigint_t k = NULL, primesub1 = NULL, r = NULL;
|
|
||||||
unsigned int bits;
|
|
||||||
|
|
||||||
if (nonce != NULL)
|
|
||||||
@@ -299,21 +299,20 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
|
||||||
q = priv->params[DH_Q];
|
|
||||||
prime = priv->params[DH_P];
|
|
||||||
|
|
||||||
- ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL);
|
|
||||||
+ ret = _gnutls_mpi_init_multi(&k, &primesub1, &r, NULL);
|
|
||||||
if (ret < 0)
|
|
||||||
return gnutls_assert_val(ret);
|
|
||||||
|
|
||||||
- ret = _gnutls_mpi_add_ui(ff, f, 1);
|
|
||||||
+ ret = _gnutls_mpi_sub_ui(primesub1, prime, 1);
|
|
||||||
if (ret < 0) {
|
|
||||||
gnutls_assert();
|
|
||||||
goto dh_cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* check if f==0,1, or f >= p-1.
|
|
||||||
- * or (ff=f+1) equivalently ff==1,2, ff >= p */
|
|
||||||
- if ((_gnutls_mpi_cmp_ui(ff, 2) == 0)
|
|
||||||
- || (_gnutls_mpi_cmp_ui(ff, 1) == 0)
|
|
||||||
- || (_gnutls_mpi_cmp(ff, prime) >= 0)) {
|
|
||||||
+ /* check if f==0,1, or f >= p-1 */
|
|
||||||
+ if ((_gnutls_mpi_cmp_ui(f, 1) == 0)
|
|
||||||
+ || (_gnutls_mpi_cmp_ui(f, 0) == 0)
|
|
||||||
+ || (_gnutls_mpi_cmp(f, primesub1) >= 0)) {
|
|
||||||
gnutls_assert();
|
|
||||||
ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
||||||
goto dh_cleanup;
|
|
||||||
@@ -354,6 +353,15 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
|
||||||
goto dh_cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* check if k==0,1, or k = p-1 */
|
|
||||||
+ if ((_gnutls_mpi_cmp_ui(k, 1) == 0)
|
|
||||||
+ || (_gnutls_mpi_cmp_ui(k, 0) == 0)
|
|
||||||
+ || (_gnutls_mpi_cmp(k, primesub1) == 0)) {
|
|
||||||
+ gnutls_assert();
|
|
||||||
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
||||||
+ goto dh_cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (flags & PK_DERIVE_TLS13) {
|
|
||||||
ret =
|
|
||||||
_gnutls_mpi_dprint_size(k, out,
|
|
||||||
@@ -370,7 +378,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
|
|
||||||
ret = 0;
|
|
||||||
dh_cleanup:
|
|
||||||
_gnutls_mpi_release(&r);
|
|
||||||
- _gnutls_mpi_release(&ff);
|
|
||||||
+ _gnutls_mpi_release(&primesub1);
|
|
||||||
zrelease_temp_mpi_key(&k);
|
|
||||||
if (ret < 0)
|
|
||||||
goto cleanup;
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From 13202600d3e42258d8758b05ff45a3e3d0f07e4e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 10 Jul 2020 09:42:30 +0200
|
|
||||||
Subject: [PATCH 2/5] ecdh: check validity of P before export
|
|
||||||
|
|
||||||
SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of
|
|
||||||
the calculated shared secret is verified before the data is returned
|
|
||||||
to the caller. This patch adds the validation check.
|
|
||||||
|
|
||||||
Suggested by Stephan Mueller.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/nettle/pk.c | 27 +++++++++++++++++++++------
|
|
||||||
1 file changed, 21 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
|
||||||
index 08c7d4860..7f0fa8e03 100644
|
|
||||||
--- a/lib/nettle/pk.c
|
|
||||||
+++ b/lib/nettle/pk.c
|
|
||||||
@@ -229,25 +229,38 @@ _gost_params_to_pubkey(const gnutls_pk_params_st * pk_params,
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-static void
|
|
||||||
+static int
|
|
||||||
ecc_shared_secret(struct ecc_scalar *private_key,
|
|
||||||
struct ecc_point *public_key, void *out, unsigned size)
|
|
||||||
{
|
|
||||||
struct ecc_point r;
|
|
||||||
- mpz_t x;
|
|
||||||
+ mpz_t x, y;
|
|
||||||
+ int ret = 0;
|
|
||||||
|
|
||||||
mpz_init(x);
|
|
||||||
+ mpz_init(y);
|
|
||||||
ecc_point_init(&r, public_key->ecc);
|
|
||||||
|
|
||||||
ecc_point_mul(&r, private_key, public_key);
|
|
||||||
|
|
||||||
- ecc_point_get(&r, x, NULL);
|
|
||||||
+ ecc_point_get(&r, x, y);
|
|
||||||
+
|
|
||||||
+ /* Check if the point is not an identity element. Note that this cannot
|
|
||||||
+ * happen in nettle implementation, because it cannot represent an
|
|
||||||
+ * infinity point. */
|
|
||||||
+ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
nettle_mpz_get_str_256(size, out, x);
|
|
||||||
|
|
||||||
+ cleanup:
|
|
||||||
mpz_clear(x);
|
|
||||||
+ mpz_clear(y);
|
|
||||||
ecc_point_clear(&r);
|
|
||||||
|
|
||||||
- return;
|
|
||||||
+ return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
#define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS
|
|
||||||
@@ -423,8 +436,10 @@ dh_cleanup:
|
|
||||||
goto ecc_cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
|
|
||||||
- out->size);
|
|
||||||
+ ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
|
|
||||||
+ out->size);
|
|
||||||
+ if (ret < 0)
|
|
||||||
+ gnutls_free(out->data);
|
|
||||||
|
|
||||||
ecc_cleanup:
|
|
||||||
ecc_point_clear(&ecc_pub);
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From 245fb622e82bfa7b80d2cec7cafdbc65014ca3cb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 17 Jul 2020 17:45:17 +0200
|
|
||||||
Subject: [PATCH 3/5] dh-primes: make the FIPS approved check return Q value
|
|
||||||
|
|
||||||
This is necessary for full public key validation in
|
|
||||||
SP800-56A (revision 3), section 5.6.2.3.1.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/auth/dh_common.c | 2 +-
|
|
||||||
lib/dh-primes.c | 38 +++++++++++++++++++++++---------------
|
|
||||||
lib/dh.h | 10 ++++++----
|
|
||||||
3 files changed, 30 insertions(+), 20 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
|
|
||||||
index 252eea0cb..fcd696d4d 100644
|
|
||||||
--- a/lib/auth/dh_common.c
|
|
||||||
+++ b/lib/auth/dh_common.c
|
|
||||||
@@ -259,7 +259,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
|
|
||||||
|
|
||||||
#ifdef ENABLE_FIPS140
|
|
||||||
if (gnutls_fips140_mode_enabled() &&
|
|
||||||
- !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) {
|
|
||||||
+ !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) {
|
|
||||||
gnutls_assert();
|
|
||||||
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
||||||
}
|
|
||||||
diff --git a/lib/dh-primes.c b/lib/dh-primes.c
|
|
||||||
index a43a8e5de..a440b5b98 100644
|
|
||||||
--- a/lib/dh-primes.c
|
|
||||||
+++ b/lib/dh-primes.c
|
|
||||||
@@ -1894,25 +1894,28 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = {
|
|
||||||
const unsigned int gnutls_modp_8192_key_bits = 512;
|
|
||||||
|
|
||||||
unsigned
|
|
||||||
-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
|
|
||||||
- size_t prime_size,
|
|
||||||
- const uint8_t *generator,
|
|
||||||
- size_t generator_size)
|
|
||||||
+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
|
|
||||||
+ size_t prime_size,
|
|
||||||
+ const uint8_t *generator,
|
|
||||||
+ size_t generator_size,
|
|
||||||
+ uint8_t **q,
|
|
||||||
+ size_t *q_size)
|
|
||||||
{
|
|
||||||
static const struct {
|
|
||||||
const gnutls_datum_t *prime;
|
|
||||||
const gnutls_datum_t *generator;
|
|
||||||
+ const gnutls_datum_t *q;
|
|
||||||
} primes[] = {
|
|
||||||
- { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator },
|
|
||||||
- { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator },
|
|
||||||
- { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator },
|
|
||||||
- { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator },
|
|
||||||
- { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator },
|
|
||||||
- { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator },
|
|
||||||
- { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator },
|
|
||||||
- { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator },
|
|
||||||
- { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator },
|
|
||||||
- { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator },
|
|
||||||
+ { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator, &gnutls_ffdhe_8192_group_q },
|
|
||||||
+ { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator, &gnutls_ffdhe_6144_group_q },
|
|
||||||
+ { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator, &gnutls_ffdhe_4096_group_q },
|
|
||||||
+ { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator, &gnutls_ffdhe_3072_group_q },
|
|
||||||
+ { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator, &gnutls_ffdhe_2048_group_q },
|
|
||||||
+ { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator, &gnutls_modp_8192_group_q },
|
|
||||||
+ { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator, &gnutls_modp_6144_group_q },
|
|
||||||
+ { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator, &gnutls_modp_4096_group_q },
|
|
||||||
+ { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator, &gnutls_modp_3072_group_q },
|
|
||||||
+ { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator, &gnutls_modp_2048_group_q },
|
|
||||||
};
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
@@ -1920,8 +1923,13 @@ _gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
|
|
||||||
if (primes[i].prime->size == prime_size &&
|
|
||||||
memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 &&
|
|
||||||
primes[i].generator->size == generator_size &&
|
|
||||||
- memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0)
|
|
||||||
+ memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) {
|
|
||||||
+ if (q) {
|
|
||||||
+ *q = primes[i].q->data;
|
|
||||||
+ *q_size = primes[i].q->size;
|
|
||||||
+ }
|
|
||||||
return 1;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
diff --git a/lib/dh.h b/lib/dh.h
|
|
||||||
index 672451947..f5c2c0924 100644
|
|
||||||
--- a/lib/dh.h
|
|
||||||
+++ b/lib/dh.h
|
|
||||||
@@ -61,9 +61,11 @@ extern const gnutls_datum_t gnutls_modp_2048_group_generator;
|
|
||||||
extern const unsigned int gnutls_modp_2048_key_bits;
|
|
||||||
|
|
||||||
unsigned
|
|
||||||
-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
|
|
||||||
- size_t prime_size,
|
|
||||||
- const uint8_t *generator,
|
|
||||||
- size_t generator_size);
|
|
||||||
+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
|
|
||||||
+ size_t prime_size,
|
|
||||||
+ const uint8_t *generator,
|
|
||||||
+ size_t generator_size,
|
|
||||||
+ uint8_t **q,
|
|
||||||
+ size_t *q_size);
|
|
||||||
|
|
||||||
#endif /* GNUTLS_LIB_DH_H */
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From 8b575625614fbe5a22b68dc8d1877efb1d44dd37 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 17 Jul 2020 17:47:06 +0200
|
|
||||||
Subject: [PATCH 4/5] dh: perform SP800-56A rev3 full pubkey validation on
|
|
||||||
keygen
|
|
||||||
|
|
||||||
This implements full public key validation required in SP800-56A rev3,
|
|
||||||
section 5.6.2.3.1.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/nettle/pk.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
1 file changed, 90 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
|
||||||
index 7f0fa8e03..057836bc2 100644
|
|
||||||
--- a/lib/nettle/pk.c
|
|
||||||
+++ b/lib/nettle/pk.c
|
|
||||||
@@ -71,6 +71,7 @@
|
|
||||||
#include "int/dsa-compute-k.h"
|
|
||||||
#include <gnettle.h>
|
|
||||||
#include <fips.h>
|
|
||||||
+#include "dh.h"
|
|
||||||
|
|
||||||
static inline const struct ecc_curve *get_supported_nist_curve(int curve);
|
|
||||||
static inline const struct ecc_curve *get_supported_gost_curve(int curve);
|
|
||||||
@@ -2131,6 +2132,53 @@ edwards_curve_mul_g(gnutls_pk_algorithm_t algo,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+static inline int
|
|
||||||
+dh_find_q(const gnutls_pk_params_st *pk_params, mpz_t q)
|
|
||||||
+{
|
|
||||||
+ gnutls_datum_t prime = { NULL, 0 };
|
|
||||||
+ gnutls_datum_t generator = { NULL, 0 };
|
|
||||||
+ uint8_t *data_q;
|
|
||||||
+ size_t n_q;
|
|
||||||
+ bigint_t _q;
|
|
||||||
+ int ret = 0;
|
|
||||||
+
|
|
||||||
+ ret = _gnutls_mpi_dprint(pk_params->params[DSA_P], &prime);
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ gnutls_assert();
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = _gnutls_mpi_dprint(pk_params->params[DSA_G], &generator);
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ gnutls_assert();
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!_gnutls_dh_prime_match_fips_approved(prime.data,
|
|
||||||
+ prime.size,
|
|
||||||
+ generator.data,
|
|
||||||
+ generator.size,
|
|
||||||
+ &data_q,
|
|
||||||
+ &n_q)) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (_gnutls_mpi_init_scan_nz(&_q, data_q, n_q) != 0) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ mpz_set(q, TOMPZ(_q));
|
|
||||||
+ _gnutls_mpi_release(&_q);
|
|
||||||
+
|
|
||||||
+ cleanup:
|
|
||||||
+ gnutls_free(prime.data);
|
|
||||||
+ gnutls_free(generator.data);
|
|
||||||
+
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* To generate a DH key either q must be set in the params or
|
|
||||||
* level should be set to the number of required bits.
|
|
||||||
*/
|
|
||||||
@@ -2212,6 +2260,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
mpz_t x, y;
|
|
||||||
int max_tries;
|
|
||||||
unsigned have_q = 0;
|
|
||||||
+ mpz_t q;
|
|
||||||
+ mpz_t primesub1;
|
|
||||||
+ mpz_t ypowq;
|
|
||||||
|
|
||||||
if (algo != params->algo)
|
|
||||||
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
||||||
@@ -2229,6 +2280,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
mpz_init(x);
|
|
||||||
mpz_init(y);
|
|
||||||
|
|
||||||
+ mpz_init(q);
|
|
||||||
+ mpz_init(primesub1);
|
|
||||||
+ mpz_init(ypowq);
|
|
||||||
+
|
|
||||||
max_tries = 3;
|
|
||||||
do {
|
|
||||||
if (have_q) {
|
|
||||||
@@ -2260,8 +2315,40 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
ret = GNUTLS_E_LIB_IN_ERROR_STATE;
|
|
||||||
goto dh_fail;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
} while(mpz_cmp_ui(y, 1) == 0);
|
|
||||||
|
|
||||||
+#ifdef ENABLE_FIPS140
|
|
||||||
+ if (_gnutls_fips_mode_enabled()) {
|
|
||||||
+ /* Perform FFC full public key validation checks
|
|
||||||
+ * according to SP800-56A (revision 3), 5.6.2.3.1.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ /* Step 1: 2 <= y <= p - 2 */
|
|
||||||
+ mpz_sub_ui(primesub1, pub.p, 1);
|
|
||||||
+
|
|
||||||
+ if (mpz_cmp_ui(y, 2) < 0 || mpz_cmp(y, primesub1) >= 0) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
|
||||||
+ goto dh_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Step 2: 1 = y^q mod p */
|
|
||||||
+ if (have_q)
|
|
||||||
+ mpz_set(q, pub.q);
|
|
||||||
+ else {
|
|
||||||
+ ret = dh_find_q(params, q);
|
|
||||||
+ if (ret < 0)
|
|
||||||
+ goto dh_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ mpz_powm(ypowq, y, q, pub.p);
|
|
||||||
+ if (mpz_cmp_ui(ypowq, 1) != 0) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
|
|
||||||
+ goto dh_fail;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL);
|
|
||||||
if (ret < 0) {
|
|
||||||
gnutls_assert();
|
|
||||||
@@ -2278,6 +2365,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
mpz_clear(r);
|
|
||||||
mpz_clear(x);
|
|
||||||
mpz_clear(y);
|
|
||||||
+ mpz_clear(q);
|
|
||||||
+ mpz_clear(primesub1);
|
|
||||||
+ mpz_clear(ypowq);
|
|
||||||
|
|
||||||
if (ret < 0)
|
|
||||||
goto fail;
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From 23756c8580dff99d0856adca49dd22a55352ad62 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Sat, 18 Jul 2020 08:26:48 +0200
|
|
||||||
Subject: [PATCH 5/5] ecdh: perform SP800-56A rev3 full pubkey validation on
|
|
||||||
keygen
|
|
||||||
|
|
||||||
This implements full public key validation required in
|
|
||||||
SP800-56A rev3, section 5.6.2.3.3.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/nettle/pk.c | 182 +++++++++++++++++++++++++++++++++++++++++++++++-
|
|
||||||
1 file changed, 180 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
|
||||||
index 057836bc2..588e9df50 100644
|
|
||||||
--- a/lib/nettle/pk.c
|
|
||||||
+++ b/lib/nettle/pk.c
|
|
||||||
@@ -1552,6 +1552,80 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+static inline const char *get_supported_nist_curve_order(int curve)
