import UBI gnutls-3.6.16-8.el8_10.4

.gitignore

@@ -1,6 +1,3 @@
-gmp-6.2.1.tar.xz
-gnutls-3.8.10.tar.xz
-gnutls-3.8.10.tar.xz.sig
-leancrypto-1.5.0.tar.gz
-nettle-3.10.1.tar.gz
-nettle-3.10.1.tar.gz.sig
+SOURCES/gnutls-3.6.16.tar.xz
+SOURCES/gnutls-3.6.16.tar.xz.sig
+SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg

.gnutls.metadata

@@ -0,0 +1,3 @@
+6ba8fb898dcf4b4046b60662ba97df835593e687 SOURCES/gnutls-3.6.16.tar.xz
+b41ac56ff6cca4539c8b084db2c84e8bc21d60ac SOURCES/gnutls-3.6.16.tar.xz.sig
+648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg

SOURCES/gnutls-3.6.14-fips-dh-selftests.patch

@@ -0,0 +1,204 @@
+From f09b7627a63defb1c55e9965fb05e0bbddb90247 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 6 Oct 2020 11:54:21 +0200
+Subject: [PATCH] fips: use larger prime for DH self-tests
+
+According to FIPS140-2 IG 7.5, the minimum key size of FFC through
+2030 is defined as 2048 bits.  This updates the relevant self-test
+using ffdhe3072 defined in RFC 7919.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/crypto-selftests-pk.c | 142 ++++++++++++++++++++++++++++++++++----
+ lib/dh-primes.c           |   4 --
+ 2 files changed, 130 insertions(+), 16 deletions(-)
+
+diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
+index 70b0f618f..9b7c692a8 100644
+--- a/lib/crypto-selftests-pk.c
++++ b/lib/crypto-selftests-pk.c
+@@ -620,32 +620,150 @@ static int test_dh(void)
+ 	gnutls_pk_params_st priv;
+ 	gnutls_pk_params_st pub;
+ 	gnutls_datum_t out = {NULL, 0};
++
++	/* FFDHE 3072 test vector provided by Stephan Mueller in:
++	 * https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424430996
++	 */
+ 	static const uint8_t known_dh_k[] = {
+-		0x10, 0x25, 0x04, 0xb5, 0xc6, 0xc2, 0xcb, 
+-		0x0c, 0xe9, 0xc5, 0x58, 0x0d, 0x22, 0x62};
+-	static const uint8_t test_p[] = {
+-		0x24, 0x85, 0xdd, 0x3a, 0x74, 0x42, 0xe4, 
+-		0xb3, 0xf1, 0x0b, 0x13, 0xf9, 0x17, 0x4d };
+-	static const uint8_t test_g[] = { 0x02 };
++		0xec, 0xb3, 0x85, 0x0c, 0x72, 0x55, 0x55, 0xc2, 0x98, 0x36,
++		0xbe, 0x75, 0x9e, 0xc9, 0x9d, 0x8b, 0x16, 0xa6, 0xe6, 0x84,
++		0x33, 0x12, 0x80, 0x1d, 0xac, 0xde, 0x6a, 0xd7, 0x3b, 0x1e,
++		0x15, 0xca, 0x5d, 0x26, 0xb3, 0x0a, 0x35, 0xf4, 0xbb, 0xad,
++		0x71, 0xcb, 0x03, 0x1a, 0xcb, 0xfb, 0x83, 0xf0, 0xa8, 0xde,
++		0xed, 0x5e, 0x3d, 0x98, 0xd2, 0xb0, 0xef, 0xad, 0xdf, 0x32,
++		0xa0, 0x16, 0x7d, 0x0e, 0x29, 0xd8, 0x85, 0xca, 0x12, 0x97,
++		0x56, 0xab, 0x6a, 0x26, 0xa4, 0x46, 0x3d, 0x87, 0xd7, 0xe0,
++		0xb4, 0x3e, 0x28, 0x75, 0xac, 0x59, 0xc5, 0x71, 0x3a, 0x24,
++		0x15, 0x76, 0x98, 0x72, 0x94, 0x2d, 0xd0, 0x0e, 0xbc, 0x9a,
++		0x77, 0xd4, 0xe2, 0xb2, 0x76, 0x54, 0x4a, 0x56, 0xbe, 0x0b,
++		0x43, 0xf8, 0x21, 0x6f, 0x54, 0x32, 0xde, 0xb7, 0xd5, 0xb7,
++		0x08, 0x00, 0xd2, 0x57, 0x8c, 0x0b, 0x8b, 0x02, 0x3e, 0xdb,
++		0x72, 0x54, 0x3a, 0xc0, 0x50, 0x66, 0xbc, 0xc9, 0x67, 0xf5,
++		0x22, 0x28, 0xf2, 0x3c, 0x51, 0x94, 0x61, 0x26, 0x9a, 0xc6,
++		0x42, 0x0e, 0x8b, 0x42, 0xad, 0x79, 0x40, 0xa9, 0x0b, 0xdc,
++		0x84, 0xd5, 0x71, 0x83, 0x94, 0xd9, 0x83, 0x2f, 0x08, 0x74,
++		0xbc, 0x37, 0x6a, 0x3e, 0x1e, 0xbc, 0xcc, 0x09, 0x23, 0x30,
++		0x79, 0x01, 0x39, 0xf6, 0xe3, 0xa8, 0xc0, 0xfa, 0x7e, 0xdb,
++		0x0b, 0x71, 0x3e, 0x4f, 0x1f, 0x69, 0x84, 0xa6, 0x58, 0x6c,
++		0x36, 0x2c, 0xcc, 0xb4, 0x7c, 0x94, 0xec, 0x06, 0x0b, 0x11,
++		0x53, 0x95, 0xe6, 0x05, 0x43, 0xa4, 0xe4, 0xea, 0x1d, 0x4f,
++		0xdc, 0xd0, 0x38, 0x0e, 0x32, 0xa1, 0xde, 0xd9, 0x8d, 0xd8,
++		0x20, 0xac, 0x04, 0x83, 0xf8, 0x1b, 0x55, 0x52, 0x16, 0x20,
++		0xe3, 0x2e, 0x6d, 0x11, 0x15, 0x29, 0x2f, 0x3a, 0x7c, 0x80,
++		0x0a, 0x71, 0x3d, 0x31, 0x9c, 0x1b, 0x73, 0x59, 0xe1, 0x0d,
++		0x27, 0xc5, 0xc0, 0x6a, 0x72, 0x3a, 0x5b, 0xd6, 0xf6, 0x50,
++		0xe6, 0x69, 0x48, 0x1e, 0xfd, 0xeb, 0x4a, 0x47, 0x73, 0xfb,
++		0x88, 0x14, 0xea, 0x6d, 0x36, 0xe1, 0x4c, 0x2c, 0xf9, 0x04,
++		0xc1, 0xb7, 0x29, 0xfc, 0x5d, 0x02, 0x5d, 0x1c, 0x4d, 0x31,
++		0x4a, 0x51, 0x3f, 0xa4, 0x45, 0x19, 0x29, 0xc4, 0x32, 0xa6,
++		0x45, 0xdb, 0x94, 0x3a, 0xbd, 0x76, 0x2c, 0xd6, 0x1a, 0xb1,
++		0xff, 0xe7, 0x62, 0x75, 0x16, 0xe5, 0x0b, 0xa3, 0x3a, 0x93,
++		0x84, 0xd6, 0xad, 0xc2, 0x24, 0x68, 0x3d, 0xd6, 0x07, 0xe4,
++		0xbe, 0x5a, 0x49, 0x31, 0x06, 0xad, 0x3f, 0x31, 0x4a, 0x1c,
++		0xf7, 0x58, 0xdf, 0x34, 0xcb, 0xc8, 0xa9, 0x07, 0x24, 0x42,
++		0x63, 0xa5, 0x8e, 0xdd, 0x37, 0x78, 0x92, 0x68, 0x3f, 0xd8,
++		0x2f, 0xea, 0x8c, 0xf1, 0x8e, 0xd4, 0x8b, 0xa7, 0x3f, 0xa0,
++		0xfa, 0xaf, 0xf0, 0x35,
++	};
+ 	static const uint8_t test_x[] = {
+-		0x06, 0x2c, 0x96, 0xae, 0x0e, 0x9e, 0x9b, 
+-		0xbb, 0x41, 0x51, 0x7a, 0xa7, 0xc5, 0xfe };
++		0x16, 0x5c, 0xa6, 0xe0, 0x9b, 0x87, 0xfa, 0x2d, 0xbc, 0x13,
++		0x20, 0xcd, 0xac, 0x4e, 0xcc, 0x60, 0x1e, 0x48, 0xec, 0xbe,
++		0x73, 0x0c, 0xa8, 0x6b, 0x6e, 0x2a, 0xee, 0xdd, 0xd8, 0xf3,
++		0x2d, 0x5f, 0x75, 0xf3, 0x07, 0x94, 0x88, 0x3d, 0xb1, 0x38,
++		0xcf, 0xae, 0x4a, 0xcc, 0xcb, 0x6a, 0x80, 0xbc, 0xeb, 0x3b,
++		0xaa, 0x0b, 0x18, 0x74, 0x58, 0x7c, 0x3e, 0x74, 0xef, 0xb6,
++		0xd3, 0x15, 0xee, 0x73, 0x29, 0x88, 0x7b, 0x65, 0x02, 0x39,
++		0x33, 0xec, 0x22, 0x06, 0x8c, 0x5b, 0xd6, 0x2f, 0x4c, 0xf7,
++		0xe0, 0x97, 0x6d, 0x2a, 0x90, 0x36, 0xfe, 0x1a, 0x44, 0x4d,
++		0x9d, 0x41, 0x4b, 0xcb, 0xec, 0x25, 0xf4, 0xc3, 0xa5, 0x91,
++		0xd0, 0x90, 0xc9, 0x34, 0x7b, 0xba, 0x27, 0x30, 0x5a, 0xa2,
++		0x21, 0x58, 0xce, 0x88, 0x25, 0x39, 0xaf, 0xf1, 0x17, 0x02,
++		0x12, 0xf8, 0x55, 0xdc, 0xd2, 0x08, 0x5b, 0xd3, 0xc7, 0x8e,
++		0xcf, 0x29, 0x85, 0x85, 0xdb, 0x5c, 0x08, 0xc2, 0xd7, 0xb0,
++		0x33, 0x0e, 0xe3, 0xb9, 0x2c, 0x1a, 0x1d, 0x4b, 0xe5, 0x76,
++		0x8f, 0xd3, 0x14, 0xb6, 0x8c, 0xdc, 0x9a, 0xe8, 0x15, 0x60,
++		0x60, 0x5e, 0xaa, 0xf9, 0xfa, 0xa6, 0xb2, 0x4f, 0xff, 0x46,
++		0xc1, 0x5e, 0x93, 0x50, 0x90, 0x7e, 0x4c, 0x26, 0xd7, 0xbb,
++		0x21, 0x05, 0x3d, 0x27, 0xc5, 0x9b, 0x0d, 0x46, 0x69, 0xe4,
++		0x74, 0x87, 0x74, 0x55, 0xee, 0x5f, 0xe5, 0x72, 0x04, 0x46,
++		0x1f, 0x2e, 0x55, 0xc7, 0xcc, 0x2b, 0x2b, 0x39, 0x6d, 0x90,
++		0x60, 0x31, 0x37, 0x5b, 0x44, 0xde, 0xfd, 0xf2, 0xd1, 0xc6,
++		0x9c, 0x12, 0x82, 0xcc, 0x7c, 0xb1, 0x0e, 0xa9, 0x95, 0x9d,
++		0xe0, 0xa8, 0x3e, 0xc1, 0xa3, 0x4a, 0x6a, 0x37, 0x59, 0x17,
++		0x93, 0x63, 0x1e, 0xbf, 0x04, 0xa3, 0xaa, 0xc0, 0x1d, 0xc4,
++		0x6d, 0x7a, 0xdc, 0x69, 0x9c, 0xb0, 0x22, 0x56, 0xd9, 0x76,
++		0x92, 0x2d, 0x1e, 0x62, 0xae, 0xfd, 0xd6, 0x9b, 0xfd, 0x08,
++		0x2c, 0x95, 0xec, 0xe7, 0x02, 0x43, 0x62, 0x68, 0x1a, 0xaf,
++		0x46, 0x59, 0xb7, 0xce, 0x8e, 0x42, 0x24, 0xae, 0xf7, 0x0e,
++		0x9a, 0x3b, 0xf8, 0x77, 0xdf, 0x26, 0x85, 0x9f, 0x45, 0xad,
++		0x8c, 0xa9, 0x54, 0x9c, 0x46, 0x44, 0xd5, 0x8a, 0xe9, 0xcc,
++		0x34, 0x5e, 0xc5, 0xd1, 0x42, 0x6f, 0x44, 0xf3, 0x0f, 0x90,
++		0x3a, 0x32, 0x1a, 0x9c, 0x2a, 0x63, 0xec, 0x21, 0xb4, 0xfc,
++		0xfa, 0xa5, 0xcf, 0xe7, 0x9e, 0x43, 0xc7, 0x49, 0x56, 0xbc,
++		0x50, 0xc5, 0x84, 0xf0, 0x42, 0xc8, 0x6a, 0xf1, 0x78, 0xe4,
++		0xaa, 0x06, 0x37, 0xe1, 0x30, 0xf7, 0x65, 0x97, 0xca, 0xfd,
++		0x35, 0xfa, 0xeb, 0x48, 0x6d, 0xaa, 0x45, 0x46, 0x9d, 0xbc,
++		0x1d, 0x98, 0x17, 0x45, 0xa3, 0xee, 0x21, 0xa0, 0x97, 0x38,
++		0x80, 0xc5, 0x28, 0x1f,
++	};
+ 	static const uint8_t test_y[] = { /* y=g^x mod p */
+-		0x1e, 0xca, 0x23, 0x2a, 0xfd, 0x34, 0xe1, 
+-		0x10, 0x7a, 0xff, 0xaf, 0x2d, 0xaa, 0x53 };
++		0x93, 0xeb, 0x5c, 0x37, 0x1d, 0x3c, 0x06, 0x6f, 0xbf, 0xbe,
++		0x96, 0x51, 0x26, 0x58, 0x81, 0x36, 0xc6, 0x4f, 0x9a, 0x34,
++		0xc4, 0xc5, 0xa8, 0xa3, 0x2c, 0x41, 0x76, 0xa8, 0xc6, 0xc0,
++		0xa0, 0xc8, 0x51, 0x36, 0xc4, 0x40, 0x4e, 0x2c, 0x69, 0xf7,
++		0x51, 0xbb, 0xb0, 0xd6, 0xf5, 0xdb, 0x40, 0x29, 0x50, 0x3b,
++		0x8a, 0xf9, 0xf3, 0x53, 0x78, 0xfc, 0x86, 0xe9, 0xf1, 0xe9,
++		0xac, 0x85, 0x13, 0x65, 0x62, 0x22, 0x04, 0x1b, 0x14, 0x2a,
++		0xf4, 0x8f, 0x2f, 0xf1, 0x2f, 0x81, 0xd6, 0x18, 0x0e, 0x76,
++		0x91, 0x43, 0xb2, 0xfc, 0x7c, 0x6f, 0x0c, 0x45, 0x37, 0x31,
++		0x31, 0x58, 0x5c, 0xdf, 0x42, 0x24, 0x7a, 0xba, 0x8b, 0x7f,
++		0x79, 0x06, 0x07, 0xef, 0xd6, 0x06, 0xeb, 0xcb, 0x3c, 0xbd,
++		0xbc, 0xe5, 0xff, 0xfd, 0x62, 0x15, 0x0c, 0x40, 0x46, 0x37,
++		0xef, 0xd0, 0xa1, 0xde, 0x63, 0x4f, 0x20, 0x0b, 0x45, 0x7d,
++		0x06, 0x77, 0xfd, 0x23, 0xc1, 0x32, 0x8a, 0x89, 0x65, 0x16,
++		0xe8, 0x48, 0x12, 0x1c, 0x25, 0x33, 0x2d, 0xbd, 0xd8, 0x9f,
++		0x1c, 0x9d, 0xbc, 0xe3, 0x08, 0x60, 0x87, 0x1a, 0xc6, 0x06,
++		0x36, 0xd2, 0xac, 0x09, 0x6d, 0x99, 0x02, 0x89, 0xc6, 0x12,
++		0x93, 0x8c, 0x4b, 0xd0, 0x7e, 0x36, 0x8a, 0xd6, 0xa0, 0x97,
++		0x4f, 0x97, 0x3f, 0x97, 0x0b, 0xfe, 0x05, 0xfc, 0xc8, 0xef,
++		0x21, 0x4d, 0x4a, 0x06, 0x6e, 0xb4, 0xa6, 0x4f, 0xe1, 0xdd,
++		0x44, 0x06, 0xfa, 0xd5, 0x0e, 0x54, 0xf5, 0x54, 0x3e, 0x8c,
++		0xb9, 0x85, 0x86, 0x00, 0x40, 0x98, 0xe7, 0x01, 0xdd, 0x93,
++		0x9d, 0x95, 0xea, 0xf0, 0xd3, 0x99, 0x4b, 0xeb, 0xd5, 0x79,
++		0x47, 0xa4, 0xad, 0x2a, 0xe0, 0x4d, 0x36, 0x3b, 0x46, 0x10,
++		0x96, 0xbb, 0x48, 0xe9, 0xa1, 0x78, 0x01, 0x35, 0x0a, 0x5c,
++		0x7b, 0x3f, 0xf5, 0xf7, 0xb1, 0xe3, 0x97, 0x17, 0x4d, 0x76,
++		0x10, 0x8d, 0x68, 0x4c, 0x94, 0x7d, 0xee, 0x0e, 0x20, 0x8b,
++		0xce, 0x7d, 0x0a, 0xa3, 0x51, 0xfb, 0xe6, 0xcf, 0xf0, 0x0e,
++		0x7f, 0x3c, 0xd4, 0xef, 0x56, 0x31, 0xb2, 0x95, 0xf0, 0x5f,
++		0x4b, 0x9c, 0x03, 0x9e, 0xae, 0xb1, 0xc1, 0x46, 0xd7, 0xc0,
++		0x4f, 0xb0, 0xf6, 0x6c, 0xe1, 0xe9, 0x2a, 0x97, 0xe0, 0x3f,
++		0x3a, 0x93, 0x04, 0xcd, 0x41, 0x7d, 0x45, 0x03, 0xb3, 0x40,
++		0x20, 0xe6, 0xad, 0x2d, 0xd3, 0xf7, 0x32, 0x7b, 0xcc, 0x4f,
++		0x81, 0x18, 0x4c, 0x50, 0x77, 0xc4, 0xb7, 0x6a, 0x4d, 0x05,
++		0xd8, 0x6d, 0xbf, 0x6f, 0xba, 0x1d, 0x38, 0x78, 0x87, 0xd2,
++		0x8e, 0xc2, 0x6d, 0xb6, 0xed, 0x66, 0x61, 0xa8, 0xb9, 0x19,
++		0x0e, 0x93, 0xd1, 0xcd, 0x5b, 0xbe, 0x19, 0x05, 0x52, 0x43,
++		0xd6, 0xc1, 0x07, 0x3c, 0x6a, 0x62, 0xbd, 0x33, 0x9b, 0x1b,
++		0x02, 0x42, 0x61, 0x14,
++	};
+ 
+ 	gnutls_pk_params_init(&priv);
+ 	gnutls_pk_params_init(&pub);
+ 	
+ 	priv.algo = pub.algo = GNUTLS_PK_DH;
+ 	
+-	ret = _gnutls_mpi_init_scan(&priv.params[DH_P], test_p, sizeof(test_p));
++	ret = _gnutls_mpi_init_scan(&priv.params[DH_P],
++				    gnutls_ffdhe_3072_group_prime.data,
++				    gnutls_ffdhe_3072_group_prime.size);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+ 		goto cleanup;
+ 	}
+ 
+-	ret = _gnutls_mpi_init_scan(&priv.params[DH_G], test_g, sizeof(test_g));
++	ret = _gnutls_mpi_init_scan(&priv.params[DH_G],
++				    gnutls_ffdhe_3072_group_generator.data,
++				    gnutls_ffdhe_3072_group_generator.size);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+ 		goto cleanup;
+diff --git a/lib/dh-primes.c b/lib/dh-primes.c
+index a440b5b98..94b69e345 100644
+--- a/lib/dh-primes.c
++++ b/lib/dh-primes.c
+@@ -23,8 +23,6 @@
+ #include "gnutls_int.h"
+ #include <gnutls/gnutls.h>
+ 
+-#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
+-
+ #include "dh.h"
+ 
+ static const unsigned char ffdhe_generator = 0x02;
+@@ -1934,5 +1932,3 @@ _gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
+ 
+ 	return 0;
+ }
+-
+-#endif
+-- 
+2.26.2
+

