From e50ef7c318427e8b83c54824d54c532325e47f26 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 1 Aug 2019 12:51:51 -0400 Subject: [PATCH] import gnutls-3.6.8-3.el8 --- .gitignore | 2 + .gnutls.metadata | 2 + SOURCES/gnutls-3.2.7-rpath.patch | 12 + SOURCES/gnutls-3.6.4-no-now-guile.patch | 13 + ...gnutls-3.6.5-fix-fips-signature-post.patch | 846 +++++++++++++++ SOURCES/gnutls-3.6.8-fips-aes-cbc-kat.patch | 36 + .../gnutls-3.6.8-multiple-key-updates.patch | 286 +++++ SOURCES/gnutls-3.6.8.tar.xz.sig | Bin 0 -> 310 bytes SPECS/gnutls.spec | 978 ++++++++++++++++++ 9 files changed, 2175 insertions(+) create mode 100644 .gitignore create mode 100644 .gnutls.metadata create mode 100644 SOURCES/gnutls-3.2.7-rpath.patch create mode 100644 SOURCES/gnutls-3.6.4-no-now-guile.patch create mode 100644 SOURCES/gnutls-3.6.5-fix-fips-signature-post.patch create mode 100644 SOURCES/gnutls-3.6.8-fips-aes-cbc-kat.patch create mode 100644 SOURCES/gnutls-3.6.8-multiple-key-updates.patch create mode 100644 SOURCES/gnutls-3.6.8.tar.xz.sig create mode 100644 SPECS/gnutls.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..190b97a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/gnutls-3.6.8.tar.xz +SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg diff --git a/.gnutls.metadata b/.gnutls.metadata new file mode 100644 index 0000000..af466d6 --- /dev/null +++ b/.gnutls.metadata @@ -0,0 +1,2 @@ +e1243188791af409bca118d31faf3ec3d5f0a5ab SOURCES/gnutls-3.6.8.tar.xz +e6f8a1400839ce7b4021cdd0f8d08d71b0693486 SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg diff --git a/SOURCES/gnutls-3.2.7-rpath.patch b/SOURCES/gnutls-3.2.7-rpath.patch new file mode 100644 index 0000000..4e6aed3 --- /dev/null +++ b/SOURCES/gnutls-3.2.7-rpath.patch @@ -0,0 +1,12 @@ +diff -ur gnutls-3.2.7.orig/configure gnutls-3.2.7/configure +--- gnutls-3.2.7.orig/configure 2013-11-23 11:09:49.000000000 +0100 ++++ gnutls-3.2.7/configure 2013-11-25 16:53:05.559440656 +0100 +@@ -39652,7 +39652,7 @@ + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + diff --git a/SOURCES/gnutls-3.6.4-no-now-guile.patch b/SOURCES/gnutls-3.6.4-no-now-guile.patch new file mode 100644 index 0000000..1da536b --- /dev/null +++ b/SOURCES/gnutls-3.6.4-no-now-guile.patch @@ -0,0 +1,13 @@ +diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in +index 95e1e9c..1dfc88e 100644 +--- a/guile/src/Makefile.in ++++ b/guile/src/Makefile.in +@@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la + # Use '-module' to build a "dlopenable module", in Libtool terms. + # Use '-undefined' to placate Libtool on Windows; see + # . +-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined ++guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy + + # Linking against GnuTLS. + GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la diff --git a/SOURCES/gnutls-3.6.5-fix-fips-signature-post.patch b/SOURCES/gnutls-3.6.5-fix-fips-signature-post.patch new file mode 100644 index 0000000..09092ca --- /dev/null +++ b/SOURCES/gnutls-3.6.5-fix-fips-signature-post.patch @@ -0,0 +1,846 @@ +From 2c44e9f8b2e7a1ebc65caeb03f9f106d31e30822 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Wed, 3 Apr 2019 13:40:04 +0200 +Subject: [PATCH 1/7] crypto-selftests-pk.c: Move hardcoded values to the top + +The objective of moving these values to the top is to allow them to be +used by other functions, in particular test_sig(). + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/crypto-selftests-pk.c | 224 +++++++++++++++++++------------------- + 1 file changed, 112 insertions(+), 112 deletions(-) + +diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c +index 1aa53ea29..4fadd4161 100644 +--- a/lib/crypto-selftests-pk.c ++++ b/lib/crypto-selftests-pk.c +@@ -107,6 +107,118 @@ static const char gost12_512_key[] = + "KjL7CLBERDm7Yvlv\n" + "-----END PRIVATE KEY-----\n"; + ++/* A precomputed RSA-SHA256 signature using the rsa_key2048 */ ++static const char rsa_sig[] = ++ "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; ++ ++/* ECDSA key and signature */ ++static const char ecdsa_secp256r1_privkey[] = ++ "-----BEGIN EC PRIVATE KEY-----\n" ++ "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" ++ "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" ++ "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" ++ "-----END EC PRIVATE KEY-----\n"; ++ ++static const char ecdsa_secp256r1_sig[] = ++ "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; ++ ++#ifdef ENABLE_NON_SUITEB_CURVES ++/* sha256 */ ++static const char ecdsa_secp192r1_privkey[] = ++ "-----BEGIN EC PRIVATE KEY-----" ++ "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" ++ "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" ++ "Fg==" "-----END EC PRIVATE KEY-----"; ++ ++static const char ecdsa_secp192r1_sig[] = ++ "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; ++ ++static const char ecdsa_secp224r1_privkey[] = ++ "-----BEGIN EC PRIVATE KEY-----" ++ "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" ++ "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" ++ "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; ++ ++static const char ecdsa_secp224r1_sig[] = ++ "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; ++#endif ++ ++static const char ecdsa_secp384r1_privkey[] = ++ "-----BEGIN EC PRIVATE KEY-----" ++ "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" ++ "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" ++ "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" ++ "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; ++ ++static const char ecdsa_secp384r1_sig[] = ++ "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; ++ ++static const char ecdsa_secp521r1_privkey[] = ++ "-----BEGIN EC PRIVATE KEY-----" ++ "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" ++ "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" ++ "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" ++ "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" ++ "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" ++ "-----END EC PRIVATE KEY-----"; ++ ++static const char ecdsa_secp521r1_sig[] = ++ "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; ++ ++/* DSA key and signature */ ++static const char dsa_privkey[] = ++ "-----BEGIN DSA PRIVATE KEY-----\n" ++ "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" ++ "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" ++ "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" ++ "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" ++ "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" ++ "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" ++ "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" ++ "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" ++ "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" ++ "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" ++ "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" ++ "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" ++ "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" ++ "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" ++ "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" ++ "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" ++ "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" ++ "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" ++ "-----END DSA PRIVATE KEY-----\n"; ++ ++static const char dsa_sig[] = ++ "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; ++ ++static const char gost01_privkey[] = ++ "-----BEGIN PRIVATE KEY-----\n" ++ "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" ++ "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" ++ "-----END PRIVATE KEY-----\n"; ++ ++static const char gost01_sig[] = ++ "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; ++ ++static const char gost12_256_privkey[] = ++ "-----BEGIN PRIVATE KEY-----\n" ++ "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" ++ "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" ++ "-----END PRIVATE KEY-----\n"; ++ ++static const char gost12_256_sig[] = ++ "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; ++ ++static const char gost12_512_privkey[] = ++ "-----BEGIN PRIVATE KEY-----\n" ++ "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" ++ "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" ++ "hsQ3JCCy4xnd5jWT\n" ++ "-----END PRIVATE KEY-----\n"; ++ ++static const char gost12_512_sig[] = ++ "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; ++ + static int test_rsa_enc(gnutls_pk_algorithm_t