|
|
||||||
+{
|
|
||||||
+ static const struct {
|
|
||||||
+ int curve;
|
|
||||||
+ const char *order;
|
|
||||||
+ } orders[] = {
|
|
||||||
+#ifdef ENABLE_NON_SUITEB_CURVES
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP192R1,
|
|
||||||
+ "ffffffffffffffffffffffff99def836"
|
|
||||||
+ "146bc9b1b4d22831" },
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP224R1,
|
|
||||||
+ "ffffffffffffffffffffffffffff16a2"
|
|
||||||
+ "e0b8f03e13dd29455c5c2a3d" },
|
|
||||||
+#endif
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP256R1,
|
|
||||||
+ "ffffffff00000000ffffffffffffffff"
|
|
||||||
+ "bce6faada7179e84f3b9cac2fc632551" },
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP384R1,
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "ffffffffffffffffc7634d81f4372ddf"
|
|
||||||
+ "581a0db248b0a77aecec196accc52973" },
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP521R1,
|
|
||||||
+ "1fffffffffffffffffffffffffffffff"
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "ffa51868783bf2f966b7fcc0148f709a"
|
|
||||||
+ "5d03bb5c9b8899c47aebb6fb71e91386"
|
|
||||||
+ "409" },
|
|
||||||
+ };
|
|
||||||
+ size_t i;
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) {
|
|
||||||
+ if (orders[i].curve == curve)
|
|
||||||
+ return orders[i].order;
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static inline const char *get_supported_nist_curve_modulus(int curve)
|
|
||||||
+{
|
|
||||||
+ static const struct {
|
|
||||||
+ int curve;
|
|
||||||
+ const char *order;
|
|
||||||
+ } orders[] = {
|
|
||||||
+#ifdef ENABLE_NON_SUITEB_CURVES
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP192R1,
|
|
||||||
+ "fffffffffffffffffffffffffffffffe"
|
|
||||||
+ "ffffffffffffffff" },
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP224R1,
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "000000000000000000000001" },
|
|
||||||
+#endif
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP256R1,
|
|
||||||
+ "ffffffff000000010000000000000000"
|
|
||||||
+ "00000000ffffffffffffffffffffffff" },
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP384R1,
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "fffffffffffffffffffffffffffffffe"
|
|
||||||
+ "ffffffff0000000000000000ffffffff" },
|
|
||||||
+ { GNUTLS_ECC_CURVE_SECP521R1,
|
|
||||||
+ "1ff"
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "ffffffffffffffffffffffffffffffff"
|
|
||||||
+ "ffffffffffffffffffffffffffffffff" },
|
|
||||||
+ };
|
|
||||||
+ size_t i;
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) {
|
|
||||||
+ if (orders[i].curve == curve)
|
|
||||||
+ return orders[i].order;
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static inline const struct ecc_curve *get_supported_gost_curve(int curve)
|
|
||||||
{
|
|
||||||
switch (curve) {
|
|
||||||
@@ -2507,6 +2581,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
struct ecc_scalar key;
|
|
||||||
struct ecc_point pub;
|
|
||||||
const struct ecc_curve *curve;
|
|
||||||
+ struct ecc_scalar n;
|
|
||||||
+ struct ecc_scalar m;
|
|
||||||
+ struct ecc_point r;
|
|
||||||
+ mpz_t x, y, xx, yy, nn, mm;
|
|
||||||
|
|
||||||
curve = get_supported_nist_curve(level);
|
|
||||||
if (curve == NULL)
|
|
||||||
@@ -2514,8 +2592,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
gnutls_assert_val
|
|
||||||
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
|
|
||||||
|
|
||||||
+ mpz_init(x);
|
|
||||||
+ mpz_init(y);
|
|
||||||
+ mpz_init(xx);
|
|
||||||
+ mpz_init(yy);
|
|
||||||
+ mpz_init(nn);
|
|
||||||
+ mpz_init(mm);
|
|
||||||
+
|
|
||||||
ecc_scalar_init(&key, curve);
|
|
||||||
ecc_point_init(&pub, curve);
|
|
||||||
+ ecc_scalar_init(&n, curve);
|
|
||||||
+ ecc_scalar_init(&m, curve);
|
|
||||||
+ ecc_point_init(&r, curve);
|
|
||||||
|
|
||||||
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
|
|
||||||
if (HAVE_LIB_ERROR()) {
|
|
||||||
@@ -2533,15 +2621,105 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
|
|
||||||
params->curve = level;
|
|
||||||
params->params_nr = ECC_PRIVATE_PARAMS;
|
|
||||||
|
|
||||||
- ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
|
|
||||||
- TOMPZ(params->params[ECC_Y]));
|
|
||||||
+ ecc_point_get(&pub, x, y);
|
|
||||||
+
|
|
||||||
+#ifdef ENABLE_FIPS140
|
|
||||||
+ if (_gnutls_fips_mode_enabled()) {
|
|
||||||
+ /* Perform ECC full public key validation checks
|
|
||||||
+ * according to SP800-56A (revision 3), 5.6.2.3.3.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ const char *order, *modulus;
|
|
||||||
+
|
|
||||||
+ /* Step 1: verify that Q is not an identity
|
|
||||||
+ * element (an infinity point). Note that this
|
|
||||||
+ * cannot happen in the nettle implementation,
|
|
||||||
+ * because it cannot represent an infinity point
|
|
||||||
+ * on curves. */
|
|
||||||
+ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Step 2: verify that both coordinates of Q are
|
|
||||||
+ * in the range [0, p - 1].
|
|
||||||
+ *
|
|
||||||
+ * Step 3: verify that Q lie on the curve
|
|
||||||
+ *
|
|
||||||
+ * Both checks are performed in nettle. */
|
|
||||||
+ if (!ecc_point_set(&r, x, y)) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Step 4: verify that n * Q, where n is the
|
|
||||||
+ * curve order, result in an identity element
|
|
||||||
+ *
|
|
||||||
+ * Since nettle internally cannot represent an
|
|
||||||
+ * identity element on curves, we validate this
|
|
||||||
+ * instead:
|
|
||||||
+ *
|
|
||||||
+ * (n - 1) * Q = -Q
|
|
||||||
+ *
|
|
||||||
+ * That effectively means: n * Q = -Q + Q = O
|
|
||||||
+ */
|
|
||||||
+ order = get_supported_nist_curve_order(level);
|
|
||||||
+ if (unlikely(order == NULL)) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = mpz_set_str(nn, order, 16);
|
|
||||||
+ if (unlikely(ret < 0)) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ modulus = get_supported_nist_curve_modulus(level);
|
|
||||||
+ if (unlikely(modulus == NULL)) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = mpz_set_str(mm, modulus, 16);
|
|
||||||
+ if (unlikely(ret < 0)) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* (n - 1) * Q = -Q */
|
|
||||||
+ mpz_sub_ui (nn, nn, 1);
|
|
||||||
+ ecc_scalar_set(&n, nn);
|
|
||||||
+ ecc_point_mul(&r, &n, &r);
|
|
||||||
+ ecc_point_get(&r, xx, yy);
|
|
||||||
+ mpz_sub (mm, mm, y);
|
|
||||||
+
|
|
||||||
+ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) {
|
|
||||||
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
|
|
||||||
+ goto ecc_fail;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ mpz_set(TOMPZ(params->params[ECC_X]), x);
|
|
||||||
+ mpz_set(TOMPZ(params->params[ECC_Y]), y);
|
|
||||||
+
|
|
||||||
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
|
|
||||||
|
|
||||||
ret = 0;
|
|
||||||
|
|
||||||
ecc_fail:
|
|
||||||
+ mpz_clear(x);
|
|
||||||
+ mpz_clear(y);
|
|
||||||
+ mpz_clear(xx);
|
|
||||||
+ mpz_clear(yy);
|
|
||||||
+ mpz_clear(nn);
|
|
||||||
+ mpz_clear(mm);
|
|
||||||
ecc_point_clear(&pub);
|
|
||||||
ecc_scalar_clear(&key);
|
|
||||||
+ ecc_point_clear(&r);
|
|
||||||
+ ecc_scalar_clear(&n);
|
|
||||||
+ ecc_scalar_clear(&m);
|
|
||||||
|
|
||||||
if (ret < 0)
|
|
||||||
goto fail;
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,42 +0,0 @@
|
|||||||
From d1dc655cd2c8ae417381e5f966941c75cfe287ee Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Thu, 4 Jun 2020 16:42:07 +0200
|
|
||||||
Subject: [PATCH] _gnutls_fips_mode_enabled: treat selftest failure as FIPS
|
|
||||||
disabled
|
|
||||||
|
|
||||||
Previously gnutls_fips140_mode_enabled() returned true, even after
|
|
||||||
selftests have failed and the library state has switched to error.
|
|
||||||
While later calls to crypto operations fails, it would be more
|
|
||||||
convenient to have a function to detect that state.
