import gnutls-3.6.14-8.el8_3

2021-04-14 16:09:36 -04:00 · 2021-04-14 16:09:36 -04:00 · b2fe796223
parent a0a3a4d3a4
commit b2fe796223
3 changed files with 189 additions and 1 deletions
--- a/SOURCES/gnutls-3.6.14-ecdsa-verify.patch
+++ b/SOURCES/gnutls-3.6.14-ecdsa-verify.patch
@ -0,0 +1,87 @@
+diff -up ./doc/doxygen/Doxyfile.orig ./doc/doxygen/Doxyfile
+diff -up ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig ./lib/nettle/ecc/ecc-gostdsa-verify.c
+--- ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig	2020-06-03 15:05:27.000000000 +0200
+++ ./lib/nettle/ecc/ecc-gostdsa-verify.c	2021-04-01 11:24:42.820992320 +0200
+@@ -63,6 +63,8 @@ ecc_gostdsa_verify (const struct ecc_cur
+ 		  const mp_limb_t *rp, const mp_limb_t *sp,
+ 		  mp_limb_t *scratch)
+ {
+  mp_limb_t cy;
+
+   /* Procedure, according to GOST R 34.10. q denotes the group
+      order.
+ 
+@@ -101,11 +103,17 @@ ecc_gostdsa_verify (const struct ecc_cur
+   ecc->q.invert (&ecc->q, vp, hp, vp + 2*ecc->p.size);
+ 
+   /* z1 = s / h, P1 = z1 * G */
+-  ecc_mod_mul (&ecc->q, z1, sp, vp);
+  ecc_mod_mul (&ecc->q, z1 + ecc->q.size, sp, vp);
+  /* Ensure canonical reduction */
+  cy = mpn_sub_n (z1, z1 + ecc->q.size, ecc->q.m, ecc->q.size);
+  cnd_copy (cy, z1, z1 + ecc->q.size, ecc->q.size);
+ 
+   /* z2 = - r / h, P2 = z2 * Y */
+-  ecc_mod_mul (&ecc->q, z2, rp, vp);
+-  mpn_sub_n (z2, ecc->q.m, z2, ecc->p.size);
+  mpn_sub_n (hp, ecc->q.m, rp, ecc->p.size);
+  ecc_mod_mul (&ecc->q, z2 + ecc->q.size, hp, vp);
+  /* Ensure canonical reduction */
+  cy = mpn_sub_n (z2, z2 + ecc->q.size, ecc->q.m, ecc->q.size);
+  cnd_copy (cy, z2, z2 + ecc->q.size, ecc->q.size);
+ 
+    /* Total storage: 5*ecc->p.size + ecc->mul_itch */
+   ecc->mul (ecc, P2, z2, pp, z2 + ecc->p.size);
+diff -up ./lib/nettle/ecc/eddsa-hash.c.orig ./lib/nettle/ecc/eddsa-hash.c
+--- ./lib/nettle/ecc/eddsa-hash.c.orig	2020-06-03 15:05:28.000000000 +0200
+++ ./lib/nettle/ecc/eddsa-hash.c	2021-04-01 11:24:42.821992314 +0200
+@@ -43,13 +43,14 @@
+ #include <nettle/ecc.h>
+ #include "ecc-internal.h"
+ 
+-/* Convert hash digest to integer, and reduce modulo q, to m->size
+-   limbs. Needs space for 2*m->size + 1 at rp. */
+/* Convert hash digest to integer, and reduce canonically modulo q.
+   Needs space for 2*m->size + 1 at rp. */
+ void
+ _eddsa_hash (const struct ecc_modulo *m,
+ 	     mp_limb_t *rp, size_t digest_size, const uint8_t *digest)
+ {
+   mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS;
+  mp_limb_t cy;
+ 
+   mpn_set_base256_le (rp, nlimbs, digest, digest_size);
+ 
+@@ -74,4 +75,8 @@ _eddsa_hash (const struct ecc_modulo *m,
+       assert (hi == 0);
+     }
+   m->mod (m, rp);
+  /* Ensure canonical reduction. */
+  cy = mpn_sub_n (rp + m->size, rp, m->m, m->size);
+  cnd_copy (cy, rp + m->size, rp, m->size);
+  mpn_copyi (rp, rp + m->size, m->size);
+ }
+diff -up ./lib/nettle/ecc/gostdsa-vko.c.orig ./lib/nettle/ecc/gostdsa-vko.c
+--- ./lib/nettle/ecc/gostdsa-vko.c.orig	2020-06-03 15:05:28.000000000 +0200
+++ ./lib/nettle/ecc/gostdsa-vko.c	2021-04-01 11:24:42.821992314 +0200
+@@ -64,6 +64,7 @@ gostdsa_vko (const struct ecc_scalar *pr
+   mp_size_t size = ecc->p.size;
+   mp_size_t itch = 4*size + ecc->mul_itch;
+   mp_limb_t *scratch;
+  mp_limb_t cy;
+ 
+   if (itch < 5*size + ecc->h_to_a_itch)
+       itch = 5*size + ecc->h_to_a_itch;
+@@ -87,7 +88,11 @@ gostdsa_vko (const struct ecc_scalar *pr
+   if (mpn_zero_p (UKM, size))
+     UKM[0] = 1;
+ 
+-  ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */
+  ecc_mod_mul (&ecc->q, TEMP + ecc->q.size, priv->p, UKM); /* TEMP = UKM * priv */
+  /* Ensure canonical reduction */
+  cy = mpn_sub_n (TEMP, TEMP + ecc->q.size, ecc->q.m, ecc->q.size);
+  cnd_copy (cy, TEMP, TEMP + ecc->q.size, ecc->q.size);
+
+   ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */
+   ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */
+   mpn_get_base256_le (out, bsize, TEMP, size);
--- a/SOURCES/gnutls-3.6.14-test-fixes.patch