SOURCES/gnutls-3.6.14-fips-kdf-selftests.patch

@@ -0,0 +1,713 @@
+From 93c0e3ba4d2cfee86b32f28f33303a2193c4133c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 5 Oct 2020 16:12:46 +0200
+Subject: [PATCH 1/4] fips: add self-tests for HKDF
+
+FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms.  As
+the guidance only requires running a single instance of each KDF
+mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
+with HMAC-SHA-256 as the underlying MAC.
+
+Although HKDF is non-approved, it would be sensible to do that as it
+will be approved in FIPS140-3.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ devel/libgnutls-latest-x86_64.abi |   1 +
+ lib/crypto-selftests.c            | 159 ++++++++++++++++++++++++++++++
+ lib/fips.c                        |   7 ++
+ lib/includes/gnutls/self-test.h   |   1 +
+ lib/libgnutls.map                 |   1 +
+ 5 files changed, 169 insertions(+)
+
+diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
+index 7a1c7729c..bd148b6af 100644
+--- a/lib/crypto-selftests.c
++++ b/lib/crypto-selftests.c
+@@ -2917,3 +2917,162 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest)
+ 
+ 	return 0;
+ }
++
++struct hkdf_vectors_st {
++	const uint8_t *ikm;
++	unsigned int ikm_size;
++	const uint8_t *salt;
++	unsigned int salt_size;
++	const uint8_t *prk;
++	unsigned int prk_size;
++	const uint8_t *info;
++	unsigned int info_size;
++	const uint8_t *okm;
++	unsigned int okm_size;
++};
++
++const struct hkdf_vectors_st hkdf_sha256_vectors[] = {
++	/* RFC 5869: A.1. Test Case 1: Basic test case with SHA-256 */
++	{
++		STR(ikm, ikm_size,
++		    "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
++		    "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
++		STR(salt, salt_size,
++		    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"),
++		STR(prk, prk_size,
++		    "\x07\x77\x09\x36\x2c\x2e\x32\xdf\x0d\xdc\x3f\x0d\xc4\x7b"
++		    "\xba\x63\x90\xb6\xc7\x3b\xb5\x0f\x9c\x31\x22\xec\x84\x4a"
++		    "\xd7\xc2\xb3\xe5"),
++		STR(info, info_size,
++		    "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9"),
++		STR(okm, okm_size,
++		    "\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36"
++		    "\x2f\x2a\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56"
++		    "\xec\xc4\xc5\xbf\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65"),
++	},
++	/* RFC 5869: A.2. Test Case 2: Test with SHA-256 and longer inputs/outputs */
++	{
++		STR(ikm, ikm_size,
++		    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
++		    "\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b"
++		    "\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29"
++		    "\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37"
++		    "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45"
++		    "\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"),
++		STR(salt, salt_size,
++		    "\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d"
++		    "\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b"
++		    "\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89"
++		    "\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97"
++		    "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5"
++		    "\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"),
++		STR(prk, prk_size,
++		    "\x06\xa6\xb8\x8c\x58\x53\x36\x1a\x06\x10\x4c\x9c\xeb\x35"
++		    "\xb4\x5c\xef\x76\x00\x14\x90\x46\x71\x01\x4a\x19\x3f\x40"
++		    "\xc1\x5f\xc2\x44"),
++		STR(info, info_size,
++		    "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd"
++		    "\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb"
++		    "\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9"
++		    "\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
++		    "\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5"
++		    "\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"),
++		STR(okm, okm_size,
++		    "\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a"
++		    "\x49\x34\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c"
++		    "\x19\xaf\xa9\x7c\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb"
++		    "\x41\xc6\x5e\x59\x0e\x09\xda\x32\x75\x60\x0c\x2f\x09\xb8"
++		    "\x36\x77\x93\xa9\xac\xa3\xdb\x71\xcc\x30\xc5\x81\x79\xec"
++		    "\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f\x1d\x87"),
++	},
++};
++
++static int test_hkdf(gnutls_mac_algorithm_t mac,
++		     const struct hkdf_vectors_st *vectors,
++		     size_t vectors_size, unsigned flags)
++{
++	unsigned int i;
++
++	for (i = 0; i < vectors_size; i++) {
++		gnutls_datum_t ikm, prk, salt, info;
++		uint8_t output[4096];
++		int ret;
++
++		ikm.data = (void *) vectors[i].ikm;
++		ikm.size = vectors[i].ikm_size;
++		salt.data = (void *) vectors[i].salt;
++		salt.size = vectors[i].salt_size;
++
++		ret = gnutls_hkdf_extract(mac, &ikm, &salt, output);
++		if (ret < 0) {
++			_gnutls_debug_log("error extracting HKDF: MAC-%s\n",
++					  gnutls_mac_get_name(mac));
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++
++		if (memcmp(output, vectors[i].prk, vectors[i].prk_size) != 0) {
++			_gnutls_debug_log
++			    ("HKDF extract: MAC-%s test vector failed!\n",
++			     gnutls_mac_get_name(mac));
++
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++
++		prk.data = (void *) vectors[i].prk;
++		prk.size = vectors[i].prk_size;
++		info.data = (void *) vectors[i].info;
++		info.size = vectors[i].info_size;
++
++		ret = gnutls_hkdf_expand(mac, &prk, &info,
++					 output, vectors[i].okm_size);
++		if (ret < 0) {
++			_gnutls_debug_log("error extracting HKDF: MAC-%s\n",
++					  gnutls_mac_get_name(mac));
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++
++		if (memcmp(output, vectors[i].okm, vectors[i].okm_size) != 0) {
++			_gnutls_debug_log
++			    ("HKDF expand: MAC-%s test vector failed!\n",
++			     gnutls_mac_get_name(mac));
++
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++	}
++
++	_gnutls_debug_log
++	    ("HKDF: MAC-%s self check succeeded\n",
++	     gnutls_mac_get_name(mac));
++
++	return 0;
++}
++
++/*-
++ * gnutls_hkdf_self_test:
++ * @flags: GNUTLS_SELF_TEST_FLAG flags
++ * @mac: the message authentication algorithm to use
++ *
++ * This function will run self tests on HKDF with the provided mac.
++ *
++ * Returns: Zero or a negative error code on error.
++ *
++ * Since: 3.3.0-FIPS140
++ -*/
++int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
++{
++	int ret;
++
++	if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
++		mac = GNUTLS_MAC_UNKNOWN;
++
++	switch (mac) {
++	case GNUTLS_MAC_UNKNOWN:
++		CASE(GNUTLS_MAC_SHA256, test_hkdf, hkdf_sha256_vectors);
++
++		break;
++	default:
++		return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
++	}
++
++	return 0;
++}
+diff --git a/lib/fips.c b/lib/fips.c
+index f8b10f750..48891ed57 100644
+--- a/lib/fips.c
++++ b/lib/fips.c
+@@ -423,6 +423,13 @@ int _gnutls_fips_perform_self_checks2(void)
+ 		goto error;
+ 	}
+ 
++	/* HKDF */
++	ret = gnutls_hkdf_self_test(0, GNUTLS_MAC_SHA256);
++	if (ret < 0) {
++		gnutls_assert();
++		goto error;
++	}
++
+ 	if (_gnutls_rnd_ops.self_test == NULL) {
+ 		gnutls_assert();
+ 		goto error;
+diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
+index aacbe94ca..9b7be8159 100644
+--- a/lib/includes/gnutls/self-test.h
++++ b/lib/includes/gnutls/self-test.h
+@@ -34,5 +34,6 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher);
+ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
+ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
++int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+ 
+ #endif
+diff --git a/lib/libgnutls.map b/lib/libgnutls.map
+index 61276e534..386b66f83 100644
+--- a/lib/libgnutls.map
++++ b/lib/libgnutls.map
+@@ -1347,6 +1347,7 @@ GNUTLS_FIPS140_3_4 {
+ 	gnutls_pk_self_test;
+ 	gnutls_mac_self_test;
+ 	gnutls_digest_self_test;
++	gnutls_hkdf_self_test;
+ 	#for FIPS140-2 validation
+ 	drbg_aes_reseed;
+ 	drbg_aes_init;
+-- 
+2.26.2
+
+
+From 31cc94275cd267f4e0db60999cc932fd76d43d5a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 5 Oct 2020 16:59:50 +0200
+Subject: [PATCH 2/4] fips: add self-tests for PBKDF2
+
+FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms.  As
+the guidance only requires running a single instance of each KDF
+mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the
+underlying MAC algorithm.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ devel/libgnutls-latest-x86_64.abi |   1 +
+ lib/crypto-selftests.c            | 107 ++++++++++++++++++++++++++++++
+ lib/fips.c                        |   7 ++
+ lib/includes/gnutls/self-test.h   |   1 +
+ lib/libgnutls.map                 |   1 +
+ 5 files changed, 117 insertions(+)
+
+diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
+index bd148b6af..c4b0bd207 100644
+--- a/lib/crypto-selftests.c
++++ b/lib/crypto-selftests.c
+@@ -3076,3 +3076,110 @@ int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
+ 
+ 	return 0;
+ }
++
++struct pbkdf2_vectors_st {
++	const uint8_t *key;
++	size_t key_size;
++	const uint8_t *salt;
++	size_t salt_size;
++	unsigned iter_count;
++	const uint8_t *output;
++	size_t output_size;
++};
++
++const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
++	/* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
++	{
++		STR(key, key_size, "passwd"),
++		STR(salt, salt_size, "salt"),
++		.iter_count = 1,
++		STR(output, output_size,
++		    "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
++		    "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
++		    "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
++		    "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
++		    "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
++	},
++	/* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
++	{
++		STR(key, key_size, "Password"),
++		STR(salt, salt_size, "NaCl"),
++		.iter_count = 80000,
++		STR(output, output_size,
++		    "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
++		    "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
++		    "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
++		    "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
++		    "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
++	},
++};
++
++static int test_pbkdf2(gnutls_mac_algorithm_t mac,
++		       const struct pbkdf2_vectors_st *vectors,
++		       size_t vectors_size, unsigned flags)
++{
++	unsigned int i;
++
++	for (i = 0; i < vectors_size; i++) {
++		gnutls_datum_t key, salt;
++		uint8_t output[4096];
++		int ret;
++
++		key.data = (void *) vectors[i].key;
++		key.size = vectors[i].key_size;
++		salt.data = (void *) vectors[i].salt;
++		salt.size = vectors[i].salt_size;
++
++		ret = gnutls_pbkdf2(mac, &key, &salt, vectors[i].iter_count,
++				    output, vectors[i].output_size);
++		if (ret < 0) {
++			_gnutls_debug_log("error calculating PBKDF2: MAC-%s\n",
++					  gnutls_mac_get_name(mac));
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++
++		if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) {
++			_gnutls_debug_log
++			    ("PBKDF2: MAC-%s test vector failed!\n",
++			     gnutls_mac_get_name(mac));
++
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++	}
++
++	_gnutls_debug_log
++	    ("PBKDF2: MAC-%s self check succeeded\n",
++	     gnutls_mac_get_name(mac));
++
++	return 0;
++}
++
++/*-
++ * gnutls_pbkdf2_self_test:
++ * @flags: GNUTLS_SELF_TEST_FLAG flags
++ * @mac: the message authentication algorithm to use
++ *
++ * This function will run self tests on PBKDF2 with the provided mac.
++ *
++ * Returns: Zero or a negative error code on error.
++ *
++ * Since: 3.3.0-FIPS140
++ -*/
++int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
++{
++	int ret;
++
++	if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
++		mac = GNUTLS_MAC_UNKNOWN;
++
++	switch (mac) {
++	case GNUTLS_MAC_UNKNOWN:
++		CASE(GNUTLS_MAC_SHA256, test_pbkdf2, pbkdf2_sha256_vectors);
++
++		break;
++	default:
++		return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
++	}
++
++	return 0;
++}
+diff --git a/lib/fips.c b/lib/fips.c
+index 48891ed57..7cfab1049 100644
+--- a/lib/fips.c
++++ b/lib/fips.c
+@@ -430,6 +430,13 @@ int _gnutls_fips_perform_self_checks2(void)
+ 		goto error;
+ 	}
+ 
++	/* PBKDF2 */
++	ret = gnutls_pbkdf2_self_test(0, GNUTLS_MAC_SHA256);
++	if (ret < 0) {
++		gnutls_assert();
++		goto error;
++	}
++
+ 	if (_gnutls_rnd_ops.self_test == NULL) {
+ 		gnutls_assert();
+ 		goto error;
+diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
+index 9b7be8159..958c0da8f 100644
+--- a/lib/includes/gnutls/self-test.h
++++ b/lib/includes/gnutls/self-test.h
+@@ -35,5 +35,6 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
+ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
+ int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
++int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+ 
+ #endif
+diff --git a/lib/libgnutls.map b/lib/libgnutls.map
+index 386b66f83..f5537a386 100644
+--- a/lib/libgnutls.map
++++ b/lib/libgnutls.map
+@@ -1348,6 +1348,7 @@ GNUTLS_FIPS140_3_4 {
+ 	gnutls_mac_self_test;
+ 	gnutls_digest_self_test;
+ 	gnutls_hkdf_self_test;
++	gnutls_pbkdf2_self_test;
+ 	#for FIPS140-2 validation
+ 	drbg_aes_reseed;
+ 	drbg_aes_init;
+-- 
+2.26.2
+
+
+From d1a3235e8c829855969d00364d8b5456fce2c78c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 5 Oct 2020 17:44:30 +0200
+Subject: [PATCH 3/4] fips: add self-tests for TLS-PRF
+
+FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms.  As
+the guidance only requires to run a single instance of each KDF
+mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the
+underlying MAC algorithm.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ devel/libgnutls-latest-x86_64.abi |   1 +
+ lib/crypto-selftests.c            | 196 ++++++++++++++++++++++++++++++
+ lib/fips.c                        |   7 ++
+ lib/includes/gnutls/self-test.h   |   1 +
+ lib/libgnutls.map                 |   1 +
+ 5 files changed, 206 insertions(+)
+
+diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
+index c4b0bd207..b740936d6 100644
+--- a/lib/crypto-selftests.c
++++ b/lib/crypto-selftests.c
+@@ -3183,3 +3183,199 @@ int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
+ 
+ 	return 0;
+ }
++
++struct tlsprf_vectors_st {
++	const uint8_t *key;
++	size_t key_size;
++	const uint8_t *label;
++	size_t label_size;
++	const uint8_t *seed;
++	size_t seed_size;
++	const uint8_t *output;
++	size_t output_size;
++};
++
++const struct tlsprf_vectors_st tls10prf_vectors[] = {
++	/* tests/tls10-prf.c: test1 */
++	{
++		STR(key, key_size,
++		    "\x26\x3b\xdb\xbb\x6f\x6d\x4c\x66\x4e\x05\x8d\x0a\xa9\xd3"
++		    "\x21\xbe"),
++		STR(label, label_size,
++		    "test label"),
++		STR(seed, seed_size,
++		    "\xb9\x20\x57\x3b\x19\x96\x01\x02\x4f\x04\xd6\xdc\x61\x96"
++		    "\x6e\x65"),
++		STR(output, output_size,
++		    "\x66\x17\x99\x37\x65\xfa\x6c\xa7\x03\xd1\x9e\xc7\x0d\xd5"
++		    "\xdd\x16\x0f\xfc\xc0\x77\x25\xfa\xfb\x71\x4a\x9f\x81\x5a"
++		    "\x2a\x30\xbf\xb7\xe3\xbb\xfb\x7e\xee\x57\x4b\x3b\x61\x3e"
++		    "\xb7\xfe\x80\xee\xc9\x69\x1d\x8c\x1b\x0e\x2d\x9b\x3c\x8b"
++		    "\x4b\x02\xb6\xb6\xd6\xdb\x88\xe2\x09\x46\x23\xef\x62\x40"
++		    "\x60\x7e\xda\x7a\xbe\x3c\x84\x6e\x82\xa3"),
++	},
++};
++
++const struct tlsprf_vectors_st tls12prf_sha256_vectors[] = {
++	/* tests/tls12-prf.c: sha256_test1 */
++	{
++		STR(key, key_size,
++		    "\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8"
++		    "\x6f\x4a"),
++		STR(label, label_size,
++		    "test label"),
++		STR(seed, seed_size,
++		    "\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60"
++		    "\x1d\x8b"),
++		STR(output, output_size,
++		    "\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97"
++		    "\x9e\x1d"),
++	},
++	/* tests/tls12-prf.c: sha256_test2 */
++	{
++		STR(key, key_size,
++		    "\x34\x20\x4a\x9d\xf0\xbe\x6e\xb4\xe9\x25\xa8\x02\x7c\xf6"
++		    "\xc6\x02"),
++		STR(label, label_size,
++		    "test label"),
++		STR(seed, seed_size,
++		    "\x98\xb2\xc4\x0b\xcd\x66\x4c\x83\xbb\x92\x0c\x18\x20\x1a"
++		    "\x63\x95"),
++		STR(output, output_size,
++		    "\xaf\xa9\x31\x24\x53\xc2\x2f\xa8\x3d\x2b\x51\x1b\x37\x2d"
++		    "\x73\xa4\x02\xa2\xa6\x28\x73\x23\x9a\x51\xfa\xde\x45\x08"
++		    "\x2f\xaf\x3f\xd2\xbb\x7f\xfb\x3e\x9b\xf3\x6e\x28\xb3\x14"
++		    "\x1a\xab\xa4\x84\x00\x53\x32\xa9\xf9\xe3\x88\xa4\xd3\x29"
++		    "\xf1\x58\x7a\x4b\x31\x7d\xa0\x77\x08\xea\x1b\xa9\x5a\x53"
++		    "\xf8\x78\x67\x24\xbd\x83\xce\x4b\x03\xaf"),
++	},
++	/* tests/tls12-prf.c: sha256_test3 */
++	{
++		STR(key, key_size,
++		    "\xa3\x69\x1a\xa1\xf6\x81\x4b\x80\x59\x2b\xf1\xcf\x2a\xcf"
++		    "\x16\x97"),
++		STR(label, label_size,
++		    "test label"),
++		STR(seed, seed_size,
++		    "\x55\x23\xd4\x1e\x32\x0e\x69\x4d\x0c\x1f\xf5\x73\x4d\x83"
++		    "\x0b\x93\x3e\x46\x92\x70\x71\xc9\x26\x21"),
++		STR(output, output_size,
++		    "\x6a\xd0\x98\x4f\xa0\x6f\x78\xfe\x16\x1b\xd4\x6d\x7c\x26"
++		    "\x1d\xe4\x33\x40\xd7\x28\xdd\xdc\x3d\x0f\xf0\xdd\x7e\x0d"),
++	},
++	/* tests/tls12-prf.c: sha256_test4 */
++	{
++		STR(key, key_size,
++		    "\x21\x0e\xc9\x37\x06\x97\x07\xe5\x46\x5b\xc4\x6b\xf7\x79"
++		    "\xe1\x04\x10\x8b\x18\xfd\xb7\x93\xbe\x7b\x21\x8d\xbf\x14"
++		    "\x5c\x86\x41\xf3"),
++		STR(label, label_size,
++		    "test label"),
++		STR(seed, seed_size,
++		    "\x1e\x35\x1a\x0b\xaf\x35\xc7\x99\x45\x92\x43\x94\xb8\x81"
++		    "\xcf\xe3\x1d\xae\x8f\x1c\x1e\xd5\x4d\x3b"),
++		STR(output, output_size,
++		    "\x76\x53\xfa\x80\x9c\xde\x3b\x55\x3c\x4a\x17\xe2\xcd\xbc"
++		    "\xc9\x18\xf3\x65\x27\xf2\x22\x19\xa7\xd7\xf9\x5d\x97\x24"
++		    "\x3f\xf2\xd5\xde\xe8\x26\x5e\xf0\xaf\x03"),
++	},
++};
++
++const struct tlsprf_vectors_st tls12prf_sha384_vectors[] = {
++	/* tests/tls12-prf.c: sha384_test1
++	 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
++	 */
++	{
++		STR(key, key_size,
++		    "\xb8\x0b\x73\x3d\x6c\xee\xfc\xdc\x71\x56\x6e\xa4\x8e\x55"
++		    "\x67\xdf"),
++		STR(label, label_size,
++		    "test label"),
++		STR(seed, seed_size,
++		    "\xcd\x66\x5c\xf6\xa8\x44\x7d\xd6\xff\x8b\x27\x55\x5e\xdb"
++		    "\x74\x65"),
++		STR(output, output_size,
++		    "\x7b\x0c\x18\xe9\xce\xd4\x10\xed\x18\x04\xf2\xcf\xa3\x4a"
++		    "\x33\x6a\x1c\x14\xdf\xfb\x49\x00\xbb\x5f\xd7\x94\x21\x07"
++		    "\xe8\x1c\x83\xcd\xe9\xca\x0f\xaa\x60\xbe\x9f\xe3\x4f\x82"
++		    "\xb1\x23\x3c\x91\x46\xa0\xe5\x34\xcb\x40\x0f\xed\x27\x00"
++		    "\x88\x4f\x9d\xc2\x36\xf8\x0e\xdd\x8b\xfa\x96\x11\x44\xc9"
++		    "\xe8\xd7\x92\xec\xa7\x22\xa7\xb3\x2f\xc3\xd4\x16\xd4\x73"
++		    "\xeb\xc2\xc5\xfd\x4a\xbf\xda\xd0\x5d\x91\x84\x25\x9b\x5b"
++		    "\xf8\xcd\x4d\x90\xfa\x0d\x31\xe2\xde\xc4\x79\xe4\xf1\xa2"
++		    "\x60\x66\xf2\xee\xa9\xa6\x92\x36\xa3\xe5\x26\x55\xc9\xe9"
++		    "\xae\xe6\x91\xc8\xf3\xa2\x68\x54\x30\x8d\x5e\xaa\x3b\xe8"
++		    "\x5e\x09\x90\x70\x3d\x73\xe5\x6f"),
++	},
++};
++
++static int test_tlsprf(gnutls_mac_algorithm_t mac,
++		       const struct tlsprf_vectors_st *vectors,
++		       size_t vectors_size, unsigned flags)
++{
++	unsigned int i;
++
++	for (i = 0; i < vectors_size; i++) {
++		char output[4096];
++		int ret;
++
++		ret = _gnutls_prf_raw(mac,
++				      vectors[i].key_size, vectors[i].key,
++				      vectors[i].label_size, (const char *)vectors[i].label,
++				      vectors[i].seed_size, vectors[i].seed,
++				      vectors[i].output_size, output);
++		if (ret < 0) {
++			_gnutls_debug_log("error calculating TLS-PRF: MAC-%s\n",
++					  gnutls_mac_get_name(mac));
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++
++		if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) {
++			_gnutls_debug_log
++			    ("TLS-PRF: MAC-%s test vector failed!\n",
++			     gnutls_mac_get_name(mac));
++
++			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
++		}
++	}
++
++	_gnutls_debug_log
++	    ("TLS-PRF: MAC-%s self check succeeded\n",
++	     gnutls_mac_get_name(mac));
++
++	return 0;
++}
++
++/*-
++ * gnutls_tlsprf_self_test:
++ * @flags: GNUTLS_SELF_TEST_FLAG flags
++ * @mac: the message authentication algorithm to use
++ *
++ * This function will run self tests on TLS-PRF with the provided mac.
++ *
++ * Returns: Zero or a negative error code on error.
++ *
++ * Since: 3.3.0-FIPS140
++ -*/
++int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
++{
++	int ret;
++
++	if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
++		mac = GNUTLS_MAC_UNKNOWN;
++
++	switch (mac) {
++	case GNUTLS_MAC_UNKNOWN:
++		NON_FIPS_CASE(GNUTLS_MAC_MD5_SHA1, test_tlsprf, tls10prf_vectors);
++		FALLTHROUGH;
++		CASE(GNUTLS_MAC_SHA256, test_tlsprf, tls12prf_sha256_vectors);
++		FALLTHROUGH;
++		CASE(GNUTLS_MAC_SHA384, test_tlsprf, tls12prf_sha384_vectors);
++
++		break;
++	default:
++		return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
++	}
++
++	return 0;
++}
+diff --git a/lib/fips.c b/lib/fips.c
+index 7cfab1049..30d396b2c 100644
+--- a/lib/fips.c
++++ b/lib/fips.c
+@@ -437,6 +437,13 @@ int _gnutls_fips_perform_self_checks2(void)
+ 		goto error;
+ 	}
+ 
++	/* TLS-PRF */
++	ret = gnutls_tlsprf_self_test(0, GNUTLS_MAC_SHA256);
++	if (ret < 0) {
++		gnutls_assert();
++		goto error;
++	}
++
+ 	if (_gnutls_rnd_ops.self_test == NULL) {
+ 		gnutls_assert();
+ 		goto error;
+diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
+index 958c0da8f..88b5a8dbf 100644
+--- a/lib/includes/gnutls/self-test.h
++++ b/lib/includes/gnutls/self-test.h
+@@ -36,5 +36,6 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
+ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
+ int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+ int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
++int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+ 
+ #endif
+diff --git a/lib/libgnutls.map b/lib/libgnutls.map
+index f5537a386..643d400a1 100644
+--- a/lib/libgnutls.map
++++ b/lib/libgnutls.map
+@@ -1349,6 +1349,7 @@ GNUTLS_FIPS140_3_4 {
+ 	gnutls_digest_self_test;
+ 	gnutls_hkdf_self_test;
+ 	gnutls_pbkdf2_self_test;
++	gnutls_tlsprf_self_test;
+ 	#for FIPS140-2 validation
+ 	drbg_aes_reseed;
+ 	drbg_aes_init;
+-- 
+2.26.2
+
+
+From af3df0102fc377591a6de3112b034d4a492fc92c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 5 Oct 2020 17:59:46 +0200
+Subject: [PATCH 4/4] fips: run CMAC self-tests
+
+FIPS140-2 IG D.8 mandates self-tests on CMAC.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/fips.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/fips.c b/lib/fips.c
+index 30d396b2c..51567953d 100644
+--- a/lib/fips.c
++++ b/lib/fips.c
+@@ -398,6 +398,12 @@ int _gnutls_fips_perform_self_checks2(void)
+ 		goto error;
+ 	}
+ 
++	ret = gnutls_mac_self_test(0, GNUTLS_MAC_AES_CMAC_256);
++	if (ret < 0) {
++		gnutls_assert();
++		goto error;
++	}
++
+ 	/* PK */
+ 	ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
+ 	if (ret < 0) {
+-- 
+2.26.2
+

SOURCES/gnutls-3.6.16-cpuid.patch

@@ -0,0 +1,247 @@
+From 300c6315d2e644ae81b43fa2dd7bbf68b3afb5b2 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Thu, 18 Nov 2021 19:02:03 +0100
+Subject: [PATCH 1/2] accelerated: fix CPU feature detection for Intel CPUs
+
+This fixes read_cpuid_vals to correctly read the CPUID quadruple, as
+well as to set the bit the ustream CRYPTOGAMS uses to identify Intel
+CPUs.
+
+Suggested by Rafael Gieschke in:
+https://gitlab.com/gnutls/gnutls/-/issues/1282
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/accelerated/x86/x86-common.c | 91 +++++++++++++++++++++++++-------
+ 1 file changed, 71 insertions(+), 20 deletions(-)
+
+diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
+index 3845c6b4c9..cf615ef24f 100644
+--- a/lib/accelerated/x86/x86-common.c
++++ b/lib/accelerated/x86/x86-common.c
+@@ -81,15 +81,38 @@ unsigned int _gnutls_x86_cpuid_s[4];
+ # define bit_AVX 0x10000000
+ #endif
+ 
+-#ifndef OSXSAVE_MASK
+-/* OSXSAVE|FMA|MOVBE */
+-# define OSXSAVE_MASK (0x8000000|0x1000|0x400000)
++#ifndef bit_AVX2
++# define bit_AVX2 0x00000020
++#endif
++
++#ifndef bit_AVX512F
++# define bit_AVX512F 0x00010000
++#endif
++
++#ifndef bit_AVX512IFMA
++# define bit_AVX512IFMA 0x00200000
++#endif
++
++#ifndef bit_AVX512BW
++# define bit_AVX512BW 0x40000000
++#endif
++
++#ifndef bit_AVX512VL
++# define bit_AVX512VL 0x80000000
++#endif
++
++#ifndef bit_OSXSAVE
++# define bit_OSXSAVE 0x8000000
+ #endif
+ 
+ #ifndef bit_MOVBE
+ # define bit_MOVBE 0x00400000
+ #endif
+ 
++#ifndef OSXSAVE_MASK
++# define OSXSAVE_MASK (bit_OSXSAVE|bit_MOVBE)
++#endif
++
+ #define via_bit_PADLOCK (0x3 << 6)
+ #define via_bit_PADLOCK_PHE (0x3 << 10)
+ #define via_bit_PADLOCK_PHE_SHA512 (0x3 << 25)
+@@ -127,7 +150,7 @@ static unsigned read_cpuid_vals(unsigned int vals[4])
+ 	unsigned t1, t2, t3;
+ 	vals[0] = vals[1] = vals[2] = vals[3] = 0;
+ 
+-	if (!__get_cpuid(1, &t1, &vals[0], &vals[1], &t2))
++	if (!__get_cpuid(1, &t1, &t2, &vals[1], &vals[0]))
+ 		return 0;
+ 	/* suppress AVX512; it works conditionally on certain CPUs on the original code */
+ 	vals[1] &= 0xfffff7ff;
+@@ -145,7 +168,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx)
+ {
+ 	uint32_t xcr0;
+ 
+-	if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK)
++	if ((ecx & bit_OSXSAVE) != bit_OSXSAVE)
+ 		return 0;
+ 
+ #if defined(_MSC_VER) && !defined(__clang__)
+@@ -233,10 +256,7 @@ static unsigned check_sha(void)
+ #ifdef ASM_X86_64
+ static unsigned check_avx_movbe(void)
+ {
+-	if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0)
+-		return 0;
+-
+-	return ((_gnutls_x86_cpuid_s[1] & bit_AVX));
++	return (_gnutls_x86_cpuid_s[1] & bit_AVX);
+ }
+ 
+ static unsigned check_pclmul(void)
+@@ -514,33 +534,47 @@ void register_x86_padlock_crypto(unsigned capabilities)
+ }
+ #endif
+ 
+-static unsigned check_intel_or_amd(void)
++enum x86_cpu_vendor {
++	X86_CPU_VENDOR_OTHER,
++	X86_CPU_VENDOR_INTEL,
++	X86_CPU_VENDOR_AMD,
++};
++
++static enum x86_cpu_vendor check_x86_cpu_vendor(void)
+ {
+ 	unsigned int a, b, c, d;
+ 
+-	if (!__get_cpuid(0, &a, &b, &c, &d))
+-		return 0;
++	if (!__get_cpuid(0, &a, &b, &c, &d)) {
++		return X86_CPU_VENDOR_OTHER;
++	}
+ 
+-	if ((memcmp(&b, "Genu", 4) == 0 &&
+-	     memcmp(&d, "ineI", 4) == 0 &&
+-	     memcmp(&c, "ntel", 4) == 0) ||
+-	    (memcmp(&b, "Auth", 4) == 0 &&
+-	     memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
+-		return 1;
++	if (memcmp(&b, "Genu", 4) == 0 &&
++	    memcmp(&d, "ineI", 4) == 0 &&
++	    memcmp(&c, "ntel", 4) == 0) {
++		return X86_CPU_VENDOR_INTEL;
+ 	}
+ 
+-	return 0;
++	if (memcmp(&b, "Auth", 4) == 0 &&
++	    memcmp(&d, "enti", 4) == 0 &&
++	    memcmp(&c, "cAMD", 4) == 0) {
++		return X86_CPU_VENDOR_AMD;
++	}
++
++	return X86_CPU_VENDOR_OTHER;
+ }
+ 
+ static
+ void register_x86_intel_crypto(unsigned capabilities)
+ {
+ 	int ret;
++	enum x86_cpu_vendor vendor;
+ 
+ 	memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
+ 
+-	if (check_intel_or_amd() == 0)
++	vendor = check_x86_cpu_vendor();
++	if (vendor == X86_CPU_VENDOR_OTHER) {
+ 		return;
++	}
+ 
+ 	if (capabilities == 0) {
+ 		if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
+@@ -549,6 +583,23 @@ void register_x86_intel_crypto(unsigned capabilities)
+ 		capabilities_to_intel_cpuid(capabilities);
+ 	}
+ 
++	/* CRYPTOGAMS uses the (1 << 30) bit as an indicator of Intel CPUs */
++	if (vendor == X86_CPU_VENDOR_INTEL) {
++		_gnutls_x86_cpuid_s[0] |= 1 << 30;
++	} else {
++		_gnutls_x86_cpuid_s[0] &= ~(1 << 30);
++	}
++
++	if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
++		_gnutls_x86_cpuid_s[1] &= ~bit_AVX;
++
++		/* Clear AVX2 bits as well, according to what OpenSSL does.
++		 * Should we clear bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, and
++		 * bit_AVX512CD? */
++		_gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|bit_AVX512F|bit_AVX512IFMA|
++					    bit_AVX512BW|bit_AVX512BW);
++	}
++
+ 	if (check_ssse3()) {
+ 		_gnutls_debug_log("Intel SSSE3 was detected\n");
+ 
+-- 
+2.37.3
+
+
+From cd509dac9e6d1bf76fd12c72c1fd61f1708c254a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 15 Aug 2022 09:39:18 +0900
+Subject: [PATCH 2/2] accelerated: clear AVX bits if it cannot be queried
+ through XSAVE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
+Architectures Software Developer’s Manual".
+
+GnuTLS previously only followed that algorithm when registering the
+crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
+that the extension bits are propagated to _gnutls_x86_cpuid_s.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/accelerated/x86/x86-common.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
+index cf615ef24f..655d0c65f2 100644
+--- a/lib/accelerated/x86/x86-common.c
++++ b/lib/accelerated/x86/x86-common.c
+@@ -210,7 +210,8 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
+ 	}
+ 
+ 	if (capabilities & INTEL_AVX) {
+-		if ((a[1] & bit_AVX) && check_4th_gen_intel_features(a[1])) {
++		if ((a[1] & bit_AVX) && (a[1] & bit_MOVBE) &&
++		    check_4th_gen_intel_features(a[1])) {
+ 			_gnutls_x86_cpuid_s[1] |= bit_AVX|bit_MOVBE;
+ 		} else {
+ 			_gnutls_debug_log
+@@ -256,7 +257,7 @@ static unsigned check_sha(void)
+ #ifdef ASM_X86_64
+ static unsigned check_avx_movbe(void)
+ {
+-	return (_gnutls_x86_cpuid_s[1] & bit_AVX);
++	return (_gnutls_x86_cpuid_s[1] & (bit_AVX|bit_MOVBE)) == (bit_AVX|bit_MOVBE);
+ }
+ 
+ static unsigned check_pclmul(void)
+@@ -579,6 +580,19 @@ void register_x86_intel_crypto(unsigned capabilities)
+ 	if (capabilities == 0) {
+ 		if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
+ 			return;
++		if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
++			_gnutls_x86_cpuid_s[1] &= ~bit_AVX;
++
++			/* Clear AVX2 bits as well, according to what
++			 * OpenSSL does.  Should we clear
++			 * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER,
++			 * and bit_AVX512CD? */
++			_gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|
++						    bit_AVX512F|
++						    bit_AVX512IFMA|
++						    bit_AVX512BW|
++						    bit_AVX512BW);
++		}
+ 	} else {
+ 		capabilities_to_intel_cpuid(capabilities);
+ 	}
+-- 
+2.37.3
+

SOURCES/gnutls-3.6.16-cve-2025-32988.patch

@@ -0,0 +1,38 @@
+commit 3b68043ef7e338118bce3ccdcbfafc8f005a6725
+Author: Daiki Ueno <ueno@gnu.org>
+Date:   Mon Jul 7 10:44:12 2025 +0900
+
+    x509: avoid double free when exporting othernames in SAN
+    
+    Previously, the _gnutls_write_new_othername function, called by
+    gnutls_x509_ext_export_subject_alt_names to export "otherName" in a
+    certificate's SAN extension, freed the caller allocated ASN.1
+    structure upon error, resulting in a potential double-free.
+    
+    Reported by OpenAI Security Research Team.
+    
+    Signed-off-by: Daiki Ueno <ueno@gnu.org>
+    Backported-by: Alexander Sosedkin <asosedki@redhat.com>
+    Backported-from: 608829769cbc247679ffe98841109fc73875e573
+    Fixes: CVE-2025-32988
+
+diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
+index c9fef21a12..c0acdf9a94 100644
+--- a/lib/x509/extensions.c
++++ b/lib/x509/extensions.c
+@@ -805,7 +805,6 @@ _gnutls_write_new_othername(ASN1_TYPE ext, const char *ext_name,
+ 	result = asn1_write_value(ext, name2, oid, 1);
+ 	if (result != ASN1_SUCCESS) {
+ 		gnutls_assert();
+-		asn1_delete_structure(&ext);
+ 		return _gnutls_asn2err(result);
+ 	}
+ 
+@@ -814,7 +813,6 @@ _gnutls_write_new_othername(ASN1_TYPE ext, const char *ext_name,
+ 	result = asn1_write_value(ext, name2, data, data_size);
+ 	if (result != ASN1_SUCCESS) {
+ 		gnutls_assert();
+-		asn1_delete_structure(&ext);
+ 		return _gnutls_asn2err(result);
+ 	}
+ 