pk, + unsigned bits, gnutls_digest_algorithm_t ign) + { +@@ -302,118 +414,6 @@ static int test_sig(gnutls_pk_algorithm_t pk, + return ret; + } + +-/* A precomputed RSA-SHA1 signature using the rsa_key2048 */ +-static const char rsa_sig[] = +- "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; +- +-/* ECDSA key and signature */ +-static const char ecdsa_secp256r1_privkey[] = +- "-----BEGIN EC PRIVATE KEY-----\n" +- "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" +- "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" +- "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" +- "-----END EC PRIVATE KEY-----\n"; +- +-static const char ecdsa_secp256r1_sig[] = +- "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; +- +-#ifdef ENABLE_NON_SUITEB_CURVES +-/* sha256 */ +-static const char ecdsa_secp192r1_privkey[] = +- "-----BEGIN EC PRIVATE KEY-----" +- "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" +- "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" +- "Fg==" "-----END EC PRIVATE KEY-----"; +- +-static const char ecdsa_secp192r1_sig[] = +- "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; +- +-static const char ecdsa_secp224r1_privkey[] = +- "-----BEGIN EC PRIVATE KEY-----" +- "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" +- "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" +- "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; +- +-static const char ecdsa_secp224r1_sig[] = +- "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; +-#endif +- +-static const char ecdsa_secp384r1_privkey[] = +- "-----BEGIN EC PRIVATE KEY-----" +- "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" +- "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" +- "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" +- "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; +- +-static const char ecdsa_secp384r1_sig[] = +- "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; +- +-static const char ecdsa_secp521r1_privkey[] = +- "-----BEGIN EC PRIVATE KEY-----" +- "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" +- "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" +- "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" +- "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" +- "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" +- "-----END EC PRIVATE KEY-----"; +- +-static const char ecdsa_secp521r1_sig[] = +- "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; +- +-/* DSA key and signature */ +-static const char dsa_privkey[] = +- "-----BEGIN DSA PRIVATE KEY-----\n" +- "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" +- "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" +- "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" +- "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" +- "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" +- "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" +- "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" +- "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" +- "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" +- "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" +- "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" +- "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" +- "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" +- "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" +- "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" +- "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" +- "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" +- "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" +- "-----END DSA PRIVATE KEY-----\n"; +- +-static const char dsa_sig[] = +- "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; +- +-static const char gost01_privkey[] = +- "-----BEGIN PRIVATE KEY-----\n" +- "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" +- "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" +- "-----END PRIVATE KEY-----\n"; +- +-static const char gost01_sig[] = +- "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; +- +-static const char gost12_256_privkey[] = +- "-----BEGIN PRIVATE KEY-----\n" +- "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" +- "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" +- "-----END PRIVATE KEY-----\n"; +- +-static const char gost12_256_sig[] = +- "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; +- +-static const char gost12_512_privkey[] = +- "-----BEGIN PRIVATE KEY-----\n" +- "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" +- "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" +- "hsQ3JCCy4xnd5jWT\n" +- "-----END PRIVATE KEY-----\n"; +- +-static const char gost12_512_sig[] = +- "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; +- + static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, + gnutls_digest_algorithm_t dig, + const void *privkey, size_t privkey_size, +-- +2.20.1 + + +From 4b04d899849ea566ae33862289276d9b297cd493 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Wed, 3 Apr 2019 13:44:56 +0200 +Subject: [PATCH 2/7] crypto-selftests-pk.c: Add a comparison with a known + signature + +For RSA, compare the generated signature with a stored known value in +test_sig(). + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/crypto-selftests-pk.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c +index 4fadd4161..0233e6b9f 100644 +--- a/lib/crypto-selftests-pk.c ++++ b/lib/crypto-selftests-pk.c +@@ -313,6 +313,7 @@ static int test_sig(gnutls_pk_algorithm_t pk, + { + int ret; + gnutls_datum_t sig = { NULL, 0 }; ++ gnutls_datum_t known_sig = { NULL, 0 }; + gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 }; + gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 }; + gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 }; +@@ -343,6 +344,8 @@ static int test_sig(gnutls_pk_algorithm_t pk, + } + + if (pk == GNUTLS_PK_RSA) { ++ known_sig.data = (void *)rsa_sig; ++ known_sig.size = sizeof(rsa_sig) - 1; + ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); + } else if (pk == GNUTLS_PK_RSA_PSS) { + ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); +@@ -378,6 +381,16 @@ static int test_sig(gnutls_pk_algorithm_t pk, + goto cleanup; + } + ++ /* Compare with a stored known signature */ ++ if (known_sig.data != NULL) { ++ if (sig.size != known_sig.size ++ || memcmp(sig.data, known_sig.data, sig.size) != 0) { ++ ret = GNUTLS_E_SELF_TEST_ERROR; ++ gnutls_assert(); ++ goto cleanup; ++ } ++ } ++ + ret = + gnutls_pubkey_verify_data2(pub, sigalgo, 0, + &signed_data, &sig); +-- +2.20.1 + + +From 2123049ab9b963ef0ba108ed1cb180016bd672ab Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Wed, 17 Apr 2019 17:22:40 +0200 +Subject: [PATCH 3/7] nettle/pk.c: Do not call gnutls_rnd() during self tests + +When the library state is LIB_STATE_SELFTEST, use constant data instead +of calling gnutls_rnd(). This prevents the library to block if there is +insufficient entropy during FIPS self tests. + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/nettle/pk.c | 41 ++++++++++++++++++++++++++++++++++------- + 1 file changed, 34 insertions(+), 7 deletions(-) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 08117c2d8..64633cc73 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -60,6 +60,33 @@ + static inline const struct ecc_curve *get_supported_nist_curve(int curve); + static inline const struct ecc_curve *get_supported_gost_curve(int curve); + ++/* Fill the buffer with data for testing purposes. ++ * This should be called only during self tests. ++ */ ++static int _pk_fill_buffer(void *buffer, size_t length) ++{ ++ if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST) { ++ return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); ++ } ++ ++ memset(buffer, 0xAA, length); ++ ++ return 0; ++} ++ ++static int _pk_rnd(gnutls_rnd_level_t level, void *data, size_t len) ++{ ++ int ret; ++ ++ if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) { ++ ret = _pk_fill_buffer(data, len); ++ } else { ++ ret = gnutls_rnd(level, data, len); ++ } ++ ++ return ret; ++} ++ + /* When these callbacks are used for a nettle operation, the + * caller must check the macro HAVE_LIB_ERROR() after the operation + * is complete. If the macro is true, the operation is to be considered +@@ -67,21 +94,21 @@ static inline const struct ecc_curve *get_supported_gost_curve(int curve); + */ + static void rnd_key_func(void *_ctx, size_t length, uint8_t * data) + { +- if (gnutls_rnd(GNUTLS_RND_KEY, data, length) < 0) { ++ if (_pk_rnd(GNUTLS_RND_KEY, data, length) < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + } + } + + static void rnd_tmpkey_func(void *_ctx, size_t length, uint8_t * data) + { +- if (gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) { ++ if (_pk_rnd(GNUTLS_RND_RANDOM, data, length) < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + } + } + + static void rnd_nonce_func(void *_ctx, size_t length, uint8_t * data) + { +- if (gnutls_rnd(GNUTLS_RND_NONCE, data, length) < 0) { ++ if (_pk_rnd(GNUTLS_RND_NONCE, data, length) < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + } + } +@@ -650,7 +677,7 @@ _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig, + if (salt == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + +- ret = gnutls_rnd(GNUTLS_RND_NONCE, salt, salt_size); ++ ret = _pk_rnd(GNUTLS_RND_NONCE, salt, salt_size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; +@@ -1732,7 +1759,7 @@ gnutls_x509_spki_st spki; + + _gnutls_dsa_q_to_hash(params, &hash_len); + gen_data = gnutls_malloc(hash_len); +- gnutls_rnd(GNUTLS_RND_NONCE, gen_data, hash_len); ++ _pk_rnd(GNUTLS_RND_NONCE, gen_data, hash_len); + + ddata.data = (void*)gen_data; + ddata.size = hash_len; +@@ -2101,7 +2128,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + goto fail; + } + +- ret = gnutls_rnd(rnd_level, params->raw_priv.data, size); ++ ret = _pk_rnd(rnd_level, params->raw_priv.data, size); + if (ret < 0) { + ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto fail; +@@ -2240,7 +2267,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + goto fail; + } + +- ret = gnutls_rnd(rnd_level, params->raw_priv.data, size); ++ ret = _pk_rnd(rnd_level, params->raw_priv.data, size); + if (ret < 0) { + ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto fail; +-- +2.20.1 + + +From db2b308fdbe98420b722eaf678c1a911bc51b0a5 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Thu, 18 Apr 2019 17:22:18 +0200 +Subject: [PATCH 4/7] tests: Run rng-no-onload test in FIPS mode + +This changes the function used in the test to override gnutls_rnd() to +fill the given buffer with a different value each time it is called. +This allows the test to run when FIPS mode is enabled. + +Previously the rng-no-onload test could get stuck if FIPS mode was +enabled. This happened if gnutls_rnd() function was called during +global_init() in a loop that checks the generated value (e.g. if ECDSA +signature generation is called during self tests). + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + tests/rng-no-onload.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/tests/rng-no-onload.c b/tests/rng-no-onload.c +index ac01be214..a485a440d 100644 +--- a/tests/rng-no-onload.c ++++ b/tests/rng-no-onload.c +@@ -50,18 +50,20 @@ static int _rnd_called = 0; + int __attribute__ ((visibility ("protected"))) + gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) + { ++ static unsigned int value = 0; ++ + _rnd_called = 1; + +- memset(data, 0xff, len); ++ /* Increment 'value' in each call up to 255, then start again from 0 */ ++ value = (value + 1) & 0xFF; ++ ++ memset(data, value, len); ++ + return 0; + } + + void doit(void) + { +- if (gnutls_fips140_mode_enabled()) { +- exit(77); +- } +- + global_init(); + + if (_rnd_called != 0) +-- +2.20.1 + + +From fc926cd65f1de06f359315c6693c1a9c9899ba8c Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Thu, 4 Apr 2019 15:45:02 +0200 +Subject: [PATCH 5/7] crypto-selftests-pk.c: Fix test_known_sig + +Previously a new signature was generated only for deterministic +algorithms (i.e. only RSA). With this, a new signature is always +generated (and compared with a stored signature for deterministic +algorithms). The signature verification is tested for both generated +and stored signatures. + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/crypto-selftests-pk.c | 31 ++++++++++++++++++++----------- + 1 file changed, 20 insertions(+), 11 deletions(-) + +diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c +index 0233e6b9f..ba8f5e376 100644 +--- a/lib/crypto-selftests-pk.c ++++ b/lib/crypto-selftests-pk.c +@@ -475,19 +475,17 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, + goto cleanup; + } + +- /* Test if the signature we generate matches the stored */ ++ ret = gnutls_privkey_sign_data(key, dig, 0, &signed_data, &sig); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto cleanup; ++ } ++ ++ /* Test if the generated signature matches the stored */ + ssig.data = (void *) stored_sig; + ssig.size = stored_sig_size; + + if (deterministic_sigs != 0) { /* do not compare against stored signature if not provided */ +- ret = +- gnutls_privkey_sign_data(key, dig, 0, &signed_data, +- &sig); +- if (ret < 0) { +- gnutls_assert(); +- goto cleanup; +- } +- + if (sig.size != ssig.size + || memcmp(sig.data, ssig.data, sig.size) != 0) { + ret = GNUTLS_E_SELF_TEST_ERROR; +@@ -507,7 +505,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, + } + } + +- /* Test if we can verify the signature */ ++ /* Test if we can verify the generated signature */ + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) { +@@ -515,6 +513,17 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, + goto cleanup; + } + ++ ret = ++ gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, ++ &signed_data, &sig); ++ if (ret < 0) { ++ ret = GNUTLS_E_SELF_TEST_ERROR; ++ gnutls_assert(); ++ goto cleanup; ++ } ++ ++ /* Test if we can verify the stored signature */ ++ + ret = + gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, + &signed_data, &ssig); +@@ -528,7 +537,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, + + ret = + gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, +- &bad_data, &ssig); ++ &bad_data, &sig); + + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) { + ret = GNUTLS_E_SELF_TEST_ERROR; +-- +2.20.1 + + +From 7e49999db264556ac73ff498bd8f7edce401cdd1 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Thu, 4 Apr 2019 17:22:04 +0200 +Subject: [PATCH 6/7] crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST + +Remove the flag check from the end of the macros. This change allows +more than one test to run in sequence when GNUTLS_SELF_TEST_FLAG_ALL is +not set. Move the flags checks to run the minimal set of tests required +for FIPS and keep the previous behaviour for GOST (run the first test +for each algorithm). + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/crypto-selftests-pk.c | 37 ++++++++++++++++++++----------------- + 1 file changed, 20 insertions(+), 17 deletions(-) + +diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c +index ba8f5e376..fc8ee2525 100644 +--- a/lib/crypto-selftests-pk.c ++++ b/lib/crypto-selftests-pk.c +@@ -568,18 +568,14 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, + if (ret < 0) { \ + gnutls_assert(); \ + goto cleanup; \ +- } \ +- if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \ +- return 0 ++ } + + #define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \ + ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \ + if (ret < 0) { \ + gnutls_assert(); \ + goto cleanup; \ +- } \ +- if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \ +- return 0 ++ } + + + /* This file is also included by the test app in tests/slow/cipher-test, so in that +@@ -812,11 +808,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256, + rsa_key2048, rsa_sig); + PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0); +- PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); + + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + ++ PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); ++ + FALLTHROUGH; + case GNUTLS_PK_RSA_PSS: + PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256); +@@ -828,11 +825,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + case GNUTLS_PK_DSA: + PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256, + dsa_privkey, dsa_sig); +- PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); + + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + ++ PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); ++ + FALLTHROUGH; + case GNUTLS_PK_EC: + /* Test ECDH and ECDSA */ +@@ -850,13 +848,14 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + (GNUTLS_ECC_CURVE_SECP256R1), + GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey, + ecdsa_secp256r1_sig); +- PK_TEST(GNUTLS_PK_EC, test_sig, +- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), +- GNUTLS_SIGN_ECDSA_SHA256); + + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + ++ PK_TEST(GNUTLS_PK_EC, test_sig, ++ GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), ++ GNUTLS_SIGN_ECDSA_SHA256); ++ + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP384R1), +@@ -900,31 +899,35 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + case GNUTLS_PK_GOST_01: + PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94, + gost01_privkey, gost01_sig); +- PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), +- GNUTLS_SIGN_GOST_94); + + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + ++ PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), ++ GNUTLS_SIGN_GOST_94); ++ + FALLTHROUGH; + case GNUTLS_PK_GOST_12_256: + PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256, + gost12_256_privkey, gost12_256_sig); +- PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), +- GNUTLS_SIGN_GOST_256); + + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + ++ PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), ++ GNUTLS_SIGN_GOST_256); ++ + FALLTHROUGH; + case GNUTLS_PK_GOST_12_512: + PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512, + gost12_512_privkey, gost12_512_sig); +- PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), +- GNUTLS_SIGN_GOST_512); + + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; ++ ++ PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), ++ GNUTLS_SIGN_GOST_512); ++ + #endif + + break; +-- +2.20.1 + + +From c2e83d2110b98d93588f1b6187bc932feb958ca4 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Mon, 8 Apr 2019 14:21:57 +0200 +Subject: [PATCH 7/7] crypto-selftests-pk.c: Cleanup self tests + +test_sig() always uses the same key for RSA, DSA, and ECDSA regardless +of the value provided in the "bits" parameter. Therefore, avoid +printing specific information (number of bits or name of the curve). + +Changes test_sig() to use 2048 bits key for DSA; deleted hardcoded 512 +bits DSA key; + +Avoid calling test_sig() multiple times for ECDSA: the same key is +used regardless of the curve provided in the parameters. + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/crypto-selftests-pk.c | 42 +++++++++------------------------------ + 1 file changed, 9 insertions(+), 33 deletions(-) + +diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c +index fc8ee2525..3d665b723 100644 +--- a/lib/crypto-selftests-pk.c ++++ b/lib/crypto-selftests-pk.c +@@ -78,16 +78,6 @@ static const char ecc_key[] = + "MSHpe5vd0TQz+/GAa1zxle8mB/Cdh0JaTrA=\n" + "-----END EC PRIVATE KEY-----\n"; + +-static const char dsa_key[] = +- "-----BEGIN DSA PRIVATE KEY-----\n" +- "MIH4AgEAAkEA6KUOSXfFNcInFLPdOlLlKNCe79zJrkxnsQN+lllxuk1ifZrE07r2\n" +- "3edTrc4riQNnZ2nZ372tYUAMJg+5jM6IIwIVAOa58exwZ+42Tl+p3b4Kbpyu2Ron\n" +- "AkBocj7gkiBYHtv6HMIIzooaxn4vpGR0Ns6wBfroBUGvrnSAgfT3WyiNaHkIF28e\n" +- "quWcEeOJjUgFvatcM8gcY288AkEAyKWlgzBurIYST8TM3j4PuQJDTvdHDaGoAUAa\n" +- "EfjmOw2UXKwqTmwPiT5BYKgCo2ILS87ttlTpd8vndH37pmnmVQIUQIVuKpZ8y9Bw\n" +- "VzO8qcrLCFvTOXY=\n" +- "-----END DSA PRIVATE KEY-----\n"; +- + static const char gost01_key[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n" +@@ -315,22 +305,20 @@ static int test_sig(gnutls_pk_algorithm_t pk, + gnutls_datum_t sig = { NULL, 0 }; + gnutls_datum_t known_sig = { NULL, 0 }; + gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 }; +- gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 }; ++ gnutls_datum_t raw_dsa_key = { (void*)dsa_privkey, sizeof(dsa_privkey)-1 }; + gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 }; + gnutls_datum_t raw_gost01_key = { (void*)gost01_key, sizeof(gost01_key)-1 }; + gnutls_datum_t raw_gost12_256_key = { (void*)gost12_256_key, sizeof(gost12_256_key)-1 }; + gnutls_datum_t raw_gost12_512_key = { (void*)gost12_512_key, sizeof(gost12_512_key)-1 }; + gnutls_privkey_t key; + gnutls_pubkey_t pub = NULL; +- char param_name[32]; ++ char param_name[32] = ""; + +- if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 || +- pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) { +- snprintf(param_name, sizeof(param_name), "%s", ++ if (pk == GNUTLS_PK_GOST_01 || pk == GNUTLS_PK_GOST_12_256 || ++ pk == GNUTLS_PK_GOST_12_512) { ++ snprintf(param_name, sizeof(param_name), "-%s", + gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE + (bits))); +- } else { +- snprintf(param_name, sizeof(param_name), "%u", bits); + } + + ret = gnutls_privkey_init(&key); +@@ -418,10 +406,10 @@ static int test_sig(gnutls_pk_algorithm_t pk, + gnutls_free(sig.data); + + if (ret == 0) +- _gnutls_debug_log("%s-%s-sig self test succeeded\n", ++ _gnutls_debug_log("%s%s-sig self test succeeded\n", + gnutls_pk_get_name(pk), param_name); + else +- _gnutls_debug_log("%s-%s-sig self test failed\n", ++ _gnutls_debug_log("%s%s-sig self test failed\n", + gnutls_pk_get_name(pk), param_name); + + return ret; +@@ -812,7 +800,7 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + +- PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); ++ PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256); + + FALLTHROUGH; + case GNUTLS_PK_RSA_PSS: +@@ -829,7 +817,7 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; + +- PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); ++ PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256); + + FALLTHROUGH; + case GNUTLS_PK_EC: +@@ -861,18 +849,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + (GNUTLS_ECC_CURVE_SECP384R1), + GNUTLS_DIG_SHA256, ecdsa_secp384r1_privkey, + ecdsa_secp384r1_sig); +- PK_TEST(GNUTLS_PK_EC, test_sig, +- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1), +- GNUTLS_SIGN_ECDSA_SHA384); + + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP521R1), + GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey, + ecdsa_secp521r1_sig); +- PK_TEST(GNUTLS_PK_EC, test_sig, +- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), +- GNUTLS_SIGN_ECDSA_SHA512); + + #ifdef ENABLE_NON_SUITEB_CURVES + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, +@@ -880,18 +862,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) + (GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, + ecdsa_secp192r1_sig); +- PK_TEST(GNUTLS_PK_EC, test_sig, +- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), +- GNUTLS_SIGN_ECDSA_SHA256); + + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, + ecdsa_secp224r1_sig); +- PK_TEST(GNUTLS_PK_EC, test_sig, +- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), +- GNUTLS_SIGN_ECDSA_SHA256); + #endif + + #if ENABLE_GOST +-- +2.20.1 + diff --git a/SOURCES/gnutls-3.6.8-fips-aes-cbc-kat.patch b/SOURCES/gnutls-3.6.8-fips-aes-cbc-kat.patch new file mode 100644 index 0000000..016a6bf --- /dev/null +++ b/SOURCES/gnutls-3.6.8-fips-aes-cbc-kat.patch @@ -0,0 +1,36 @@ +From facea2b7659e11efce7014bda8800574d35dd05d Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 12 Jun 2019 14:02:05 +0200 +Subject: [PATCH] fips: run selftests over overridden AES-CBC algorithm + +Previously, we only tested nettle's AES-CBC in +_gnutls_fips_perform_self_checks1(), which is called before the +implementation is overridden. This adds an AES-CBC self-test in +_gnutls_fips_perform_self_checks2() so it can test the actual +implementation. + +Signed-off-by: Daiki Ueno +--- + lib/fips.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/fips.c b/lib/fips.c +index b92edbbd7..902af5674 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -317,6 +317,12 @@ int _gnutls_fips_perform_self_checks2(void) + goto error; + } + ++ ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto error; ++ } ++ + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM); + if (ret < 0) { + gnutls_assert(); +-- +2.20.1 + diff --git a/SOURCES/gnutls-3.6.8-multiple-key-updates.patch b/SOURCES/gnutls-3.6.8-multiple-key-updates.patch new file mode 100644 index 0000000..720ada3 --- /dev/null +++ b/SOURCES/gnutls-3.6.8-multiple-key-updates.patch @@ -0,0 +1,286 @@ +From 6023c69c616d866e19ab1c0bb87931e5143c79d3 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 5 Jun 2019 16:48:39 +0200 +Subject: [PATCH] tls13/key_update: ignore multiple key updates instead of + error + +This fixes the multiple KeyUpdate messages handling in commit +65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is +sent even if the limit doesn't exceed. + +Signed-off-by: Daiki Ueno +--- + .gitignore | 1 + + lib/tls13/key_update.c | 2 - + tests/Makefile.am | 2 + + tests/tls13/key_update_multiple.c | 232 ++++++++++++++++++++++++++++++ + 4 files changed, 235 insertions(+), 2 deletions(-) + create mode 100644 tests/tls13/key_update_multiple.c + +diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c +index d542a214b..c6f6e0aa1 100644 +--- a/lib/tls13/key_update.c ++++ b/lib/tls13/key_update.c +@@ -117,8 +117,6 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) + session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1; + else if (session->internals.rsend_state == RECORD_SEND_CORKED) + session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU; +- else +- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + break; + default: +diff --git a/tests/Makefile.am b/tests/Makefile.am +index ca0481879..4ffa69825 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -119,6 +119,8 @@ ctests += tls13/psk-ext + + ctests += tls13/key_update + ++ctests += tls13/key_update_multiple ++ + ctests += tls13/key_limits + + ctests += tls13/multi-ocsp +diff --git a/tests/tls13/key_update_multiple.c b/tests/tls13/key_update_multiple.c +new file mode 100644 +index 000000000..8b2c2db4b +--- /dev/null ++++ b/tests/tls13/key_update_multiple.c +@@ -0,0 +1,232 @@ ++/* ++ * Copyright (C) 2017-2019 Red Hat, Inc. ++ * ++ * Author: Daiki Ueno ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this program. If not, see ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "cert-common.h" ++ ++#include "utils.h" ++#include "virt-time.h" ++#define RANDOMIZE ++#include "eagain-common.h" ++ ++const char *side = ""; ++ ++/* This program tests whether multiple key update messages are handled ++ * properly with rate-limit. */ ++ ++static void tls_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "%s|<%d>| %s", side, level, str); ++} ++ ++#define MAX_BUF 1024 ++#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." ++ ++/* These must match the definitions in lib/tls13/key_update.c. */ ++#define KEY_UPDATES_WINDOW 1000 ++#define KEY_UPDATES_PER_WINDOW 8 ++ ++static unsigned key_update_msg_inc = 0; ++static unsigned key_update_msg_out = 0; ++ ++static int hsk_callback(gnutls_session_t session, unsigned int htype, ++ unsigned post, unsigned int incoming, const gnutls_datum_t *msg) ++{ ++ assert(post == GNUTLS_HOOK_PRE); ++ ++ assert(msg->size == 1); ++ ++ if (htype == GNUTLS_HANDSHAKE_KEY_UPDATE) { ++ if (incoming) ++ key_update_msg_inc++; ++ else ++ key_update_msg_out++; ++ } ++ ++ return 0; ++} ++ ++static void run(const char *name, bool exceed_limit) ++{ ++ /* Server stuff. */ ++ gnutls_certificate_credentials_t ccred; ++ gnutls_certificate_credentials_t scred; ++ gnutls_session_t server; ++ int sret, cret; ++ /* Client stuff. */ ++ gnutls_session_t client; ++ /* Need to enable anonymous KX specifically. */ ++ char buffer[MAX_BUF + 1]; ++ int ret, transferred = 0; ++ size_t i; ++ ++ success("%s\n", name); ++ ++ /* General init. */ ++ global_init(); ++ gnutls_global_set_log_function(tls_log_func); ++ if (debug) ++ gnutls_global_set_log_level(9); ++ ++ /* Init server */ ++ assert(gnutls_certificate_allocate_credentials(&scred) >= 0); ++ assert(gnutls_certificate_set_x509_key_mem(scred, ++ &server_ca3_localhost_cert, ++ &server_ca3_key, ++ GNUTLS_X509_FMT_PEM) >= 0); ++ ++ assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); ++ ret = ++ gnutls_priority_set_direct(server, ++ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", ++ NULL); ++ if (ret < 0) ++ exit(1); ++ ++ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); ++ gnutls_transport_set_push_function(server, server_push); ++ gnutls_transport_set_pull_function(server, server_pull); ++ gnutls_transport_set_ptr(server, server); ++ ++ /* Init client */ ++ assert(gnutls_certificate_allocate_credentials(&ccred) >= 0); ++ assert(gnutls_certificate_set_x509_trust_mem ++ (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); ++ ++ gnutls_init(&client, GNUTLS_CLIENT); ++ ret = ++ gnutls_priority_set_direct(client, ++ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", ++ NULL); ++ assert(ret >= 0); ++ ++ ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); ++ if (ret < 0) ++ exit(1); ++ ++ gnutls_transport_set_push_function(client, client_push); ++ gnutls_transport_set_pull_function(client, client_pull); ++ gnutls_transport_set_ptr(client, client); ++ ++ ++ HANDSHAKE(client, server); ++ if (debug) ++ success("Handshake established\n"); ++ ++ key_update_msg_inc = 0; ++ key_update_msg_out = 0; ++ ++ gnutls_handshake_set_hook_function(client, -1, GNUTLS_HOOK_PRE, hsk_callback); ++ ++ /* schedule multiple key updates */ ++ for (i = 0; i < KEY_UPDATES_PER_WINDOW; i++) { ++ do { ++ ret = gnutls_session_key_update(client, 1); ++ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); ++ if (ret < 0) ++ fail("error in key update: %s\n", gnutls_strerror(ret)); ++ } ++ ++ /* server receives the client key update and sends data */ ++ TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); ++ TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); ++ EMPTY_BUF(server, client, buffer, MAX_BUF); ++ ++ if (key_update_msg_out != KEY_UPDATES_PER_WINDOW) ++ fail("unexpected number of key updates are sent: %d\n", ++ key_update_msg_out); ++ else { ++ if (debug) ++ success("successfully sent %d key updates\n", ++ KEY_UPDATES_PER_WINDOW); ++ } ++ if (key_update_msg_inc != 1) ++ fail("unexpected number of key updates received: %d\n", ++ key_update_msg_inc); ++ else { ++ if (debug) ++ success("successfully received 1 key update\n"); ++ } ++ ++ if (exceed_limit) { ++ /* excessive key update in the same time window should ++ * be rejected by the peer */ ++ do { ++ ret = gnutls_session_key_update(client, 1); ++ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); ++ ++ /* server receives the client key update and sends data */ ++ ret = record_send_loop(client, MSG, strlen(MSG), 0); ++ assert(ret == strlen(MSG)); ++ ret = gnutls_record_recv(server, buffer, MAX_BUF); ++ if (ret != GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS) ++ fail("server didn't reject excessive number of key updates\n"); ++ else { ++ if (debug) ++ success("server rejected excessive number of key updates\n"); ++ } ++ } else { ++ virt_sec_sleep(KEY_UPDATES_WINDOW / 1000 + 1); ++ ++ /* the time window should be rolled over now */ ++ do { ++ ret = gnutls_session_key_update(client, 1); ++ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); ++ if (ret < 0) ++ fail("error in key update: %s\n", gnutls_strerror(ret)); ++ ++ /* server receives the client key update and sends data */ ++ TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); ++ TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); ++ EMPTY_BUF(server, client, buffer, MAX_BUF); ++ } ++ ++ gnutls_bye(client, GNUTLS_SHUT_WR); ++ gnutls_bye(server, GNUTLS_SHUT_WR); ++ ++ gnutls_deinit(client); ++ gnutls_deinit(server); ++ ++ gnutls_certificate_free_credentials(scred); ++ gnutls_certificate_free_credentials(ccred); ++ ++ gnutls_global_deinit(); ++ reset_buffers(); ++} ++ ++void doit(void) ++{ ++ virt_time_init(); ++ ++ run("not exceeding limit", 0); ++ run("exceeding limit", 1); ++} +-- +2.20.1 + diff --git a/SOURCES/gnutls-3.6.8.tar.xz.sig b/SOURCES/gnutls-3.6.8.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000..d2f386200e2f07c88cbafdf31687882fcbc3b7bd GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j*#`?XxB^Qfx~P&aef97u=pXPRXN0$l9JzyJyf5ZD|@ zhw*2cWr0)&`v?6YCBW><2XE4(TD}~2;g_C1@fZ2SjZ%Hr7s= zcz{U=K|Z3)X*wacYRTi1u`^ba>AO*&w(-KazuQ%gfpl9E)1&9MxK$!zLRpmP$pmPt z61!2(kj1nR&M)t0u9p&5Tvd7DL&%~&0uD~U(YzFc&e!q7x$|^A{JD;e(Vup)yn0gK z!uyBn8R}yoh9cXtk?dX)iS-lmj5ZsT9b=#gQlh7!8OTs@fFq3w`%n?Mz;2HYTm-p! I+Q>za_#~>DQ2+n{ literal 0 HcmV?d00001 diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec new file mode 100644 index 0000000..025eae0 --- /dev/null +++ b/SPECS/gnutls.spec @@ -0,0 +1,978 @@ +Version: 3.6.8 +Release: 3%{?dist} +Patch1: gnutls-3.2.7-rpath.patch +Patch2: gnutls-3.6.4-no-now-guile.patch +Patch3: gnutls-3.6.5-fix-fips-signature-post.patch +Patch4: gnutls-3.6.8-fips-aes-cbc-kat.patch +Patch5: gnutls-3.6.8-multiple-key-updates.patch +%bcond_without dane +%if 0%{?rhel} +%bcond_with guile +%bcond_without fips +%else +%bcond_without guile +%bcond_without fips +%endif + +Summary: A TLS protocol implementation +Name: gnutls +# The libraries are LGPLv2.1+, utilities are GPLv3+ +License: GPLv3+ and LGPLv2+ +Group: System Environment/Libraries +BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel +BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3 +BuildRequires: libtool, automake, autoconf, texinfo +BuildRequires: autogen-libopts-devel >= 5.18 autogen +BuildRequires: nettle-devel >= 3.4.1 +BuildRequires: trousers-devel >= 0.3.11.2 +BuildRequires: libidn2-devel +BuildRequires: libunistring-devel +BuildRequires: gperf, net-tools, datefudge, softhsm, gcc, gcc-c++ +BuildRequires: gnupg2 +%if %{with fips} +BuildRequires: fipscheck +%endif + +# for a sanity check on cert loading +BuildRequires: p11-kit-trust, ca-certificates +Requires: crypto-policies +Requires: p11-kit-trust +Requires: libtasn1 >= 4.3 +Requires: nettle >= 3.4.1 +Recommends: trousers >= 0.3.11.2 + +%if %{with dane} +BuildRequires: unbound-devel unbound-libs +%endif +%if %{with guile} +BuildRequires: guile-devel +%endif +URL: http://www.gnutls.org/ +Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz +Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig +Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg + +# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) = 20130424 + +%package c++ +Summary: The C++ interface to GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} + +%package devel +Summary: Development files for the %{name} package +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-c++%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif +Requires: pkgconfig +Requires(post): /sbin/install-info +Requires(preun): /sbin/install-info + +%package utils +License: GPLv3+ +Summary: Command line tools for TLS protocol +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif + +%if %{with dane} +%package dane +Summary: A DANE protocol implementation for GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif + +%if %{with guile} +%package guile +Summary: Guile bindings for the GNUTLS library +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: guile +%endif + +%description +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description c++ +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description devel +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains files needed for developing applications with +the GnuTLS library. + +%description utils +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains command line TLS client and server and certificate +manipulation tools. + +%if %{with dane} +%description dane +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains library that implements the DANE protocol for verifying +TLS certificates through DNSSEC. +%endif + +%if %{with guile} +%description guile +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains Guile bindings for the library. +%endif + +%prep +gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} + +%autosetup -p1 + +sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure +rm -f lib/minitasn1/*.c lib/minitasn1/*.h +rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h + +echo "SYSTEM=NORMAL" >> tests/system.prio + +# Note that we explicitly enable SHA1, as SHA1 deprecation is handled +# via the crypto policies + +%build +CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes" +export CCASFLAGS +%configure --with-libtasn1-prefix=%{_prefix} \ +%if %{with fips} + --enable-fips140-mode \ +%endif + --enable-tls13-support \ + --enable-sha1-support \ + --disable-static \ + --disable-openssl-compatibility \ + --disable-non-suiteb-curves \ + --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \ + --with-default-trust-store-pkcs11="pkcs11:" \ + --with-trousers-lib=%{_libdir}/libtspi.so.1 \ + --htmldir=%{_docdir}/manual \ +%if %{with guile} + --enable-guile \ +%else + --disable-guile \ +%endif +%if %{with dane} + --with-unbound-root-key-file=/var/lib/unbound/root.key \ + --enable-dane \ +%else + --disable-dane \ +%endif + --disable-rpath \ + --with-default-priority-string="@SYSTEM" + +make %{?_smp_mflags} V=1 + +%if %{with fips} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \ + file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \ +%{nil} +%endif + +%install +make install DESTDIR=$RPM_BUILD_ROOT +make -C doc install-html DESTDIR=$RPM_BUILD_ROOT +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.* +%if %{without dane} +rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc +%endif + +%find_lang gnutls + +%check +make check %{?_smp_mflags} + +%post devel +if [ -f %{_infodir}/gnutls.info.gz ]; then + /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || : +fi + +%preun devel +if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then + /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || : +fi + +%files -f gnutls.lang +%defattr(-,root,root,-) +%{_libdir}/libgnutls.so.30* +%if %{with fips} +%{_libdir}/.libgnutls.so.30*.hmac +%endif +%doc README.md AUTHORS NEWS THANKS +%license LICENSE doc/COPYING doc/COPYING.LESSER + +%files c++ +%{_libdir}/libgnutlsxx.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +%{_libdir}/libgnutls*.so +%if %{with fips} +%{_libdir}/.libgnutls.so.*.hmac +%endif + +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* +%{_infodir}/gnutls* +%{_infodir}/pkcs11-vision* +%{_docdir}/manual/* + +%files utils +%defattr(-,root,root,-) +%{_bindir}/certtool +%{_bindir}/tpmtool +%{_bindir}/ocsptool +%{_bindir}/psktool +%{_bindir}/p11tool +%{_bindir}/srptool +%if %{with dane} +%{_bindir}/danetool +%endif +%{_bindir}/gnutls* +%{_mandir}/man1/* +%doc doc/certtool.cfg + +%if %{with dane} +%files dane +%defattr(-,root,root,-) +%{_libdir}/libgnutls-dane.so.* +%endif + +%if %{with guile} +%files guile +%defattr(-,root,root,-) +%{_libdir}/guile/2.0/guile-gnutls*.so* +%{_libdir}/guile/2.0/site-ccache/gnutls.go +%{_libdir}/guile/2.0/site-ccache/gnutls/extra.go +%{_datadir}/guile/site/2.0/gnutls.scm +%{_datadir}/guile/site/2.0/gnutls/extra.scm +%endif + +%changelog +* Fri Jun 14 2019 Daiki Ueno - 3.6.8-3 +- Follow-up fix on multiple key updates handling (#1673975) + +* Thu Jun 13 2019 Daiki Ueno - 3.6.8-2 +- Run FIPS AES self-tests over overridden algorithms + +* Wed May 29 2019 Daiki Ueno - 3.6.8-1 +- Update to upstream 3.6.8 release + +* Fri May 24 2019 Anderson Sasaki - 3.6.5-4 +- Fixed FIPS signatures self tests (#1680509) + +* Wed Mar 27 2019 Anderson Sasaki - 3.6.5-3 +- Fixed CVE-2019-3829 (#1693285) +- Fixed CVE-2019-3836 (#1693288) +- Added explicit BuildRequires for nettle-devel >= 3.4.1 + +* Fri Jan 11 2019 Anderson Sasaki - 3.6.5-2 +- Fixed FIPS integrity self tests (#1665061) + +* Mon Dec 17 2018 Anderson Sasaki - 3.6.5-1 +- Update to upstream 3.6.5 release +- Fixes CVE-2018-16868 (#1655395) +- Removed ldconfig scriptlet +- Added explicit Requires for nettle >= 3.4.1 + +* Mon Nov 26 2018 Anderson Sasaki - 3.6.4-7 +- Fix incorrect certificate type returned in TLS1.3 resumption (#1649786) + +* Mon Nov 12 2018 Anderson Sasaki - 3.6.4-6 +- Add support for record_size_limit extension in TLS1.2 (#1644850) + +* Tue Oct 30 2018 Nikos Mavrogiannopoulos - 3.6.4-5 +- Fix issue with GOST ciphers (#1644193) +- Made gnutls-serv use the default priorities if none is specified (#1644243) + +* Wed Oct 24 2018 Nikos Mavrogiannopoulos - 3.6.4-3 +- Fix issue with rehandshake affecting glib-networking (#1641072) + +* Tue Oct 16 2018 Tomáš Mráz - 3.6.4-2 +- Add missing annobin notes for assembler sources + +* Tue Sep 25 2018 Nikos Mavrogiannopoulos - 3.6.4-1 +- Updated to upstream 3.6.4 release +- Added support for the latest version of the TLS1.3 protocol + +* Thu Aug 16 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Fixed support for ECDSA public keys (backported from Fedora) +- Ensure that we do not cause issues with version rollback detection + and TLS1.3. + +* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Updated to upstream 3.6.3 release + +* Wed Jun 06 2018 Nikos Mavrogiannopoulos - 3.6.2-3 +- Include FIPS mode +- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep + +* Fri Feb 16 2018 Nikos Mavrogiannopoulos - 3.6.2-1 +- Updated to upstream 3.6.2 release + +* Wed Feb 07 2018 Fedora Release Engineering - 3.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 2 2018 Nikos Mavrogiannopoulos - 3.6.1-4 +- Rebuilt to address incompatibility with new nettle + +* Thu Nov 30 2017 Nikos Mavrogiannopoulos - 3.6.1-3 +- Corrected regression from 3.6.1-2 which prevented the loading of + arbitrary p11-kit modules (#1507402) + +* Mon Nov 6 2017 Nikos Mavrogiannopoulos - 3.6.1-2 +- Prevent the loading of all PKCS#11 modules on certificate verification + but only restrict to p11-kit trust module (#1507402) + +* Sat Oct 21 2017 Nikos Mavrogiannopoulos - 3.6.1-1 +- Update to upstream 3.6.1 release + +* Mon Aug 21 2017 Nikos Mavrogiannopoulos - 3.6.0-1 +- Update to upstream 3.6.0 release + +* Wed Aug 02 2017 Fedora Release Engineering - 3.5.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.5.