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/fips.c | 11 ++++++++++-
|
|
||||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/fips.c b/lib/fips.c
|
|
||||||
index acdd2ec23..f8b10f750 100644
|
|
||||||
--- a/lib/fips.c
|
|
||||||
+++ b/lib/fips.c
|
|
||||||
@@ -491,8 +491,17 @@ unsigned gnutls_fips140_mode_enabled(void)
|
|
||||||
#ifdef ENABLE_FIPS140
|
|
||||||
unsigned ret = _gnutls_fips_mode_enabled();
|
|
||||||
|
|
||||||
- if (ret > GNUTLS_FIPS140_DISABLED)
|
|
||||||
+ if (ret > GNUTLS_FIPS140_DISABLED) {
|
|
||||||
+ /* If the previous run of selftests has failed, return as if
|
|
||||||
+ * the FIPS mode is disabled. We could use HAVE_LIB_ERROR, if
|
|
||||||
+ * we can assume that all the selftests run atomically from
|
|
||||||
+ * the ELF constructor.
|
|
||||||
+ */
|
|
||||||
+ if (_gnutls_get_lib_state() == LIB_STATE_ERROR)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
return ret;
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,152 +0,0 @@
|
|||||||
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 5 Jun 2020 16:26:33 +0200
|
|
||||||
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
|
|
||||||
|
|
||||||
The AEAD iov interface falls back to serializing the input buffers if
|
|
||||||
the low-level cipher doesn't support scatter/gather encryption.
|
|
||||||
However, there was a bug in the functions used for the serialization,
|
|
||||||
which causes memory leaks under a certain condition (i.e. the number
|
|
||||||
of input buffers is 1).
|
|
||||||
|
|
||||||
This patch makes the logic of the functions simpler, by removing a
|
|
||||||
micro-optimization that tries to minimize the number of calls to
|
|
||||||
malloc/free.
|
|
||||||
|
|
||||||
The original problem was reported by Marius Steffen in:
|
|
||||||
https://bugzilla.samba.org/show_bug.cgi?id=14399
|
|
||||||
and the cause was investigated by Alexander Haase in:
|
|
||||||
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/crypto-api.c | 36 +++++++++++-------------------------
|
|
||||||
tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
|
|
||||||
2 files changed, 29 insertions(+), 40 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
|
||||||
index 45be64ed1..8524f5ed4 100644
|
|
||||||
--- a/lib/crypto-api.c
|
|
||||||
+++ b/lib/crypto-api.c
|
|
||||||
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
|
|
||||||
struct iov_store_st {
|
|
||||||
void *data;
|
|
||||||
size_t size;
|
|
||||||
- unsigned allocated;
|
|
||||||
};
|
|
||||||
|
|
||||||
static void iov_store_free(struct iov_store_st *s)
|
|
||||||
{
|
|
||||||
- if (s->allocated) {
|
|
||||||
- gnutls_free(s->data);
|
|
||||||
- s->allocated = 0;
|
|
||||||
- }
|
|
||||||
+ gnutls_free(s->data);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int iov_store_grow(struct iov_store_st *s, size_t length)
|
|
||||||
{
|
|
||||||
- if (s->allocated || s->data == NULL) {
|
|
||||||
- s->size += length;
|
|
||||||
- s->data = gnutls_realloc(s->data, s->size);
|
|
||||||
- if (s->data == NULL)
|
|
||||||
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
||||||
- s->allocated = 1;
|
|
||||||
- } else {
|
|
||||||
- void *data = s->data;
|
|
||||||
- size_t size = s->size + length;
|
|
||||||
- s->data = gnutls_malloc(size);
|
|
||||||
- memcpy(s->data, data, s->size);
|
|
||||||
- s->size += length;
|
|
||||||
- }
|
|
||||||
+ void *data;
|
|
||||||
+
|
|
||||||
+ s->size += length;
|
|
||||||
+ data = gnutls_realloc(s->data, s->size);
|
|
||||||
+ if (data == NULL)
|
|
||||||
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
||||||
+
|
|
||||||
+ s->data = data;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
|
||||||
memset(dst, 0, sizeof(*dst));
|
|
||||||
if (iovcnt == 0) {
|
|
||||||
return 0;
|
|
||||||
- } else if (iovcnt == 1) {
|
|
||||||
- dst->data = iov[0].iov_base;
|
|
||||||
- dst->size = iov[0].iov_len;
|
|
||||||
- /* implies: dst->allocated = 0; */
|
|
||||||
- return 0;
|
|
||||||
} else {
|
|
||||||
int i;
|
|
||||||
uint8_t *p;
|
|
||||||
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
|
||||||
|
|
||||||
p = dst->data;
|
|
||||||
for (i=0;i<iovcnt;i++) {
|
|
||||||
- memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
|
||||||
+ if (iov[i].iov_len > 0)
|
|
||||||
+ memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
|
||||||
p += iov[i].iov_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
- dst->allocated = 1;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
|
|
||||||
index fba9010d9..6a30a35f7 100644
|
|
||||||
--- a/tests/aead-cipher-vec.c
|
|
||||||
+++ b/tests/aead-cipher-vec.c
|
|
||||||
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
|
|
||||||
giovec_t auth_iov[2];
|
|
||||||
uint8_t tag[64];
|
|
||||||
size_t tag_size = 0;
|
|
||||||
+ size_t i;
|
|
||||||
|
|
||||||
key.data = key16;
|
|
||||||
key.size = gnutls_cipher_get_key_size(algo);
|
|
||||||
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
|
|
||||||
if (ret < 0)
|
|
||||||
fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
|
|
||||||
|
|
||||||
- ret = gnutls_aead_cipher_encryptv2(ch,
|
|
||||||
- iv.data, iv.size,
|
|
||||||
- auth_iov, 2,
|
|
||||||
- iov, 3,
|
|
||||||
- tag, &tag_size);
|
|
||||||
- if (ret < 0)
|
|
||||||
- fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
|
||||||
-
|
|
||||||
- ret = gnutls_aead_cipher_decryptv2(ch,
|
|
||||||
- iv.data, iv.size,
|
|
||||||
- auth_iov, 2,
|
|
||||||
- iov, 3,
|
|
||||||
- tag, tag_size);
|
|
||||||
- if (ret < 0)
|
|
||||||
- fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
|
||||||
+ for (i = 0; i < 2; i++) {
|
|
||||||
+ ret = gnutls_aead_cipher_encryptv2(ch,
|
|
||||||
+ iv.data, iv.size,
|
|
||||||
+ auth_iov, 2,
|
|
||||||
+ iov, i + 1,
|
|
||||||
+ tag, &tag_size);
|
|
||||||
+ if (ret < 0)
|
|
||||||
+ fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
|
||||||
+
|
|
||||||
+ ret = gnutls_aead_cipher_decryptv2(ch,
|
|
||||||
+ iv.data, iv.size,
|
|
||||||
+ auth_iov, 2,
|
|
||||||
+ iov, i + 1,
|
|
||||||
+ tag, tag_size);
|
|
||||||
+ if (ret < 0)
|
|
||||||
+ fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
|
||||||
+ }
|
|
||||||
|
|
||||||
gnutls_aead_cipher_deinit(ch);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.25.4
|
|
||||||
|
|
@ -1,131 +0,0 @@
|
|||||||
From 9acc0f68320db4c7c6dadacb974e77c7fbca72a7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Sun, 21 Jun 2020 16:03:54 +0200
|
|
||||||
Subject: [PATCH] safe_memcmp: remove in favor of gnutls_memcmp
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/accelerated/x86/aes-xts-x86-aesni.c | 2 +-
|
|
||||||
lib/ext/pre_shared_key.c | 2 +-
|
|
||||||
lib/mem.h | 9 ---------
|
|
||||||
lib/nettle/cipher.c | 8 ++++----
|
|
||||||
lib/tls13/finished.c | 2 +-
|
|
||||||
lib/x509/x509.c | 3 ++-
|
|
||||||
6 files changed, 9 insertions(+), 17 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
|
|
||||||
index 3371d0812..b904cbf00 100644
|
|
||||||
--- a/lib/accelerated/x86/aes-xts-x86-aesni.c
|
|
||||||
+++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
|
|
||||||
@@ -72,7 +72,7 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
|
|
||||||
|
|
||||||
/* Check key block according to FIPS-140-2 IG A.9 */
|
|
||||||
if (_gnutls_fips_mode_enabled()){
|
|
||||||
- if (safe_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
|
|
||||||
+ if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
|
|
||||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
||||||
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
||||||
}
|
|
||||||
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
|
|
||||||
index fef67d341..240be2162 100644
|
|
||||||
--- a/lib/ext/pre_shared_key.c
|
|
||||||
+++ b/lib/ext/pre_shared_key.c
|
|
||||||
@@ -650,7 +650,7 @@ static int server_recv_params(gnutls_session_t session,
|
|
||||||
}
|
|
||||||
|
|
||||||
if (_gnutls_mac_get_algo_len(prf) != binder_recvd.size ||
|
|
||||||
- safe_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) {
|
|
||||||
+ gnutls_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) {
|
|
||||||
gnutls_assert();
|
|
||||||
ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
||||||
goto fail;
|
|
||||||
diff --git a/lib/mem.h b/lib/mem.h
|
|
||||||
index dc838a2b4..d3eea97a4 100644
|
|
||||||
--- a/lib/mem.h
|
|
||||||
+++ b/lib/mem.h
|
|
||||||
@@ -35,15 +35,6 @@ char *_gnutls_strdup(const char *);
|
|
||||||
|
|
||||||
unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size);
|
|
||||||
|
|
||||||
-/* To avoid undefined behavior when s1 or s2 are null and n = 0 */
|
|
||||||
-inline static
|
|
||||||
-int safe_memcmp(const void *s1, const void *s2, size_t n)
|
|
||||||
-{
|
|
||||||
- if (n == 0)
|
|
||||||
- return 0;
|
|
||||||
- return memcmp(s1, s2, n);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
#define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \
|
|
||||||
_gnutls_mpi_clear(*mpi); \
|
|
||||||
_gnutls_mpi_release(mpi); \
|
|
||||||
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
|
|
||||||
index b0a52deb5..ec0c1ab04 100644
|
|
||||||
--- a/lib/nettle/cipher.c
|
|
||||||
+++ b/lib/nettle/cipher.c
|
|
||||||
@@ -482,7 +482,7 @@ _xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
|
|
||||||
const uint8_t *key)
|
|
||||||
{
|
|
||||||
if (_gnutls_fips_mode_enabled() &&
|
|
||||||
- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
||||||
+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
||||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
||||||
|
|
||||||
xts_aes128_set_encrypt_key(xts_key, key);
|
|
||||||
@@ -493,7 +493,7 @@ _xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
|
|
||||||
const uint8_t *key)
|
|
||||||
{
|
|
||||||
if (_gnutls_fips_mode_enabled() &&
|
|
||||||
- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
||||||
+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
||||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
||||||
|
|
||||||
xts_aes128_set_decrypt_key(xts_key, key);
|
|
||||||
@@ -504,7 +504,7 @@ _xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
|
|
||||||
const uint8_t *key)
|
|
||||||
{
|
|
||||||
if (_gnutls_fips_mode_enabled() &&
|
|
||||||
- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
||||||
+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
||||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
||||||
|
|
||||||
xts_aes256_set_encrypt_key(xts_key, key);
|
|
||||||
@@ -515,7 +515,7 @@ _xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
|
|
||||||
const uint8_t *key)
|
|
||||||
{
|
|
||||||
if (_gnutls_fips_mode_enabled() &&
|
|
||||||
- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
||||||
+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
||||||
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
||||||
|
|
||||||
xts_aes256_set_decrypt_key(xts_key, key);
|
|
||||||
diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c
|
|
||||||
index 68eab993e..ec646e673 100644
|
|
||||||
--- a/lib/tls13/finished.c
|
|
||||||
+++ b/lib/tls13/finished.c
|
|
||||||
@@ -112,7 +112,7 @@ int _gnutls13_recv_finished(gnutls_session_t session)
|
|
||||||
#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
|
|
||||||
# warning This is unsafe for production builds
|
|
||||||
#else
|
|
||||||
- if (safe_memcmp(verifier, buf.data, buf.length) != 0) {
|
|
||||||
+ if (gnutls_memcmp(verifier, buf.data, buf.length) != 0) {
|
|
||||||
gnutls_assert();
|
|
||||||
ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
|
|
||||||
goto cleanup;
|
|
||||||
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
|
|
||||||
index 2091f3ae6..2b68fe440 100644
|
|
||||||
--- a/lib/x509/x509.c
|
|
||||||
+++ b/lib/x509/x509.c
|
|
||||||
@@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (empty1 != empty2 ||
|
|
||||||
- sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) {
|
|
||||||
+ sp1.size != sp2.size ||
|
|
||||||
+ (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) {
|
|
||||||
gnutls_assert();
|
|
||||||
ret = GNUTLS_E_CERTIFICATE_ERROR;
|
|
||||||
goto cleanup;
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,118 +0,0 @@
|
|||||||
From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Sat, 22 Aug 2020 17:19:39 +0200
|
|
||||||
Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
|
|
||||||
incomplete
|
|
||||||
|
|
||||||
If the initial handshake is incomplete and the server sends a
|
|
||||||
no_renegotiation alert, the client should treat it as a fatal error
|
|
||||||
even if its level is warning. Otherwise the same handshake
|
|
||||||
state (e.g., DHE parameters) are reused in the next gnutls_handshake
|
|
||||||
call, if it is called in the loop idiom:
|
|
||||||
|
|
||||||
do {
|
|
||||||
ret = gnutls_handshake(session);
|
|
||||||
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
...a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 | Bin 0 -> 671 bytes
|
|
||||||
...1da801fb3c6d1f7f846f227721e221adea08aa319c | Bin 0 -> 729 bytes
|
|
||||||
lib/gnutls_int.h | 1 +
|
|
||||||
lib/handshake.c | 48 +++++++++++++-----
|
|
||||||
4 files changed, 36 insertions(+), 13 deletions(-)
|
|
||||||
create mode 100644 fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8
|
|
||||||
create mode 100644 fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c
|
|
||||||
|
|
||||||
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
|
|
||||||
index bb6c19713..31cec5c0c 100644
|
|
||||||
--- a/lib/gnutls_int.h
|
|
||||||
+++ b/lib/gnutls_int.h
|
|
||||||
@@ -1370,6 +1370,7 @@ typedef struct {
|
|
||||||
#define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
|
|
||||||
#define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
|
|
||||||
#define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
|
|
||||||
+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
|
|
||||||
|
|
||||||
/* The hsk_flags are for use within the ongoing handshake;
|
|
||||||
* they are reset to zero prior to handshake start by gnutls_handshake. */
|
|
||||||
diff --git a/lib/handshake.c b/lib/handshake.c
|
|
||||||
index b40f84b3d..ce2d160e2 100644
|
|
||||||
--- a/lib/handshake.c
|
|
||||||
+++ b/lib/handshake.c
|
|
||||||
@@ -2061,6 +2061,8 @@ read_server_hello(gnutls_session_t session,
|
|
||||||
if (ret < 0)
|
|
||||||
return gnutls_assert_val(ret);
|
|
||||||
|
|
||||||
+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
|
|
||||||
+
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -2585,16 +2587,42 @@ int gnutls_rehandshake(gnutls_session_t session)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* This function checks whether the error code should be treated fatal
|
|
||||||
+ * or not, and also does the necessary state transition. In
|
|
||||||
+ * particular, in the case of a rehandshake abort it resets the
|
|
||||||
+ * handshake's internal state.
|
|
||||||
+ */
|
|
||||||
inline static int
|
|
||||||
_gnutls_abort_handshake(gnutls_session_t session, int ret)
|
|
||||||
{
|
|
||||||
- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
|
|
||||||
- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
|
|
||||||
- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
|
|
||||||
- return 0;
|
|
||||||
+ switch (ret) {
|
|
||||||
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
|
|
||||||
+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
|
|
||||||
+ /* The server always toleretes a "no_renegotiation" alert. */
|
|
||||||
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
|
|
||||||
+ STATE = STATE0;
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* The client should tolerete a "no_renegotiation" alert only if:
|
|
||||||
+ * - the initial handshake has completed, or
|
|
||||||
+ * - a Server Hello is not yet received
|
|
||||||
+ */
|
|
||||||
+ if (session->internals.initial_negotiation_completed ||
|
|
||||||
+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
|
|
||||||
+ STATE = STATE0;
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- /* this doesn't matter */
|
|
||||||
- return GNUTLS_E_INTERNAL_ERROR;
|
|
||||||
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
|
|
||||||
+ }
|
|
||||||
+ return ret;
|
|
||||||
+ case GNUTLS_E_GOT_APPLICATION_DATA:
|
|
||||||
+ STATE = STATE0;
|
|
||||||
+ return ret;
|
|
||||||
+ default:
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -2756,13 +2784,7 @@ int gnutls_handshake(gnutls_session_t session)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret < 0) {
|
|
||||||
- /* In the case of a rehandshake abort
|
|
||||||
- * we should reset the handshake's internal state.