SOURCES/gnutls-3.6.16-cve-2025-6395.patch

@@ -0,0 +1,272 @@
+commit 8af3c1686d41b059f6f4b8352d36d9686cf7febe
+Author: Daiki Ueno <ueno@gnu.org>
+Date:   Mon Jul 7 11:15:45 2025 +0900
+
+    handshake: clear HSK_PSK_SELECTED is when resetting binders
+    
+    When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
+    second Client Hello omits PSK, the server would result in a NULL
+    pointer dereference as the PSK binder information is cleared while the
+    HSK_PSK_SELECTED flag is still set. This makes sure that
+    HSK_PSK_SELECTED flag is always cleared when the PSK binders are
+    reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
+    only during a handshake; after that, whether PSK is used can be
+    checked with gnutls_auth_client_get_type.
+    
+    Reported by Stefan Bühler.
+    
+    Signed-off-by: Daiki Ueno <ueno@gnu.org>
+    Backported-by: Alexander Sosedkin <asosedki@redhat.com>
+    Backported-from: 23135619773e6ec087ff2abc65405bd4d5676bad
+    Fixes: CVE-2025-6395
+
+diff --git a/lib/handshake.c b/lib/handshake.c
+index ce2d160e20..b156223cbc 100644
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -580,9 +580,28 @@ static int set_auth_types(gnutls_session_t session)
+ 		/* Under TLS1.3 this returns a KX which matches the negotiated
+ 		 * groups from the key shares; if we are resuming then the KX seen
+ 		 * here doesn't match the original session. */
+-		if (session->internals.resumed == RESUME_FALSE)
+-			kx = gnutls_kx_get(session);
+-		else
++		if (session->internals.resumed == RESUME_FALSE) {
++			const gnutls_group_entry_st *group = get_group(session);
++
++			if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
++				if (group) {
++					kx = group->pk == GNUTLS_PK_DH ?
++						     GNUTLS_KX_DHE_PSK :
++						     GNUTLS_KX_ECDHE_PSK;
++				} else {
++					kx = GNUTLS_KX_PSK;
++				}
++			} else if (group) {
++				/* Not necessarily be RSA, but just to
++				 * make _gnutls_map_kx_get_cred below
++				 * work.
++				 */
++				kx = group->pk == GNUTLS_PK_DH ?
++					     GNUTLS_KX_DHE_RSA :
++					     GNUTLS_KX_ECDHE_RSA;
++			} else
++				kx = GNUTLS_KX_UNKNOWN;
++		} else
+ 			kx = GNUTLS_KX_UNKNOWN;
+ 	} else {
+ 		/* TLS1.2 or earlier, kx is associated with ciphersuite */
+diff --git a/lib/state.c b/lib/state.c
+index 817a7b8cd8..2bd08c3190 100644
+--- a/lib/state.c
++++ b/lib/state.c
+@@ -175,7 +175,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
+ 		const gnutls_group_entry_st *group = get_group(session);
+ 
+ 		if (ver->tls13_sem) {
+-			if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
++			if (gnutls_auth_client_get_type(session) ==
++			    GNUTLS_CRD_PSK) {
+ 				if (group) {
+ 					if (group->pk == GNUTLS_PK_DH)
+ 						return GNUTLS_KX_DHE_PSK;
+@@ -264,6 +265,7 @@ void reset_binders(gnutls_session_t session)
+ 	_gnutls_free_temp_key_datum(&session->key.binders[0].psk);
+ 	_gnutls_free_temp_key_datum(&session->key.binders[1].psk);
+ 	memset(session->key.binders, 0, sizeof(session->key.binders));
++	session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
+ }
+ 
+ /* Check whether certificate credentials of type @cert_type are set
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index b04cb081b4..1019f6c1d8 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -118,6 +118,8 @@ ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \
+ 
+ ctests += tls13/hello_retry_request
+ 
++ctests += tls13/hello_retry_request_psk
++
+ ctests += tls13/psk-ext
+ 
+ ctests += tls13/key_update
+diff --git a/tests/tls13/hello_retry_request_psk.c b/tests/tls13/hello_retry_request_psk.c
+new file mode 100644
+index 0000000000..a20cb0d965
+--- /dev/null
++++ b/tests/tls13/hello_retry_request_psk.c
+@@ -0,0 +1,173 @@
++/*
++ * Copyright (C) 2017-2025 Red Hat, Inc.
++ *
++ * Author: Nikos Mavrogiannopoulos, Daiki Ueno
++ *
++ * This file is part of GnuTLS.
++ *
++ * GnuTLS is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuTLS is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <https://www.gnu.org/licenses/>
++ */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <stdint.h>
++
++#include <string.h>
++#include <gnutls/gnutls.h>
++#include <assert.h>
++
++#include "cert-common.h"
++#include "utils.h"
++#include "tls13/ext-parse.h"
++#include "eagain-common.h"
++
++/* This program exercises the case where a TLS 1.3 handshake ends up
++ * with HRR, and the first CH includes PSK while the 2nd CH omits
++ * it */
++
++const char *testname = "hello entry request";
++
++const char *side = "";
++
++#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__)
++
++static void tls_log_func(int level, const char *str)
++{
++	fprintf(stderr, "%s|<%d>| %s", side, level, str);
++}
++
++struct ctx_st {
++	unsigned hrr_seen;
++	unsigned hello_counter;
++};
++
++static int pskfunc(gnutls_session_t session, const char *username,
++		   gnutls_datum_t *key)
++{
++	if (debug)
++		printf("psk: username %s\n", username);
++	key->data = gnutls_malloc(4);
++	key->data[0] = 0xDE;
++	key->data[1] = 0xAD;
++	key->data[2] = 0xBE;
++	key->data[3] = 0xEF;
++	key->size = 4;
++	return 0;
++}
++
++static int hello_callback(gnutls_session_t session, unsigned int htype,
++			  unsigned post, unsigned int incoming,
++			  const gnutls_datum_t *msg)
++{
++	struct ctx_st *ctx = gnutls_session_get_ptr(session);
++	assert(ctx != NULL);
++
++	if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST)
++		ctx->hrr_seen = 1;
++
++	if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
++		if (post == GNUTLS_HOOK_POST)
++			ctx->hello_counter++;
++		else {
++			/* Unset the PSK credential to omit the extension */
++			gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL);
++		}
++	}
++
++	return 0;
++}
++
++void doit(void)
++{
++	int sret, cret;
++	gnutls_psk_server_credentials_t scred;
++	gnutls_psk_client_credentials_t ccred;
++	gnutls_certificate_credentials_t ccred2;
++	gnutls_session_t server, client;
++	/* Need to enable anonymous KX specifically. */
++	const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
++
++	struct ctx_st ctx;
++	memset(&ctx, 0, sizeof(ctx));
++
++	global_init();
++
++	gnutls_global_set_log_function(tls_log_func);
++	if (debug)
++		gnutls_global_set_log_level(9);
++
++	/* Init server */
++	assert(gnutls_psk_allocate_server_credentials(&scred) >= 0);
++	gnutls_psk_set_server_credentials_function(scred, pskfunc);
++
++	gnutls_init(&server, GNUTLS_SERVER);
++
++	assert(gnutls_priority_set_direct(
++		       server,
++		       "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK",
++		       NULL) >= 0);
++
++	gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred);
++	gnutls_transport_set_push_function(server, server_push);
++	gnutls_transport_set_pull_function(server, server_pull);
++	gnutls_transport_set_ptr(server, server);
++
++	/* Init client */
++	assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0);
++	gnutls_psk_set_client_credentials(ccred, "test", &key,
++					  GNUTLS_PSK_KEY_HEX);
++	assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0);
++
++	assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_KEY_SHARE_TOP) >= 0);
++
++	gnutls_session_set_ptr(client, &ctx);
++
++	cret = gnutls_priority_set_direct(
++		client,
++		"NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK",
++		NULL);
++	if (cret < 0)
++		myfail("cannot set TLS 1.3 priorities\n");
++
++	gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred);
++	gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2);
++	gnutls_transport_set_push_function(client, client_push);
++	gnutls_transport_set_pull_function(client, client_pull);
++	gnutls_transport_set_ptr(client, client);
++
++	gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY,
++					   GNUTLS_HOOK_BOTH, hello_callback);
++
++	HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
++			 GNUTLS_E_INSUFFICIENT_CREDENTIALS);
++
++	assert(ctx.hrr_seen != 0);
++
++	gnutls_bye(client, GNUTLS_SHUT_WR);
++	gnutls_bye(server, GNUTLS_SHUT_WR);
++
++	gnutls_deinit(client);
++	gnutls_deinit(server);
++
++	gnutls_psk_free_server_credentials(scred);
++	gnutls_psk_free_client_credentials(ccred);
++	gnutls_certificate_free_credentials(ccred2);
++
++	gnutls_global_deinit();
++	reset_buffers();
++}

SOURCES/gnutls-3.6.16-deterministic-ecdsa-fixes.patch

@@ -0,0 +1,474 @@
+From 0d39e4120bc5ece53c86c5802c546259b8ca286a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 12 Jan 2024 17:56:58 +0900
+Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA
+
+This removes function calls that potentially leak bit-length of a
+private key used to calculate a nonce in deterministic ECDSA.  Namely:
+
+- _gnutls_dsa_compute_k has been rewritten to work on always
+  zero-padded mp_limb_t arrays instead of mpz_t
+- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
+  by a byte array instead of an mpz_t value
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/nettle/int/dsa-compute-k.c    | 84 +++++++++++++++++++------------
+ lib/nettle/int/dsa-compute-k.h    | 31 +++++++++---
+ lib/nettle/int/ecdsa-compute-k.c  | 71 +++++++++-----------------
+ lib/nettle/int/ecdsa-compute-k.h  |  8 +--
+ lib/nettle/pk.c                   | 79 ++++++++++++++++++++---------
+ tests/sign-verify-deterministic.c |  2 +-
+ 6 files changed, 158 insertions(+), 117 deletions(-)
+
+diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
+index 17d63318c4..ddeb6f6d1e 100644
+--- a/lib/nettle/int/dsa-compute-k.c
++++ b/lib/nettle/int/dsa-compute-k.c
+@@ -31,33 +31,37 @@
+ #include "mpn-base256.h"
+ #include <string.h>
+ 
+-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+-
+-/* The maximum size of q, choosen from the fact that we support
+- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
+- * maximum. */
+-#define MAX_Q_BITS 521
+-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
+-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+-
+-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
+-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+-
+-int
+-_gnutls_dsa_compute_k(mpz_t k,
+-		      const mpz_t q,
+-		      const mpz_t x,
+-		      gnutls_mac_algorithm_t mac,
+-		      const uint8_t *digest,
+-		      size_t length)
++/* For mini-gmp */
++#ifndef GMP_LIMB_BITS
++#define GMP_LIMB_BITS GMP_NUMB_BITS
++#endif
++
++static inline int is_zero_limb(mp_limb_t x)
++{
++	x |= (x << 1);
++	return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
++}
++
++static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
++{
++	volatile mp_limb_t w;
++	mp_size_t i;
++
++	for (i = 0, w = 0; i < n; i++)
++		w |= ap[i];
++
++	return is_zero_limb(w);
++}
++
++int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
++			  mp_size_t qn, mp_bitcnt_t q_bits,
++			  gnutls_mac_algorithm_t mac, const uint8_t *digest,
++			  size_t length)
+ {
+ 	uint8_t V[MAX_HASH_SIZE];
+ 	uint8_t K[MAX_HASH_SIZE];
+ 	uint8_t xp[MAX_Q_SIZE];
+ 	uint8_t tp[MAX_Q_SIZE];
+-	mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)];
+-	mp_bitcnt_t q_bits = mpz_sizeinbase (q, 2);
+-	mp_size_t qn = mpz_size(q);
+ 	mp_bitcnt_t h_bits = length * 8;
+ 	mp_size_t hn = BITS_TO_LIMBS(h_bits);
+ 	size_t nbytes = (q_bits + 7) / 8;
+@@ -66,6 +70,7 @@ _gnutls_dsa_compute_k(mpz_t k,
+ 	mp_limb_t cy;
+ 	gnutls_hmac_hd_t hd;
+ 	int ret = 0;
++	mp_limb_t scratch[MAX_Q_LIMBS];
+ 
+ 	if (unlikely(q_bits > MAX_Q_BITS))
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+@@ -73,7 +78,7 @@ _gnutls_dsa_compute_k(mpz_t k,
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ 
+ 	/* int2octets(x) */
+-	mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
++	mpn_get_base256(xp, nbytes, x, qn);
+ 
+ 	/* bits2octets(h) */
+ 	mpn_set_base256(h, hn, digest, length);
+@@ -97,12 +102,12 @@ _gnutls_dsa_compute_k(mpz_t k,
+ 			mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
+ 	}
+ 
+-	cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
++	cy = mpn_sub_n(h, h, q, qn);
+ 	/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
+ #ifdef mpn_cnd_add_n
+-	mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
++	mpn_cnd_add_n(cy, h, h, q, qn);
+ #else
+-	mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
++	mpn_addmul_1(h, q, qn, cy != 0);
+ #endif
+ 	mpn_get_base256(tp, nbytes, h, qn);
+ 
+@@ -178,12 +183,8 @@ _gnutls_dsa_compute_k(mpz_t k,
+ 		if (tlen * 8 > q_bits)
+ 			mpn_rshift (h, h, qn, tlen * 8 - q_bits);
+ 		/* Check if k is in [1,q-1] */
+-		if (!mpn_zero_p (h, qn) &&
+-		    mpn_cmp (h, mpz_limbs_read(q), qn) < 0) {
+-			mpn_copyi(mpz_limbs_write(k, qn), h, qn);
+-			mpz_limbs_finish(k, qn);
++		if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
+ 			break;
+-		}
+ 
+ 		ret = gnutls_hmac_init(&hd, mac, K, length);
+ 		if (ret < 0)
+@@ -207,3 +208,24 @@ _gnutls_dsa_compute_k(mpz_t k,
+ 
+ 	return ret;
+ }
++
++/* cancel-out dsa_sign's addition of 1 to random data */
++void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				  mp_size_t n)
++{
++	/* Fall back to sub_1, if nettle is linked with mini-gmp. */
++#ifdef mpn_sec_sub_1
++	mp_limb_t t[MAX_Q_LIMBS];
++
++	mpn_sec_sub_1(h, h, n, 1, t);
++#else
++	mpn_sub_1(h, h, n, 1);
++#endif
++	mpn_get_base256(k, nbytes, h, n);
++}
++
++void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				    mp_size_t n)
++{
++	mpn_get_base256(k, nbytes, h, n);
++}
+diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
+index 64e90e0ca2..e88fce0a6d 100644
+--- a/lib/nettle/int/dsa-compute-k.h
++++ b/lib/nettle/int/dsa-compute-k.h
+@@ -26,12 +26,29 @@
+ #include <gnutls/gnutls.h>
+ #include <nettle/bignum.h> /* includes gmp.h */
+ 
+-int
+-_gnutls_dsa_compute_k(mpz_t k,
+-		      const mpz_t q,
+-		      const mpz_t x,
+-		      gnutls_mac_algorithm_t mac,
+-		      const uint8_t *digest,
+-		      size_t length);
++#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
++
++/* The maximum size of q, chosen from the fact that we support
++ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
++ * maximum. */
++#define MAX_Q_BITS 521
++#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
++#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
++
++#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
++#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
++
++#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
++
++int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
++			  mp_size_t qn, mp_bitcnt_t q_bits,
++			  gnutls_mac_algorithm_t mac, const uint8_t *digest,
++			  size_t length);
++
++void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				  mp_size_t n);
++
++void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				    mp_size_t n);
+ 
+ #endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
+diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
+index 94914ebdfa..819302c1c7 100644
+--- a/lib/nettle/int/ecdsa-compute-k.c
++++ b/lib/nettle/int/ecdsa-compute-k.c
+@@ -29,67 +29,46 @@
+ #include "dsa-compute-k.h"
+ #include "gnutls_int.h"
+ 
+-static inline int
+-_gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
++int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)
+ {
+ 	switch (curve) {
+ #ifdef ENABLE_NON_SUITEB_CURVES
+ 	case GNUTLS_ECC_CURVE_SECP192R1:
+-		mpz_init_set_str(*q,
+-				 "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
+-				 "146BC9B1B4D22831",
+-				 16);
++		mpz_set_str(q,
++			    "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
++			    "146BC9B1B4D22831",
++			    16);
+ 		return 0;
+ 	case GNUTLS_ECC_CURVE_SECP224R1:
+-		mpz_init_set_str(*q,
+-				 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
+-				 "E0B8F03E13DD29455C5C2A3D",
+-				 16);
++		mpz_set_str(q,
++			    "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
++			    "E0B8F03E13DD29455C5C2A3D",
++			    16);
+ 		return 0;
+ #endif
+ 	case GNUTLS_ECC_CURVE_SECP256R1:
+-		mpz_init_set_str(*q,
+-				 "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
+-				 "BCE6FAADA7179E84F3B9CAC2FC632551",
+-				 16);
++		mpz_set_str(q,
++			    "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
++			    "BCE6FAADA7179E84F3B9CAC2FC632551",
++			    16);
+ 		return 0;
+ 	case GNUTLS_ECC_CURVE_SECP384R1:
+-		mpz_init_set_str(*q,
+-				 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+-				 "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
+-				 "581A0DB248B0A77AECEC196ACCC52973",
+-				 16);
++		mpz_set_str(q,
++			    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
++			    "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
++			    "581A0DB248B0A77AECEC196ACCC52973",
++			    16);
+ 		return 0;
+ 	case GNUTLS_ECC_CURVE_SECP521R1:
+-		mpz_init_set_str(*q,
+-				 "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+-				 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+-				 "FFA51868783BF2F966B7FCC0148F709A"
+-				 "5D03BB5C9B8899C47AEBB6FB71E91386"
+-				 "409",
+-				 16);
++		mpz_set_str(q,
++			    "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
++			    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
++			    "FFA51868783BF2F966B7FCC0148F709A"
++			    "5D03BB5C9B8899C47AEBB6FB71E91386"
++			    "409",
++			    16);
+ 		return 0;
+ 	default:
+ 		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
+ 	}
+ }
+-
+-int
+-_gnutls_ecdsa_compute_k (mpz_t k,
+-			 gnutls_ecc_curve_t curve,
+-			 const mpz_t x,
+-			 gnutls_mac_algorithm_t mac,
+-			 const uint8_t *digest,
+-			 size_t length)
+-{
+-	mpz_t q;
+-	int ret;
+-
+-	ret = _gnutls_ecc_curve_to_dsa_q(&q, curve);
+-	if (ret < 0)
+-		return gnutls_assert_val(ret);
+-
+-	ret = _gnutls_dsa_compute_k (k, q, x, mac, digest, length);
+-	mpz_clear(q);
+-	return ret;
+-}
+diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h
+index 7ca401d6e4..a7e612bcab 100644
+--- a/lib/nettle/int/ecdsa-compute-k.h
++++ b/lib/nettle/int/ecdsa-compute-k.h
+@@ -26,12 +26,6 @@
+ #include <gnutls/gnutls.h>
+ #include <nettle/bignum.h> /* includes gmp.h */
+ 
+-int
+-_gnutls_ecdsa_compute_k (mpz_t k,
+-			 gnutls_ecc_curve_t curve,
+-			 const mpz_t x,
+-			 gnutls_mac_algorithm_t mac,
+-			 const uint8_t *digest,
+-			 size_t length);
++int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve);
+ 
+ #endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index 588e9df502..b19fe3804a 100644
+--- a/lib/nettle/pk.c
++++ b/lib/nettle/pk.c
+@@ -102,10 +102,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t * data)
+ 	}
+ }
+ 
+-static void rnd_mpz_func(void *_ctx, size_t length, uint8_t * data)
++static void rnd_datum_func(void *ctx, size_t length, uint8_t *data)
+ {
+-	mpz_t *k = _ctx;
+-	nettle_mpz_get_str_256 (length, data, *k);
++	gnutls_datum_t *d = ctx;
++
++	if (length > d->size) {
++		memset(data, 0, length - d->size);
++		memcpy(data + (length - d->size), d->data, d->size);
++	} else {
++		memcpy(data, d->data, length);
++	}
+ }
+ 
+ static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t * data)
+@@ -976,7 +982,10 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ 			struct dsa_signature sig;
+ 			int curve_id = pk_params->curve;
+ 			const struct ecc_curve *curve;
+-			mpz_t k;
++			mpz_t q;
++			/* 521-bit elliptic curve generator at maximum */
++			uint8_t buf[(521 + 7) / 8];
++			gnutls_datum_t k = { NULL, 0 };
+ 			void *random_ctx;
+ 			nettle_random_func *random_func;
+ 
+@@ -1005,19 +1014,32 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ 				hash_len = vdata->size;
+ 			}
+ 
+-			mpz_init(k);
++			mpz_init(q);
++
+ 			if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
+ 			    (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
+-				ret = _gnutls_ecdsa_compute_k(k,
+-							      curve_id,
+-							      pk_params->params[ECC_K],
+-							      DIG_TO_MAC(sign_params->dsa_dig),
+-							      vdata->data,
+-							      vdata->size);
++				mp_limb_t h[DSA_COMPUTE_K_ITCH];
++
++				ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id);
+ 				if (ret < 0)
+ 					goto ecdsa_cleanup;
++
++				ret = _gnutls_dsa_compute_k(
++					h, mpz_limbs_read(q), priv.p,
++					ecc_size(priv.ecc), ecc_bit_size(priv.ecc),
++					DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
++					vdata->size);
++				if (ret < 0)
++					goto ecdsa_cleanup;
++
++				k.data = buf;
++				k.size = (ecc_bit_size(priv.ecc) + 7) / 8;
++
++				_gnutls_ecdsa_compute_k_finish(k.data, k.size, h,
++							       ecc_size(priv.ecc));
++
+ 				random_ctx = &k;
+-				random_func = rnd_mpz_func;
++				random_func = rnd_datum_func;
+ 			} else {
+ 				random_ctx = NULL;
+ 				random_func = rnd_nonce_func;
+@@ -1038,7 +1060,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+  ecdsa_cleanup:
+ 			dsa_signature_clear(&sig);
+ 			ecc_scalar_zclear(&priv);
+-			mpz_clear(k);
++			mpz_clear(q);
+ 
+ 			if (ret < 0) {
+ 				gnutls_assert();
+@@ -1051,7 +1073,9 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ 			struct dsa_params pub;
+ 			bigint_t priv;
+ 			struct dsa_signature sig;
+-			mpz_t k;
++			/* 512-bit DSA subgroup at maximum */
++			uint8_t buf[(512 + 7) / 8];
++			gnutls_datum_t k = { NULL, 0 };
+ 			void *random_ctx;
+ 			nettle_random_func *random_func;
+ 
+@@ -1074,21 +1098,27 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ 				hash_len = vdata->size;
+ 			}
+ 
+-			mpz_init(k);
+ 			if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
+ 			    (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
+-				ret = _gnutls_dsa_compute_k(k,
+-							    pub.q,
+-							    TOMPZ(priv),
+-							    DIG_TO_MAC(sign_params->dsa_dig),
+-							    vdata->data,
+-							    vdata->size);
++				mp_limb_t h[DSA_COMPUTE_K_ITCH];
++
++				ret = _gnutls_dsa_compute_k(
++					h, mpz_limbs_read(pub.q),
++					mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q),
++					mpz_sizeinbase(pub.q, 2),
++					DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
++					vdata->size);
+ 				if (ret < 0)
+ 					goto dsa_fail;
+-				/* cancel-out dsa_sign's addition of 1 to random data */
+-				mpz_sub_ui (k, k, 1);
++
++				k.data = buf;
++				k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8;
++
++				_gnutls_dsa_compute_k_finish(k.data, k.size, h,
++							     mpz_size(pub.q));
++
+ 				random_ctx = &k;
+-				random_func = rnd_mpz_func;
++				random_func = rnd_datum_func;
+ 			} else {
+ 				random_ctx = NULL;
+ 				random_func = rnd_nonce_func;
+@@ -1108,7 +1138,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ 
+  dsa_fail:
+ 			dsa_signature_clear(&sig);
+-			mpz_clear(k);
+ 
+ 			if (ret < 0) {
+ 				gnutls_assert();
+diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c
+index 6e907288ee..25aa553a59 100644
+--- a/tests/sign-verify-deterministic.c
++++ b/tests/sign-verify-deterministic.c
+@@ -197,7 +197,7 @@ void doit(void)
+ 					      &signature);
+ 		if (ret < 0)
+ 			testfail("gnutls_pubkey_verify_data2\n");
+-		success(" - pass");
++		success(" - pass\n");
+ 
+ 	next:
+ 		gnutls_free(signature.data);
+-- 
+2.44.0
+

SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch

@@ -0,0 +1,14 @@
+--- gnutls-3.7.2/doc/manpages/p11tool.1	2021-05-29 10:15:22.000000000 +0200
++++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1	2021-06-28 09:35:23.000000000 +0200
+@@ -230,8 +230,9 @@
+ .NOP \f\*[B-Font]\-\-write\f[]
+ Writes the loaded objects to a PKCS #11 token.
+ .sp
+-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with
+-    one of \--load-privkey, \--load-pubkey, \--load-certificate option.
++It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option.
++.sp
++When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand.
+ .TP
+ .NOP \f\*[B-Font]\-\-delete\f[]
+ Deletes the objects matching the given PKCS #11 URL.

SOURCES/gnutls-3.6.16-pkcs7-verify.patch

@@ -0,0 +1,266 @@
+From e5dc27d1a457d1b3abc0582cd133910dff0fc309 Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Fri, 22 Jul 2022 12:00:11 +0200
+Subject: [PATCH] Fix double free during gnutls_pkcs7_verify
+
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+---
+ .gitignore                       |   1 +
+ lib/x509/pkcs7.c                 |   3 +-
+ tests/Makefile.am                |   3 +-
+ tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++
+ 4 files changed, 220 insertions(+), 2 deletions(-)
+ create mode 100644 tests/pkcs7-verify-double-free.c
+
+diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
+index 0ff55ba04b..878f867862 100644
+--- a/lib/x509/pkcs7.c
++++ b/lib/x509/pkcs7.c
+@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
+ 				issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags);
+ 
+ 				if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) {
+-					if (prev) gnutls_x509_crt_deinit(prev);
++					if (prev && prev != signer)
++						gnutls_x509_crt_deinit(prev);
+ 					prev = issuer;
+ 					break;
+ 				}
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index b04cb081b4..0563d3c754 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -220,7 +220,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
+ 	 sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \
+ 	 tls13-without-timeout-func buffer status-request-revoked \
+ 	 set_x509_ocsp_multi_cli kdf-api keylog-func \
+-	 dtls_hello_random_value tls_hello_random_value x509cert-dntypes
++	 dtls_hello_random_value tls_hello_random_value x509cert-dntypes \
++	 pkcs7-verify-double-free
+ 
+ if HAVE_SECCOMP_TESTS
+ ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
+diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c
+new file mode 100644
+index 0000000000..fadf307829
+--- /dev/null
++++ b/tests/pkcs7-verify-double-free.c
+@@ -0,0 +1,215 @@
++/*
++ * Copyright (C) 2022 Red Hat, Inc.
++ *
++ * Author: Zoltan Fridrich
++ *
++ * This file is part of GnuTLS.
++ *
++ * GnuTLS is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuTLS is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <gnutls/pkcs7.h>
++#include <gnutls/x509.h>
++
++#include "utils.h"
++
++static char rca_pem[] =
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
++	"cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n"
++	"VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n"
++	"v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n"
++	"v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n"
++	"ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n"
++	"t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n"
++	"/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n"
++	"5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n"
++	"DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n"
++	"BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n"
++	"i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n"
++	"l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n"
++	"jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n"
++	"FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n"
++	"MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n"
++	"LirBWjg89RoAjFQ7bTE=\n"
++	"-----END CERTIFICATE-----\n";
++
++static char ca_pem[] =
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
++	"cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n"
++	"VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n"
++	"ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n"
++	"ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n"
++	"4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n"
++	"RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n"
++	"obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n"
++	"bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n"
++	"BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n"
++	"o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n"
++	"DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n"
++	"W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n"
++	"lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n"
++	"248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n"
++	"+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n"
++	"NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n"
++	"-----END CERTIFICATE-----\n";
++
++static char ee_pem[] =
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n"
++	"cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n"
++	"NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n"
++	"ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n"
++	"eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n"
++	"QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n"
++	"g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n"
++	"Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n"
++	"68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n"
++	"AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n"
++	"kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n"
++	"VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n"
++	"Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n"
++	"dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n"
++	"PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n"
++	"l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n"
++	"G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n"
++	"-----END CERTIFICATE-----\n";
++
++static char msg_pem[] =
++	"-----BEGIN PKCS7-----\n"
++	"MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n"
++	"hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n"
++	"A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n"
++	"MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n"
++	"ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n"
++	"31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n"
++	"fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n"
++	"XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n"
++	"bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n"
++	"W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n"
++	"AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n"
++	"mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n"
++	"CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n"
++	"5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n"
++	"mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n"
++	"qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n"
++	"GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n"
++	"BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n"
++	"9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n"
++	"DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n"
++	"ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n"
++	"pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n"
++	"91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n"
++	"WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n"
++	"lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n"
++	"C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n"
++	"Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n"
++	"HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n"
++	"Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n"
++	"og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n"
++	"S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n"
++	"7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n"
++	"JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n"
++	"E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n"
++	"0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n"
++	"eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n"
++	"MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n"
++	"BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n"
++	"F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n"
++	"9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n"
++	"tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n"
++	"XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n"
++	"JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n"
++	"BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n"
++	"31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n"
++	"KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n"
++	"nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n"
++	"mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n"
++	"j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n"
++	"Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n"
++	"nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n"
++	"TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n"
++	"CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n"
++	"8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n"
++	"7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n"
++	"2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n"
++	"B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n"
++	"QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n"
++	"-----END PKCS7-----\n";
++
++const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 };
++const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 };
++const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 };
++const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 };
++
++static void tls_log_func(int level, const char *str)
++{
++	fprintf(stderr, "%s |<%d>| %s", "err", level, str);
++}
++
++#define CHECK(X)\
++{\
++	r = X;\
++	if (r < 0)\
++		fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\
++}\
++
++void doit(void)
++{
++	int r;
++	gnutls_x509_crt_t rca_cert = NULL;
++	gnutls_x509_crt_t ca_cert = NULL;
++	gnutls_x509_crt_t ee_cert = NULL;
++	gnutls_x509_trust_list_t tlist = NULL;
++	gnutls_pkcs7_t pkcs7 = NULL;
++	gnutls_datum_t data = { (unsigned char *)"xxx", 3 };
++
++	if (debug) {
++		gnutls_global_set_log_function(tls_log_func);
++		gnutls_global_set_log_level(4711);
++	}
++
++	// Import certificates
++	CHECK(gnutls_x509_crt_init(&rca_cert));
++	CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM));
++	CHECK(gnutls_x509_crt_init(&ca_cert));
++	CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM));
++	CHECK(gnutls_x509_crt_init(&ee_cert));
++	CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM));
++
++	// Setup trust store
++	CHECK(gnutls_x509_trust_list_init(&tlist, 0));
++	CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0));
++	CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0));
++	CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0));
++
++	// Setup pkcs7 structure
++	CHECK(gnutls_pkcs7_init(&pkcs7));
++	CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM));
++
++	// Signature verification
++	gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0);
++
++	gnutls_x509_crt_deinit(rca_cert);
++	gnutls_x509_crt_deinit(ca_cert);
++	gnutls_x509_crt_deinit(ee_cert);
++	gnutls_x509_trust_list_deinit(tlist, 0);
++	gnutls_pkcs7_deinit(pkcs7);
++}
+-- 
+2.37.2
+