+++ b/SOURCES/gnutls-3.6.14-test-fixes.patch
@ -0,0 +1,95 @@
+From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 28 Dec 2020 16:16:53 +0100
+Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry
+
+The certificates stored in tests/testpkcs11-certs expired on
+2020-12-13.  To avoid verification failure due to that, use datefudge
+to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
+
+Based on the patch by Andreas Metzler:
+https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ tests/scripts/common.sh |  5 +++++
+ tests/testpkcs11.sh     | 12 +++++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
+index 6ae19fa58..69b5fd612 100644
+--- a/tests/scripts/common.sh
+++ b/tests/scripts/common.sh
+@@ -187,6 +187,11 @@ launch_bare_server() {
+ 	${SERV} $* >${LOGFILE-/dev/null} &
+ }
+ 
+launch_bare_server2() {
+	wait_for_free_port "$PORT"
+	"$@" >${LOGFILE-/dev/null} &
+}
+
+ wait_server() {
+ 	local PID=$1
+ 	trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2
+diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
+index 9458af238..3d74bfea6 100755
+--- a/tests/testpkcs11.sh
+++ b/tests/testpkcs11.sh
+@@ -67,6 +67,8 @@ have_ed25519=0
+ P11TOOL="${VALGRIND} ${P11TOOL} --batch"
+ SERV="${SERV} -q"
+ 
+TESTDATE=2020-12-01
+
+ . ${srcdir}/scripts/common.sh
+ 
+ rm -f "${LOGFILE}"
+@@ -79,6 +81,8 @@ exit_error () {
+ 	exit 1
+ }
+ 
+skip_if_no_datefudge
+
+ # $1: token
+ # $2: PIN
+ # $3: filename
+@@ -523,6 +527,7 @@ write_certificate_test () {
+ 	pubkey="$5"
+ 
+ 	echo -n "* Generating client certificate... "
+	datefudge -s "$TESTDATE" \
+ 	"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM}  --generate-certificate --load-ca-privkey "${cakey}"  --load-ca-certificate "${cacert}"  \
+ 	--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
+ 	--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
+@@ -900,7 +905,9 @@ use_certificate_test () {
+ 	echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
+ 	# start server
+ 	eval "${GETPORT}"
+-	launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+	launch_bare_server2 datefudge -s "$TESTDATE" \
+	        $VALGRIND $SERV $DEBUG -p "$PORT" \
+		${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
+ 		--x509keyfile="$keyfile" --x509cafile="${cafile}" \
+ 		--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
+ 
+@@ -908,13 +915,16 @@ use_certificate_test () {
+ 	wait_server ${PID}
+ 
+ 	# connect to server using SC
+	datefudge -s "$TESTDATE" \
+ 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
+ 		fail ${PID} "Connection should have failed!"
+ 
+	datefudge -s "$TESTDATE" \
+ 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
+ 	--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ 		fail ${PID} "Connection (with files) should have succeeded!"
+ 
+	datefudge -s "$TESTDATE" \
+ 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
+ 		--x509keyfile="${token};object=gnutls-client;object-type=private" \
+ 		--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
+-- 
+2.29.2
+
--- a/SPECS/gnutls.spec
+++ b/SPECS/gnutls.spec
@ -1,5 +1,5 @@
 Version:	3.6.14
-Release: 7%{?dist}
+Release: 8%{?dist}
 Patch1:	gnutls-3.2.7-rpath.patch
 Patch2:	gnutls-3.6.4-no-now-guile.patch
 Patch3:	gnutls-3.6.13-enable-intel-cet.patch
@ -12,6 +12,9 @@ Patch9:	gnutls-3.6.14-fix-iovec-memory-leak.patch
 Patch10:	gnutls-3.6.14-fips-dh-selftests.patch
 Patch11:	gnutls-3.6.14-fips-kdf-selftests.patch
 Patch12:	gnutls-3.6.14-no-renegotiation.patch
+# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html
+Patch13:	gnutls-3.6.14-ecdsa-verify.patch
+Patch14:	gnutls-3.6.14-test-fixes.patch
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@ -295,6 +298,9 @@ fi
 %endif

 %changelog
+* Thu Apr  1 2021 Daiki Ueno <dueno@redhat.com> - 3.6.14-8
+- Port fixes for potential miscalculation in ecdsa_verify (#1942929)
+
 * Tue Nov  3 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-7
 - Increase DH key bits to >= 2048 in self-tests (#1879506)
 - Implement self-tests for KDF and CMAC (#1890870)