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 04 2017 Nikos Mavrogiannopoulos - 3.5.14-1 +- Update to upstream 3.5.14 release + +* Wed Jun 07 2017 Nikos Mavrogiannopoulos - 3.5.13-1 +- Update to upstream 3.5.13 release + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-2 +- Fix issue with p11-kit-trust arch dependency + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-1 +- Update to upstream 3.5.12 release + +* Fri Apr 07 2017 Nikos Mavrogiannopoulos - 3.5.11-1 +- Update to upstream 3.5.11 release + +* Mon Mar 06 2017 Nikos Mavrogiannopoulos - 3.5.10-1 +- Update to upstream 3.5.10 release + +* Wed Feb 15 2017 Nikos Mavrogiannopoulos - 3.5.9-2 +- Work around missing pkg-config file (#1422256) + +* Tue Feb 14 2017 Nikos Mavrogiannopoulos - 3.5.9-1 +- Update to upstream 3.5.9 release + +* Fri Feb 10 2017 Fedora Release Engineering - 3.5.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Feb 4 2017 Nikos Mavrogiannopoulos 3.5.8-2 +- Added patch fix initialization issue in gnutls_pkcs11_obj_list_import_url4 + +* Mon Jan 9 2017 Nikos Mavrogiannopoulos 3.5.8-1 +- New upstream release + +* Tue Dec 13 2016 Nikos Mavrogiannopoulos 3.5.7-3 +- Fix PKCS#8 file loading (#1404084) + +* Thu Dec 8 2016 Nikos Mavrogiannopoulos 3.5.7-1 +- New upstream release + +* Fri Nov 4 2016 Nikos Mavrogiannopoulos 3.5.6-1 +- New upstream release + +* Tue Oct 11 2016 walters@redhat.com - 3.5.5-2 +- Apply patch to fix compatibility with ostree (#1383708) + +* Mon Oct 10 2016 Nikos Mavrogiannopoulos 3.5.5-1 +- New upstream release + +* Thu Sep 8 2016 Nikos Mavrogiannopoulos 3.5.4-1 +- New upstream release + +* Mon Aug 29 2016 Nikos Mavrogiannopoulos 3.5.3-2 +- Work around #1371082 for x86 +- Fixed issue with DTLS sliding window implementation (#1370881) + +* Tue Aug 9 2016 Nikos Mavrogiannopoulos 3.5.3-1 +- New upstream release + +* Wed Jul 6 2016 Nikos Mavrogiannopoulos 3.5.2-1 +- New upstream release + +* Wed Jun 15 2016 Nikos Mavrogiannopoulos 3.5.1-1 +- New upstream release + +* Tue Jun 7 2016 Nikos Mavrogiannopoulos 3.4.13-1 +- New upstream release (#1343258) +- Addresses issue with setuid programs introduced in 3.4.12 (#1343342) + +* Fri May 20 2016 Nikos Mavrogiannopoulos 3.4.12-1 +- New upstream release + +* Mon Apr 11 2016 Nikos Mavrogiannopoulos 3.4.11-1 +- New upstream release + +* Fri Mar 4 2016 Nikos Mavrogiannopoulos 3.4.10-1 +- New upstream release (#1314576) + +* Wed Feb 3 2016 Nikos Mavrogiannopoulos 3.4.9-1 +- Fix broken key usage flags introduced in 3.4.8 (#1303355) + +* Mon Jan 11 2016 Nikos Mavrogiannopoulos 3.4.8-1 +- New upstream release (#1297079) + +* Mon Nov 23 2015 Nikos Mavrogiannopoulos 3.4.7-1 +- New upstream release (#1284300) +- Documentation updates (#1282864) +- Adds interface to set unique IDs in certificates (#1281343) +- Allow arbitrary key sizes with ARCFOUR (#1284401) + +* Wed Oct 21 2015 Nikos Mavrogiannopoulos 3.4.6-1 +- New upstream release (#1273672) +- Enhances p11tool to write CKA_ISSUER and CKA_SERIAL_NUMBER (#1272178) + +* Tue Oct 20 2015 Adam Williamson - 3.4.5-2 +- fix interaction with Chrome 45+ (master secret extension) (#1273102) + +* Mon Sep 14 2015 Nikos Mavrogiannopoulos 3.4.5-1 +- New upstream release (#1252192) +- Eliminates hard limits on CRL parsing of certtool. + +* Mon Aug 10 2015 Nikos Mavrogiannopoulos 3.4.4-1 +- new upstream release +- no longer requires trousers patch +- fixes issue in gnutls_x509_privkey_import (#1250020) + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-2 +- Don't link against trousers but rather dlopen() it when available. + That avoids a dependency on openssl by the main library. + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-1 +- new upstream release + +* Thu Jul 02 2015 Adam Jackson 3.4.2-3 +- Only disable -z now for the guile modules + +* Thu Jun 18 2015 Nikos Mavrogiannopoulos 3.4.2-2 +- rename the symbol version for internal symbols to avoid clashes + with 3.3.x. + +* Wed Jun 17 2015 Nikos Mavrogiannopoulos 3.4.2-1 +- new upstream release + +* Tue May 5 2015 Nikos Mavrogiannopoulos 3.4.1-2 +- Provide missing GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA definition + +* Mon May 4 2015 Nikos Mavrogiannopoulos 3.4.1-1 +- new upstream release + +* Sat May 02 2015 Kalev Lember - 3.3.14-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Mon Mar 30 2015 Nikos Mavrogiannopoulos 3.3.14-1 +- new upstream release +- improved BER decoding of PKCS #12 structures (#1131461) + +* Fri Mar 6 2015 Nikos Mavrogiannopoulos 3.3.13-3 +- Build with hardened flags +- Removed -Wl,--no-add-needed linker flag + +* Fri Feb 27 2015 Till Maas - 3.3.13-2 +- Do not build with hardened flags + +* Thu Feb 26 2015 Nikos Mavrogiannopoulos 3.3.13-1 +- new upstream release + +* Sat Feb 21 2015 Till Maas - 3.3.12-3 +- Make build verbose +- Use %%license + +* Sat Feb 21 2015 Till Maas - 3.3.12-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Mon Jan 19 2015 Nikos Mavrogiannopoulos 3.3.12-1 +- new upstream release + +* Mon Jan 5 2015 Nikos Mavrogiannopoulos 3.3.11-2 +- enabled guile bindings (#1177847) + +* Thu Dec 11 2014 Nikos Mavrogiannopoulos 3.3.11-1 +- new upstream release + +* Mon Nov 10 2014 Nikos Mavrogiannopoulos 3.3.10-1 +- new upstream release + +* Thu Oct 23 2014 Nikos Mavrogiannopoulos 3.3.9-2 +- applied fix for issue in get-issuer (#1155901) + +* Mon Oct 13 2014 Nikos Mavrogiannopoulos 3.3.9-1 +- new upstream release + +* Fri Sep 19 2014 Nikos Mavrogiannopoulos 3.3.8-2 +- strip rpath from library + +* Thu Sep 18 2014 Nikos Mavrogiannopoulos 3.3.8-1 +- new upstream release + +* Mon Aug 25 2014 Nikos Mavrogiannopoulos 3.3.7-1 +- new upstream release + +* Sat Aug 16 2014 Fedora Release Engineering - 3.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 23 2014 Nikos Mavrogiannopoulos 3.3.6-1 +- new upstream release + +* Tue Jul 01 2014 Nikos Mavrogiannopoulos 3.3.5-2 +- Added work-around for s390 builds with gcc 4.9 (#1102324) + +* Mon Jun 30 2014 Nikos Mavrogiannopoulos 3.3.5-1 +- new upstream release + +* Tue Jun 17 2014 Nikos Mavrogiannopoulos 3.3.4-3 +- explicitly depend on p11-kit-trust + +* Sat Jun 07 2014 Fedora Release Engineering - 3.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jun 02 2014 Nikos Mavrogiannopoulos 3.3.4-1 +- new upstream release + +* Fri May 30 2014 Nikos Mavrogiannopoulos 3.3.3-1 +- new upstream release + +* Wed May 21 2014 Nikos Mavrogiannopoulos 3.3.2-2 +- Require crypto-policies + +* Fri May 09 2014 Nikos Mavrogiannopoulos 3.3.2-1 +- new upstream release + +* Mon May 05 2014 Nikos Mavrogiannopoulos 3.3.1-4 +- Replaced /etc/crypto-profiles/apps with /etc/crypto-policies/back-ends. +- Added support for "very weak" profile. + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-2 +- gnutls_global_deinit() will not do anything if the previous + initialization has failed (#1091053) + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-1 +- new upstream release + +* Mon Apr 14 2014 Nikos Mavrogiannopoulos 3.3.0-1 +- new upstream release + +* Tue Apr 08 2014 Nikos Mavrogiannopoulos 3.2.13-1 +- new upstream release + +* Wed Mar 05 2014 Nikos Mavrogiannopoulos 3.2.12.1-1 +- new upstream release + +* Mon Mar 03 2014 Nikos Mavrogiannopoulos 3.2.12-1 +- new upstream release + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-2 +- use p11-kit trust store for certificate verification + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-1 +- new upstream release + +* Tue Jan 14 2014 Tomáš Mráz 3.2.8-2 +- build the crywrap tool + +* Mon Dec 23 2013 Nikos Mavrogiannopoulos 3.2.8-1 +- new upstream release + +* Wed Dec 4 2013 Nikos Mavrogiannopoulos 3.2.7-2 +- Use the correct root key for unbound /var/lib/unbound/root.key (#1012494) +- Pull asm fixes from upstream (#973210) + +* Mon Nov 25 2013 Nikos Mavrogiannopoulos 3.2.7-1 +- new upstream release +- added dependency to autogen-libopts-devel to use the system's + libopts library +- added dependency to trousers-devel to enable TPM support + +* Mon Nov 4 2013 Tomáš Mráz 3.1.16-1 +- new upstream release +- fixes CVE-2013-4466 off-by-one in dane_query_tlsa() + +* Fri Oct 25 2013 Tomáš Mráz 3.1.15-1 +- new upstream release +- fixes CVE-2013-4466 buffer overflow in handling DANE entries + +* Wed Oct 16 2013 Tomáš Mráz 3.1.13-3 +- enable ECC NIST Suite B curves + +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Tomáš Mráz 3.1.13-1 +- new upstream release + +* Mon May 13 2013 Tomáš Mráz 3.1.11-1 +- new upstream release + +* Mon Mar 25 2013 Tomas Mraz 3.1.10-1 +- new upstream release +- license of the library is back to LGPLv2.1+ + +* Fri Mar 15 2013 Tomas Mraz 3.1.9-1 +- new upstream release + +* Thu Mar 7 2013 Tomas Mraz 3.1.8-3 +- drop the temporary old library + +* Tue Feb 26 2013 Tomas Mraz 3.1.8-2 +- don't send ECC algos as supported (#913797) + +* Thu Feb 21 2013 Tomas Mraz 3.1.8-1 +- new upstream version + +* Wed Feb 6 2013 Tomas Mraz 3.1.7-1 +- new upstream version, requires rebuild of dependencies +- this release temporarily includes old compatibility .so + +* Tue Feb 5 2013 Tomas Mraz 2.12.22-2 +- rebuilt with new libtasn1 +- make guile bindings optional - breaks i686 build and there is + no dependent package + +* Tue Jan 8 2013 Tomas Mraz 2.12.22-1 +- new upstream version + +* Wed Nov 28 2012 Tomas Mraz 2.12.21-2 +- use RSA bit sizes supported by libgcrypt in FIPS mode for security + levels (#879643) + +* Fri Nov 9 2012 Tomas Mraz 2.12.21-1 +- new upstream version + +* Thu Nov 1 2012 Tomas Mraz 2.12.20-4 +- negotiate only FIPS approved algorithms in the FIPS mode (#871826) + +* Wed Aug 8 2012 Tomas Mraz 2.12.20-3 +- fix the gnutls-cli-debug manpage - patch by Peter Schiffer + +* Thu Jul 19 2012 Fedora Release Engineering - 2.12.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 18 2012 Tomas Mraz 2.12.20-1 +- new upstream version + +* Fri May 18 2012 Tomas Mraz 2.12.19-1 +- new upstream version + +* Thu Mar 29 2012 Tomas Mraz 2.12.18-1 +- new upstream version + +* Thu Mar 8 2012 Tomas Mraz 2.12.17-1 +- new upstream version +- fix leaks in key generation (#796302) + +* Fri Feb 03 2012 Kevin Fenzi - 2.12.14-3 +- Disable largefile on arm arch. (#787287) + +* Fri Jan 13 2012 Fedora Release Engineering - 2.12.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 8 2011 Tomas Mraz 2.12.14-1 +- new upstream version + +* Mon Oct 24 2011 Tomas Mraz 2.12.12-1 +- new upstream version + +* Thu Sep 29 2011 Tomas Mraz 2.12.11-1 +- new upstream version + +* Fri Aug 26 2011 Tomas Mraz 2.12.9-1 +- new upstream version + +* Tue Aug 16 2011 Tomas Mraz 2.12.8-1 +- new upstream version + +* Mon Jul 25 2011 Tomas Mraz 2.12.7-2 +- fix problem when using new libgcrypt +- split libgnutlsxx to a subpackage (#455146) +- drop libgnutls-openssl (#460310) + +* Tue Jun 21 2011 Tomas Mraz 2.12.7-1 +- new upstream version + +* Mon May 9 2011 Tomas Mraz 2.12.4-1 +- new upstream version + +* Tue Apr 26 2011 Tomas Mraz 2.12.3-1 +- new upstream version + +* Mon Apr 18 2011 Tomas Mraz 2.12.2-1 +- new upstream version + +* Thu Mar 3 2011 Tomas Mraz 2.10.5-1 +- new upstream version + +* Tue Feb 08 2011 Fedora Release Engineering - 2.10.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 8 2010 Tomas Mraz 2.10.4-1 +- new upstream version + +* Thu Dec 2 2010 Tomas Mraz 2.10.3-2 +- fix buffer overflow in gnutls-serv (#659259) + +* Fri Nov 19 2010 Tomas Mraz 2.10.3-1 +- new upstream version + +* Thu Sep 30 2010 Tomas Mraz 2.10.2-1 +- new upstream version + +* Wed Sep 29 2010 jkeating - 2.10.1-4 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Tomas Mraz 2.10.1-3 +- more patching for internal errors regression (#629858) + patch by Vivek Dasmohapatra + +* Tue Sep 21 2010 Tomas Mraz 2.10.1-2 +- backported patch from upstream git hopefully fixing internal errors + (#629858) + +* Wed Aug 4 2010 Tomas Mraz 2.10.1-1 +- new upstream version + +* Wed Jun 2 2010 Tomas Mraz 2.8.6-2 +- add support for safe renegotiation CVE-2009-3555 (#533125) + +* Wed May 12 2010 Tomas Mraz 2.8.6-1 +- upgrade to a new upstream version + +* Mon Feb 15 2010 Rex Dieter 2.8.5-4 +- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624) + +* Thu Jan 28 2010 Tomas Mraz 2.8.5-3 +- drop superfluous rpath from binaries +- do not call autoreconf during build +- specify the license on utils subpackage + +* Mon Jan 18 2010 Tomas Mraz 2.8.5-2 +- do not create static libraries (#556052) + +* Mon Nov 2 2009 Tomas Mraz 2.8.5-1 +- upgrade to a new upstream version + +* Wed Sep 23 2009 Tomas Mraz 2.8.4-1 +- upgrade to a new upstream version + +* Fri Aug 14 2009 Tomas Mraz 2.8.3-1 +- upgrade to a new upstream version + +* Fri Jul 24 2009 Fedora Release Engineering - 2.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Tomas Mraz 2.8.1-1 +- upgrade to a new upstream version + +* Wed Jun 3 2009 Tomas Mraz 2.8.0-1 +- upgrade to a new upstream version + +* Mon May 4 2009 Tomas Mraz 2.6.6-1 +- upgrade to a new upstream version - security fixes + +* Tue Apr 14 2009 Tomas Mraz 2.6.5-1 +- upgrade to a new upstream version, minor bugfixes only + +* Fri Mar 6 2009 Tomas Mraz 2.6.4-1 +- upgrade to a new upstream version + +* Tue Feb 24 2009 Fedora Release Engineering - 2.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 15 2008 Tomas Mraz 2.6.3-1 +- upgrade to a new upstream version + +* Thu Dec 4 2008 Tomas Mraz 2.6.2-1 +- upgrade to a new upstream version + +* Tue Nov 11 2008 Tomas Mraz 2.4.2-3 +- fix chain verification issue CVE-2008-4989 (#470079) + +* Thu Sep 25 2008 Tomas Mraz 2.4.2-2 +- add guile subpackage (#463735) +- force new libtool through autoreconf to drop unnecessary rpaths + +* Tue Sep 23 2008 Tomas Mraz 2.4.2-1 +- new upstream version + +* Tue Jul 1 2008 Tomas Mraz 2.4.1-1 +- new upstream version +- correct the license tag +- explicit --with-included-opencdk not needed +- use external lzo library, internal not included anymore + +* Tue Jun 24 2008 Tomas Mraz 2.4.0-1 +- upgrade to latest upstream + +* Tue May 20 2008 Tomas Mraz 2.0.4-3 +- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 + (#447461, #447462, #447463) + +* Mon Feb 4 2008 Joe Orton 2.0.4-2 +- use system libtasn1 + +* Tue Dec 4 2007 Tomas Mraz 2.0.4-1 +- upgrade to latest upstream + +* Tue Aug 21 2007 Tomas Mraz 1.6.3-2 +- license tag fix + +* Wed Jun 6 2007 Tomas Mraz 1.6.3-1 +- upgrade to latest upstream (#232445) + +* Tue Apr 10 2007 Tomas Mraz 1.4.5-2 +- properly require install-info (patch by Ville Skyttä) +- standard buildroot and use dist tag +- add COPYING and README to doc + +* Wed Feb 7 2007 Tomas Mraz 1.4.5-1 +- new upstream version +- drop libtermcap-devel from buildrequires + +* Thu Sep 14 2006 Tomas Mraz 1.4.1-2 +- detect forged signatures - CVE-2006-4790 (#206411), patch + from upstream + +* Tue Jul 18 2006 Tomas Mraz - 1.4.1-1 +- upgrade to new upstream version, only minor changes + +* Wed Jul 12 2006 Jesse Keating - 1.4.0-1.1 +- rebuild + +* Wed Jun 14 2006 Tomas Mraz - 1.4.0-1 +- upgrade to new upstream version (#192070), rebuild + of dependent packages required + +* Tue May 16 2006 Tomas Mraz - 1.2.10-2 +- added missing buildrequires + +* Mon Feb 13 2006 Tomas Mraz - 1.2.10-1 +- updated to new version (fixes CVE-2006-0645) + +* Fri Feb 10 2006 Jesse Keating - 1.2.9-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.2.9-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 3 2006 Jesse Keating 1.2.9-3 +- rebuilt + +* Fri Dec 9 2005 Tomas Mraz 1.2.9-2 +- replaced *-config scripts with calls to pkg-config to + solve multilib conflicts + +* Wed Nov 23 2005 Tomas Mraz 1.2.9-1 +- upgrade to newest upstream +- removed .la files (#172635) + +* Sun Aug 7 2005 Tomas Mraz 1.2.6-1 +- upgrade to newest upstream (rebuild of dependencies necessary) + +* Mon Jul 4 2005 Tomas Mraz 1.0.25-2 +- split the command line tools to utils subpackage + +* Sat Apr 30 2005 Tomas Mraz 1.0.25-1 +- new upstream version fixes potential DOS attack + +* Sat Apr 23 2005 Tomas Mraz 1.0.24-2 +- readd the version script dropped by upstream + +* Fri Apr 22 2005 Tomas Mraz 1.0.24-1 +- update to the latest upstream version on the 1.0 branch + +* Wed Mar 2 2005 Warren Togami 1.0.20-6 +- gcc4 rebuild + +* Tue Jan 4 2005 Ivana Varekova 1.0.20-5 +- add gnutls Requires zlib-devel (#144069) + +* Mon Nov 08 2004 Colin Walters 1.0.20-4 +- Make gnutls-devel Require libgcrypt-devel + +* Tue Sep 21 2004 Jeff Johnson 1.0.20-3 +- rebuild with release++, otherwise unchanged. + +* Tue Sep 7 2004 Jeff Johnson 1.0.20-2 +- patent tainted SRP code removed. + +* Sun Sep 5 2004 Jeff Johnson 1.0.20-1 +- update to 1.0.20. +- add --with-included-opencdk --with-included-libtasn1 +- add --with-included-libcfg --with-included-lzo +- add --disable-srp-authentication. +- do "make check" after build. + +* Fri Mar 21 2003 Jeff Johnson 0.9.2-1 +- upgrade to 0.9.2 + +* Tue Jun 25 2002 Jeff Johnson 0.4.4-1 +- update to 0.4.4. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sat May 25 2002 Jeff Johnson 0.4.3-1 +- update to 0.4.3. + +* Tue May 21 2002 Jeff Johnson 0.4.2-1 +- update to 0.4.2. +- change license to LGPL. +- include splint annotations patch. + +* Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1 +- update to 0.4.0 + +* Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1 +- update to 0.3.2 + +* Thu Jan 10 2002 Nalin Dahyabhai 0.3.0-1 +- add a URL + +* Thu Dec 20 2001 Nalin Dahyabhai +- initial package