SOURCES/gnutls-3.6.16-rehandshake-tickets.patch

@@ -0,0 +1,242 @@
+From 9b50d94bf1c8e749d7dfc593c89e689a161444ae Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 26 Jun 2023 09:30:03 +0200
+Subject: [PATCH] gnutls-3.6.16-rehandshake-tickets.patch
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ lib/ext/session_ticket.c         |   6 ++
+ lib/ext/session_ticket.h         |   1 +
+ lib/libgnutls.map                |   2 +
+ lib/state.c                      |   1 +
+ tests/Makefile.am                |   3 +-
+ tests/tls12-rehandshake-ticket.c | 152 +++++++++++++++++++++++++++++++
+ 6 files changed, 164 insertions(+), 1 deletion(-)
+ create mode 100644 tests/tls12-rehandshake-ticket.c
+
+diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
+index 8f22462..8d83a6c 100644
+--- a/lib/ext/session_ticket.c
++++ b/lib/ext/session_ticket.c
+@@ -618,6 +618,12 @@ gnutls_session_ticket_enable_server(gnutls_session_t session,
+ 	return 0;
+ }
+ 
++void
++_gnutls_session_ticket_disable_server(gnutls_session_t session)
++{
++	session->internals.flags |= GNUTLS_NO_TICKETS;
++}
++
+ /*
+  * Return zero if session tickets haven't been enabled.
+  */
+diff --git a/lib/ext/session_ticket.h b/lib/ext/session_ticket.h
+index da804ec..660c9d3 100644
+--- a/lib/ext/session_ticket.h
++++ b/lib/ext/session_ticket.h
+@@ -36,5 +36,6 @@ int _gnutls_encrypt_session_ticket(gnutls_session_t session,
+ int _gnutls_decrypt_session_ticket(gnutls_session_t session,
+ 				   const gnutls_datum_t *ticket_data,
+ 				   gnutls_datum_t *state);
++void _gnutls_session_ticket_disable_server(gnutls_session_t session);
+ 
+ #endif /* GNUTLS_LIB_EXT_SESSION_TICKET_H */
+diff --git a/lib/libgnutls.map b/lib/libgnutls.map
+index d2f7c0a..6748b3a 100644
+--- a/lib/libgnutls.map
++++ b/lib/libgnutls.map
+@@ -1432,4 +1432,6 @@ GNUTLS_PRIVATE_3_4 {
+ 	_gnutls_buffer_unescape;
+ 	_gnutls_buffer_pop_datum;
+ 	_gnutls_buffer_clear;
++	# needed by tests/tls12-rehandshake-cert-ticket
++	_gnutls_session_ticket_disable_server;
+ } GNUTLS_3_4;
+diff --git a/lib/state.c b/lib/state.c
+index 817a7b8..f1e9daa 100644
+--- a/lib/state.c
++++ b/lib/state.c
+@@ -452,6 +452,7 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
+ 	session->internals.tfo.connect_addrlen = 0;
+ 	session->internals.tfo.connect_only = 0;
+ 	session->internals.early_data_received = 0;
++	session->internals.session_ticket_renew = 0;
+ }
+ 
+ /**
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 0563d3c..7c5f5c4 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -221,7 +221,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
+ 	 tls13-without-timeout-func buffer status-request-revoked \
+ 	 set_x509_ocsp_multi_cli kdf-api keylog-func \
+ 	 dtls_hello_random_value tls_hello_random_value x509cert-dntypes \
+-	 pkcs7-verify-double-free
++	 pkcs7-verify-double-free \
++	 tls12-rehandshake-ticket
+ 
+ if HAVE_SECCOMP_TESTS
+ ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
+diff --git a/tests/tls12-rehandshake-ticket.c b/tests/tls12-rehandshake-ticket.c
+new file mode 100644
+index 0000000..f96e46e
+--- /dev/null
++++ b/tests/tls12-rehandshake-ticket.c
+@@ -0,0 +1,152 @@
++/*
++ * Copyright (C) 2022 Red Hat, Inc.
++ *
++ * Author: Daiki Ueno
++ *
++ * This file is part of GnuTLS.
++ *
++ * GnuTLS is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuTLS is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program.  If not, see <https://www.gnu.org/licenses/>
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <gnutls/gnutls.h>
++#include <assert.h>
++#include "cert-common.h"
++
++#include "utils.h"
++#include "eagain-common.h"
++
++const char *side = "";
++
++static void tls_log_func(int level, const char *str)
++{
++	fprintf(stderr, "%s|<%d>| %s", side, level, str);
++}
++
++#define MAX_BUF 1024
++
++void _gnutls_session_ticket_disable_server(gnutls_session_t session);
++
++static void run(void)
++{
++	char buffer[MAX_BUF + 1];
++	/* Server stuff. */
++	gnutls_certificate_credentials_t scred;
++	gnutls_session_t server;
++	gnutls_datum_t session_ticket_key = { NULL, 0 };
++	int sret;
++	/* Client stuff. */
++	gnutls_certificate_credentials_t ccred;
++	gnutls_session_t client;
++	int cret;
++
++	/* General init. */
++	global_init();
++	gnutls_global_set_log_function(tls_log_func);
++	if (debug)
++		gnutls_global_set_log_level(9);
++
++	/* Init server */
++	assert(gnutls_certificate_allocate_credentials(&scred) >= 0);
++	assert(gnutls_certificate_set_x509_key_mem(scred,
++						   &server_ca3_localhost_cert,
++						   &server_ca3_key,
++						   GNUTLS_X509_FMT_PEM) >= 0);
++	assert(gnutls_certificate_set_x509_trust_mem(scred,
++						     &ca3_cert,
++						     GNUTLS_X509_FMT_PEM) >= 0);
++
++	assert(gnutls_init(&server, GNUTLS_SERVER) >= 0);
++	gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
++	assert(gnutls_priority_set_direct(server,
++					  "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2",
++					  NULL) >= 0);
++
++	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred);
++	gnutls_transport_set_push_function(server, server_push);
++	gnutls_transport_set_pull_function(server, server_pull);
++	gnutls_transport_set_ptr(server, server);
++
++	gnutls_session_ticket_key_generate(&session_ticket_key);
++	gnutls_session_ticket_enable_server(server, &session_ticket_key);
++
++	/* Init client */
++	assert(gnutls_certificate_allocate_credentials(&ccred) >= 0);
++	assert(gnutls_certificate_set_x509_key_mem
++	       (ccred, &cli_ca3_cert_chain, &cli_ca3_key, GNUTLS_X509_FMT_PEM) >= 0);
++	assert(gnutls_certificate_set_x509_trust_mem
++	       (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0);
++
++	gnutls_init(&client, GNUTLS_CLIENT);
++	assert(gnutls_priority_set_direct(client,
++					  "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2",
++					  NULL) >= 0);
++
++	assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred) >= 0);
++
++	gnutls_transport_set_push_function(client, client_push);
++	gnutls_transport_set_pull_function(client, client_pull);
++	gnutls_transport_set_ptr(client, client);
++
++	HANDSHAKE(client, server);
++
++	/* Server initiates rehandshake */
++	switch_side("server");
++	sret = gnutls_rehandshake(server);
++	if (sret < 0) {
++		fail("Error sending %d byte packet: %s\n",
++		     (int)sizeof(buffer), gnutls_strerror(sret));
++	} else if (debug)
++		success("server: starting rehandshake\n");
++
++	/* Stop sending session ticket */
++	_gnutls_session_ticket_disable_server(server);
++
++	/* Client gets notified with rehandshake */
++	switch_side("client");
++	do {
++		do {
++			cret = gnutls_record_recv(client, buffer, MAX_BUF);
++		} while (cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_INTERRUPTED);
++	} while (cret > 0);
++
++	if (cret != GNUTLS_E_REHANDSHAKE) {
++		fail("client: Error receiving rehandshake: %s\n",
++		     gnutls_strerror(cret));
++	}
++
++	HANDSHAKE(client, server);
++
++	gnutls_bye(client, GNUTLS_SHUT_WR);
++	gnutls_bye(server, GNUTLS_SHUT_WR);
++
++	gnutls_deinit(client);
++	gnutls_deinit(server);
++
++	gnutls_certificate_free_credentials(scred);
++	gnutls_certificate_free_credentials(ccred);
++
++	gnutls_free(session_ticket_key.data);
++
++	gnutls_global_deinit();
++	reset_buffers();
++}
++
++void doit(void)
++{
++	run();
++}
+-- 
+2.41.0
+

SOURCES/gnutls-3.6.16-rsa-psk-timing-followup.patch

@@ -0,0 +1,121 @@
+From fe912c5dba49dcecbd5c32bf8184e60a949af452 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 10 Jan 2024 19:13:17 +0900
+Subject: [PATCH] rsa-psk: minimize branching after decryption
+
+This moves any non-trivial code between gnutls_privkey_decrypt_data2
+and the function return in _gnutls_proc_rsa_psk_client_kx up until the
+decryption.  This also avoids an extra memcpy to session->key.key.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/auth/rsa_psk.c | 68 ++++++++++++++++++++++++----------------------
+ 1 file changed, 35 insertions(+), 33 deletions(-)
+
+diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
+index 93c2dc9998..8f3fe5a4bd 100644
+--- a/lib/auth/rsa_psk.c
++++ b/lib/auth/rsa_psk.c
+@@ -269,7 +269,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ 	int ret, dsize;
+ 	ssize_t data_size = _data_size;
+ 	gnutls_psk_server_credentials_t cred;
+-	gnutls_datum_t premaster_secret = { NULL, 0 };
+ 	volatile uint8_t ver_maj, ver_min;
+ 
+ 	cred = (gnutls_psk_server_credentials_t)
+@@ -329,24 +328,48 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ 	ver_maj = _gnutls_get_adv_version_major(session);
+ 	ver_min = _gnutls_get_adv_version_minor(session);
+ 
+-	premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
+-	if (premaster_secret.data == NULL) {
++	/* Find the key of this username. A random value will be
++	 * filled in if the key is not found.
++	 */
++	ret =
++	    _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
++	if (ret < 0)
++		return gnutls_assert_val(ret);
++
++	/* Allocate memory for premaster secret, and fill in the
++	 * fields except the decryption result.
++	 */
++	session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size;
++	session->key.key.data = gnutls_malloc(session->key.key.size);
++	if (session->key.key.data == NULL) {
+ 		gnutls_assert();
++		_gnutls_free_key_datum(&pwd_psk);
++		/* No need to zeroize, as the secret is not copied in yet */
++		_gnutls_free_datum(&session->key.key);
+ 		return GNUTLS_E_MEMORY_ERROR;
+ 	}
+-	premaster_secret.size = GNUTLS_MASTER_SIZE;
+ 
+ 	/* Fallback value when decryption fails. Needs to be unpredictable. */
+-	ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+-			 premaster_secret.size);
++	ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2,
++			 GNUTLS_MASTER_SIZE);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+-		goto cleanup;
++		_gnutls_free_key_datum(&pwd_psk);
++		/* No need to zeroize, as the secret is not copied in yet */
++		_gnutls_free_datum(&session->key.key);
++		return ret;
+ 	}
+ 
++	_gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data);
++	_gnutls_write_uint16(pwd_psk.size,
++			     &session->key.key.data[2 + GNUTLS_MASTER_SIZE]);
++	memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2],
++	       pwd_psk.data, pwd_psk.size);
++	_gnutls_free_key_datum(&pwd_psk);
++
+ 	gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
+-				     &ciphertext, premaster_secret.data,
+-				     premaster_secret.size);
++				     &ciphertext, session->key.key.data + 2,
++				     GNUTLS_MASTER_SIZE);
+ 	/* After this point, any conditional on failure that cause differences
+ 	 * in execution may create a timing or cache access pattern side
+ 	 * channel that can be used as an oracle, so tread carefully */
+@@ -365,31 +388,10 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ 	/* This is here to avoid the version check attack
+ 	 * discussed above.
+ 	 */
+-	premaster_secret.data[0] = ver_maj;
+-	premaster_secret.data[1] = ver_min;
+-
+-	/* find the key of this username
+-	 */
+-	ret =
+-	    _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
+-	if (ret < 0) {
+-		gnutls_assert();
+-		goto cleanup;
+-	}
+-
+-	ret =
+-	    set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
+-	if (ret < 0) {
+-		gnutls_assert();
+-		goto cleanup;
+-	}
++	session->key.key.data[2] = ver_maj;
++	session->key.key.data[3] = ver_min;
+ 
+-	ret = 0;
+-      cleanup:
+-	_gnutls_free_key_datum(&pwd_psk);
+-	_gnutls_free_temp_key_datum(&premaster_secret);
+-
+-	return ret;
++	return 0;
+ }
+ 
+ static int
+-- 
+2.43.0
+

SOURCES/gnutls-3.6.16-rsa-psk-timing.patch

@@ -0,0 +1,202 @@
+From e007a54432c98618bde500649817d153225abf6b Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 7 Dec 2023 11:52:08 +0900
+Subject: [PATCH] gnutls-3.6.16-rsa-psk-timing.patch
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ lib/auth/rsa.c     |  2 +-
+ lib/auth/rsa_psk.c | 93 +++++++++++++++++-----------------------------
+ lib/gnutls_int.h   |  4 --
+ lib/priority.c     |  1 -
+ 4 files changed, 35 insertions(+), 65 deletions(-)
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 858701f..02b6a34 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -207,7 +207,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 				     session->key.key.size);
+ 	/* After this point, any conditional on failure that cause differences
+ 	 * in execution may create a timing or cache access pattern side
+-	 * channel that can be used as an oracle, so treat very carefully */
++	 * channel that can be used as an oracle, so tread carefully */
+ 
+ 	/* Error handling logic:
+ 	 * In case decryption fails then don't inform the peer. Just use the
+diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
+index 1a9dab5..93c2dc9 100644
+--- a/lib/auth/rsa_psk.c
++++ b/lib/auth/rsa_psk.c
+@@ -264,14 +264,13 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ {
+ 	gnutls_datum_t username;
+ 	psk_auth_info_t info;
+-	gnutls_datum_t plaintext;
+ 	gnutls_datum_t ciphertext;
+ 	gnutls_datum_t pwd_psk = { NULL, 0 };
+ 	int ret, dsize;
+-	int randomize_key = 0;
+ 	ssize_t data_size = _data_size;
+ 	gnutls_psk_server_credentials_t cred;
+ 	gnutls_datum_t premaster_secret = { NULL, 0 };
++	volatile uint8_t ver_maj, ver_min;
+ 
+ 	cred = (gnutls_psk_server_credentials_t)
+ 	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
+@@ -327,71 +326,47 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ 	}
+ 	ciphertext.size = dsize;
+ 
+-	ret =
+-	    gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
+-					&ciphertext, &plaintext);
+-	if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
+-		/* In case decryption fails then don't inform
+-		 * the peer. Just use a random key. (in order to avoid
+-		 * attack against pkcs-1 formatting).
+-		 */
++	ver_maj = _gnutls_get_adv_version_major(session);
++	ver_min = _gnutls_get_adv_version_minor(session);
++
++	premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
++	if (premaster_secret.data == NULL) {
+ 		gnutls_assert();
+-		_gnutls_debug_log
+-		    ("auth_rsa_psk: Possible PKCS #1 format attack\n");
+-		if (ret >= 0) {
+-			gnutls_free(plaintext.data);
+-		}
+-		randomize_key = 1;
+-	} else {
+-		/* If the secret was properly formatted, then
+-		 * check the version number.
+-		 */
+-		if (_gnutls_get_adv_version_major(session) !=
+-		    plaintext.data[0]
+-		    || (session->internals.allow_wrong_pms == 0
+-			&& _gnutls_get_adv_version_minor(session) !=
+-			plaintext.data[1])) {
+-			/* No error is returned here, if the version number check
+-			 * fails. We proceed normally.
+-			 * That is to defend against the attack described in the paper
+-			 * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+-			 * Ondej Pokorny and Tomas Rosa.
+-			 */
+-			gnutls_assert();
+-			_gnutls_debug_log
+-			    ("auth_rsa: Possible PKCS #1 version check format attack\n");
+-		}
++		return GNUTLS_E_MEMORY_ERROR;
+ 	}
++	premaster_secret.size = GNUTLS_MASTER_SIZE;
+ 
+-
+-	if (randomize_key != 0) {
+-		premaster_secret.size = GNUTLS_MASTER_SIZE;
+-		premaster_secret.data =
+-		    gnutls_malloc(premaster_secret.size);
+-		if (premaster_secret.data == NULL) {
+-			gnutls_assert();
+-			return GNUTLS_E_MEMORY_ERROR;
+-		}
+-
+-		/* we do not need strong random numbers here.
+-		 */
+-		ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+-				  premaster_secret.size);
+-		if (ret < 0) {
+-			gnutls_assert();
+-			goto cleanup;
+-		}
+-	} else {
+-		premaster_secret.data = plaintext.data;
+-		premaster_secret.size = plaintext.size;
++	/* Fallback value when decryption fails. Needs to be unpredictable. */
++	ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
++			 premaster_secret.size);
++	if (ret < 0) {
++		gnutls_assert();
++		goto cleanup;
+ 	}
+ 
++	gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
++				     &ciphertext, premaster_secret.data,
++				     premaster_secret.size);
++	/* After this point, any conditional on failure that cause differences
++	 * in execution may create a timing or cache access pattern side
++	 * channel that can be used as an oracle, so tread carefully */
++
++	/* Error handling logic:
++	 * In case decryption fails then don't inform the peer. Just use the
++	 * random key previously generated. (in order to avoid attack against
++	 * pkcs-1 formatting).
++	 *
++	 * If we get version mismatches no error is returned either. We
++	 * proceed normally. This is to defend against the attack described
++	 * in the paper "Attacking RSA-based sessions in SSL/TLS" by
++	 * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
++	 */
++
+ 	/* This is here to avoid the version check attack
+ 	 * discussed above.
+ 	 */
+-
+-	premaster_secret.data[0] = _gnutls_get_adv_version_major(session);
+-	premaster_secret.data[1] = _gnutls_get_adv_version_minor(session);
++	premaster_secret.data[0] = ver_maj;
++	premaster_secret.data[1] = ver_min;
+ 
+ 	/* find the key of this username
+ 	 */
+diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
+index 31cec5c..815f69b 100644
+--- a/lib/gnutls_int.h
++++ b/lib/gnutls_int.h
+@@ -971,7 +971,6 @@ struct gnutls_priority_st {
+ 	bool _no_etm;
+ 	bool _no_ext_master_secret;
+ 	bool _allow_key_usage_violation;
+-	bool _allow_wrong_pms;
+ 	bool _dumbfw;
+ 	unsigned int _dh_prime_bits;	/* old (deprecated) variable */
+ 
+@@ -989,7 +988,6 @@ struct gnutls_priority_st {
+ 	      (x)->no_etm = 1; \
+ 	      (x)->no_ext_master_secret = 1; \
+ 	      (x)->allow_key_usage_violation = 1; \
+-	      (x)->allow_wrong_pms = 1; \
+ 	      (x)->dumbfw = 1
+ 
+ #define ENABLE_PRIO_COMPAT(x) \
+@@ -998,7 +996,6 @@ struct gnutls_priority_st {
+ 	      (x)->_no_etm = 1; \
+ 	      (x)->_no_ext_master_secret = 1; \
+ 	      (x)->_allow_key_usage_violation = 1; \
+-	      (x)->_allow_wrong_pms = 1; \
+ 	      (x)->_dumbfw = 1
+ 
+ /* DH and RSA parameters types.
+@@ -1123,7 +1120,6 @@ typedef struct {
+ 	bool no_etm;
+ 	bool no_ext_master_secret;
+ 	bool allow_key_usage_violation;
+-	bool allow_wrong_pms;
+ 	bool dumbfw;
+ 
+ 	/* old (deprecated) variable. This is used for both srp_prime_bits
+diff --git a/lib/priority.c b/lib/priority.c
+index 0a284ae..67ec887 100644
+--- a/lib/priority.c
++++ b/lib/priority.c
+@@ -681,7 +681,6 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
+ 	COPY_TO_INTERNALS(no_etm);
+ 	COPY_TO_INTERNALS(no_ext_master_secret);
+ 	COPY_TO_INTERNALS(allow_key_usage_violation);
+-	COPY_TO_INTERNALS(allow_wrong_pms);
+ 	COPY_TO_INTERNALS(dumbfw);
+ 	COPY_TO_INTERNALS(dh_prime_bits);
+ 
+-- 
+2.43.0
+

SOURCES/gnutls-3.6.16-tls12-cert-type.patch

@@ -0,0 +1,125 @@
+From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 14 May 2021 15:59:37 +0200
+Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR
+
+When the server is advertising signature algorithms in TLS 1.2
+CertificateRequest, it shouldn't send certificate_types not backed by
+any of those algorithms.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/auth/cert.c                         | 76 +++++++++++++++++++++++--
+ tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++
+ 2 files changed, 89 insertions(+), 6 deletions(-)
+
+diff --git a/lib/auth/cert.c b/lib/auth/cert.c
+index 3073a33d3..0b0f04b2b 100644
+--- a/lib/auth/cert.c
++++ b/lib/auth/cert.c
+@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64,
+ #endif
+ } CertificateSigType;
+ 
++enum CertificateSigTypeFlags {
++	RSA_SIGN_FLAG = 1,
++	DSA_SIGN_FLAG = 1 << 1,
++	ECDSA_SIGN_FLAG = 1 << 2,
++#ifdef ENABLE_GOST
++	GOSTR34102012_256_SIGN_FLAG = 1 << 3,
++	GOSTR34102012_512_SIGN_FLAG = 1 << 4
++#endif
++};
++
+ /* Moves data from an internal certificate struct (gnutls_pcert_st) to
+  * another internal certificate struct (cert_auth_info_t), and deinitializes
+  * the former.
+@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
+ 	uint8_t tmp_data[CERTTYPE_SIZE];
+ 	const version_entry_st *ver = get_version(session);
+ 	unsigned init_pos = data->length;
++	enum CertificateSigTypeFlags flags;
+ 
+ 	if (unlikely(ver == NULL))
+ 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
+ 		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ 	}
+ 
+-	i = 1;
++	if (_gnutls_version_has_selectable_sighash(ver)) {
++		size_t j;
++
++		flags = 0;
++		for (j = 0; j < session->internals.priorities->sigalg.size; j++) {
++			const gnutls_sign_entry_st *se =
++				session->internals.priorities->sigalg.entry[j];
++			switch (se->pk) {
++			case GNUTLS_PK_RSA:
++			case GNUTLS_PK_RSA_PSS:
++				flags |= RSA_SIGN_FLAG;
++				break;
++			case GNUTLS_PK_DSA:
++				flags |= DSA_SIGN_FLAG;
++				break;
++			case GNUTLS_PK_ECDSA:
++				flags |= ECDSA_SIGN_FLAG;
++				break;
+ #ifdef ENABLE_GOST
+-	if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) {
+-		tmp_data[i++] = GOSTR34102012_256_SIGN;
+-		tmp_data[i++] = GOSTR34102012_512_SIGN;
+-	} else
++			case GNUTLS_PK_GOST_12_256:
++				flags |= GOSTR34102012_256_SIGN_FLAG;
++				break;
++			case GNUTLS_PK_GOST_12_512:
++				flags |= GOSTR34102012_512_SIGN_FLAG;
++				break;
++#endif
++			default:
++				gnutls_assert();
++				_gnutls_debug_log(
++					"%s is unsupported for cert request\n",
++					gnutls_pk_get_name(se->pk));
++			}
++		}
++
++	} else {
++#ifdef ENABLE_GOST
++		if (_gnutls_kx_is_vko_gost(session->security_parameters.
++					   cs->kx_algorithm)) {
++			flags = GOSTR34102012_256_SIGN_FLAG |
++				GOSTR34102012_512_SIGN_FLAG;
++		} else
+ #endif
+-	{
++		{
++			flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG;
++		}
++	}
++
++	i = 1;
++	if (flags & RSA_SIGN_FLAG) {
+ 		tmp_data[i++] = RSA_SIGN;
++	}
++	if (flags & DSA_SIGN_FLAG) {
+ 		tmp_data[i++] = DSA_SIGN;
++	}
++	if (flags & ECDSA_SIGN_FLAG) {
+ 		tmp_data[i++] = ECDSA_SIGN;
+ 	}
++#ifdef ENABLE_GOST
++	if (flags & GOSTR34102012_256_SIGN_FLAG) {
++		tmp_data[i++] = GOSTR34102012_256_SIGN;
++	}
++	if (flags & GOSTR34102012_512_SIGN_FLAG) {
++		tmp_data[i++] = GOSTR34102012_512_SIGN;
++	}
++#endif
+ 	tmp_data[0] = i - 1;
+ 
+ 	ret = _gnutls_buffer_append_data(data, tmp_data, i);
+-- 
+2.31.1
+

SOURCES/gnutls-3.6.16-trust-ca-sha1.patch

@@ -0,0 +1,283 @@
+From c2409e479df41620bceac314c76cabb1d35a4075 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 3 May 2021 16:35:43 +0200
+Subject: [PATCH] x509/verify: treat SHA-1 signed CA in the trusted set
+ differently
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Suppose there is a certificate chain ending with an intermediate CA:
+EE → ICA1 → ICA2.  If the system trust store contains a root CA
+generated with the same key as ICA2 but signed with a prohibited
+algorithm, such as SHA-1, the library previously reported a
+verification failure, though the situation is not uncommon during a
+transition period of root CA.
+
+This changes the library behavior such that the check on signature
+algorithm will be skipped when examining the trusted root CA.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/x509/verify.c   |  26 ++++---
+ tests/test-chains.h | 165 ++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 182 insertions(+), 9 deletions(-)
+
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index fd7c6a164..a50b5ea44 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -415,14 +415,19 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
+ #define CASE_SEC_PARAM(profile, level) \
+ 	case profile: \
+ 		sym_bits = gnutls_sec_param_to_symmetric_bits(level); \
+-		hash = gnutls_sign_get_hash_algorithm(sigalg); \
+-		entry = mac_to_entry(hash); \
+-		if (hash <= 0 || entry == NULL) { \
++		se = _gnutls_sign_to_entry(sigalg); \
++		if (unlikely(se == NULL)) { \
++			_gnutls_cert_log("cert", crt); \
++			_gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \
++			return gnutls_assert_val(0); \
++		} \
++		if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) {	\
+ 			_gnutls_cert_log("cert", crt); \
+ 			_gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \
+ 			return gnutls_assert_val(0); \
+ 		} \
+-		if (_gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
++		if (!trusted && \
++		    _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
+ 			_gnutls_cert_log("cert", crt); \
+ 			_gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \
+ 			return gnutls_assert_val(0); \
+@@ -449,19 +454,22 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
+  * @crt: a certificate
+  * @issuer: the certificates issuer (allowed to be NULL)
+  * @sigalg: the signature algorithm used
++ * @trusted: whether @crt is treated as trusted (e.g., present in the system
++ *           trust list); if it is true, the check on signature algorithm will
++ *           be skipped
+  * @flags: the specified verification flags
+  */
+ static unsigned is_level_acceptable(
+ 	gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+-	gnutls_sign_algorithm_t sigalg, unsigned flags)
++	gnutls_sign_algorithm_t sigalg, bool trusted,
++	unsigned flags)
+ {
+ 	gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags);
+-	const mac_entry_st *entry;
+ 	int issuer_pkalg = 0, pkalg, ret;
+ 	unsigned bits = 0, issuer_bits = 0, sym_bits = 0;
+ 	gnutls_pk_params_st params;
+ 	gnutls_sec_param_t sp;
+-	int hash;
++	const gnutls_sign_entry_st *se;
+ 	gnutls_certificate_verification_profiles_t min_profile;
+ 
+ 	min_profile = _gnutls_get_system_wide_verification_profile();
+@@ -798,7 +806,7 @@ verify_crt(gnutls_x509_crt_t cert,
+ 	}
+ 
+ 	if (sigalg >= 0 && se) {
+-		if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) {
++		if (is_level_acceptable(cert, issuer, sigalg, false, flags) == 0) {
+ 			MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
+ 		}
+ 
+@@ -893,7 +901,7 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer,
+ 
+ 	/* we explicitly allow CAs which we do not support their self-algorithms
+ 	 * to pass. */
+-	if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, flags)) {
++	if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) {
+ 		status |= GNUTLS_CERT_INSECURE_ALGORITHM|GNUTLS_CERT_INVALID;
+ 	}
+ 
+diff --git a/tests/test-chains.h b/tests/test-chains.h
+index 9b06b85f5..64f50fabf 100644
+--- a/tests/test-chains.h
++++ b/tests/test-chains.h
+@@ -4106,6 +4106,163 @@ static const char *superseding_ca[] = {
+ 	NULL
+ };
+ 
++static const char *rsa_sha1_in_trusted[] = {
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n"
++	"BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n"
++	"MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
++	"BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
++	"AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
++	"dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
++	"Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
++	"mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
++	"+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
++	"CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
++	"ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
++	"MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
++	"ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
++	"GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
++	"AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n"
++	"eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n"
++	"flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n"
++	"x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n"
++	"PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n"
++	"CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n"
++	"W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n"
++	"-----END CERTIFICATE-----\n",
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n"
++	"BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n"
++	"MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
++	"UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
++	"g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
++	"EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
++	"cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
++	"sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
++	"67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
++	"CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
++	"AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
++	"BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
++	"GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n"
++	"EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n"
++	"arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n"
++	"AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n"
++	"3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n"
++	"zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n"
++	"b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n"
++	"vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n"
++	"sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n"
++	"-----END CERTIFICATE-----\n",
++	NULL
++};
++
++static const char *rsa_sha1_in_trusted_ca[] = {
++	/* This CA is generated with the same key as rsa_sha1_in_trusted[1], but
++	 * self-signed using SHA-1.
++	 */
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n"
++	"BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n"
++	"MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n"
++	"KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n"
++	"Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n"
++	"b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n"
++	"rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n"
++	"fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n"
++	"4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n"
++	"UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n"
++	"MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n"
++	"dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n"
++	"S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n"
++	"Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n"
++	"gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n"
++	"Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n"
++	"9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n"
++	"wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n"
++	"w3SV1ZRcNg==\n"
++	"-----END CERTIFICATE-----\n",
++	NULL
++};
++
++static const char *rsa_sha1_not_in_trusted[] = {
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n"
++	"BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n"
++	"MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
++	"BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
++	"AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
++	"dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
++	"Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
++	"mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
++	"+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
++	"CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
++	"ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
++	"MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
++	"ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
++	"GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
++	"AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n"
++	"+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n"
++	"/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n"
++	"3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n"
++	"X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n"
++	"7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n"
++	"4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n"
++	"-----END CERTIFICATE-----\n",
++	/* ICA with SHA1 signature */
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n"
++	"BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n"
++	"NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
++	"UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
++	"g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
++	"EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
++	"cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
++	"sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
++	"67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
++	"CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
++	"AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
++	"BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
++	"GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n"
++	"muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n"
++	"2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n"
++	"cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n"
++	"dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n"
++	"qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n"
++	"VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n"
++	"5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n"
++	"PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n"
++	"-----END CERTIFICATE-----\n",
++	NULL
++};
++
++static const char *rsa_sha1_not_in_trusted_ca[] = {
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n"
++	"BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n"
++	"MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n"
++	"Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n"
++	"OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n"
++	"K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n"
++	"lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n"
++	"fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n"
++	"pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n"
++	"1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n"
++	"aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n"
++	"kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n"
++	"VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n"
++	"S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n"
++	"WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n"
++	"C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n"
++	"o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n"
++	"7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n"
++	"Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n"
++	"nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n"
++	"6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n"
++	"tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n"
++	"-----END CERTIFICATE-----\n",
++	NULL
++};
++
+ #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+ #  pragma GCC diagnostic push
+ #  pragma GCC diagnostic ignored "-Wunused-variable"
+@@ -4275,6 +4432,14 @@ static struct
+   { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
+     0, NULL, 1584352960, 1},
+   { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
++  { "rsa-sha1 in trusted - ok",
++    rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca,
++    GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
++    0, NULL, 1620052390, 1},
++  { "rsa-sha1 not in trusted - not ok",
++    rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca,
++    GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
++    GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1},
+   { NULL, NULL, NULL, 0, 0}
+ };
+ 
+-- 
+2.31.1
+

SOURCES/gnutls-3.6.4-no-now-guile.patch

@@ -0,0 +1,13 @@
+diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in
+index 95e1e9c..1dfc88e 100644
+--- a/guile/src/Makefile.in
++++ b/guile/src/Makefile.in
+@@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la
+ # Use '-module' to build a "dlopenable module", in Libtool terms.
+ # Use '-undefined' to placate Libtool on Windows; see
+ # <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
+-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
++guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy
+ 
+ # Linking against GnuTLS.
+ GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la

SOURCES/gnutls-3.7.8-rsa-kx-timing.patch

@@ -0,0 +1,114 @@
+From c149dd0767f32789e391280cb1eb06b7eb7c6bce Mon Sep 17 00:00:00 2001
+From: Alexander Sosedkin <asosedkin@redhat.com>
+Date: Tue, 9 Aug 2022 16:05:53 +0200
+Subject: [PATCH 1/2] auth/rsa: side-step potential side-channel
+
+Remove branching that depends on secret data.
+
+Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
+Signed-off-by: Hubert Kario <hkario@redhat.com>
+Tested-by: Hubert Kario <hkario@redhat.com>
+---
+ lib/auth/rsa.c | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 8108ee841d..6b158bacb2 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -155,7 +155,6 @@ static int
+ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 		   size_t _data_size)
+ {
+-	const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
+ 	gnutls_datum_t ciphertext;
+ 	int ret, dsize;
+ 	ssize_t data_size = _data_size;
+@@ -235,15 +234,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 	ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
+ 	        CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
+ 
+-	if (ok) {
+-		/* call logging function unconditionally so all branches are
+-		 * indistinguishable for timing and cache access when debug
+-		 * logging is disabled */
+-		_gnutls_no_log("%s", attack_error);
+-	} else {
+-		_gnutls_debug_log("%s", attack_error);
+-	}
+-
+ 	/* This is here to avoid the version check attack
+ 	 * discussed above.
+ 	 */
+-- 
+2.39.1
+
+
+From 7c963102ec2119eecc1789b993aabe5edfd75f3b Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Wed, 8 Feb 2023 14:32:09 +0100
+Subject: [PATCH 2/2] rsa: remove dead code
+
+since the `ok` variable isn't used any more, we can remove all code
+used to calculate it
+
+Signed-off-by: Hubert Kario <hkario@redhat.com>
+---
+ lib/auth/rsa.c | 20 +++-----------------
+ 1 file changed, 3 insertions(+), 17 deletions(-)
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 6b158bacb2..858701fe6e 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -159,8 +159,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 	int ret, dsize;
+ 	ssize_t data_size = _data_size;
+ 	volatile uint8_t ver_maj, ver_min;
+-	volatile uint8_t check_ver_min;
+-	volatile uint32_t ok;
+ 
+ #ifdef ENABLE_SSL3
+ 	if (get_num_version(session) == GNUTLS_SSL3) {
+@@ -186,7 +184,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 
+ 	ver_maj = _gnutls_get_adv_version_major(session);
+ 	ver_min = _gnutls_get_adv_version_minor(session);
+-	check_ver_min = (session->internals.allow_wrong_pms == 0);
+ 
+ 	session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
+ 	if (session->key.key.data == NULL) {
+@@ -205,10 +202,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 		return ret;
+ 	}
+ 
+-	ret =
+-	    gnutls_privkey_decrypt_data2(session->internals.selected_key,
+-					 0, &ciphertext, session->key.key.data,
+-					 session->key.key.size);
++	gnutls_privkey_decrypt_data2(session->internals.selected_key,
++				     0, &ciphertext, session->key.key.data,
++				     session->key.key.size);
+ 	/* After this point, any conditional on failure that cause differences
+ 	 * in execution may create a timing or cache access pattern side
+ 	 * channel that can be used as an oracle, so treat very carefully */
+@@ -224,16 +220,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ 	 * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
+ 	 */
+ 
+-	/* ok is 0 in case of error and 1 in case of success. */
+-
+-	/* if ret < 0 */
+-	ok = CONSTCHECK_EQUAL(ret, 0);
+-	/* session->key.key.data[0] must equal ver_maj */
+-	ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj);
+-	/* if check_ver_min then session->key.key.data[1] must equal ver_min */
+-	ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
+-	        CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
+-
+ 	/* This is here to avoid the version check attack
+ 	 * discussed above.
+ 	 */
+-- 
+2.39.1
+

gnutls-3.7.2-no-explicit-init.patch

@@ -1,33 +0,0 @@
-From c7f4ce40eaecafdefbf4db0ac2d3665bc0c41b33 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Tue, 21 Nov 2023 14:13:38 +0900
-Subject: [PATCH] gnutls-3.7.2-no-explicit-init.patch
-
-Signed-off-by: rpm-build <rpm-build>
----
- lib/global.c | 9 ---------
- 1 file changed, 9 deletions(-)
-
-diff --git a/lib/global.c b/lib/global.c
-index 924ec94..3baa202 100644
---- a/lib/global.c
-+++ b/lib/global.c
-@@ -510,15 +510,6 @@ static void _CONSTRUCTOR lib_init(void)
- 			return;
- 	}
- 
--	e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT");
--	if (e != NULL) {
--		_gnutls_debug_log(
--			"GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n");
--		ret = atoi(e);
--		if (ret == 1)
--			return;
--	}
--
- 	ret = _gnutls_global_init(1);
- 	if (ret < 0) {
- 		fprintf(stderr, "Error in GnuTLS initialization: %s\n",
--- 
-2.41.0
-

gnutls-3.7.3-disable-config-reload.patch

@@ -1,26 +0,0 @@
-diff --git a/lib/priority.c b/lib/priority.c
-index 9feec47fe2..40511710fd 100644
---- a/lib/priority.c
-+++ b/lib/priority.c
-@@ -2001,13 +2001,14 @@ char *_gnutls_resolve_priorities(const char* priorities)
- 		additional++;
- 	}
- 
--	/* Always try to refresh the cached data, to allow it to be
--	 * updated without restarting all applications.
--	 */
--	ret = _gnutls_update_system_priorities(false /* defer_system_wide */);
--	if (ret < 0) {
--		_gnutls_debug_log("failed to update system priorities: %s\n",
--				  gnutls_strerror(ret));
-+	/* If priority string is not constructed yet, construct and finalize */
-+	if (!system_wide_config.priority_string) {
-+		ret = _gnutls_update_system_priorities(false
-+		                                       /* defer_system_wide */);
-+		if (ret < 0) {
-+			_gnutls_debug_log("failed to update system priorities: "
-+			                  " %s\n", gnutls_strerror(ret));
-+		}
- 	}
- 
- 	do {

gnutls-3.7.6-drbg-reseed.patch

@@ -1,41 +0,0 @@
-From 968de8a9779788a853a4c0cd75beda779cb15f52 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 16 Nov 2023 17:09:58 +0900
-Subject: [PATCH] gnutls-3.7.6-drbg-reseed.patch
-
-Signed-off-by: rpm-build <rpm-build>
----
- lib/nettle/sysrng-linux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/lib/nettle/sysrng-linux.c b/lib/nettle/sysrng-linux.c
-index 25d74fe..8b9cc46 100644
---- a/lib/nettle/sysrng-linux.c
-+++ b/lib/nettle/sysrng-linux.c
-@@ -31,6 +31,9 @@
- #include "num.h"
- #include <errno.h>
- #include "rnd-common.h"
-+#include "fips.h"
-+#else
-+#define _gnutls_fips_mode_enabled() 0
- #endif
- 
- #include <sys/types.h>
-@@ -104,7 +107,12 @@ static int force_getrandom(void *buf, size_t buflen, unsigned int flags)
- static int _rnd_get_system_entropy_getrandom(void *_rnd, size_t size)
- {
- 	int ret;
--	ret = force_getrandom(_rnd, size, 0);
-+	unsigned int flags = 0;
-+
-+	if (_gnutls_fips_mode_enabled()) {
-+		flags |= 2/*GRND_RANDOM*/;
-+	}
-+	ret = force_getrandom(_rnd, size, flags);
- 	if (ret == -1) {
- 		int e = errno;
- 		gnutls_assert();
--- 
-2.41.0
-

gnutls-3.8.10-keyupdate.patch

@@ -1,295 +0,0 @@
-From 5376a0cabf94314316005e6bf411ffcc7628b386 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 22 Jul 2025 10:49:33 +0900
-Subject: [PATCH 1/3] key_update: fix state transition in KTLS code path
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/record.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/record.c b/lib/record.c
-index d37f79a550..ebc75addec 100644
---- a/lib/record.c
-+++ b/lib/record.c
-@@ -2045,7 +2045,7 @@ ssize_t gnutls_record_send2(gnutls_session_t session, const void *data,
- 		FALLTHROUGH;
- 	case RECORD_SEND_KEY_UPDATE_3:
- 		if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
--			return _gnutls_ktls_send(
-+			ret = _gnutls_ktls_send(
- 				session,
- 				session->internals.record_key_update_buffer.data,
- 				session->internals.record_key_update_buffer
--- 
-2.50.1
-
-
-From 30c264b661d49d135ef342426c6c4cd853209c06 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Thu, 31 Jul 2025 15:34:48 +0900
-Subject: [PATCH 2/3] constate: switch epoch lookup to linear search
-
-The previous logic of epoch lookup was utilizing the fact that epoch
-numbers are monotonically increasing and there are no gaps in between
-after garbarge collection. That is, however, no longer true when a TLS
-1.3 key update is happening in only one direction.
-
-This patch switches to using linear search instead, at the cost of
-approx MAX_EPOCH_INDEX * 2 (= 8) comparison.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/constate.c   | 47 ++++++++++++++++-------------------------------
- lib/gnutls_int.h |  3 ---
- 2 files changed, 16 insertions(+), 34 deletions(-)
-
-diff --git a/lib/constate.c b/lib/constate.c
-index ca253a2bea..b091d891ff 100644
---- a/lib/constate.c
-+++ b/lib/constate.c
-@@ -932,17 +932,23 @@ static inline int epoch_resolve(gnutls_session_t session,
- static inline record_parameters_st **epoch_get_slot(gnutls_session_t session,
- 						    uint16_t epoch)
- {
--	uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
-+	/* First look for a non-empty slot */
-+	for (size_t i = 0; i < MAX_EPOCH_INDEX; i++) {
-+		record_parameters_st **slot = &session->record_parameters[i];
-+		if (*slot != NULL && (*slot)->epoch == epoch)
-+			return slot;
-+	}
- 
--	if (epoch_index >= MAX_EPOCH_INDEX) {
--		_gnutls_handshake_log(
--			"Epoch %d out of range (idx: %d, max: %d)\n",
--			(int)epoch, (int)epoch_index, MAX_EPOCH_INDEX);
--		gnutls_assert();
--		return NULL;
-+	/* Then look for an empty slot */
-+	for (size_t i = 0; i < MAX_EPOCH_INDEX; i++) {
-+		record_parameters_st **slot = &session->record_parameters[i];
-+		if (*slot == NULL)
-+			return slot;
- 	}
--	/* The slot may still be empty (NULL) */
--	return &session->record_parameters[epoch_index];
-+
-+	gnutls_assert();
-+	_gnutls_handshake_log("No slot available for epoch %u\n", epoch);
-+	return NULL;
- }
- 
- int _gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel,
-@@ -1063,8 +1069,7 @@ static inline int epoch_alive(gnutls_session_t session,
- 
- void _gnutls_epoch_gc(gnutls_session_t session)
- {
--	int i, j;
--	unsigned int min_index = 0;
-+	int i;
- 
- 	_gnutls_record_log("REC[%p]: Start of epoch cleanup\n", session);
- 
-@@ -1091,26 +1096,6 @@ void _gnutls_epoch_gc(gnutls_session_t session)
- 		}
- 	}
- 
--	/* Look for contiguous NULLs at the start of the array */
--	for (i = 0;
--	     i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL; i++)
--		;
--	min_index = i;
--
--	/* Pick up the slack in the epoch window. */
--	if (min_index != 0) {
--		for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++) {
--			session->record_parameters[i] =
--				session->record_parameters[j];
--			session->record_parameters[j] = NULL;
--		}
--	}
--
--	/* Set the new epoch_min */
--	if (session->record_parameters[0] != NULL)
--		session->security_parameters.epoch_min =
--			session->record_parameters[0]->epoch;
--
- 	gnutls_mutex_unlock(&session->internals.epoch_lock);
- 
- 	_gnutls_record_log("REC[%p]: End of epoch cleanup\n", session);
-diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
-index 539486bc7d..e083520055 100644
---- a/lib/gnutls_int.h
-+++ b/lib/gnutls_int.h
-@@ -876,9 +876,6 @@ typedef struct {
- 	/* The epoch that the next handshake will initialize. */
- 	uint16_t epoch_next;
- 
--	/* The epoch at index 0 of record_parameters. */
--	uint16_t epoch_min;
--
- 	/* this is the ciphersuite we are going to use
- 	 * moved here from internals in order to be restored
- 	 * on resume;
--- 
-2.50.1
-
-
-From 1d830baac2f8a08a40b13e9eecfcc64ad032e7b5 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Sat, 19 Jul 2025 07:08:24 +0900
-Subject: [PATCH 3/3] key_update: rework the rekeying logic
-
-While RFC 8446 4.6.3 says that the sender of a KeyUpdate message
-should only update its sending key, the previous implementation
-updated both the sending and receiving keys, preventing that any
-application data interleaved being decrypted.
-
-This splits the key update logic into 2 phases: when sending a
-KeyUpdate, only update the sending key, and when receiving a
-KeyUpdate, only update the receiving key.  In both cases, KeyUpdate
-messages are encrypted/decrypted with the old keys.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/gnutls_int.h       |  2 +-
- lib/tls13/key_update.c | 72 +++++++++++++++++++++++++++---------------
- 2 files changed, 47 insertions(+), 27 deletions(-)
-
-diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
-index e083520055..f3caea1170 100644
---- a/lib/gnutls_int.h
-+++ b/lib/gnutls_int.h
-@@ -1672,7 +1672,7 @@ typedef struct {
- } internals_st;
- 
- /* Maximum number of epochs we keep around. */
--#define MAX_EPOCH_INDEX 4
-+#define MAX_EPOCH_INDEX 16
- 
- #define reset_cand_groups(session)                                            \
- 	session->internals.cand_ec_group = session->internals.cand_dh_group = \
-diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
-index 41243651b5..beee1dc41a 100644
---- a/lib/tls13/key_update.c
-+++ b/lib/tls13/key_update.c
-@@ -52,45 +52,47 @@ static inline int set_ktls_keys(gnutls_session_t session,
- 	return 0;
- }
- 
--static int update_keys(gnutls_session_t session, hs_stage_t stage)
-+static int update_sending_key(gnutls_session_t session, hs_stage_t stage)
- {
- 	int ret;
- 
--	ret = _tls13_update_secret(session,
--				   session->key.proto.tls13.temp_secret,
--				   session->key.proto.tls13.temp_secret_size);
-+	_gnutls_epoch_bump(session);
-+	ret = _gnutls_epoch_dup(session, EPOCH_WRITE_CURRENT);
- 	if (ret < 0)
- 		return gnutls_assert_val(ret);
- 
--	_gnutls_epoch_bump(session);
--	ret = _gnutls_epoch_dup(session, EPOCH_READ_CURRENT);
-+	ret = _tls13_write_connection_state_init(session, stage);
- 	if (ret < 0)
- 		return gnutls_assert_val(ret);
- 
--	/* If we send a key update during early start, only update our
--	 * write keys */
--	if (session->internals.recv_state == RECV_STATE_EARLY_START) {
--		ret = _tls13_write_connection_state_init(session, stage);
-+	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
-+		ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
- 		if (ret < 0)
- 			return gnutls_assert_val(ret);
-+	}
- 
--		if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
--			ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
--	} else {
--		ret = _tls13_connection_state_init(session, stage);
--		if (ret < 0)
--			return gnutls_assert_val(ret);
-+	return 0;
-+}
- 
--		if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) &&
--		    stage == STAGE_UPD_OURS)
--			ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
--		else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) &&
--			 stage == STAGE_UPD_PEERS)
--			ret = set_ktls_keys(session, GNUTLS_KTLS_RECV);
--	}
-+static int update_receiving_key(gnutls_session_t session, hs_stage_t stage)
-+{
-+	int ret;
-+
-+	_gnutls_epoch_bump(session);
-+	ret = _gnutls_epoch_dup(session, EPOCH_READ_CURRENT);
-+	if (ret < 0)
-+		return gnutls_assert_val(ret);
-+
-+	ret = _tls13_read_connection_state_init(session, stage);
- 	if (ret < 0)
- 		return gnutls_assert_val(ret);
- 
-+	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV)) {
-+		ret = set_ktls_keys(session, GNUTLS_KTLS_RECV);
-+		if (ret < 0)
-+			return gnutls_assert_val(ret);
-+	}
-+
- 	return 0;
- }
- 
-@@ -128,7 +130,13 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
- 	switch (buf->data[0]) {
- 	case 0:
- 		/* peer updated its key, not requested our key update */
--		ret = update_keys(session, STAGE_UPD_PEERS);
-+		ret = _tls13_update_secret(
-+			session, session->key.proto.tls13.temp_secret,
-+			session->key.proto.tls13.temp_secret_size);
-+		if (ret < 0)
-+			return gnutls_assert_val(ret);
-+
-+		ret = update_receiving_key(session, STAGE_UPD_PEERS);
- 		if (ret < 0)
- 			return gnutls_assert_val(ret);
- 
-@@ -141,7 +149,13 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
- 		}
- 
- 		/* peer updated its key, requested our key update */
--		ret = update_keys(session, STAGE_UPD_PEERS);
-+		ret = _tls13_update_secret(
-+			session, session->key.proto.tls13.temp_secret,
-+			session->key.proto.tls13.temp_secret_size);
-+		if (ret < 0)
-+			return gnutls_assert_val(ret);
-+
-+		ret = update_receiving_key(session, STAGE_UPD_PEERS);
- 		if (ret < 0)
- 			return gnutls_assert_val(ret);
- 
-@@ -248,7 +262,13 @@ int gnutls_session_key_update(gnutls_session_t session, unsigned flags)
- 	_gnutls_epoch_gc(session);
- 
- 	/* it was completely sent, update the keys */
--	ret = update_keys(session, STAGE_UPD_OURS);
-+	ret = _tls13_update_secret(session,
-+				   session->key.proto.tls13.temp_secret,
-+				   session->key.proto.tls13.temp_secret_size);
-+	if (ret < 0)
-+		return gnutls_assert_val(ret);
-+
-+	ret = update_sending_key(session, STAGE_UPD_OURS);
- 	if (ret < 0)
- 		return gnutls_assert_val(ret);
- 
--- 
-2.50.1
-

gnutls-3.8.10-tests-ktls.patch

@@ -1,114 +0,0 @@
-From e0eb2bbb212a5c9d72311c59e7235832a0075dcc Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 9 Jul 2025 18:54:48 +0900
-Subject: [PATCH] add tests/ktls_utils.h
-
-Signed-off-by: rpm-build <rpm-build>
----
- tests/ktls_utils.h | 94 ++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 94 insertions(+)
- create mode 100644 tests/ktls_utils.h
-
-diff --git a/tests/ktls_utils.h b/tests/ktls_utils.h
-new file mode 100644
-index 0000000..231618d
---- /dev/null
-+++ b/tests/ktls_utils.h
-@@ -0,0 +1,94 @@
-+#ifndef GNUTLS_TESTS_KTLS_UTILS_H
-+#define GNUTLS_TESTS_KTLS_UTILS_H
-+
-+#include <fcntl.h>
-+#include <signal.h>
-+
-+#include <netinet/in.h>
-+
-+#include <sys/socket.h>
-+#include <sys/wait.h>
-+
-+/* Sets the NONBLOCK flag on the socket(fd) */
-+inline static int set_nonblocking(int fd)
-+{
-+	int flags = fcntl(fd, F_GETFL, 0);
-+	if (flags == -1) {
-+		return 1;
-+	}
-+
-+	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
-+		return 2;
-+	}
-+
-+	return 0;
-+}
-+
-+/* Creates a pair of TCP connected sockets */
-+static int create_socket_pair(int *client_fd, int *server_fd)
-+{
-+	int ret;
-+	struct sockaddr_in saddr;
-+	socklen_t addrlen;
-+	int listener;
-+
-+	listener = socket(AF_INET, SOCK_STREAM, 0);
-+	if (listener == -1) {
-+		fail("error in listener(): %s\n", strerror(errno));
-+		return 1;
-+	}
-+
-+	int opt = 0;
-+	setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
-+
-+	memset(&saddr, 0, sizeof(saddr));
-+	saddr.sin_family = AF_INET;
-+	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-+	saddr.sin_port = 0;
-+
-+	ret = bind(listener, (struct sockaddr *)&saddr, sizeof(saddr));
-+	if (ret == -1) {
-+		fail("error in bind(): %s\n", strerror(errno));
-+		return 1;
-+	}
-+
-+	addrlen = sizeof(saddr);
-+	ret = getsockname(listener, (struct sockaddr *)&saddr, &addrlen);
-+	if (ret == -1) {
-+		fail("error in getsockname(): %s\n", strerror(errno));
-+		return 1;
-+	}
-+
-+	ret = listen(listener, 1);
-+	if (ret == -1) {
-+		fail("error in listen(): %s\n", strerror(errno));
-+		close(listener);
-+		return 1;
-+	}
-+
-+	*client_fd = socket(AF_INET, SOCK_STREAM, 0);
-+	if (*client_fd < 0) {
-+		fail("error in socket(): %s\n", strerror(errno));
-+		return 1;
-+	}
-+
-+	ret = connect(*client_fd, (struct sockaddr *)&saddr, addrlen);
-+	if (ret < 0) {
-+		fail("error in connect(): %s\n", strerror(errno));
-+		close(listener);
-+		close(*client_fd);
-+		return 1;
-+	}
-+
-+	*server_fd = accept(listener, NULL, NULL);
-+	if (*server_fd < 0) {
-+		fail("error in accept(): %s\n", strerror(errno));
-+		close(listener);
-+		close(*client_fd);
-+		return 1;
-+	}
-+
-+	return 0;
-+}
-+
-+#endif //GNUTLS_TESTS_KTLS_UTILS_H
--- 
-2.49.0
-

gnutls-3.8.10-tests-mldsa.patch

@@ -1,58 +0,0 @@
-From 15fb5ad536c375a74cc0d87859c9fc919d924c9d Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 10 Jul 2025 05:45:06 +0900
-Subject: [PATCH] support VPATH build for mldsa tests
-
-Signed-off-by: rpm-build <rpm-build>
----
- tests/cert-tests/mldsa.sh | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/tests/cert-tests/mldsa.sh b/tests/cert-tests/mldsa.sh
-index 7e31e11..55e31ce 100644
---- a/tests/cert-tests/mldsa.sh
-+++ b/tests/cert-tests/mldsa.sh
-@@ -130,7 +130,7 @@ for variant in 44 65 87; do
- 	# Check default
- 	TMPKEYDEFAULT=$testdir/key-$algo-$format-default
- 	TMPKEY=$testdir/key-$algo-$format
--	${VALGRIND} "${CERTTOOL}" -k --no-text --infile "data/key-$algo-$format.pem" >"$TMPKEYDEFAULT"
-+	${VALGRIND} "${CERTTOOL}" -k --no-text --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEYDEFAULT"
- 	if [ $? != 0 ]; then
- 	    cat "$TMPKEYDEFAULT"
- 	    exit 1
-@@ -138,19 +138,19 @@ for variant in 44 65 87; do
- 
- 	# The "expandedKey" format doesn't have public key part
- 	if [ "$format" = seed ] || [ "$format" = both ]; then
--	    if ! "${DIFF}" "$TMPKEYDEFAULT" "data/key-$algo-both.pem"; then
-+	    if ! "${DIFF}" "$TMPKEYDEFAULT" "$srcdir/data/key-$algo-both.pem"; then
- 		exit 1
- 	    fi
- 	fi
- 
- 	# Check roundtrip with --key-format
--	${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "data/key-$algo-$format.pem" >"$TMPKEY"
-+	${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEY"
- 	if [ $? != 0 ]; then
- 	    cat "$TMPKEY"
- 	    exit 1
- 	fi
- 
--	if ! "${DIFF}" "$TMPKEY" "data/key-$algo-$format.pem"; then
-+	if ! "${DIFF}" "$TMPKEY" "$srcdir/data/key-$algo-$format.pem"; then
- 	    exit 1
- 	fi
-     done
-@@ -164,7 +164,7 @@ for n in 1; do
-     fi
- 
-     echo "Testing inconsistent ML-DSA key ($n)"
--    if "${CERTTOOL}" -k --infile "data/key-mldsa-inconsistent$n.pem"; then
-+    if "${CERTTOOL}" -k --infile "$srcdir/data/key-mldsa-inconsistent$n.pem"; then
- 	exit 1
-     fi
- done
--- 
-2.49.0
-

gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch

@@ -1,29 +0,0 @@
-From a36b73a21e4b5b6e051b23192a645dea34c9d6af Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 5 Nov 2024 14:45:46 +0900
-Subject: [PATCH] tests: skip CHACHA20-POLY1305 in TLS 1.2 when KTLS is enabled
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- tests/gnutls_ktls.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
-index 90d3e9af91..d5ac4efecc 100644
---- a/tests/gnutls_ktls.c
-+++ b/tests/gnutls_ktls.c
-@@ -347,9 +347,11 @@ void doit(void)
- {
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
-+#if 0
- 	if (!gnutls_fips140_mode_enabled()) {
- 		run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
- 	}
-+#endif
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
- 	run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
- 	if (!gnutls_fips140_mode_enabled()) {
--- 
-2.47.0
-

gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch

@@ -1,775 +0,0 @@
-From 56402841df86125e2eb21fd548bae1bf482d939b Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Wed, 18 Dec 2024 01:11:50 +0900
-Subject: [PATCH 1/6] pk: use deterministic RNG for RSA-PSS in self-tests
-
-This ports the logic to use a specialized RNG with deterministic
-behavior from RSA PKCS#1 v1.5 signature creation.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/nettle/pk.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index 5986a410c2..7baf003f41 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -1494,11 +1494,7 @@ static int _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig,
- 		if (salt == NULL)
- 			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- 
--		ret = gnutls_rnd(GNUTLS_RND_NONCE, salt, salt_size);
--		if (ret < 0) {
--			gnutls_assert();
--			goto cleanup;
--		}
-+		rnd_func(NULL, salt_size, salt);
- 	}
- 
- 	ret = sign_func(pub, priv, rnd_ctx, rnd_func, salt_size, salt, digest,
-@@ -1509,7 +1505,6 @@ static int _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig,
- 	} else
- 		ret = 0;
- 
--cleanup:
- 	gnutls_free(salt);
- 	return ret;
- }
-@@ -2126,6 +2121,7 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
- 	case GNUTLS_PK_RSA_PSS: {
- 		struct rsa_private_key priv;
- 		struct rsa_public_key pub;
-+		nettle_random_func *random_func;
- 		mpz_t s;
- 
- 		_rsa_params_to_privkey(pk_params, &priv);
-@@ -2157,8 +2153,12 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
- 			not_approved = true;
- 		}
- 
-+		if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
-+			random_func = rnd_nonce_func_fallback;
-+		else
-+			random_func = rnd_nonce_func;
- 		ret = _rsa_pss_sign_digest_tr(sign_params->rsa_pss_dig, &pub,
--					      &priv, NULL, rnd_nonce_func,
-+					      &priv, NULL, random_func,
- 					      sign_params->salt_size,
- 					      vdata->data, s);
- 		if (ret < 0) {
--- 
-2.49.0
-
-
-From 9f60b84e1496fa7bc62a136b83519e54ba935721 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 17 Dec 2024 16:55:47 +0900
-Subject: [PATCH 2/6] fips: perform RSA self-tests using RSA-PSS instead of
- PKCS#1 v1.5
-
-Previously the RSA self-tests were using PKCS#1 v1.5, for both
-signature generation and encryption/decryption, which turned a bit
-problematic as GnuTLS now has a run-time option to disable that
-scheme.
-
-According to FIPS 140-3 IG 10.3.A, for each FIPS 186-4 and FIPS 186-5
-public key digital signature algorithm, a CAST shall be performed
-using at least one of the schemes approved for use in the approved
-mode. Similarly, the IG annex D.G mentions that if the RSA signature
-generation algorithm and RSA un-encapsulation scheme use the same
-implementation, only test for signature generation suffices.
-
-Therefore, this switches to using RSA-PSS only and drop the
-RSA encryption/decryption self-tests.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/crypto-selftests-pk.c | 54 ++++++++++++++++++++++++++++++++++++---
- lib/fips.c                |  8 +++---
- 2 files changed, 53 insertions(+), 9 deletions(-)
-
-diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
-index 9d6aca4b49..42f6004030 100644
---- a/lib/crypto-selftests-pk.c
-+++ b/lib/crypto-selftests-pk.c
-@@ -87,6 +87,24 @@ static const char rsa_2048_sig[] =
- 	"\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07"
- 	"\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb";
- 
-+static const char rsa_pss_2048_sig[] =
-+	"\x28\x77\x99\x8b\xc6\xe2\x59\x5c\xa5\x5c\x30\x78\x13\xe2\xca\xe1"
-+	"\x13\xf5\x5d\xd5\x9a\xd7\x71\xff\x41\x82\xf4\x61\xda\x3a\xb6\x10"
-+	"\x20\x87\x63\x5a\x7e\x4e\xc2\x5e\xb1\x85\x0f\x84\x58\xa3\x27\x2d"
-+	"\xe5\x03\xcf\x65\x1a\xb2\xe6\x8b\xcc\x28\xd8\xcc\x1a\x64\x2a\x2d"
-+	"\x9a\x0b\xb7\x32\xfe\x03\x57\x8c\xa0\x9b\xf5\xd0\x51\xb5\x6c\x65"
-+	"\xfe\xf9\xf3\xa4\xba\x09\x43\x80\x31\xc1\x02\x88\x78\xaa\x65\x87"
-+	"\x8d\xb8\x51\xba\x76\x57\xa6\x55\x18\x45\x95\x4e\x22\x82\xb6\xfd"
-+	"\xc9\x04\xf9\xb0\x56\x24\x31\x84\x2b\x70\x91\x55\x7d\x05\x1a\xd0"
-+	"\x30\xae\x5c\xfd\x11\x0a\x2e\x86\x09\x05\x44\x9a\xb5\xaf\x30\x8a"
-+	"\xb6\xa8\x65\x54\xaf\xdf\xf8\x9a\xca\xa0\x96\x26\x45\x09\x41\x33"
-+	"\xf3\x44\x71\xe1\x31\x31\x4c\x53\x60\xcb\x7f\x0b\x02\x08\x39\xf9"
-+	"\xe4\xb2\x43\xa6\x07\x1b\x7e\x15\x32\x36\x3d\xc6\x78\x0b\xf1\x9a"
-+	"\x33\xe3\xee\x8c\x48\xd4\x7e\xcb\xd1\xe6\x93\x29\x13\x04\x40\x8c"
-+	"\x72\xc6\x39\xab\xa1\x76\x4e\x87\x3b\x91\x06\xdf\x1d\x1e\x07\x5e"
-+	"\xc2\x26\x7c\xd6\x38\x5d\xba\x9b\x50\x38\x44\x63\x91\x2a\x98\xd2"
-+	"\x30\x3f\xfb\x79\x15\x5f\x2e\xd2\x3f\xb7\xc4\x69\xc2\x2d\x79\x8d";
-+
- #ifdef ENABLE_DSA
- /* DSA 2048 private key and signature */
- static const char dsa_2048_privkey[] =
-@@ -532,6 +550,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
- 	gnutls_privkey_t key;
- 	char param_name[32];
- 	unsigned vflags = 0;
-+	gnutls_x509_spki_t spki = NULL;
- 
- 	if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 ||
- 	    pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512 ||
-@@ -564,6 +583,22 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
- 		goto cleanup;
- 	}
- 
-+	if (pk == GNUTLS_PK_RSA_PSS) {
-+		ret = gnutls_x509_spki_init(&spki);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			goto cleanup;
-+		}
-+
-+		gnutls_x509_spki_set_rsa_pss_params(spki, dig, 32);
-+
-+		ret = gnutls_privkey_set_spki(key, spki, 0);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			goto cleanup;
-+		}
-+	}
-+
- 	if (pk != (unsigned)gnutls_privkey_get_pk_algorithm(key, NULL)) {
- 		ret = GNUTLS_E_SELF_TEST_ERROR;
- 		goto cleanup;
-@@ -629,10 +664,12 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
- 	ret = 0;
- 
- cleanup:
--	gnutls_free(sig.data);
--	if (pub != 0)
-+	if (spki != NULL)
-+		gnutls_x509_spki_deinit(spki);
-+	if (pub != NULL)
- 		gnutls_pubkey_deinit(pub);
- 	gnutls_privkey_deinit(key);
-+	gnutls_free(sig.data);
- 
- 	if (ret == 0)
- 		_gnutls_debug_log("%s-%s-known-sig self test succeeded\n",
-@@ -1026,8 +1063,17 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
- 
- 		FALLTHROUGH;
- 	case GNUTLS_PK_RSA_PSS:
--		PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048,
--			GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
-+		/* In POST, we switch the RNG to deterministic one so
-+		 * the KAT for RSA-PSS work. */
-+		if (is_post) {
-+			PK_KNOWN_TEST(GNUTLS_PK_RSA_PSS, 2048,
-+				      GNUTLS_DIG_SHA256, rsa_2048_privkey,
-+				      rsa_pss_2048_sig,
-+				      GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS);
-+		} else {
-+			PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048,
-+				GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
-+		}
- 
- 		if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
- 			return 0;
-diff --git a/lib/fips.c b/lib/fips.c
-index 63306705aa..84a70b5619 100644
---- a/lib/fips.c
-+++ b/lib/fips.c
-@@ -622,11 +622,9 @@ int _gnutls_fips_perform_self_checks2(void)
- 	}
- 
- 	/* PK */
--	if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
--		ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
--		if (ret < 0) {
--			return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
--		}
-+	ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS);
-+	if (ret < 0) {
-+		return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
- 	}
- 
- 	ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
--- 
-2.49.0
-
-
-From f653b2c15f4dd550f7937cf86d255a3c96bdb236 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Wed, 12 Feb 2025 07:23:59 +0900
-Subject: [PATCH 3/6] pk: sprinkle SPKI over encryption functions
-
-Similarly to signing, the encrypt/decrypt/decrypt2 functions defined
-in gnutls_crypto_pk_st now take SPKI as an additional parameter, so
-the encryption/decryption behavior can be overridden.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/auth/rsa.c       |  2 +-
- lib/auth/rsa_psk.c   |  2 +-
- lib/crypto-backend.h |  9 ++++++---
- lib/nettle/pk.c      | 40 ++++++++++++++++++++++++----------------
- lib/pk.h             | 17 +++++++++++------
- lib/pkcs11/p11_pk.c  | 23 +++++++++++++----------
- lib/privkey.c        |  6 ++++--
- lib/pubkey.c         |  2 +-
- 8 files changed, 61 insertions(+), 40 deletions(-)
-
-diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
-index b5ecc092f8..4d181327ba 100644
---- a/lib/auth/rsa.c
-+++ b/lib/auth/rsa.c
-@@ -280,7 +280,7 @@ int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st *data)
- 	}
- 
- 	ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
--				 &params);
-+				 &params, &params.spki);
- 
- 	gnutls_pk_params_release(&params);
- 
-diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
-index 399fb4da14..9f97569c5b 100644
---- a/lib/auth/rsa_psk.c
-+++ b/lib/auth/rsa_psk.c
-@@ -178,7 +178,7 @@ static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
- 
- 	/* Encrypt premaster secret */
- 	if ((ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret,
--				      &params)) < 0) {
-+				      &params, &params.spki)) < 0) {
- 		gnutls_assert();
- 		return ret;
- 	}
-diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
-index 74e29a7cb9..24cbb60f77 100644
---- a/lib/crypto-backend.h
-+++ b/lib/crypto-backend.h
-@@ -386,13 +386,16 @@ typedef struct gnutls_crypto_pk {
- 	 * parameters, depending on the operation */
- 	int (*encrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *ciphertext,
- 		       const gnutls_datum_t *plaintext,
--		       const gnutls_pk_params_st *pub);
-+		       const gnutls_pk_params_st *pub,
-+		       const gnutls_x509_spki_st *encrypt);
- 	int (*decrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *plaintext,
- 		       const gnutls_datum_t *ciphertext,
--		       const gnutls_pk_params_st *priv);
-+		       const gnutls_pk_params_st *priv,
-+		       const gnutls_x509_spki_st *encrypt);
- 	int (*decrypt2)(gnutls_pk_algorithm_t, const gnutls_datum_t *ciphertext,
- 			unsigned char *plaintext, size_t paintext_size,
--			const gnutls_pk_params_st *priv);
-+			const gnutls_pk_params_st *priv,
-+			const gnutls_x509_spki_st *encrypt);
- 	int (*sign)(gnutls_pk_algorithm_t, gnutls_datum_t *signature,
- 		    const gnutls_datum_t *data, const gnutls_pk_params_st *priv,
- 		    const gnutls_x509_spki_st *sign);
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index 7baf003f41..ffd7493748 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -1018,7 +1018,8 @@ static inline int _rsa_oaep_encrypt(gnutls_digest_algorithm_t dig,
- static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
- 				   gnutls_datum_t *ciphertext,
- 				   const gnutls_datum_t *plaintext,
--				   const gnutls_pk_params_st *pk_params)
-+				   const gnutls_pk_params_st *pk_params,
-+				   const gnutls_x509_spki_st *encrypt_params)
- {
- 	int ret;
- 	bool not_approved = false;
-@@ -1094,10 +1095,10 @@ static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
- 			goto cleanup;
- 		}
- 
--		ret = _rsa_oaep_encrypt(pk_params->spki.rsa_oaep_dig, &pub,
-+		ret = _rsa_oaep_encrypt(encrypt_params->rsa_oaep_dig, &pub,
- 					NULL, random_func,
--					pk_params->spki.rsa_oaep_label.size,
--					pk_params->spki.rsa_oaep_label.data,
-+					encrypt_params->rsa_oaep_label.size,
-+					encrypt_params->rsa_oaep_label.data,
- 					plaintext->size, plaintext->data, buf);
- 		if (ret == 0 || HAVE_LIB_ERROR()) {
- 			ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
-@@ -1192,7 +1193,8 @@ static inline int _rsa_oaep_decrypt(gnutls_digest_algorithm_t dig,
- static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
- 				   gnutls_datum_t *plaintext,
- 				   const gnutls_datum_t *ciphertext,
--				   const gnutls_pk_params_st *pk_params)
-+				   const gnutls_pk_params_st *pk_params,
-+				   const gnutls_x509_spki_st *encrypt_params)
- {
- 	int ret;
- 	bool not_approved = false;
-@@ -1200,7 +1202,7 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
- 
- 	FAIL_IF_LIB_ERROR;
- 
--	if (algo == GNUTLS_PK_RSA && pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) {
-+	if (algo == GNUTLS_PK_RSA && encrypt_params->pk == GNUTLS_PK_RSA_OAEP) {
- 		algo = GNUTLS_PK_RSA_OAEP;
- 	}
- 
-@@ -1285,10 +1287,10 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
- 			random_func = rnd_nonce_func_fallback;
- 		else
- 			random_func = rnd_nonce_func;
--		ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub,
-+		ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub,
- 					&priv, NULL, random_func,
--					pk_params->spki.rsa_oaep_label.size,
--					pk_params->spki.rsa_oaep_label.data,
-+					encrypt_params->rsa_oaep_label.size,
-+					encrypt_params->rsa_oaep_label.data,
- 					&length, buf, ciphertext->data);
- 
- 		if (ret == 0 || HAVE_LIB_ERROR()) {
-@@ -1354,7 +1356,8 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
- 				    const gnutls_datum_t *ciphertext,
- 				    unsigned char *plaintext,
- 				    size_t plaintext_size,
--				    const gnutls_pk_params_st *pk_params)
-+				    const gnutls_pk_params_st *pk_params,
-+				    const gnutls_x509_spki_st *encrypt_params)
- {
- 	struct rsa_private_key priv;
- 	struct rsa_public_key pub;
-@@ -1370,7 +1373,7 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
- 		goto fail;
- 	}
- 
--	if (pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) {
-+	if (encrypt_params->pk == GNUTLS_PK_RSA_OAEP) {
- 		algo = GNUTLS_PK_RSA_OAEP;
- 	}
- 
-@@ -1407,10 +1410,10 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
- 				       ciphertext->data);
- 		break;
- 	case GNUTLS_PK_RSA_OAEP:
--		ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub,
-+		ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub,
- 					&priv, NULL, random_func,
--					pk_params->spki.rsa_oaep_label.size,
--					pk_params->spki.rsa_oaep_label.data,
-+					encrypt_params->rsa_oaep_label.size,
-+					encrypt_params->rsa_oaep_label.data,
- 					&plaintext_size, plaintext,
- 					ciphertext->data);
- 		break;
-@@ -3255,6 +3258,11 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 			goto cleanup;
- 		}
-+	} else if (algo == GNUTLS_PK_RSA_OAEP) {
-+		if (spki.rsa_oaep_dig == GNUTLS_DIG_UNKNOWN)
-+			spki.rsa_oaep_dig = GNUTLS_DIG_SHA256;
-+		ddata.data = (void *)const_data;
-+		ddata.size = sizeof(const_data);
- 	} else {
- 		ddata.data = (void *)const_data;
- 		ddata.size = sizeof(const_data);
-@@ -3280,7 +3288,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 			}
- 		}
- 
--		ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params);
-+		ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params, &spki);
- 		if (ret < 0) {
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 		}
-@@ -3289,7 +3297,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 		}
- 		if (ret == 0 &&
--		    _gnutls_pk_decrypt(algo, &tmp, &sig, params) < 0) {
-+		    _gnutls_pk_decrypt(algo, &tmp, &sig, params, &spki) < 0) {
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 		}
- 		if (ret == 0 &&
-diff --git a/lib/pk.h b/lib/pk.h
-index 6969b534de..246d6e0299 100644
---- a/lib/pk.h
-+++ b/lib/pk.h
-@@ -27,13 +27,18 @@
- 
- extern int crypto_pk_prio;
- 
--#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params) \
--	_gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params)
--#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params) \
--	_gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params)
--#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params)    \
-+#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params,            \
-+			   encrypt_params)                                 \
-+	_gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params, \
-+				      encrypt_params)
-+#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params,            \
-+			   encrypt_params)                                 \
-+	_gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params, \
-+				      encrypt_params)
-+#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params,    \
-+			    encrypt_params)                               \
- 	_gnutls_pk_backend()->decrypt2(algo, ciphertext, plaintext, size, \
--				       params)
-+				       params, encrypt_params)
- #define _gnutls_pk_sign(algo, sig, data, params, sign_params) \
- 	_gnutls_pk_backend()->sign(algo, sig, data, params, sign_params)
- #define _gnutls_pk_verify(algo, data, sig, params, sign_params) \
-diff --git a/lib/pkcs11/p11_pk.c b/lib/pkcs11/p11_pk.c
-index 34a9cd24bc..8227998a2f 100644
---- a/lib/pkcs11/p11_pk.c
-+++ b/lib/pkcs11/p11_pk.c
-@@ -228,9 +228,9 @@ cleanup:
- }
- 
- static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param,
--				const gnutls_pk_params_st *pk_params)
-+				const gnutls_x509_spki_st *encrypt_params)
- {
--	switch (pk_params->spki.rsa_oaep_dig) {
-+	switch (encrypt_params->rsa_oaep_dig) {
- 	case GNUTLS_DIG_SHA256:
- 		param->hashAlg = CKM_SHA256;
- 		param->mgf = CKG_MGF1_SHA256;
-@@ -247,8 +247,8 @@ static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param,
- 		return false;
- 	}
- 	param->source = CKZ_DATA_SPECIFIED;
--	param->pSourceData = pk_params->spki.rsa_oaep_label.data;
--	param->ulSourceDataLen = pk_params->spki.rsa_oaep_label.size;
-+	param->pSourceData = encrypt_params->rsa_oaep_label.data;
-+	param->ulSourceDataLen = encrypt_params->rsa_oaep_label.size;
- 	return true;
- }
- 
-@@ -706,7 +706,8 @@ static int derive_ecdh_secret(CK_SESSION_HANDLE session,
- static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo,
- 				gnutls_datum_t *ciphertext,
- 				const gnutls_datum_t *plaintext,
--				const gnutls_pk_params_st *pk_params)
-+				const gnutls_pk_params_st *pk_params,
-+				const gnutls_x509_spki_st *encrypt_params)
- {
- 	int ret = 0;
- 	CK_RV rv;
-@@ -742,7 +743,7 @@ static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo,
- 		mech.pParameter = &param_rsa_oaep;
- 		mech.ulParameterLen = sizeof(param_rsa_oaep);
- 
--		if (!init_rsa_oaep_param(&param_rsa_oaep, pk_params)) {
-+		if (!init_rsa_oaep_param(&param_rsa_oaep, encrypt_params)) {
- 			ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- 			goto cleanup;
- 		}
-@@ -798,7 +799,8 @@ cleanup:
- static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo,
- 				gnutls_datum_t *plaintext,
- 				const gnutls_datum_t *ciphertext,
--				const gnutls_pk_params_st *pk_params)
-+				const gnutls_pk_params_st *pk_params,
-+				const gnutls_x509_spki_st *encrypt_params)
- {
- 	int ret = 0;
- 	CK_RV rv;
-@@ -834,7 +836,7 @@ static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo,
- 		mech.pParameter = &param_rsa_oaep;
- 		mech.ulParameterLen = sizeof(param_rsa_oaep);
- 
--		if (!init_rsa_oaep_param(&param_rsa_oaep, pk_params)) {
-+		if (!init_rsa_oaep_param(&param_rsa_oaep, encrypt_params)) {
- 			ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- 			goto cleanup;
- 		}
-@@ -890,7 +892,8 @@ static int _wrap_p11_pk_decrypt2(gnutls_pk_algorithm_t algo,
- 				 const gnutls_datum_t *ciphertext,
- 				 unsigned char *plaintext,
- 				 size_t plaintext_size,
--				 const gnutls_pk_params_st *pk_params)
-+				 const gnutls_pk_params_st *pk_params,
-+				 const gnutls_x509_spki_st *encrypt_params)
- {
- 	int ret = 0;
- 	uint32_t is_err;
-@@ -928,7 +931,7 @@ static int _wrap_p11_pk_decrypt2(gnutls_pk_algorithm_t algo,
- 		mech.pParameter = &param_rsa_oaep;
- 		mech.ulParameterLen = sizeof(param_rsa_oaep);
- 
--		if (!init_rsa_oaep_param(&param_rsa_oaep, pk_params)) {
-+		if (!init_rsa_oaep_param(&param_rsa_oaep, encrypt_params)) {
- 			ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- 			goto cleanup;
- 		}
-diff --git a/lib/privkey.c b/lib/privkey.c
-index 84e984f6b9..05a3804c25 100644
---- a/lib/privkey.c
-+++ b/lib/privkey.c
-@@ -1590,7 +1590,8 @@ int gnutls_privkey_decrypt_data(gnutls_privkey_t key, unsigned int flags,
- 	switch (key->type) {
- 	case GNUTLS_PRIVKEY_X509:
- 		return _gnutls_pk_decrypt(key->pk_algorithm, plaintext,
--					  ciphertext, &key->key.x509->params);
-+					  ciphertext, &key->key.x509->params,
-+					  &key->key.x509->params.spki);
- #ifdef ENABLE_PKCS11
- 	case GNUTLS_PRIVKEY_PKCS11:
- 		return _gnutls_pkcs11_privkey_decrypt_data(
-@@ -1657,7 +1658,8 @@ int gnutls_privkey_decrypt_data2(gnutls_privkey_t key, unsigned int flags,
- 	case GNUTLS_PRIVKEY_X509:
- 		return _gnutls_pk_decrypt2(key->pk_algorithm, ciphertext,
- 					   plaintext, plaintext_size,
--					   &key->key.x509->params);
-+					   &key->key.x509->params,
-+					   &key->key.x509->params.spki);
- #ifdef ENABLE_PKCS11
- 	case GNUTLS_PRIVKEY_PKCS11:
- 		return _gnutls_pkcs11_privkey_decrypt_data2(key->key.pkcs11,
-diff --git a/lib/pubkey.c b/lib/pubkey.c
-index 02a08b8163..73dd9e16b0 100644
---- a/lib/pubkey.c
-+++ b/lib/pubkey.c
-@@ -2336,7 +2336,7 @@ int gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags,
- 	}
- 
- 	return _gnutls_pk_encrypt(key->params.algo, ciphertext, plaintext,
--				  &key->params);
-+				  &key->params, &key->params.spki);
- }
- 
- static int pubkey_supports_sig(gnutls_pubkey_t pubkey,
--- 
-2.49.0
-
-
-From e1be1e6b805b50a43ada57757ffe9cdf201289b5 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Wed, 12 Feb 2025 12:13:47 +0900
-Subject: [PATCH 4/6] pk: exercise decrypt2 in PCT
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/nettle/pk.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index ffd7493748..e4ad772842 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -1368,7 +1368,8 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
- 
- 	FAIL_IF_LIB_ERROR;
- 
--	if (algo != GNUTLS_PK_RSA || plaintext == NULL) {
-+	if ((algo != GNUTLS_PK_RSA && algo != GNUTLS_PK_RSA_OAEP) ||
-+	    plaintext == NULL) {
- 		ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- 		goto fail;
- 	}
-@@ -3305,6 +3306,16 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 		      memcmp(tmp.data, ddata.data, tmp.size) == 0)) {
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 		}
-+		if (ret == 0 &&
-+		    _gnutls_pk_decrypt2(algo, &sig, tmp.data, tmp.size, params,
-+					&spki) < 0) {
-+			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
-+		}
-+		if (ret == 0 &&
-+		    !(tmp.size == ddata.size &&
-+		      memcmp(tmp.data, ddata.data, tmp.size) == 0)) {
-+			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
-+		}
- 
- 		if (algo == GNUTLS_PK_RSA) {
- 			if (unlikely(gnutls_fips140_pop_context() < 0)) {
--- 
-2.49.0
-
-
-From 4e7b9e800f17bb0655e6d4de8f101d8a3b601fbc Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Mon, 27 Jan 2025 16:36:41 +0900
-Subject: [PATCH 5/6] fips: perform both PCTs for unrestricted RSA key
-
-As PKCS#1 v1.5-padding is no longer allowed, exercise PCT with both
-RSA-PSS and RSA-OAEP for unrestricted RSA keys. Note that, it is no
-longer possible to create 512-bit RSA key under FIPS mode, because
-there is a restriction of message size in RSA-OAEP based on the key
-size, i.e., mLen > k - 2hLen - 2.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/nettle/pk.c            | 50 +++++++++++++-------------------------
- tests/fips-override-test.c |  4 +--
- tests/fips-rsa-sizes.c     |  6 -----
- 3 files changed, 19 insertions(+), 41 deletions(-)
-
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index e4ad772842..f7f7c0637b 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -3213,7 +3213,6 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 	gnutls_datum_t ddata, tmp = { NULL, 0 };
- 	char *gen_data = NULL;
- 	gnutls_x509_spki_st spki;
--	gnutls_fips140_context_t context;
- 
- 	ret = _gnutls_x509_spki_copy(&spki, &params->spki);
- 	if (ret < 0) {
-@@ -3271,25 +3270,23 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 
- 	switch (algo) {
- 	case GNUTLS_PK_RSA:
--	case GNUTLS_PK_RSA_OAEP:
--		if (algo == GNUTLS_PK_RSA) {
--			/* Push a temporary FIPS context because _gnutls_pk_encrypt and
--			 * _gnutls_pk_decrypt below will mark RSAES-PKCS1-v1_5 operation
--			 * non-approved */
--			if (gnutls_fips140_context_init(&context) < 0) {
--				ret = gnutls_assert_val(
--					GNUTLS_E_PK_GENERATION_ERROR);
--				goto cleanup;
--			}
--			if (gnutls_fips140_push_context(context) < 0) {
--				ret = gnutls_assert_val(
--					GNUTLS_E_PK_GENERATION_ERROR);
--				gnutls_fips140_context_deinit(context);
--				goto cleanup;
--			}
-+		/* To comply with FIPS 140-3 IG 10.3.A, additional comment 1,
-+		 * Perform both key transport and signature PCTs for
-+		 * unrestricted RSA key.  */
-+		ret = pct_test(GNUTLS_PK_RSA_OAEP, params);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			break;
- 		}
--
--		ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params, &spki);
-+		ret = pct_test(GNUTLS_PK_RSA_PSS, params);
-+		if (ret < 0) {
-+			gnutls_assert();
-+			break;
-+		}
-+		break;
-+	case GNUTLS_PK_RSA_OAEP:
-+		ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA_OAEP, &sig, &ddata,
-+					 params, &spki);
- 		if (ret < 0) {
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 		}
-@@ -3317,14 +3314,6 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 			ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- 		}
- 
--		if (algo == GNUTLS_PK_RSA) {
--			if (unlikely(gnutls_fips140_pop_context() < 0)) {
--				ret = gnutls_assert_val(
--					GNUTLS_E_PK_GENERATION_ERROR);
--			}
--			gnutls_fips140_context_deinit(context);
--		}
--
- 		if (ret < 0) {
- 			goto cleanup;
- 		}
-@@ -3332,12 +3321,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
- 		free(sig.data);
- 		sig.data = NULL;
- 
--		/* RSA-OAEP can't be used for signing */
--		if (algo == GNUTLS_PK_RSA_OAEP) {
--			break;
--		}
--
--		FALLTHROUGH;
-+		break;
- 	case GNUTLS_PK_EC: /* we only do keys for ECDSA */
- 	case GNUTLS_PK_EDDSA_ED25519:
- 	case GNUTLS_PK_EDDSA_ED448:
-diff --git a/tests/fips-override-test.c b/tests/fips-override-test.c
-index 82db3c0c79..6fbd444d47 100644
---- a/tests/fips-override-test.c
-+++ b/tests/fips-override-test.c
-@@ -67,9 +67,9 @@ static void try_crypto(void)
- 	}
- 
- 	assert(gnutls_x509_privkey_init(&privkey) == 0);
--	ret = gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 512, 0);
-+	ret = gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 768, 0);
- 	if (ret < 0) {
--		fail("gnutls_x509_privkey_generate failed for 512-bit key\n");
-+		fail("gnutls_x509_privkey_generate failed for 768-bit key\n");
- 	}
- 	gnutls_x509_privkey_deinit(privkey);
- }
-diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
-index 61a76d3c09..2963ccd531 100644
---- a/tests/fips-rsa-sizes.c
-+++ b/tests/fips-rsa-sizes.c
-@@ -250,12 +250,6 @@ void doit(void)
- 
- 	assert(gnutls_fips140_context_init(&fips_context) == 0);
- 
--	generate_unsuccessfully(&privkey, &pubkey, 512);
--	sign_verify_unsuccessfully(privkey, pubkey);
--	generate_unsuccessfully(&privkey, &pubkey, 512);
--	sign_verify_unsuccessfully(privkey, pubkey);
--	generate_unsuccessfully(&privkey, &pubkey, 600);
--	sign_verify_unsuccessfully(privkey, pubkey);
- 	generate_unsuccessfully(&privkey, &pubkey, 768);
- 	sign_verify_unsuccessfully(privkey, pubkey);
- 	generate_unsuccessfully(&privkey, &pubkey, 1024);
--- 
-2.49.0
-
-
-From 7b5f1bddcd77d61531fdb5c084c43947786b27ab Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Mon, 10 Feb 2025 15:57:39 +0900
-Subject: [PATCH 6/6] tests: do not assume RSAES-PKCS1-v1_5 is enabled in
- system config
-
-Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- tests/system-override-allow-rsa-pkcs1-encrypt.sh | 10 ----------
- 1 file changed, 10 deletions(-)
-
-diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
-index 714d0af946..30cb77ca50 100755
---- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh
-+++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
-@@ -56,14 +56,4 @@ if [ $? = 0 ]; then
- fi
- echo "RSAES-PKCS1-v1_5 successfully disabled"
- 
--unset GNUTLS_SYSTEM_PRIORITY_FILE
--unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID
--
--${TEST}
--if [ $? != 0 ]; then
--	echo "${TEST} expected to succeed by default"
--	exit 1
--fi
--echo "RSAES-PKCS1-v1_5 successfully enabled by default"
--
- exit 0
--- 
-2.49.0
-

