Use full hash+sign operations in pct_test

Resolves: RHEL-172270 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2026-04-27 18:00:00 +09:00 · 2026-04-27 18:00:00 +09:00 · fbd0de3a36
commit fbd0de3a36
parent 1485aa278c
2 changed files with 178 additions and 1 deletions
--- a/gnutls-3.8.10-fips-pct-hash-sign.patch
+++ b/gnutls-3.8.10-fips-pct-hash-sign.patch
@ -0,0 +1,172 @@
+From 3272be27967c42c96b9f9eeab5b0fe886269fb5b Mon Sep 17 00:00:00 2001
+From: Angel Yankov <angel.yankov@suse.com>
+Date: Fri, 8 Nov 2024 17:07:27 +0200
+Subject: [PATCH] Use full hash+sign operations in pct_test
+
+pct_test inside fips uses low-level, separate primitves
+for some hasing and signing. Replace them with high-level,
+more specific APIs.
+
+Signed-off-by: Angel Yankov <angel.yankov@suse.com>
+Modified-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/nettle/pk.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 135 insertions(+), 1 deletion(-)
+
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index 5986a410c2..c665ded6e6 100644
+--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
+@@ -3195,6 +3195,128 @@ cleanup:
+ 	return ret;
+ }
+ 
+static gnutls_sign_algorithm_t pct_pk_to_sign(gnutls_pk_algorithm_t algo,
+					      const gnutls_x509_spki_st *spki)
+{
+	switch (algo) {
+	case GNUTLS_PK_RSA:
+		return gnutls_pk_to_sign(algo, GNUTLS_DIG_SHA256);
+	case GNUTLS_PK_RSA_PSS:
+		return gnutls_pk_to_sign(algo, spki->rsa_pss_dig);
+#ifdef ENABLE_DSA
+	case GNUTLS_PK_DSA:
+#endif
+	case GNUTLS_PK_ECDSA:
+		return gnutls_pk_to_sign(algo, spki->dsa_dig);
+	case GNUTLS_PK_EDDSA_ED25519:
+		return GNUTLS_SIGN_EDDSA_ED25519;
+	case GNUTLS_PK_EDDSA_ED448:
+		return GNUTLS_SIGN_EDDSA_ED448;
+#if ENABLE_GOST
+	case GNUTLS_PK_GOST_01:
+		return GNUTLS_SIGN_GOST_94;
+	case GNUTLS_PK_GOST_12_256:
+		return GNUTLS_SIGN_GOST_256;
+	case GNUTLS_PK_GOST_12_512:
+		return GNUTLS_SIGN_GOST_512;
+#endif
+	case GNUTLS_PK_MLDSA44:
+		return GNUTLS_SIGN_MLDSA44;
+	case GNUTLS_PK_MLDSA65:
+		return GNUTLS_SIGN_MLDSA65;
+	case GNUTLS_PK_MLDSA87:
+		return GNUTLS_SIGN_MLDSA87;
+	default:
+		return GNUTLS_SIGN_UNKNOWN;
+	}
+}
+
+static int pct_hash_sign_test(gnutls_pk_algorithm_t algo,
+			      const gnutls_pk_params_st *params,
+			      const gnutls_x509_spki_st *spki,
+			      const gnutls_datum_t *data)
+{
+	gnutls_privkey_t privkey = NULL;
+	gnutls_pubkey_t pubkey = NULL;
+	gnutls_x509_privkey_t xprivkey = NULL;
+	gnutls_datum_t sig = { NULL, 0 };
+	gnutls_sign_algorithm_t sign_algo;
+	int ret;
+
+	sign_algo = pct_pk_to_sign(algo, spki);
+	if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+		return gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
+
+	ret = gnutls_x509_privkey_init(&xprivkey);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_pk_params_copy(&xprivkey->params, params);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = gnutls_privkey_init(&privkey);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = gnutls_privkey_import_x509(privkey, xprivkey,
+					 GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+	xprivkey = NULL;
+
+	ret = gnutls_pubkey_init(&pubkey);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = gnutls_privkey_sign_data2(privkey, sign_algo, 0, data, &sig);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	/* Ignore algorithm disablement through configuration during PCT.  */
+	ret = gnutls_pubkey_verify_data2(
+		pubkey, sign_algo, GNUTLS_VERIFY_ALLOW_BROKEN, data, &sig);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+cleanup:
+	if (ret < 0) {
+		_gnutls_debug_log("PCT: %s hash+sign self-test failed: %s\n",
+				  gnutls_sign_get_name(sign_algo),
+				  gnutls_strerror(ret));
+	} else {
+		_gnutls_debug_log("PCT: %s hash+sign self-test succeeded\n",
+				  gnutls_sign_get_name(sign_algo));
+	}
+
+	gnutls_x509_privkey_deinit(xprivkey);
+	gnutls_privkey_deinit(privkey);
+	gnutls_pubkey_deinit(pubkey);
+	_gnutls_free_datum(&sig);
+
+	return ret;
+}
+
+ static int pct_test(gnutls_pk_algorithm_t algo,
+ 		    const gnutls_pk_params_st *params)
+ {
+@@ -3341,7 +3463,19 @@ static int pct_test(gnutls_pk_algorithm_t algo,
+ 		ret = _gnutls_pk_verify(algo, &ddata, &sig, params, &spki);
+ 		if (ret < 0) {
+ 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
+-			gnutls_assert();
+			goto cleanup;
+		}
+
+		/* Exercise the combined hash+sign operation, using
+		 * the abstract key interface.
+		 *
+		 * FIXME: rework this once the crypto-backend
+		 * interface natively supports hash+sign operation, see:
+		 * https://gitlab.com/gnutls/gnutls/-/merge_requests/2066
+		 */
+		ret = pct_hash_sign_test(algo, params, &spki, &ddata);
+		if (ret < 0) {
+			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
+ 			goto cleanup;
+ 		}
+ 		break;
+-- 
+2.54.0
+
--- a/gnutls.spec
+++ b/gnutls.spec
@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16))
 }

 Version: 3.8.10
-Release: 4%{?dist}
+Release: 5%{?dist}
 # not upstreamed
 Patch: gnutls-3.2.7-rpath.patch
 Patch: gnutls-3.7.2-enable-intel-cet.patch
@ -69,6 +69,8 @@ Patch: gnutls-3.8.10-1841-hybrid-kx-zeroize.patch
 Patch: gnutls-3.8.10-1823-cfg-clear-options.patch
 Patch: gnutls-3.8.10-1817-security-parameters.patch
 Patch: gnutls-3.8.10-1820-p11p-kdf.patch
+# https://gitlab.com/gnutls/gnutls/-/merge_requests/2100
+Patch: gnutls-3.8.10-fips-pct-hash-sign.patch

 %bcond_without bootstrap
 %bcond_without dane
@ -514,6 +516,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
 %endif

 %changelog
+* Mon Apr 27 2026 Daiki Ueno  <dueno@redhat.com> - 3.8.10-5
+- Use full hash+sign operations in pct_test (RHEL-172270)
+
 * Thu Apr 30 2026 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.10-4
 - Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite)
 - Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour)