Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version
Resolves: #2168143 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno
parent
f764d48554
commit
b7884a9359
@ -1,54 +1,58 @@
|
||||
From 8879cd62b327874cdcc9b960ff34d320025f07c2 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 10 Feb 2023 12:35:22 +0900
|
||||
From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001
|
||||
From: Pedro Monreal <pmgdeb@gmail.com>
|
||||
Date: Thu, 16 Feb 2023 17:02:38 +0100
|
||||
Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation
|
||||
|
||||
Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise
|
||||
Consistency check, even if we only support ephemeral DH, as it is
|
||||
required by FIPS 140-3 IG 10.3.A.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
Co-authored-by: Pedro Monreal <pmonreal@suse.com>
|
||||
Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
|
||||
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/nettle/pk.c | 25 ++++++++++++++++++++++++-
|
||||
1 file changed, 24 insertions(+), 1 deletion(-)
|
||||
lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++
|
||||
1 file changed, 29 insertions(+)
|
||||
|
||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||
index f38016b19a..607a39ccd8 100644
|
||||
index d30bca594f..bd9c1b4c74 100644
|
||||
--- a/lib/nettle/pk.c
|
||||
+++ b/lib/nettle/pk.c
|
||||
@@ -2497,7 +2497,30 @@ static int pct_test(gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* param
|
||||
goto cleanup;
|
||||
@@ -2642,6 +2642,35 @@ static int pct_test(gnutls_pk_algorithm_t algo,
|
||||
}
|
||||
break;
|
||||
- case GNUTLS_PK_DH:
|
||||
+ case GNUTLS_PK_DH: {
|
||||
+ mpz_t y;
|
||||
case GNUTLS_PK_DH:
|
||||
+ {
|
||||
+ mpz_t y;
|
||||
+
|
||||
+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
|
||||
+ * of Pair-wise Consistency check, even if we only
|
||||
+ * support ephemeral DH, as it is required by FIPS
|
||||
+ * 140-3 IG 10.3.A.
|
||||
+ *
|
||||
+ * Use the private key, x, along with the generator g
|
||||
+ * and prime modulus p included in the domain
|
||||
+ * parameters associated with the key pair to compute
|
||||
+ * g^x mod p. Compare the result to the public key, y.
|
||||
+ */
|
||||
+ mpz_init(y);
|
||||
+ mpz_powm(y,
|
||||
+ TOMPZ(params->params[DSA_G]),
|
||||
+ TOMPZ(params->params[DSA_X]),
|
||||
+ TOMPZ(params->params[DSA_P]));
|
||||
+ if (unlikely(mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
|
||||
+ ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
|
||||
+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
|
||||
+ * of Pair-wise Consistency check, even if we only
|
||||
+ * support ephemeral DH, as it is required by FIPS
|
||||
+ * 140-3 IG 10.3.A.
|
||||
+ *
|
||||
+ * Use the private key, x, along with the generator g
|
||||
+ * and prime modulus p included in the domain
|
||||
+ * parameters associated with the key pair to compute
|
||||
+ * g^x mod p. Compare the result to the public key, y.
|
||||
+ */
|
||||
+ mpz_init(y);
|
||||
+ mpz_powm(y,
|
||||
+ TOMPZ(params->params[DSA_G]),
|
||||
+ TOMPZ(params->params[DSA_X]),
|
||||
+ TOMPZ(params->params[DSA_P]));
|
||||
+ if (unlikely
|
||||
+ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
|
||||
+ ret =
|
||||
+ gnutls_assert_val
|
||||
+ (GNUTLS_E_PK_GENERATION_ERROR);
|
||||
+ mpz_clear(y);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ mpz_clear(y);
|
||||
+ break;
|
||||
+ }
|
||||
+ mpz_clear(y);
|
||||
+ break;
|
||||
+ }
|
||||
case GNUTLS_PK_ECDH_X25519:
|
||||
case GNUTLS_PK_ECDH_X448:
|
||||
ret = 0;
|
||||
--
|
||||
2.39.1
|
||||
2.39.2
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16))
|
||||
}
|
||||
|
||||
Version: 3.7.6
|
||||
Release: 17%{?dist}
|
||||
Release: 18%{?dist}
|
||||
# not upstreamed
|
||||
Patch: gnutls-3.6.7-no-now-guile.patch
|
||||
Patch: gnutls-3.2.7-rpath.patch
|
||||
@ -39,6 +39,7 @@ Patch: gnutls-3.7.6-fips-ccm-taglen.patch
|
||||
Patch: gnutls-3.7.6-fips-rsa-pss-saltlen.patch
|
||||
Patch: gnutls-3.7.8-revert-hmac-name.patch
|
||||
Patch: gnutls-3.7.8-rsa-kx-timing.patch
|
||||
Patch: gnutls-3.7.8-fips-pct-dh.patch
|
||||
|
||||
# not upstreamed
|
||||
Patch: gnutls-3.7.3-disable-config-reload.patch
|
||||
@ -46,7 +47,6 @@ Patch: gnutls-3.7.3-fips-dsa-post.patch
|
||||
Patch: gnutls-3.7.6-drbg-reseed.patch
|
||||
Patch: gnutls-3.7.6-cpuid-fixes.patch
|
||||
Patch: gnutls-3.7.6-gmp-static.patch
|
||||
Patch: gnutls-3.7.8-fips-pct-dh.patch
|
||||
|
||||
%bcond_without bootstrap
|
||||
%bcond_without dane
|
||||
@ -406,6 +406,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Feb 28 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-18
|
||||
- Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168143)
|
||||
|
||||
* Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-17
|
||||
- Fix timing side-channel in TLS RSA key exchange (#2162601)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user