|
|
||||||
- */
|
|
||||||
- if (_gnutls_abort_handshake(session, ret) == 0)
|
|
||||||
- STATE = STATE0;
|
|
||||||
-
|
|
||||||
- return ret;
|
|
||||||
+ return _gnutls_abort_handshake(session, ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* clear handshake buffer */
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Mon, 28 Dec 2020 16:16:53 +0100
|
|
||||||
Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry
|
|
||||||
|
|
||||||
The certificates stored in tests/testpkcs11-certs expired on
|
|
||||||
2020-12-13. To avoid verification failure due to that, use datefudge
|
|
||||||
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
|
|
||||||
|
|
||||||
Based on the patch by Andreas Metzler:
|
|
||||||
https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
tests/scripts/common.sh | 5 +++++
|
|
||||||
tests/testpkcs11.sh | 12 +++++++++++-
|
|
||||||
2 files changed, 16 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
|
|
||||||
index 6ae19fa58..69b5fd612 100644
|
|
||||||
--- a/tests/scripts/common.sh
|
|
||||||
+++ b/tests/scripts/common.sh
|
|
||||||
@@ -187,6 +187,11 @@ launch_bare_server() {
|
|
||||||
${SERV} $* >${LOGFILE-/dev/null} &
|
|
||||||
}
|
|
||||||
|
|
||||||
+launch_bare_server2() {
|
|
||||||
+ wait_for_free_port "$PORT"
|
|
||||||
+ "$@" >${LOGFILE-/dev/null} &
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
wait_server() {
|
|
||||||
local PID=$1
|
|
||||||
trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2
|
|
||||||
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
|
|
||||||
index 9458af238..3d74bfea6 100755
|
|
||||||
--- a/tests/testpkcs11.sh
|
|
||||||
+++ b/tests/testpkcs11.sh
|
|
||||||
@@ -67,6 +67,8 @@ have_ed25519=0
|
|
||||||
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
|
|
||||||
SERV="${SERV} -q"
|
|
||||||
|
|
||||||
+TESTDATE=2020-12-01
|
|
||||||
+
|
|
||||||
. ${srcdir}/scripts/common.sh
|
|
||||||
|
|
||||||
rm -f "${LOGFILE}"
|
|
||||||
@@ -79,6 +81,8 @@ exit_error () {
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
+skip_if_no_datefudge
|
|
||||||
+
|
|
||||||
# $1: token
|
|
||||||
# $2: PIN
|
|
||||||
# $3: filename
|
|
||||||
@@ -523,6 +527,7 @@ write_certificate_test () {
|
|
||||||
pubkey="$5"
|
|
||||||
|
|
||||||
echo -n "* Generating client certificate... "
|
|
||||||
+ datefudge -s "$TESTDATE" \
|
|
||||||
"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
|
|
||||||
--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
|
|
||||||
--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
|
|
||||||
@@ -900,7 +905,9 @@ use_certificate_test () {
|
|
||||||
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
|
|
||||||
# start server
|
|
||||||
eval "${GETPORT}"
|
|
||||||
- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
|
|
||||||
+ launch_bare_server2 datefudge -s "$TESTDATE" \
|
|
||||||
+ $VALGRIND $SERV $DEBUG -p "$PORT" \
|
|
||||||
+ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
|
|
||||||
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
|
|
||||||
--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
|
|
||||||
|
|
||||||
@@ -908,13 +915,16 @@ use_certificate_test () {
|
|
||||||
wait_server ${PID}
|
|
||||||
|
|
||||||
# connect to server using SC
|
|
||||||
+ datefudge -s "$TESTDATE" \
|
|
||||||
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
|
|
||||||
fail ${PID} "Connection should have failed!"
|
|
||||||
|
|
||||||
+ datefudge -s "$TESTDATE" \
|
|
||||||
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
|
|
||||||
--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
||||||
fail ${PID} "Connection (with files) should have succeeded!"
|
|
||||||
|
|
||||||
+ datefudge -s "$TESTDATE" \
|
|
||||||
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
|
|
||||||
--x509keyfile="${token};object=gnutls-client;object-type=private" \
|
|
||||||
--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
||||||
--
|
|
||||||
2.29.2
|
|
||||||
|
|
Binary file not shown.
14
SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch
Normal file
14
SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
--- gnutls-3.7.2/doc/manpages/p11tool.1 2021-05-29 10:15:22.000000000 +0200
|
||||||
|
+++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1 2021-06-28 09:35:23.000000000 +0200
|
||||||
|
@@ -230,8 +230,9 @@
|
||||||
|
.NOP \f\*[B-Font]\-\-write\f[]
|
||||||
|
Writes the loaded objects to a PKCS #11 token.
|
||||||
|
.sp
|
||||||
|
-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with
|
||||||
|
- one of \--load-privkey, \--load-pubkey, \--load-certificate option.
|
||||||
|
+It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option.
|
||||||
|
+.sp
|
||||||
|
+When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand.
|
||||||
|
.TP
|
||||||
|
.NOP \f\*[B-Font]\-\-delete\f[]
|
||||||
|
Deletes the objects matching the given PKCS #11 URL.
|
125
SOURCES/gnutls-3.6.16-tls12-cert-type.patch
Normal file
125
SOURCES/gnutls-3.6.16-tls12-cert-type.patch
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Fri, 14 May 2021 15:59:37 +0200
|
||||||
|
Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR
|
||||||
|
|
||||||
|
When the server is advertising signature algorithms in TLS 1.2
|
||||||
|
CertificateRequest, it shouldn't send certificate_types not backed by
|
||||||
|
any of those algorithms.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/auth/cert.c | 76 +++++++++++++++++++++++--
|
||||||
|
tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++
|
||||||
|
2 files changed, 89 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
|
||||||
|
index 3073a33d3..0b0f04b2b 100644
|
||||||
|
--- a/lib/auth/cert.c
|
||||||
|
+++ b/lib/auth/cert.c
|
||||||
|
@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64,
|
||||||
|
#endif
|
||||||
|
} CertificateSigType;
|
||||||
|
|
||||||
|
+enum CertificateSigTypeFlags {
|
||||||
|
+ RSA_SIGN_FLAG = 1,
|
||||||
|
+ DSA_SIGN_FLAG = 1 << 1,
|
||||||
|
+ ECDSA_SIGN_FLAG = 1 << 2,
|
||||||
|
+#ifdef ENABLE_GOST
|
||||||
|
+ GOSTR34102012_256_SIGN_FLAG = 1 << 3,
|
||||||
|
+ GOSTR34102012_512_SIGN_FLAG = 1 << 4
|
||||||
|
+#endif
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
/* Moves data from an internal certificate struct (gnutls_pcert_st) to
|
||||||
|
* another internal certificate struct (cert_auth_info_t), and deinitializes
|
||||||
|
* the former.
|
||||||
|
@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
|
||||||
|
uint8_t tmp_data[CERTTYPE_SIZE];
|
||||||
|
const version_entry_st *ver = get_version(session);
|
||||||
|
unsigned init_pos = data->length;
|
||||||
|
+ enum CertificateSigTypeFlags flags;
|
||||||
|
|
||||||
|
if (unlikely(ver == NULL))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||||
|
@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
|
||||||
|
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
|
||||||
|
}
|
||||||
|
|
||||||
|
- i = 1;
|
||||||
|
+ if (_gnutls_version_has_selectable_sighash(ver)) {
|
||||||
|
+ size_t j;
|
||||||
|
+
|
||||||
|
+ flags = 0;
|
||||||
|
+ for (j = 0; j < session->internals.priorities->sigalg.size; j++) {
|
||||||
|
+ const gnutls_sign_entry_st *se =
|
||||||
|
+ session->internals.priorities->sigalg.entry[j];
|
||||||
|
+ switch (se->pk) {
|
||||||
|
+ case GNUTLS_PK_RSA:
|
||||||
|
+ case GNUTLS_PK_RSA_PSS:
|
||||||
|
+ flags |= RSA_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+ case GNUTLS_PK_DSA:
|
||||||
|
+ flags |= DSA_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+ case GNUTLS_PK_ECDSA:
|
||||||
|
+ flags |= ECDSA_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
#ifdef ENABLE_GOST
|
||||||
|
- if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) {
|
||||||
|
- tmp_data[i++] = GOSTR34102012_256_SIGN;
|
||||||
|
- tmp_data[i++] = GOSTR34102012_512_SIGN;
|
||||||
|
- } else
|
||||||
|
+ case GNUTLS_PK_GOST_12_256:
|
||||||
|
+ flags |= GOSTR34102012_256_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+ case GNUTLS_PK_GOST_12_512:
|
||||||
|
+ flags |= GOSTR34102012_512_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+#endif
|
||||||
|
+ default:
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ _gnutls_debug_log(
|
||||||
|
+ "%s is unsupported for cert request\n",
|
||||||
|
+ gnutls_pk_get_name(se->pk));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ } else {
|
||||||
|
+#ifdef ENABLE_GOST
|
||||||
|
+ if (_gnutls_kx_is_vko_gost(session->security_parameters.
|
||||||
|
+ cs->kx_algorithm)) {
|
||||||
|
+ flags = GOSTR34102012_256_SIGN_FLAG |
|
||||||
|
+ GOSTR34102012_512_SIGN_FLAG;
|
||||||
|
+ } else
|
||||||
|
#endif
|
||||||
|
- {
|
||||||
|
+ {
|
||||||
|
+ flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ i = 1;
|
||||||
|
+ if (flags & RSA_SIGN_FLAG) {
|
||||||
|
tmp_data[i++] = RSA_SIGN;
|
||||||
|
+ }
|
||||||
|
+ if (flags & DSA_SIGN_FLAG) {
|
||||||
|
tmp_data[i++] = DSA_SIGN;
|
||||||
|
+ }
|
||||||
|
+ if (flags & ECDSA_SIGN_FLAG) {
|
||||||
|
tmp_data[i++] = ECDSA_SIGN;
|
||||||
|
}
|
||||||
|
+#ifdef ENABLE_GOST
|
||||||
|
+ if (flags & GOSTR34102012_256_SIGN_FLAG) {
|
||||||
|
+ tmp_data[i++] = GOSTR34102012_256_SIGN;
|
||||||
|
+ }
|
||||||
|
+ if (flags & GOSTR34102012_512_SIGN_FLAG) {
|
||||||
|
+ tmp_data[i++] = GOSTR34102012_512_SIGN;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
tmp_data[0] = i - 1;
|
||||||
|
|
||||||
|
ret = _gnutls_buffer_append_data(data, tmp_data, i);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
283
SOURCES/gnutls-3.6.16-trust-ca-sha1.patch
Normal file
283
SOURCES/gnutls-3.6.16-trust-ca-sha1.patch
Normal file
@ -0,0 +1,283 @@
|
|||||||
|
From c2409e479df41620bceac314c76cabb1d35a4075 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 3 May 2021 16:35:43 +0200
|
||||||
|
Subject: [PATCH] x509/verify: treat SHA-1 signed CA in the trusted set
|
||||||
|
differently
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Suppose there is a certificate chain ending with an intermediate CA:
|
||||||
|
EE → ICA1 → ICA2. If the system trust store contains a root CA
|
||||||
|
generated with the same key as ICA2 but signed with a prohibited
|
||||||
|
algorithm, such as SHA-1, the library previously reported a
|
||||||
|
verification failure, though the situation is not uncommon during a
|
||||||
|
transition period of root CA.
|
||||||
|
|
||||||
|
This changes the library behavior such that the check on signature
|
||||||
|
algorithm will be skipped when examining the trusted root CA.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/x509/verify.c | 26 ++++---
|
||||||
|
tests/test-chains.h | 165 ++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 182 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
|
||||||
|
index fd7c6a164..a50b5ea44 100644
|
||||||
|
--- a/lib/x509/verify.c
|
||||||
|
+++ b/lib/x509/verify.c
|
||||||
|
@@ -415,14 +415,19 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
|
||||||
|
#define CASE_SEC_PARAM(profile, level) \
|
||||||
|
case profile: \
|
||||||
|
sym_bits = gnutls_sec_param_to_symmetric_bits(level); \
|
||||||
|
- hash = gnutls_sign_get_hash_algorithm(sigalg); \
|
||||||
|
- entry = mac_to_entry(hash); \
|
||||||
|
- if (hash <= 0 || entry == NULL) { \
|
||||||
|
+ se = _gnutls_sign_to_entry(sigalg); \
|
||||||
|
+ if (unlikely(se == NULL)) { \
|
||||||
|
+ _gnutls_cert_log("cert", crt); \
|
||||||
|
+ _gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \
|
||||||
|
+ return gnutls_assert_val(0); \
|
||||||
|
+ } \
|
||||||
|
+ if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \
|
||||||
|
_gnutls_cert_log("cert", crt); \
|
||||||
|
_gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \
|
||||||
|
return gnutls_assert_val(0); \
|
||||||
|
} \
|
||||||
|
- if (_gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
|
||||||
|
+ if (!trusted && \
|
||||||
|
+ _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
|
||||||
|
_gnutls_cert_log("cert", crt); \
|
||||||
|
_gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \
|
||||||
|
return gnutls_assert_val(0); \
|
||||||
|
@@ -449,19 +454,22 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
|
||||||
|
* @crt: a certificate
|
||||||
|
* @issuer: the certificates issuer (allowed to be NULL)
|
||||||
|
* @sigalg: the signature algorithm used
|
||||||
|
+ * @trusted: whether @crt is treated as trusted (e.g., present in the system
|
||||||
|
+ * trust list); if it is true, the check on signature algorithm will
|
||||||
|
+ * be skipped
|
||||||
|
* @flags: the specified verification flags
|
||||||
|
*/
|
||||||
|
static unsigned is_level_acceptable(
|
||||||
|
gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
|
||||||
|
- gnutls_sign_algorithm_t sigalg, unsigned flags)
|
||||||
|
+ gnutls_sign_algorithm_t sigalg, bool trusted,
|
||||||
|
+ unsigned flags)
|
||||||
|
{
|
||||||
|
gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags);
|
||||||
|
- const mac_entry_st *entry;
|
||||||
|
int issuer_pkalg = 0, pkalg, ret;
|
||||||
|
unsigned bits = 0, issuer_bits = 0, sym_bits = 0;
|
||||||
|
gnutls_pk_params_st params;
|
||||||
|
gnutls_sec_param_t sp;
|
||||||
|
- int hash;
|
||||||
|
+ const gnutls_sign_entry_st *se;
|
||||||
|
gnutls_certificate_verification_profiles_t min_profile;
|
||||||
|
|
||||||
|
min_profile = _gnutls_get_system_wide_verification_profile();
|
||||||
|
@@ -798,7 +806,7 @@ verify_crt(gnutls_x509_crt_t cert,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sigalg >= 0 && se) {
|
||||||
|
- if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) {
|
||||||
|
+ if (is_level_acceptable(cert, issuer, sigalg, false, flags) == 0) {
|
||||||
|
MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -893,7 +901,7 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer,
|
||||||
|
|
||||||
|
/* we explicitly allow CAs which we do not support their self-algorithms
|
||||||
|
* to pass. */
|
||||||
|
- if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, flags)) {
|
||||||
|
+ if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) {
|
||||||
|
status |= GNUTLS_CERT_INSECURE_ALGORITHM|GNUTLS_CERT_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/tests/test-chains.h b/tests/test-chains.h
|
||||||
|
index 9b06b85f5..64f50fabf 100644
|
||||||
|
--- a/tests/test-chains.h
|
||||||
|
+++ b/tests/test-chains.h
|
||||||
|
@@ -4106,6 +4106,163 @@ static const char *superseding_ca[] = {
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
+static const char *rsa_sha1_in_trusted[] = {
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n"
|
||||||
|
+ "MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
|
||||||
|
+ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
|
||||||
|
+ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
|
||||||
|
+ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
|
||||||
|
+ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
|
||||||
|
+ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
|
||||||
|
+ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
|
||||||
|
+ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
|
||||||
|
+ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
|
||||||
|
+ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
|
||||||
|
+ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
|
||||||
|
+ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
|
||||||
|
+ "AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n"
|
||||||
|
+ "eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n"
|
||||||
|
+ "flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n"
|
||||||
|
+ "x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n"
|
||||||
|
+ "PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n"
|
||||||
|
+ "CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n"
|
||||||
|
+ "W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n"
|
||||||
|
+ "MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
|
||||||
|
+ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
|
||||||
|
+ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
|
||||||
|
+ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
|
||||||
|
+ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
|
||||||
|
+ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
|
||||||
|
+ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
|
||||||
|
+ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
|
||||||
|
+ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
|
||||||
|
+ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
|
||||||
|
+ "GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n"
|
||||||
|
+ "EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n"
|
||||||
|
+ "arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n"
|
||||||
|
+ "AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n"
|
||||||
|
+ "3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n"
|
||||||
|
+ "zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n"
|
||||||
|
+ "b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n"
|
||||||
|
+ "vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n"
|
||||||
|
+ "sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char *rsa_sha1_in_trusted_ca[] = {
|
||||||
|
+ /* This CA is generated with the same key as rsa_sha1_in_trusted[1], but
|
||||||
|
+ * self-signed using SHA-1.
|
||||||
|
+ */
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n"
|
||||||
|
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n"
|
||||||
|
+ "MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n"
|
||||||
|
+ "KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n"
|
||||||
|
+ "Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n"
|
||||||
|
+ "b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n"
|
||||||
|
+ "rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n"
|
||||||
|
+ "fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n"
|
||||||
|
+ "4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n"
|
||||||
|
+ "UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n"
|
||||||
|
+ "MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n"
|
||||||
|
+ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n"
|
||||||
|
+ "S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n"
|
||||||
|
+ "Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n"
|
||||||
|
+ "gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n"
|
||||||
|
+ "Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n"
|
||||||
|
+ "9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n"
|
||||||
|
+ "wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n"
|
||||||
|
+ "w3SV1ZRcNg==\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char *rsa_sha1_not_in_trusted[] = {
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n"
|
||||||
|
+ "MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
|
||||||
|
+ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
|
||||||
|
+ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
|
||||||
|
+ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
|
||||||
|
+ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
|
||||||
|
+ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
|
||||||
|
+ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
|
||||||
|
+ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
|
||||||
|
+ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
|
||||||
|
+ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
|
||||||
|
+ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
|
||||||
|
+ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
|
||||||
|
+ "AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n"
|
||||||
|
+ "+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n"
|
||||||
|
+ "/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n"
|
||||||
|
+ "3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n"
|
||||||
|
+ "X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n"
|
||||||
|
+ "7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n"
|
||||||
|
+ "4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ /* ICA with SHA1 signature */
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n"
|
||||||
|
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n"
|
||||||
|
+ "NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
|
||||||
|
+ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
|
||||||
|
+ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
|
||||||
|
+ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
|
||||||
|
+ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
|
||||||
|
+ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
|
||||||
|
+ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
|
||||||
|
+ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
|
||||||
|
+ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
|
||||||
|
+ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
|
||||||
|
+ "GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n"
|
||||||
|
+ "muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n"
|
||||||
|
+ "2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n"
|
||||||
|
+ "cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n"
|
||||||
|
+ "dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n"
|
||||||
|
+ "qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n"
|
||||||
|
+ "VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n"
|
||||||
|
+ "5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n"
|
||||||
|
+ "PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char *rsa_sha1_not_in_trusted_ca[] = {
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n"
|
||||||
|
+ "MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n"
|
||||||
|
+ "Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n"
|
||||||
|
+ "OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n"
|
||||||
|
+ "K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n"
|
||||||
|
+ "lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n"
|
||||||
|
+ "fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n"
|
||||||
|
+ "pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n"
|
||||||
|
+ "1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n"
|
||||||
|
+ "aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n"
|
||||||
|
+ "kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n"
|
||||||
|
+ "VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n"
|
||||||
|
+ "S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n"
|
||||||
|
+ "WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n"
|
||||||
|
+ "C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n"
|
||||||
|
+ "o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n"
|
||||||
|
+ "7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n"
|
||||||
|
+ "Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n"
|
||||||
|
+ "nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n"
|
||||||
|
+ "6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n"
|
||||||
|
+ "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
|
||||||
|
# pragma GCC diagnostic push
|
||||||
|
# pragma GCC diagnostic ignored "-Wunused-variable"
|
||||||
|
@@ -4275,6 +4432,14 @@ static struct
|
||||||
|
{ "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
|
||||||
|
0, NULL, 1584352960, 1},
|
||||||
|
{ "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
|
||||||
|
+ { "rsa-sha1 in trusted - ok",
|
||||||
|
+ rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca,
|
||||||
|
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
|
||||||
|
+ 0, NULL, 1620052390, 1},
|
||||||
|
+ { "rsa-sha1 not in trusted - not ok",
|
||||||
|
+ rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca,
|
||||||
|
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
|
||||||
|
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1},
|
||||||
|
{ NULL, NULL, NULL, 0, 0}
|
||||||
|
};
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
BIN
SOURCES/gnutls-3.6.16.tar.xz.sig
Normal file
BIN
SOURCES/gnutls-3.6.16.tar.xz.sig
Normal file
Binary file not shown.
@ -1,20 +1,13 @@
|
|||||||
Version: 3.6.14
|
Version: 3.6.16
|
||||||
Release: 8%{?dist}
|
Release: 4%{?dist}
|
||||||
Patch1: gnutls-3.2.7-rpath.patch
|
Patch1: gnutls-3.2.7-rpath.patch
|
||||||
Patch2: gnutls-3.6.4-no-now-guile.patch
|
Patch2: gnutls-3.6.4-no-now-guile.patch
|
||||||
Patch3: gnutls-3.6.13-enable-intel-cet.patch
|
Patch3: gnutls-3.6.13-enable-intel-cet.patch
|
||||||
Patch4: gnutls-3.6.14-autogen-int.patch
|
|
||||||
Patch5: gnutls-3.6.14-fips-mode-check.patch
|
|
||||||
Patch6: gnutls-3.6.14-fips-dh-primes.patch
|
|
||||||
Patch7: gnutls-3.6.14-memcmp.patch
|
|
||||||
Patch8: gnutls-3.6.14-fips-dh-check.patch
|
|
||||||
Patch9: gnutls-3.6.14-fix-iovec-memory-leak.patch
|
|
||||||
Patch10: gnutls-3.6.14-fips-dh-selftests.patch
|
Patch10: gnutls-3.6.14-fips-dh-selftests.patch
|
||||||
Patch11: gnutls-3.6.14-fips-kdf-selftests.patch
|
Patch11: gnutls-3.6.14-fips-kdf-selftests.patch
|
||||||
Patch12: gnutls-3.6.14-no-renegotiation.patch
|
Patch12: gnutls-3.6.16-tls12-cert-type.patch
|
||||||
# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html
|
Patch13: gnutls-3.6.16-trust-ca-sha1.patch
|
||||||
Patch13: gnutls-3.6.14-ecdsa-verify.patch
|
Patch14: gnutls-3.6.16-doc-p11tool-ckaid.patch
|
||||||
Patch14: gnutls-3.6.14-test-fixes.patch
|
|
||||||
%bcond_without dane
|
%bcond_without dane
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
%bcond_with guile
|
%bcond_with guile
|
||||||
@ -298,8 +291,30 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Apr 1 2021 Daiki Ueno <dueno@redhat.com> - 3.6.14-8
|
* Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-4
|
||||||
- Port fixes for potential miscalculation in ecdsa_verify (#1942929)
|
- p11tool: Document ID reuse behavior when importing certs (#1776250)
|
||||||
|
|
||||||
|
* Mon Jun 7 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-3
|
||||||
|
- Treat SHA-1 signed CA in the trusted set differently (#1965445)
|
||||||
|
|
||||||
|
* Wed May 26 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-2
|
||||||
|
- Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216)
|
||||||
|
|
||||||
|
* Mon May 24 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-1
|
||||||
|
- Update to upstream 3.6.16 release (#1956783)
|
||||||
|
- Fix potential use-after-free in key_share handling (#1927597)
|
||||||
|
- Fix potential use-after-free in pre_shared_key handling (#1927593)
|
||||||
|
- Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334)
|
||||||
|
- Fix cert expiration issue in tests (#1908110)
|
||||||
|
|
||||||
|
* Thu Apr 1 2021 Daiki Ueno <dueno@redhat.com> - 3.6.14-10
|
||||||
|
- Port fixes for potential miscalculation in ecdsa_verify (#1942931)
|
||||||
|
|
||||||
|
* Tue Nov 24 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-9
|
||||||
|
- Revert the previous change
|
||||||
|
|
||||||
|
* Wed Nov 11 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-8
|
||||||
|
- Depend on specific NVR of gmp and nettle (#1812933)
|
||||||
|
|
||||||
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-7
|
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-7
|
||||||
- Increase DH key bits to >= 2048 in self-tests (#1879506)
|
- Increase DH key bits to >= 2048 in self-tests (#1879506)
|
||||||
|
Loading…
Reference in New Issue
Block a user