gnutls-release-keyring.gpg

@@ -1,226 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEYcRaoxYJKwYBBAHaRw8BAQdA5U8Cb4ZMYCjuAa6tqNKbRxXzycS2iLvNzWki
-bGD2fe60JVpvbHRhbiBGcmlkcmljaCA8emZyaWRyaWNAcmVkaGF0LmNvbT6ImgQT
-FgoAQgIbAwULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AWIQRdRssPdjQFpwU1
-VvR6daZIs/kiDAUCZZQM4wUJCXNMwAAKCRB6daZIs/kiDBq0AQD4kutiBvEtpeI5
-oHE5am/JgQUbUNQ8hGiHeJ+epRc5NQEA0xzJPYCIlvZ4jgf7K7RiKkqjzozOLwun
-GummhMd1vQ24OARhxFqjEgorBgEEAZdVAQUBAQdAxKg6y4A69qT7doTni8/zKuKy
-QKXEORZTCNxkcnz3dXoDAQgHiH4EGBYKACYCGwwWIQRdRssPdjQFpwU1VvR6daZI
-s/kiDAUCZZQL3wUJCXNLvAAKCRB6daZIs/kiDCtdAQC6p+B26g72CLXjq6xmaLqs
-1fi1auyPW/SnNRbbaW9UlwD/Up5lkp+r2n5d74vj4Y43nORpipb4kR3mP5g4SZak
-IQKZAg0ESmfuLgEQAKHTAV7YHndSUjFY5DfCsrdMjIembP3PIwKR0g/vHVvvhn9L
-FkDs3y46TkFCHcYsGdhOEmXcxJY4CClui7IjkSH1/7JnbsCgGRBx3wl4dyRsu9cL
-EbwY86fVypIFSy6z7q24bzosjeu50lIqwVna4fRqZF8lIEGfJuuizLl1OfnkYgnc
-FupZ1pM/u40VZEzOLoMDj2bzzSEnaq6eS4A5f+ryS8ql9G4kJ2Z72RdlzWXzwWoZ
-QSV0JVikb5KN0IU/0KZklFiEXpS5EdJlfIlPDVYyainuBiPYXdBOyh2d/V714OO7
-/JanOY8HhYAK2us7vDM+W5+x6UU0isfDHq3KS/N+VphODZuuf2imZlMAzt5heEGT
-wAS85cKDWrhReJIa0WmjAFRW2g4ZAeVILbXw6dDJowSwLsJqBvURCpk1tee9wxXM
-whxdwocVIBCuTn4h81NA6iTwUhZdabxNhUOpUilYQoOAePQ/Bw9a2mSGOWAg/TVr
-m6+u+/TDVOrY1yMumnJjKegS8RsZaiOS7iXIJRZ1YAv2fmHcgKXIEKp0fw4y10vd
-aJsYiWRs5xZd+xH4VREK/l6zAxECVkq7Mt/pjIPOllVbI6h75Bz5LgOXwn5Z5js+
-q40nAZ20uSVKLTjfpVgq6niSChPeIAdhU4G3QrTecO2CeybZTGIRH57X3RhXABEB
-AAG0HkRhaWtpIFVlbm8gPHVlbm9AdW5peHVzZXIub3JnPokCVAQTAQIAPgIbAwIe
-AQIXgAULCQgHAwUVCgkICwUWAgMBABYhBEYiJcO0bzSHn8hJbNYFhI7X5phxBQJb
-qxq7BQkaqS4NAAoJENYFhI7X5phx7qYP/R0/oCwNjM0treJEL7U1CAaPD8VMOrzl
-Fvc4Kx5pJq5VLoMTpl1ikgyk/LAbNleWdgxCEtAGf4NbI9nxyV6Jh2EwGSwLf/HV
-Kh5x6kWwRMqpSY5NcgJsQeAIojJT0ui3HANwNxvqcIHCsPlCjSbKidgEkl/PGiSJ
-j/UiP/OJ5Z0DqKg7hrd29XgVuBMIKcFQXysiHfy+N+9UQbHtb6qjkriRZAZ4Jb6Q
-LrwIzMqKOINj2NNKtxH1AaosxLQ+pcsmRA3OQPPKk5ptQE70+R+OiGbFbfkL4Uui
-gjhMAf9qmppiMnxq9gkt/lLteCpTFZZ2FeL9mSKu9eN0jewweVVcZdgm0vVmub4m
-rrkciJGl8Le3dZG3sZ1KYink6gSbYY8bJCfYo36+JqQx9KmyAQKLV8YwgQGlHyy/
-6vHZdsPRsugmR0dbZEXxr0VE/CI26Ed68u2ZxtscVdurWeNhsFnJpY8Dljah8QYn
-kObRp7DyEMUqD9cDC7Jlmgdq8fe9IIPxVNfDgHub6gh15dA7XdRWB2Fd1rtSQ0xM
-/so3rfMDrssJ25RTkbA6gLNy54NO1Pz2xpsuL3MLlVF0xFdCIf7LD95vikfcXY6R
-iaJwniDS6bm1UOkaRzgG/o5FERS7Ea9cowsxoxypybDHefH0Qn74J6B4BtgEB3cg
-fiJHjFjSzTcetBlEYWlraSBVZW5vIDx1ZW5vQGdudS5vcmc+iQJVBBMBCAA/AhsD
-BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBEYiJcO0bzSHn8hJbNYFhI7X5phx
-BQJknpE0BQkf2j2GAAoJENYFhI7X5phxAzUP/2WLxI23iiF12lVVlxj84g3F/XyE
-u7oi5nVHY9wtmw0PoM3/sHHDO4H2LXH9Beb4Nitpvzy3WkMMOiAGdoDad0CC8gD8
-TChjAd4vh5arT9PGgTHNUdp33m80j5xl0TuDEvfbXaoL2ZTyW4TApmpiPX+a024L
-mx+Xf+WBj8PlEjXSjh21mXQs+L3gZGwZFXc2VoQNg/rBGt9rmv2JcaO4q+BbVhY6
-o1PYL0C7RBWfz/sdIhWazYMa8L243a4LQU6CkILwum0yJ37ERJ2jkGc8NaHsqXCi
-zbmFFp3If6u7F7iFrIN0W76hUL69nwszGlz4OyLHJsDLDnp1fJbOBk2gZZCMoFIS
-OXqxTZPUdxbjWaVNRz1/ze5LcGF5yB52lgqOxykZCIIGs9mn11Q1kWPoB2BovoXd
-fqTgMwx68qvQXWUzHj8fVemA3kCwqK9udjFok62GVKBy7uxBes+Le74aMg17Pp3R
-siMuL4jpTppEuBpc5/gMQDJSv53niGWLyrUCa+9lDGqxpHiV+SRrEXekQlFCi+cG
-FS36mT/Vnvsnss4ioKjEPWv4OuASkC78GvGMSXZrFMHrILgRrLhErbO/g8d2/+X9
-3p02A5R9vbhdOSOAgjvvGLPzR7LidOoBOZYaTq28HB7cNmBkpAp4cM59pQwTVZYm
-ryZF066njjn5TEoVuQINBEtrT7wBEACjRnNKXpiD/tbVSiF3bicZpf4C1JFIDvvJ
-HQZEuK35SqeAe/tUpMAwbBfgW5sExUoB3Cy1lEK2Bi1kO7GU+tkdCHhi6jrcLYiM
-g7QXavYZ/ebYHVfhVY2vGhOJVz4qm0/WvQYT3OpJSqrD1jT+AbRpDxFk9h2CBPw1
-roBrh8TqYKyIOBPSswLwP05IKk9h7SwQnl/stXRchLMVaMrKL33V2bpZSI4NtYhJ
-QGzX7PHVsv4JYBCXCeFRhAJwLLySfGM3DXdAChsOjtGob/sW84Kv5YM65sHxmhit
-4NC5o5IxVQntvYaOsTafF9KOC8egostPsARxUNNihGYvJ5WL8NS2wQVMWsiRMK+/
-QsK6PEMXny4q9+lMPGBZpuGicUX68RIIJynAaHatdorA0hFSDQIVxbhDTQdrBnmt
-fSx33Yd9LlaW+oFz3oNtsUP57JQMvn7/RYMSheRqtlhSOOHQV/DdORo2B1uhd2Dl
-uZOzsVz88o/2eZ9dhO8ArNhQRpWgcx7dq+kI7FyUH0Idrw29qD3IT/PnEOTF84ro
-l0HEagP1ozVB32krJIDRQleTmdTogtT69FYLHnK9fYrk1m3Pcc3TWb/1PCcccN0D
-2RJCl2kry5wJdx6g2bi7wg4twpRJshi5jREPJAAGNy5MKA+oon6D6gbwwNP3xuz/
-/9BU0AUDYQARAQABiQJ+BBgBCAByBYJkorMiCRDWBYSO1+aYcUcUAAAAAAAeACBz
-YWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeZgZGsUjuRusvhjME6v0SyZCTB
-ZHc9vQ5i7qV5OPZtLgIbDBYhBEYiJcO0bzSHn8hJbNYFhI7X5phxAADssg/9G6Sj
-nPi7yLDgXwmdQnZS20afRXa+T/YrsupbcKtXz+9As/QeZjnwuWI+LMDEjQSGnbQ4
-w4Uyz5hnpRnWYDq62hsFml1eJr5xwImscJMUYkVdBVTxvrYn9Dxr+C+FkeJfBIkO
-qZpFfe03VNwNU7zm6lg2BzKzBY3MY0nm/J/fWhmIXGOvUXHmRC6NnRkiTQcLsPU5
-TrJoDXP3qI2shr77IE3TFZ60xD1mdoaZol+CQEXjoAzd+PuWBltdkMVSqtLFkyEy
-L0kup+u/JdBrZxDNKRYwvoIi+cpzefq6Cp52L4WOhKxYQxrGPaFXzuOjf5uA6YHj
-nikhvtm2W1C4FxEJ9OaDgP5EtdUmwnAOdPc+uNwpmChpFZmno26pqZfl7st6hjWK
-qc9bEGncemxqregsCZPz8S/xHtFIKG7tGu7bmXVqnlkbz40t+1dQSN7jM6/pEIKr
-2xWiZOnQ9/1cwuS84ZIQiwvOT4tGlLxnhdPjrCdgjtse2rf0Z1e29D36VKvxEQvh
-lyAkqu4/8polwDVjHA3e3wlM8oCIoV4QvWWiqwaYmcFIk67TeTFx/rADZdDk/1w6
-Ym+aOkPah1KLj7ERikSi3L3WJsrqZl7ij7fW8UrU5hz1Ncwc5cshFtdICAHA2ZpT
-vELN+aCng2VkpPsR3NGa4ihB2Rbyq2SsGJdkf1OZAg0EV+o2lwEQAKWMXF8xc4hs
-2nI+Tl6s/QTiw1X8gGJCztuEpLgVUqfL8bmQx91t1F7bpfVBN/wmrxXcWDZCTnlZ
-NFJ81F/5AyMr1d8CBCuFaBHNx5KIl0Mo96wlFlYt2ANIjs2duM70fNgQPx0NgV9U
-ZrvuXtW7hH7G+bQE83NvEjBg/OC16JaImRK9IV3FMsv4V7H5QrUwe9dAkN/EnaKk
-I6B4jTd2DBq4JPfK+0FmEj/09Fv8N9EPgUm/TQePzOedMRhON9qX7vTczHsslmqD
-d5DSXbCgYamiuI0e3Xw48i07R6Bz5h0/gm6PKzS7effIKopZJitF4/ry5m2/ryf9
-piv0koeaC+ygYTALnWmqlS2PeFUbxfqvllz0nUk2wGsHVIeBKAkMeWyvluqFPLey
-zouexNl99s86fMhvMKCUbYNN1CvwMJtXCmabaviN1sbMrWa8UdW4h5RNxs4ot/9M
-uZOtTTJNtRbESXiyB8VTQuBZAh+eUTkuSa2AC4O6M1UEnc+a5pzRVy99MF335Kat
-S42S50THIshZvCehjZNL/BHXnyd1Acqf9VBJZXJYLuvw3wlH2qYl2GGS7fR6V4ii
-94dp/EE/kOZyzx5DJSNd6evYLwgJsFQvkGGqsCy8myXfDjK5Y+gx5kxBinikAigk
-OcnwYBlAlXBs2mxmG0qiCO2ooMl8/g0rABEBAAG0J0FsZXhhbmRlciBTb3NlZGtp
-biA8bW9ua0B1bmJvaWxlZC5pbmZvPokCTgQTAQgAIQIbAwIeAQIXgAUCV+o3dAUL
-CQgHAwUVCgkICwUWAgMBAAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCy
-nxQyflAP/1o4u6QvvBqAA4SK8eDgCaDjfKltjDn52jx4JfxBWlfS/zdnz8qPDTXX
-iEh2JKpitlG+bmRnSngOqPH+sfFQvUz7czidUfF+Tlt0jO3Q/Zt5/OiGh3vgmOre
-B4I5cObNGQmT/Ma5si6NfTQU0+okvd3j6fRNswsNP26TF+m7gSd27/S1/WkGLe+D
-Ukq+fYXjCNn4qCg9KthAULJkZWiCP2rok/m2xCHmAq0ALVyDTE/IKRbDEqc04qsI
-/XqGPavLdHmG8On1g8sek7QvJKkRgN29BUzdS6KBYfZGSLJ9KLGST7BPegyFLXvD
-SMxUx4KrJRxgytMcmzI5SYTA6u6RdA1t5AY6Jw17YgP4Ba/yPPTbrTxJb7qM4NOA
-1c/xc+j3+A6bWjLUbHMESlldcZae3s9cFjmOfDW9jn0WcmV2e4W1u2kTF0um1kfV
-8kriiHKKT0RJ8iVLfpJpnJ0/7hgsyUE4O8BH1J+Pho0zVfTE1TBp1FwRZJQ3ls9X
-3f5Zpn/KZy7gjseQSPx6r7pra7U5gSv/0Y1qDRrNvtULt1+0SobAmzp84iqn3GRd
-/NybJz5jB526fm16WIE3MLoEB2yj+T+4AQ5Va1NHLqRR5oXa/anIzzFrmoUe8dRY
-le/PhIvHEjzRrMzLFrmXX6eQZH1Gle59KbCFJus0bfSE0PL0xmKsuQINBGEgbmMB
-EAC6sAEM9vo0ocfnyAlhmG+clkdNIH0J8NLzZIbnHOAfTnnLzUeWOT14JR7Q//kT
-CdorjbX0dWD/+TRIwFHdXtLQngqaqSc77+1nRkx/4R5tbzJrd/FYA/4zk+sPpDHD
-idcntJQ5chduyiuESn3L0H0OT0muck0g92BAkGATaswNWLLnu/TC1486krkG0aQx
-DDFIYggzJR6v/saCrTGtMVMOhoMcWKGGQpFCYznB+3scYucTc4o9CGY/hpYeukZZ
-72xmaYWZqIQnCm7pfLyJWNkw70EO1r1EBStuhYWEUqgTfgfu6KQHRpRiMPWf0Oss
-44DQR5fIkY/VTCBeIWOdX2TC6qVfgMKASfIyYzPMorDtAcrXhRb4aEZqh9p7AjLs
-8izfFR8/GSdoxIda3b+cfFPZ5dk05oOS3wkMQOy5ZeGv/jp8WZds7MC9+xNMhdZ9
-4hRU6dN7S6yq+btrgPLWXk96yl4VZkwRz9fxk7PqZZ8riz9VAfKE2llkC5pEXx09
-B0oUxu9DXzGZI9acOG3YAtXlezhCaS6AcvQZbQ7CXKHd/sGXrf9T+sqYX9k4FnLm
-7eoWHH0rEMC3QVPGbIs4rGZbjBBybVrgSL8ShFpmhw9F1PyD6ug2t41NBIbZr9e2
-eFaVO2LaPpZPoKFGZoILrtB/vW32BmQV20Ibr7cK2dPcbQARAQABiQI2BBgBCAAg
-FiEE6Yerf36JZnd20Fs7sOndILKfFDIFAmEgbmMCGyAACgkQsOndILKfFDKCmw/7
-BUinZ7uO+ax1hV25Emdg9qJsbtW32FLMypecexEK/CrOM+fadQe+xzPOoSlHw5tS
-1ZB4rdKUT0jIingmmgaBWFd0FQPSsxHlERvhTfgDBlzAl7CkFisOPYY/ErL+lCjM
-4t8VgsHsQZQZ7Nx7wMuIbT99n1lt79lt3YXgkZfIerDmb5mWuGP10b1/GDFv0s2R
-T2dyNfdTNFtfzpehA4ea7Qgcz1ayqeyjWqDpoIXP+KCC368vv7kukBrdSpn7RLS2
-xYeP8zB8ovfe+TzYc7ZSt9UdjbW7U7qzU49Kq5C4n/qvj7R5kcAm+UDSLVrvnbAf
-nLVWWfgo0sOmtD5/EoMhlgKtN6DrVTSgf6xW6oWsf+8Pz1NROhqLwkcDvpET6zuT
-YEWOK9vFik3XEtdaSlONvaBPN8aYfjoPze28MgEEcf3dw/+QIczw8+kXWXjmAHth
-L8RpC1fiMmdOXlB1d7gkUPQkJmc4NeRM53fgE097IbXbEFhMtDSu8yzKltG70ahO
-WoNKwdArrQhbiFKc4hoCx/caRy8jK0kFb5ZaNkljbtyQWFXm75lEDpaa2RFvE0T7
-pFrMnrOEts0tlJwEf5s/SxWpFniXW7mCov3eYFnrE8Lgq173z7NmjmMTms29bro8
-UW8eHMflRchZsrEUAQOtlA3k159Wt/2MTK9LnIz1I7a5Ag0EV+o3eQEQAL7E7DWm
-gc1YdUV35LU1JCYqu8LScbyPtnilMYjgYORLc2DqXLIBWuIdP7hQ8lkQosQmn+oj
-EfIEBpwbU+q5fsyxK31nReXxQQgDGwobjdGsZykjf6Dj1Jd9y2LDsBpZnvpFVhqp
-YAv3bmyaGpIh+9y5xyLRsCTloVL1R+JyHuOromVllR25+zFwvoFhjfq27VK9QjTF
-DYzqhdr3e0sx1LKb0DaiDHc8PT2LBjmND7KMGUKOjDwiFY6Uxd1eTB6Y+FkkwfMa
-bk1JRgF+rGA9pvy0sjJcWkbTvW8erBJhhWNN4V7rtSHMMRdzFvqzhgWeO7r3TarK
-js7pQCM8t+rnT7YFm1n0rHLfW7ECV6WBvWyk1N7a0C4Q5ekJ+fls4U+Iy20bOmhs
-3vRxNA0XaGdp/NH1ldi5KExYbTpQpNQ0XK6j1KwE+TdM24v7su6qWGgmWUJKWFfC
-ms+/zwAVGypTXa7rDi9X/+Ubb8nLLkQbf4W4/OrXBWffkbG+4J2EDRxF1UeHrHu5
-NpnFP8J7sWYKV45Vh3pK5le2zYbDPF84Ge6BY2wiYvvWnPEqg7pLPZfaRSMJkqxT
-QLSwnHf8vBvVXHAmp0WpYwOYBE+onFcZX3/t8d2uiEKuhElNfxdC1O4UolaBBEpz
-FC9hN1IXWIpTgRLo+G4ket8FlTugwe+l1HN9ABEBAAGJBFUEGAEIAAkFAlfqN3kC
-GwICQAkQsOndILKfFDLBXSAEGQEIAAYFAlfqN3kACgkQQSdIpAr8wvsH/hAAlSnz
-UTzOU+x7/P4fPxl9M7dLWcOIKaaGrjNExz9bVCGXGnHZR3f4gRl/bowRFjGi++vh
-nlCz2Hj18lFRXG3HjlSOwdzJYSa6ZMqdA2AW4167kJtQNEXpfV//C5mXhfe3U68O
-33+acvqU5cG4/+QNvun81j8SQlOyYJlsQwW6W1EH2wxfuvpid3SNn5yDZ7GFhfZh
-oxBwzITWRiWifcy8r3xufAVrFZKwAMvWrG5LRJD6pgyW/1oMsWUIH0U+QD0vgBoa
-RCAW/gqLRf2836n7PeZaLuqiHMQgYOUs41KJ9jy6rYiHLuZsZPJ4luFbFuUylJxj
-KUfnjVuAoBhm9XouywKckE3oXUf2Sa504MQlo+pNvtf4LK8RALpkTe8joq5olEnV
-NNIq+UBxK0ZEG6SaCnf4wtYcL4uUVgLj/QYm9fob3gakVlfEVZx2SnCqrB2NAtMO
-RUo1iOm//EwAnaFP4XaqPEQLZaEnKF454n05xFvt21UGgM81z2q9DrAbAolrpf3Y
-8LtC42TQTMlGmyVmxUzgqyVcDc8Pjj0VP+9twp8za31bPXs88/o3E+tYIN46pxYV
-9fWxdns+eNupVm8ZeZ+sblhkQGb2yyOPM7SEsP4MKzITPHheBxSzniYo0D6jrX4A
-lDza7Gjw4YsOxus2NlhzBsWxmTpYat1QSW8cEQgWIQTph6t/folmd3bQWzuw6d0g
-sp8UMpnkEACd4nfSJZIVX/jGtbR9kwOhnchAEkW9nwCxwgujJxvkPSqgMLbwtGhv
-KMunhOOU10JWWT2pZ6JvYTzRRPJwl8snXwNlv9HKa/XUlbo7SGuliAya0J3UKxtG
-Jd9+yOj81BznQjlZF18yqjERP1cyewmuGIUEqU1ODVE5SVajZSSOpe9EnT0TENZ3
-SJcodwtg8rd1V4pqUecx5cpG01szohDuqXJ1NbvoRIYXbxwyx9b7JK3YuoDhRylG
-rmCyP5n5Sb0J+5yfcOL33CPVK7SLladTlopCcaeieIIMSqMdUSHpLKqvOrRt3Cz7
-9A777L9MHND1yf2Mm/IQlih/1d6JblNSJ2znD7hfpo1ReYmzYtG35a3m6FZt4QT1
-5gGLQ0QC9a4s4LpqY9zPxaW9jpQPsyodoiCk/j2ZkwHLIa580V3Kh6dxjI+LwXlZ
-/9T+Q/C3L5Has5yBijtCdekyrsD6XVfEn5gg+yFkDc6TKYCGhsro0yA9J+BOGRD2
-HDxVbH3njCiP5wDvxIgOQLN06LQLDX+Qq++MRnJe4e0i1CQA+ow7ROSGUEPX7k3p
-qoxJcQ2i2SCKz1PooV/ii/iN1PfU/IK3GAJEO2ktpQM9APKP//tvc00CAbarnlc9
-G22yWAxW3R5JN7SfeX+lqC+Mok1cS7WGCQOOOC+B0EelTaj6Zcb7wbkCDQRX6jaX
-ARAAxAQjAzi2kzXnWnX6yAkijTQk0j5raWb7+2Qprqr+I4ZbjEFiQFodw7Ei8eFt
-sY5LSSvFWe8WXl0Ahvmfi+/9TPFwgEtLWTOqguCjJQN0VkOfjhEDWLuAFHoa3IzV
-ySoZhDgIDQ/LY7cRg+Ryi0AaInesYx0cxdYkt93X1tPtcV4q7KiTIWZWBsWlBZF3
-qHgneIfq6lBObjd/QfKhaFGleXi4UhJfcwnVj01h6dCKWUSNPRr6/sbdQztsnDYn
-ghka+pdUAmVqpj+Cpb0ppUuzO78tW0lImybRUGOomhivQbw2/TcYcgwQmdUi7+Ie
-Td/8H9Msff2P9u54vFbhUt1XlNk4KWyOi2Xu9CvidXqNcg6wpdAPthIjeZ3tRT3H
-nFt9N5cPlhaQwV7SuGx9eaiMk2Oj2dBPvV4M18guwfA98iyNJ4tBmmiFLagfaDuN
-aMgyt5cQA0tORt5d8AUoF3OrYQ/wdiToa6IJ7RO2WaSlFaYOHFJzMUDLNSUzKbVI
-OR7No7QIOvKYJR4njnHBgIK5AeQNu5ucBxbFDOqnmu0E75pHOrVn8l5OOuHN/EiO
-SGzRTdSh/iVftUgZC3vj+XnIlen1RBU63DRkFn97knlQGtmJgi6yIJhWHYk9LvDG
-rUAdtPgrIr4844O3E5ZNTDW0YTmWtkfqnmfgEVBUdMWjj1sAEQEAAYkCNgQYAQgA
-CQUCV+o2lwIbDAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCynxQy0eUP
-/RLpSjdHZzZxJ0gorRbNkUZ+hJL4eCZC+V+JGBvTgLd58lN8ah/vqQafn3vUXwB4
-3tW/if/Oz9ZRrLhfPtfROEQjxroo4xNRY9PPrEO1yQ5O6i81CcZGRKpZ391Q2fPl
-2+lWT4VKXpn+XbF33FXAox9Rdfc/H5bXF+EiT00EnuxKWv6yyC48lNgKGBmSdhRE
-iXTzzRzGxBxN3GWQV+2rIrHMy3Bp2DgKb2kHLhA2sLg8oCoszhWcW1+le34ioqNB
-Yt/HLvM+nVzxgrD6RMQg0aiFQJvIw68Z48g5oD44xIjJT6YWXLbZA0XaXLn+m1CR
-6xqxSeXsXSCnvbF5KQs6MsxKFs07T2GDEMuHJO35IfEfg1JWWgzqJfGe8bKBeQ2U
-wFaZrYlmOYpq4VIdWwgDHlzuXynb/7MLe6NyxJPun57Ex7NsS//sfrR5nPunk43e
-0W0lqmT50WJxRhBHhxXmkQ0fH6tzra8GJxo99+MJzaSfENvdRz39BQXM56nv0/1w
-lRdfqJJcqYqVav/gKvKaB5eH3dXHKGZK5YSiQbtvqKBOwsOhHxtvsE18lu5LwiYd
-nTaI0DmUcl2o4iC0+cpSFSesGSGd2XIIid0E4yre89Cf4kfuCQhvUkBrgYwU3mFM
-/MhgH9hH7MKAmRVfm+pwNOk3owA/vBcSuRRLeeVGDGeqmQINBFOsE5ABEADD/k0t
-8to+R0kPhr2k7d0P/p1SYgxkwSaYgdv4/MgO/yEbQDMsqs1mw88mWnFKKdbH4QUS
-qCj21SiiJVrcoY7dNNapkKNiaMNCylAxkLtDw9/up0AVdkJ/7iHvrKlwIb3SBQV1
-oJYBrXF9rzFBtkW9NhLc+DzloeHfPtABCIi0XoIOGSDn+RQvppe/13phBj+2fd5I
-LNWiHfKIrr6228TynSPqy7H4z5DYcnYIJ7f7FO+MgaZjj28GFCyCFz7DMJsR/JX8
-CDsaOHvBsBRtBIKSQ7ce9KtAnemsmyGVkaHpGvxo3gaWj8pROIiQRbDYfXXvMbpT
-Yh/OTxbbx3SgBNjk3fH6ZjYZXuz+1kjJ9aajRKWvhZbMCjKEGjm3n+PrYdd2o9W6
-j5+aOhSWDs54z7froPmt291NdykF4kHb3W3SwGaIACV3/ZorrwG8wHhnV8dEwqTr
-E6xcTIwr2+C07yFDKrSgTbZsjEb6RbZA9SKsj6+ct8TrAxVPAigj7eMdWcF8yxxQ
-CCZci8UIx9hyHAfr4fKCYl0KlG3SoZ8kTKiB0AvjsK+QowE7gKuHeKOvEn8cb2Di
-BWjDfJoTO19xhzm51jxcDneIkVoeSg5QJqtiQZybyhf7vP9vl1fS9O8I9y1uR2lC
-x7UkWAGTTVTtzs+O47125jsj/BjLMECT/Ub33QARAQABtCBUaW0gUsO8aHNlbiA8
-dGltLnJ1ZWhzZW5AZ214LmRlPokCTgQTAQoAOAIbAwULCQgHAwUVCgkICwUWAgMB
-AAIeAQIXgBYhBByyfbyYYUstWEFkbQgwLbaiZwQoBQJgRRE9AAoJEAgwLbaiZwQo
-1nQP/igf0pGcHlUqHSGmaapDoqRJfHcwUMfC3FjK4fmV94D3KUVU9txWbb02qX5n
-1yQXcpweHEAQEY7YVUbZLND2kMqq/unyi6TqdXK6wtz1t6tO2IsPXceAzI5pC6hX
-QbN/sQIBD+ytdUVpvuOGDLUfbn95PYqNx/2t3GzW2hSglt6MUFDHVvQpglkQnCGI
-1C2ulqPOarKcxggH4pTWQ2PR9JOJMS4iUGEyZeVUA8m21V+KZS3CZjaEuq+/3dLW
-WzC1vtl7WMa3JahCGaJHL7kauVa0qgEkG1FENDxNhjb9m7nXh7+DRSOQM8oT4EbC
-kSt5mLAwPl6JoAiRa3l+oVy6SldpdkMl6ycCnYEWki5K5xTUeJugw95Hm5mkD6Dt
-li7tTtIlqcQ8i2kQB+BmtD2HSKBWrFONE4DQaBv8GcqzoDMFmw72sOStbnbAGEtz
-IU41pmOaV6AnfN/hVqNNH3P8vzrSJifU0WCR9TEZoZoN0Rxbt4vYbLrArgiGE94K
-rUEJ08c7Q4VOAdbQcENgzu+MnQC7jWk471eJ05hWMtqvW2PKh/2bF/LgIYJuBcNX
-CKFBkDNTBNibJ8MnVn0uBZ3X9G6Kx9wU5e89Qvj7V6MM4SoTiOmhlbxH8GxXXSYf
-AWosuWUSOFyXzG5yhurvUmYW+OIFPRZ6Wb5gKSgoLdgB+DhfuQINBFOsE5ABEADr
-LQL3bP7+M6PTCjuVbqqHBDhBAKEEuxKffwDz1AJKfRhvqTYIKQqgZwaIzXdbOkmP
-rTEgWHJKbwssaRmdBVRSYkE2DXLEcnuxqAgNyc5RMoVHWIE4jFNkxmrN6ZcVWel2
-OwCo9A6bzUftKKYJRPAYou4nmv87+CdKT16JV40dMG/phLyPINByy9wThIodpJQX
-/H1O6OCsMM/ZQJQ8zJCXbCCCe/c5gcg6+RJLsNa1CjIjQH0F1XZuncxz3nvKLxXL
-uQG8HCcU5GxW/z2byjEkoJrlakmcwUzuih7IuFrvSaexb8so2N6u5H8vm+SBkCwU
-c28lBsKECOJUeH28CBcMmFuRKFgF/fBpRiXDKI8Fl3IRm5vFIfL6oIBJBSDfunfZ
-5FPXup5fVGT9k0dhBlD48zDQ22kVVmRkpctxGwd3yE4BM9/sQ3nK4HwrB9+9X2Rq
-xbAzwz8LGvRE7/rusBg9HaO8kIOO/7NjutCvJkHGPfJSF7i9XvBcoQpkTIJFPaxu
-pk7TCFOVDAzUYh82MzNq89SVe49017/nuXzKJ3SAtok7xDYVsXXriYgnmouL7f+c
-DXdXmLIxPZN6LKkwKb9/rU0/9xPuvxS25zCSgjig8/SFEdSt6wvs94npSn6RcmVx
-i5VN1Ni4IMRgQn7hXpGKATlM6CQ32V7QBJN24mFECQARAQABiQI2BBgBCgAgAhsM
-FiEEHLJ9vJhhSy1YQWRtCDAttqJnBCgFAmBFEU0ACgkQCDAttqJnBCh3ahAAo9lG
-UYfbbuQd6XRb7bkXWsoPoTI+o2S9wQOvZQLb/sANCkK0HqwAWdNeBKWF3o9NUG5y
-/gQ3wNJv7WBGzCBL/N87K0doq6s9MiwXFIykr/yIlN7la3lCQvOUDn1OmO9zHGq4
-t4arfCiInm5Hc6NhStV3aKtgIJoGWDMu9aIcy9canuAO+oO8l1ayV1kPDKWskVEX
-ZsdvnxY0rhInvUfgw27uY2ziPLO3iTfPJLJ8wx2V3cyxkVWgk+08DHKQz0gwObJA
-iAFtWJXSd8kO7mzcNVPgDAgje/7Lf2wlP4GQYO6Ht5RnhzbzIcgHxcK6pJeIS5oA
-vDySWASwD66dkdYQUAjYHE2OQnwTjxU907uf1Foaa6yiOFBcQku4NQNdoUDfv+HW
-0C5TR2XVcO9UBPTlEGMjMeqhTHs3E3HXKGiFWT7WYtdG9fBhVNoLvZ39eYnWEM8N
-svcRUmOKzvoAJbmbZAlH3necl20MeJnfkTx9Nu3D9afYnaw9IJ9BetTON3gXzTtG
-wAJjMZ346k9MLvnSLFpD8of15R/jl+RbZ732stOJkbcM5cUj2Lgi7DE44y7BeBT5
-XD5LAUwop30sm4Kxwv9oEyVjzoQPkB24l9YGeEOEIqESZLszZ44Jsh703+9n3Dq9
-wNTn8cXhFYi0Of02Vt4nNiXryBL/zneXgb37qiI=
-=8Avy
------END PGP PUBLIC KEY BLOCK-----

gnutls.spec

@@ -1,900 +0,0 @@
-## START: Set by rpmautospec
-## (rpmautospec version 0.6.5)
-## RPMAUTOSPEC: autorelease, autochangelog
-%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 2;
-    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
-    print(release_number + base_release_number - 1);
-}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
-## END: Set by rpmautospec
-
-%define srpmhash() %{lua:
-local files = rpm.expand("%_specdir/gnutls.spec")
-for i, p in ipairs(patches) do
-   files = files.." "..p
-end
-for i, p in ipairs(sources) do
-   files = files.." "..p
-end
-local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
-local hash = sha256sum:read("*a")
-sha256sum:close()
-print(string.sub(hash, 0, 16))
-}
-
-Version: 3.8.10
-Release: %{?autorelease}%{!?autorelease:1%{?dist}}
-# not upstreamed: can we drop this as configure is regenerated when bootstrapping?
-Patch: gnutls-3.2.7-rpath.patch
-# not upstreamed: modifies the generated code
-Patch: gnutls-3.7.2-enable-intel-cet.patch
-# not upstreamed: to ignore GNUTLS_NO_EXPLICIT_INIT, for long-term support purposes
-Patch: gnutls-3.7.2-no-explicit-init.patch
-# not upstreamed: to avoid any inconsistency between algorithms enabled through API vs the ones enabled through config file, for long-term support purposes
-Patch: gnutls-3.7.3-disable-config-reload.patch
-# not upstreamed, reseed source DRBG for prediction resistance
-Patch: gnutls-3.7.6-drbg-reseed.patch
-# not upstreamed: see https://gitlab.com/gnutls/gnutls/-/issues/1443
-Patch: gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch
-# not upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1932
-Patch: gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch
-# usptreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
-Patch: gnutls-3.8.10-tests-ktls.patch
-# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
-Patch: gnutls-3.8.10-tests-mldsa.patch
-# not yet upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990/diffs?commit_id=993a8055c03b60c95fc65962ed82adc80b049a9a
-Patch: gnutls-3.8.10-keyupdate.patch
-
-%bcond_without bootstrap
-%bcond_without dane
-%bcond_without fips
-%bcond_with tpm12
-%bcond_without tpm2
-%if 0%{?rhel} >= 9
-%bcond_with gost
-%else
-%bcond_without gost
-%endif
-%bcond_without certificate_compression
-%bcond_without leancrypto
-%bcond_without tests
-
-%if 0%{?fedora} && 0%{?fedora} < 38
-%bcond_without srp
-%else
-%bcond_with srp
-%endif
-
-%if 0%{?fedora}
-%bcond_without mingw
-%else
-%bcond_with mingw
-%endif
-
-%if 0%{?rhel} >= 9 && %{with fips}
-%bcond_without bundled_gmp
-%else
-%bcond_with bundled_gmp
-%endif
-
-%if 0%{?rhel} >= 10 && %{with fips}
-%bcond_without bundled_nettle
-%else
-%bcond_with bundled_nettle
-%endif
-
-
-%define fips_requires() %{lua:
-local f = assert(io.popen("rpm -q --queryformat '%{EVR}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))
-local v = f:read("*all")
-f:close()
-print("Requires: "..rpm.expand("%1%{?_isa}").." = "..v.."\\n")
-}
-
-Summary: A TLS protocol implementation
-Name: gnutls
-# The libraries are LGPLv2.1+, utilities are GPLv3+
-License: GPL-3.0-or-later AND LGPL-2.1-or-later
-BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
-BuildRequires: readline-devel, libtasn1-devel >= 4.3
-%if %{with certificate_compression}
-BuildRequires: zlib-devel, brotli-devel, libzstd-devel
-%endif
-%if %{with bootstrap}
-BuildRequires: automake, autoconf, gperf, libtool, texinfo
-%endif
-%if !%{with bundled_nettle}
-BuildRequires: nettle-devel >= 3.10.1
-%endif
-%if %{with leancrypto}
-BuildRequires: meson
-%endif
-%if %{with tpm12}
-BuildRequires: trousers-devel >= 0.3.11.2
-%endif
-%if %{with tpm2}
-BuildRequires: tpm2-tss-devel >= 3.0.3
-%endif
-BuildRequires: libidn2-devel
-BuildRequires: libunistring-devel
-BuildRequires: net-tools, softhsm, gcc, gcc-c++
-BuildRequires: gnupg2
-BuildRequires: git-core
-
-# for a sanity check on cert loading
-BuildRequires: p11-kit-trust, ca-certificates
-Requires: crypto-policies
-Requires: p11-kit-trust
-Requires: libtasn1 >= 4.3
-%if !%{with bundled_nettle}
-# always bump when a nettle release is packaged
-Requires: nettle >= 3.10.1
-%endif
-%if %{with tpm12}
-Recommends: trousers >= 0.3.11.2
-%endif
-
-%if %{with dane}
-BuildRequires: unbound-devel unbound-libs
-%endif
-BuildRequires: make gtk-doc
-
-%if %{with mingw}
-BuildRequires:  mingw32-filesystem >= 95
-BuildRequires:  mingw32-gcc
-BuildRequires:  mingw32-gcc-c++
-BuildRequires:  mingw32-libtasn1 >= 4.3
-BuildRequires:  mingw32-readline
-BuildRequires:  mingw32-zlib
-BuildRequires:  mingw32-p11-kit >= 0.23.1
-BuildRequires:  mingw32-nettle >= 3.6
-BuildRequires:  mingw64-filesystem >= 95
-BuildRequires:  mingw64-gcc
-BuildRequires:  mingw64-gcc-c++
-BuildRequires:  mingw64-libtasn1 >= 4.3
-BuildRequires:  mingw64-readline
-BuildRequires:  mingw64-zlib
-BuildRequires:  mingw64-p11-kit >= 0.23.1
-BuildRequires:  mingw64-nettle >= 3.6
-%endif
-
-URL: http://www.gnutls.org/
-%define short_version %(echo %{version} | grep -m1 -o "[0-9]*\.[0-9]*" | head -1)
-Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz
-Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz.sig
-Source2: https://gnutls.org/gnutls-release-keyring.gpg
-
-%if %{with bundled_gmp}
-Source100:	gmp-6.2.1.tar.xz
-# Taken from the main gmp package
-Source101:	gmp-6.2.1-intel-cet.patch
-%endif
-
-%if %{with bundled_nettle}
-Source200:	nettle-3.10.1.tar.gz
-Source201:	nettle-3.10.1.tar.gz.sig
-Source202:	nettle-release-keyring.gpg
-# Taken from the main nettle package
-Source203:	nettle-3.8-zeroize-stack.patch
-Source204:	nettle-3.10-hobble-to-configure.patch
-%endif
-
-%if %{with leancrypto}
-Source300:	leancrypto-1.5.0.tar.gz
-%endif
-
-# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
-Provides: bundled(gnulib) = 20130424
-
-%package c++
-Summary: The C++ interface to GnuTLS
-Requires: %{name}%{?_isa} = %{version}-%{release}
-
-%package devel
-Summary: Development files for the %{name} package
-Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires: %{name}-c++%{?_isa} = %{version}-%{release}
-%if %{with dane}
-Requires: %{name}-dane%{?_isa} = %{version}-%{release}
-%endif
-Requires: pkgconfig
-
-%package utils
-License: GPL-3.0-or-later
-Summary: Command line tools for TLS protocol
-Requires: %{name}%{?_isa} = %{version}-%{release}
-%if %{with dane}
-Requires: %{name}-dane%{?_isa} = %{version}-%{release}
-%endif
-
-%if %{with dane}
-%package dane
-Summary: A DANE protocol implementation for GnuTLS
-Requires: %{name}%{?_isa} = %{version}-%{release}
-%endif
-
-%if %{with fips}
-%package fips
-Summary: Virtual package to install packages required to use %{name} under FIPS mode
-Requires: %{name}%{?_isa} = %{version}-%{release}
-%if !%{with bundled_nettle}
-%{fips_requires nettle}
-%endif
-%if !%{with bundled_gmp}
-%{fips_requires gmp}
-%endif
-%endif
-
-%description
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS 
-protocols and technologies around them. It provides a simple C language 
-application programming interface (API) to access the secure communications 
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and 
-other required structures. 
-
-%description c++
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS 
-protocols and technologies around them. It provides a simple C language 
-application programming interface (API) to access the secure communications 
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and 
-other required structures. 
-
-%description devel
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS 
-protocols and technologies around them. It provides a simple C language 
-application programming interface (API) to access the secure communications 
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and 
-other required structures. 
-This package contains files needed for developing applications with
-the GnuTLS library.
-
-%description utils
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS 
-protocols and technologies around them. It provides a simple C language 
-application programming interface (API) to access the secure communications 
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and 
-other required structures. 
-This package contains command line TLS client and server and certificate
-manipulation tools.
-
-%if %{with dane}
-%description dane
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS 
-protocols and technologies around them. It provides a simple C language 
-application programming interface (API) to access the secure communications 
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and 
-other required structures. 
-This package contains library that implements the DANE protocol for verifying
-TLS certificates through DNSSEC.
-%endif
-
-%if %{with fips}
-%description fips
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS 
-protocols and technologies around them. It provides a simple C language 
-application programming interface (API) to access the secure communications 
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and 
-other required structures.
-This package does not contain any file, but installs required packages
-to use GnuTLS under FIPS mode.
-%endif
-
-%if %{with mingw}
-%package -n mingw32-%{name}
-Summary:        MinGW GnuTLS TLS/SSL encryption library
-Requires:       pkgconfig
-Requires:       mingw32-libtasn1 >= 4.3
-BuildArch:      noarch
-
-%description -n mingw32-gnutls
-GnuTLS TLS/SSL encryption library.  This library is cross-compiled
-for MinGW.
-
-%package -n mingw64-%{name}
-Summary:        MinGW GnuTLS TLS/SSL encryption library
-Requires:       pkgconfig
-Requires:       mingw64-libtasn1 >= 4.3
-BuildArch:      noarch
-
-%description -n mingw64-gnutls
-GnuTLS TLS/SSL encryption library.  This library is cross-compiled
-for MinGW.
-
-%{?mingw_debug_package}
-%endif
-
-%prep
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-
-%autosetup -p1 -S git
-
-%if %{with bundled_gmp}
-mkdir -p bundled_gmp
-pushd bundled_gmp
-tar --strip-components=1 -xf %{SOURCE100}
-patch -p1 < %{SOURCE101}
-popd
-%endif
-
-%if %{with bundled_nettle}
-%{gpgverify} --keyring='%{SOURCE202}' --signature='%{SOURCE201}' --data='%{SOURCE200}'
-
-mkdir -p bundled_nettle
-pushd bundled_nettle
-tar --strip-components=1 -xf %{SOURCE200}
-patch -p1 < %{SOURCE203}
-patch -p1 < %{SOURCE204}
-popd
-%endif
-
-%if %{with leancrypto}
-mkdir -p bundled_leancrypto
-pushd bundled_leancrypto
-tar --strip-components=1 -xf %{SOURCE300}
-popd
-%endif
-
-%if %{with bundled_gmp}
-sed -i 's/@GMP_LIBS@//' lib/gnutls.pc.in
-%endif
-
-%build
-%define _lto_cflags %{nil}
-
-%if %{with bundled_gmp}
-pushd bundled_gmp
-autoreconf -ifv
-%configure --disable-cxx --disable-shared --enable-fat --with-pic
-%make_build
-popd
-
-export GMP_DIR="$PWD/bundled_gmp"
-export GMP_CFLAGS="-I$GMP_DIR"
-export GMP_LIBS="$GMP_DIR/.libs/libgmp.a"
-%endif
-
-%if %{with bundled_nettle}
-pushd bundled_nettle
-./.bootstrap
-
-# Disable -ggdb3 which makes debugedit unhappy
-sed s/ggdb3/g/ -i configure
-
-autoreconf -ifv
-# For annocheck
-export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
-%configure --disable-shared --enable-fat \
-	   --disable-sm3 --disable-sm4 \
-	   --disable-ecc-secp192r1 --disable-ecc-secp224r1 \
-	   --disable-documentation \
-	   --with-include-path="$GMP_DIR" \
-	   --with-lib-path="$GMP_DIR/.libs" \
-	   %{nil}
-%make_build
-ln -s . nettle
-popd
-
-export NETTLE_DIR="$PWD/bundled_nettle"
-
-export NETTLE_CFLAGS="-I$NETTLE_DIR"
-export NETTLE_LIBS="$NETTLE_DIR/libnettle.a"
-
-export HOGWEED_CFLAGS="-I$NETTLE_DIR"
-export HOGWEED_LIBS="$NETTLE_DIR/libhogweed.a $NETTLE_LIBS $GMP_LIBS"
-%endif
-
-%if %{with leancrypto}
-pushd bundled_leancrypto
-%set_build_flags
-meson setup -Dprefix="$PWD/install" -Dlibdir="$PWD/install/lib" \
-        -Ddefault_library=static \
-        -Dascon=disabled -Dascon_keccak=disabled \
-        -Dbike_5=disabled -Dbike_3=disabled -Dbike_1=disabled \
-        -Dkyber_x25519=disabled -Ddilithium_ed25519=disabled \
-        -Dx509_parser=disabled -Dx509_generator=disabled \
-        -Dpkcs7_parser=disabled -Dpkcs7_generator=disabled \
-        -Dsha2-256=disabled \
-        -Dchacha20=disabled -Dchacha20_drng=disabled \
-        -Ddrbg_hash=disabled -Ddrbg_hmac=disabled \
-        -Dhash_crypt=disabled \
-        -Dhmac=disabled -Dhkdf=disabled \
-        -Dkdf_ctr=disabled -Dkdf_fb=disabled -Dkdf_dpi=disabled \
-        -Dpbkdf2=disabled \
-        -Dkmac_drng=disabled -Dcshake_drng=disabled \
-        -Dhotp=disabled -Dtotp=disabled \
-        -Daes_block=disabled -Daes_cbc=disabled -Daes_ctr=disabled \
-        -Daes_kw=disabled -Dapps=disabled \
-        _build
-meson compile -v -C _build
-meson install -C _build
-
-popd
-
-export LEANCRYPTO_DIR="$PWD/bundled_leancrypto/install"
-
-export LEANCRYPTO_CFLAGS="-I$LEANCRYPTO_DIR/include"
-export LEANCRYPTO_LIBS="$LEANCRYPTO_DIR/lib/libleancrypto.a"
-%endif
-
-%if %{with bootstrap}
-autoreconf -fi
-%endif
-
-sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
-rm -f lib/minitasn1/*.c lib/minitasn1/*.h
-
-echo "SYSTEM=NORMAL" >> tests/system.prio
-
-CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
-export CCASFLAGS
-
-%if %{with fips}
-eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
-export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
-%endif
-
-mkdir native_build
-pushd native_build
-%global _configure ../configure
-%configure \
-%if %{with fips}
-           --enable-fips140-mode \
-           --with-fips140-module-name="$FIPS_MODULE_NAME" \
-           --with-fips140-module-version=%{version}-%{srpmhash} \
-%endif
-%if %{with gost}
-    	   --enable-gost \
-%else
-	   --disable-gost \
-%endif
-%if %{with srp}
-           --enable-srp-authentication \
-%endif
-%ifarch %{ix86}
-           --disable-year2038 \
-%endif
-	   --enable-sha1-support \
-           --disable-static \
-           --disable-openssl-compatibility \
-           --disable-non-suiteb-curves \
-           --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
-           --with-default-trust-store-pkcs11="pkcs11:" \
-%if %{with tpm12}
-           --with-trousers-lib=%{_libdir}/libtspi.so.1 \
-%else
-           --without-tpm \
-%endif
-%if %{with tpm2}
-           --with-tpm2 \
-%else
-           --without-tpm2 \
-%endif
-           --enable-ktls \
-           --htmldir=%{_docdir}/manual \
-%if %{with dane}
-           --with-unbound-root-key-file=/var/lib/unbound/root.key \
-           --enable-libdane \
-%else
-           --disable-libdane \
-%endif
-%if %{with certificate_compression}
-	   --with-zlib --with-brotli --with-zstd \
-%else
-	   --without-zlib --without-brotli --without-zstd \
-%endif
-%if %{with leancrypto}
-           --with-leancrypto \
-%else
-           --without-leancrypto \
-%endif
-           --disable-rpath \
-           --with-default-priority-string="@SYSTEM"
-
-%make_build
-
-%if %{with bundled_nettle}
-sed -i '/^Requires.private:/s/\(nettle\|hogweed\)[ ,]*//g' lib/gnutls.pc
-%endif
-
-%if %{with leancrypto}
-sed -i '/^Requires.private:/s/leancrypto[ ,]*//g' lib/gnutls.pc
-%endif
-
-popd
-
-%if %{with mingw}
-# MinGW does not support CCASFLAGS
-export CCASFLAGS=""
-%mingw_configure \
-%if %{with srp}
-    --enable-srp-authentication \
-%endif
-    --enable-sha1-support \
-    --disable-static \
-    --disable-openssl-compatibility \
-    --disable-non-suiteb-curves \
-    --disable-libdane \
-    --disable-rpath \
-    --disable-nls \
-    --disable-cxx \
-    --enable-shared \
-    --without-tpm \
-    --with-included-unistring \
-    --disable-doc \
-    --with-default-priority-string="@SYSTEM"
-%mingw_make %{?_smp_mflags}
-%endif
-
-%install
-%make_install -C native_build
-pushd native_build
-make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
-rm -f $RPM_BUILD_ROOT%{_infodir}/dir
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-%if %{without dane}
-rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
-%endif
-
-%if %{with fips}
-# doing it twice should be a no-op the second time,
-# and this way we avoid redefining it and missing a future change
-%global __debug_package 1
-%{__spec_install_post}
-fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*`
-./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
-sed -i "s^$RPM_BUILD_ROOT/usr^^" "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
-ln -s ".$fname.hmac" "$RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac"
-%endif
-
-%if %{with fips}
-%define __spec_install_post \
-	%{?__debug_package:%{__debug_install_post}} \
-	%{__arch_install_post} \
-	%{__os_install_post} \
-%{nil}
-%endif
-
-%find_lang gnutls
-popd
-
-%if %{with mingw}
-%mingw_make_install
-
-# Remove .la files
-rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/*.la
-rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/*.la
-
-# The .def files aren't interesting for other binaries
-rm -f $RPM_BUILD_ROOT%{mingw32_bindir}/*.def
-rm -f $RPM_BUILD_ROOT%{mingw64_bindir}/*.def
-
-# Remove info and man pages which duplicate stuff in Fedora already.
-rm -rf $RPM_BUILD_ROOT%{mingw32_infodir}
-rm -rf $RPM_BUILD_ROOT%{mingw32_mandir}
-rm -rf $RPM_BUILD_ROOT%{mingw32_docdir}/gnutls
-
-rm -rf $RPM_BUILD_ROOT%{mingw64_infodir}
-rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
-rm -rf $RPM_BUILD_ROOT%{mingw64_docdir}/gnutls
-
-# Remove test libraries
-rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/crypt32.dll*
-rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/ncrypt.dll*
-rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/crypt32.dll*
-rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/ncrypt.dll*
-
-%mingw_debug_install_post
-%endif
-
-%check
-%if %{with tests}
-pushd native_build
-make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { cat tests/test-suite.log tests/cert-tests/test-suite.log tests/slow/test-suite.log src/gl/tests/test-suite.log; exit 1; }
-popd
-%endif
-
-%files -f native_build/gnutls.lang
-%{_libdir}/libgnutls.so.30*
-%if %{with fips}
-%{_libdir}/.libgnutls.so.30*.hmac
-%endif
-%doc README.md AUTHORS NEWS THANKS
-%license COPYING COPYING.LESSERv2
-
-%files c++
-%{_libdir}/libgnutlsxx.so.*
-
-%files devel
-%{_includedir}/*
-%{_libdir}/libgnutls*.so
-
-%{_libdir}/pkgconfig/*.pc
-%{_mandir}/man3/*
-%{_infodir}/gnutls*
-%{_infodir}/pkcs11-vision*
-%{_docdir}/manual/*
-
-%files utils
-%{_bindir}/certtool
-%if %{with tpm12}
-%{_bindir}/tpmtool
-%endif
-%{_bindir}/ocsptool
-%{_bindir}/psktool
-%{_bindir}/p11tool
-%if %{with srp}
-%{_bindir}/srptool
-%endif
-%if %{with dane}
-%{_bindir}/danetool
-%endif
-%{_bindir}/gnutls*
-%{_mandir}/man1/*
-%doc doc/certtool.cfg
-
-%if %{with dane}
-%files dane
-%{_libdir}/libgnutls-dane.so.*
-%endif
-
-%if %{with fips}
-%files fips
-%endif
-
-%if %{with mingw}
-%files -n mingw32-%{name}
-%license COPYING COPYING.LESSERv2
-%{mingw32_bindir}/certtool.exe
-%{mingw32_bindir}/gnutls-cli-debug.exe
-%{mingw32_bindir}/gnutls-cli.exe
-%{mingw32_bindir}/gnutls-serv.exe
-%{mingw32_bindir}/libgnutls-30.dll
-%{mingw32_bindir}/ocsptool.exe
-%{mingw32_bindir}/p11tool.exe
-%{mingw32_bindir}/psktool.exe
-%if %{with srp}
-%{mingw32_bindir}/srptool.exe
-%endif
-%{mingw32_libdir}/libgnutls.dll.a
-%{mingw32_libdir}/libgnutls-30.def
-%{mingw32_libdir}/pkgconfig/gnutls.pc
-%{mingw32_includedir}/gnutls/
-
-%files -n mingw64-%{name}
-%license COPYING COPYING.LESSERv2
-%{mingw64_bindir}/certtool.exe
-%{mingw64_bindir}/gnutls-cli-debug.exe
-%{mingw64_bindir}/gnutls-cli.exe
-%{mingw64_bindir}/gnutls-serv.exe
-%{mingw64_bindir}/libgnutls-30.dll
-%{mingw64_bindir}/ocsptool.exe
-%{mingw64_bindir}/p11tool.exe
-%{mingw64_bindir}/psktool.exe
-%if %{with srp}
-%{mingw64_bindir}/srptool.exe
-%endif
-%{mingw64_libdir}/libgnutls.dll.a
-%{mingw64_libdir}/libgnutls-30.def
-%{mingw64_libdir}/pkgconfig/gnutls.pc
-%{mingw64_includedir}/gnutls/
-%endif
-
-%changelog
-## START: Generated by rpmautospec
-* Fri Aug 01 2025 Daiki Ueno <dueno@redhat.com> - 3.8.10-2
-- key_update: rework the rekeying logic
-
-* Thu Jul 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.10-1
-- Update to 3.8.10 upstream release
-
-* Fri Jul 04 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-19
-- algorithms: assign hash strength to ML-DSA signature algorithms
-
-* Wed Jun 25 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-18
-- nettle/pk: mark ML-DSA as FIPS-unapproved
-
-* Thu Jun 19 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-17
-- Enable ML-DSA at TLS 1.3 level
-
-* Thu May 08 2025 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.9-16
-- Preserve ARM registers, reenable ARM assembly
-
-* Wed May 07 2025 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.9-15
-- Disable assembly on aarch64 as a stopgap measure
-
-* Thu Apr 24 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-14
-- tests: make pqc-hybrid-kx.sh work when system time set beyond 2038
-
-* Tue Apr 22 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-13
-- Update gnutls-3.8.9-cli-earlydata.patch to the upstream version
-
-* Mon Apr 14 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-12
-- Update leancrypto to 1.3.0
-
-* Mon Feb 17 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-11
-- Improve 0-RTT handling in commands
-
-* Mon Feb 17 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-10
-- Update bundled nettle to 3.10.1
-
-* Thu Feb 13 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-9
-- Update leancrypto-1.2.0-intel-cet.patch
-
-* Thu Feb 13 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-8
-- handshake: only shuffle extensions in the first Client Hello
-
-* Thu Feb 13 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-7
-- Enable Intel CET in leancrypto
-
-* Wed Feb 12 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-6
-- Update gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch
-
-* Tue Feb 11 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-5
-- Increase verbosity level of leancrypto compilation
-
-* Tue Feb 11 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-4
-- Fix static linking to libhogweed.a
-
-* Mon Feb 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-3
-- fips: perform only signature PCT for all RSA algorithms
-
-* Mon Feb 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-2
-- Switch from liboqs to leancrypto
-
-* Mon Feb 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-1
-- Update to 3.8.9 release
-
-* Tue Nov 05 2024 Daiki Ueno <dueno@redhat.com> - 3.8.8-1
-- Update to 3.8.8 upstream release
-
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.8.7-6
-- Bump release for October 2024 mass rebuild:
-
-* Thu Oct 10 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-5
-- Disable GOST in RHEL-9 or later
-
-* Tue Oct 08 2024 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.7-4
-- Initial CI and gating setup for RHEL-10
-
-* Wed Aug 21 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-3
-- Fix issues in bundling nettle
-
-* Tue Aug 20 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-2
-- Statically link to Nettle libraries
-
-* Fri Aug 16 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-1
-- Update to 3.8.7 upstream release
-
-* Thu Aug 15 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-7
-- Forward port downstream patches from c9s
-
-* Mon Jul 29 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-6
-- liboqs: check whether Kyber768 is compiled in
-
-* Sat Jul 27 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-5
-- Fix configure check on nettle_rsa_oaep_* functions
-
-* Sat Jul 27 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-4
-- Enable X25519Kyber768Draft00 key exchange in TLS
-
-* Sat Jul 27 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-3
-- Switch to using dlwrap for loading compression libraries
-
-* Sat Jul 27 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 3.8.6-2
-- Fix FIPS build with RPM 4.20
-
-* Sat Jul 27 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.6-1
-- Update to 3.8.6 upstream release
-
-* Tue Jul 02 2024 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.5-7
-- Rebuild against nettle-3.9.1-11.el10
-
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.8.5-6
-- Bump release for June 2024 mass rebuild
-
-* Mon Jun 17 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.5-5
-- Build with certificate compression enabled
-
-* Thu May 16 2024 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.5-4
-- Add gmp tarball to sources file, add gmp patch
-
-* Thu May 16 2024 Daiki Ueno <dueno@redhat.com> - 3.8.5-3
-- Add bcond to statically link to GMP
-
-* Thu May 16 2024 Daiki Ueno <dueno@redhat.com> - 3.8.5-2
-- Add virtual package to pull in nettle/gmp dependencies for FIPS
-
-* Thu May 16 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.5-1
-- 3.8.5 upstream release
-
-* Thu May 16 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.4-1
-- 3.8.4 upstream release
-
-* Thu May 16 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.3-3
-- Fix mingw build failure
-
-* Wed Jan 24 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.3-2
-- Update keyring
-
-* Tue Jan 23 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.3-1
-- [packit] 3.8.3 upstream release
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Tue Dec 12 2023 Simon de Vlieger <cmdr@supakeen.com> - 3.8.2-3
-- Bump Nettle dependency.
-
-* Fri Dec 01 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-2
-- Tentatively revert newly added Ed448 keys support in PKCS#11
-
-* Wed Nov 22 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-1
-- [packit] 3.8.2 upstream release
-
-* Wed Nov 22 2023 Daiki Ueno <dueno@redhat.com> - 3.8.1-4
-- Remove patches no longer needed in 3.8.2
-
-* Thu Nov 09 2023 Daiki Ueno <dueno@redhat.com> - 3.8.1-3
-- Skip KTLS test if the host kernel is older than 5.11
-
-* Tue Aug 29 2023 Stephen Gallagher <sgallagh@redhat.com> - 3.8.1-2
-- Don't build with SRP on RHEL
-
-* Fri Aug 25 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.8.1-1
-- [packit] 3.8.1 upstream release
-
-* Thu Aug 24 2023 Daiki Ueno <dueno@redhat.com> - 3.8.0-8
-- Migrate License field to SPDX license identifier
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue May 23 2023 Peter Leitmann <peto.leitmann@gmail.com> - 3.8.0-6
-- Add TMT interop tests
-
-* Thu Apr 13 2023 Daiki Ueno <dueno@redhat.com> - 3.8.0-5
-- Fix leftover of the previous %%bcond change
-
-* Tue Apr 11 2023 Daiki Ueno <dueno@redhat.com>
-- Use %%bcond instead of %%global for srp and mingw support
-
-* Sat Mar 11 2023 Richard W.M. Jones <rjones@redhat.com> - 3.8.0-3
-- Fix desychronisation with kTLS:
-  https://gitlab.com/gnutls/gnutls/-/issues/1470
-
-* Thu Mar 02 2023 Daniel P. Berrangé <berrange@redhat.com> - 3.8.0-2
-- Disable GNULIB's year2038 support for 64-bit time_t
-
-* Thu Feb 16 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.8.0-1
-- [packit] 3.8.0 upstream release
-
-* Tue Feb 14 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-14
-- Prepare for release
-
-* Fri Jan 20 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.7.8-13
-- KTLS: disable ktls_keyupdate & tls1.2 chachapoly tests
-
-* Fri Jan 20 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.7.8-12
-- KTLS additional ciphersuites
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.8-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Wed Dec 14 2022 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.7.8-10
-- gcc-analyzer: suppress warnings
-
-* Thu Oct 27 2022 Daniel P. Berrangé <berrange@redhat.com> - 3.7.8-9
-- Cross-compiled mingw sub-RPMs should be 'noarch'
-
-* Wed Oct 19 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-8
-- Add conditions for mingw
-
-* Tue Oct 18 2022 Michael Cronenworth <mike@cchtml.com> - 3.7.8-6
-- Initial MinGW package support
-
-* Tue Oct 18 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-5
-- Use make macros
-
-* Tue Oct 18 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-4
-- RPMAUTOSPEC: unresolvable merge
-## END: Generated by rpmautospec

nettle-3.10-hobble-to-configure.patch

@@ -1,749 +0,0 @@
-From 499fab03ff0b46c2328992595b057ae8db63d544 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Wed, 24 Jul 2024 15:19:01 +0900
-Subject: [PATCH 1/3] Add --disable-sm3 configure option
-
-Signed-off-by: Daiki Ueno <dueno@redhat.com>
----
- Makefile.in                 |  8 +++++---
- configure.ac                | 14 ++++++++++++++
- examples/nettle-benchmark.c |  8 +++++++-
- nettle-meta-hashes.c        |  2 ++
- nettle-meta-macs.c          |  2 ++
- testsuite/Makefile.in       |  4 +++-
- testsuite/hmac-test.c       |  2 ++
- testsuite/meta-hash-test.c  |  2 ++
- testsuite/meta-mac-test.c   |  2 ++
- 9 files changed, 39 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 71ad761e..cb7b3d99 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -123,11 +123,11 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
- 		 gost28147.c gosthash94.c gosthash94-meta.c \
- 		 hmac.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \
- 		 hmac-sha1.c hmac-sha224.c hmac-sha256.c hmac-sha384.c \
--		 hmac-sha512.c hmac-streebog.c hmac-sm3.c \
-+		 hmac-sha512.c hmac-streebog.c \
- 		 hmac-md5-meta.c hmac-ripemd160-meta.c hmac-sha1-meta.c \
- 		 hmac-sha224-meta.c hmac-sha256-meta.c hmac-sha384-meta.c \
- 		 hmac-sha512-meta.c hmac-gosthash94-meta.c \
--		 hmac-streebog-meta.c hmac-sm3-meta.c \
-+		 hmac-streebog-meta.c \
- 		 knuth-lfib.c hkdf.c \
- 		 md2.c md2-meta.c md4.c md4-meta.c \
- 		 md5.c md5-compat.c md5-meta.c \
-@@ -153,7 +153,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
- 		 sha3-224.c sha3-224-meta.c sha3-256.c sha3-256-meta.c \
- 		 sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c \
- 		 sha3-shake.c shake128.c shake256.c \
--		 sm3.c sm3-meta.c \
- 		 serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \
- 		 serpent-meta.c \
- 		 streebog.c streebog-meta.c \
-@@ -228,6 +227,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \
- 		  ed448-shake256.c ed448-shake256-pubkey.c \
- 		  ed448-shake256-sign.c ed448-shake256-verify.c
- 
-+
-+nettle_SOURCES += @IF_SM3@ hmac-sm3.c hmac-sm3-meta.c sm3.c sm3-meta.c
-+
- OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
- 
- HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \
-diff --git a/configure.ac b/configure.ac
-index 7c003bb7..fe174919 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -124,6 +124,10 @@ AC_ARG_ENABLE(mini-gmp,
-   AS_HELP_STRING([--enable-mini-gmp], [Enable mini-gmp, used instead of libgmp.]),,
-   [enable_mini_gmp=no])
- 
-+AC_ARG_ENABLE(sm3,
-+  AS_HELP_STRING([--disable-sm3], [Disable SM3 hash algorithm]),,
-+  [enable_sm3=yes])
-+
- AC_ARG_VAR(ASM_FLAGS, [Extra flags for processing assembly source files])
- 
- if test "x$enable_mini_gmp" = xyes ; then
-@@ -1157,6 +1161,15 @@ else
-   IF_MINI_GMP='#'
- fi
-   
-+AH_TEMPLATE([WITH_SM3], [Defined if SM3 hash algorithm is enabled])
-+
-+if test "x$enable_sm3" = xyes ; then
-+  AC_DEFINE(WITH_SM3)
-+  IF_SM3=''
-+else
-+  IF_SM3='#'
-+fi
-+
- AC_SUBST(IF_HOGWEED)
- AC_SUBST(IF_STATIC)
- AC_SUBST(IF_SHARED)
-@@ -1165,6 +1178,7 @@ AC_SUBST(IF_DLOPEN_TEST)
- AC_SUBST(IF_DOCUMENTATION)
- AC_SUBST(IF_DLL)
- AC_SUBST(IF_MINI_GMP)
-+AC_SUBST(IF_SM3)
- 
- OPENSSL_LIBFLAGS=''
- 
-diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
-index 2a11a694..36835854 100644
---- a/examples/nettle-benchmark.c
-+++ b/examples/nettle-benchmark.c
-@@ -901,6 +901,12 @@ bench_ghash_update(void)
- # define OPENSSL(x)
- #endif
- 
-+#if WITH_SM3
-+# define SM3(x) x,
-+#else
-+# define SM3(x)
-+#endif
-+
- int
- main(int argc, char **argv)
- {
-@@ -920,7 +926,7 @@ main(int argc, char **argv)
-       &nettle_sha3_384, &nettle_sha3_512,
-       &nettle_ripemd160, &nettle_gosthash94,
-       &nettle_gosthash94cp, &nettle_streebog256,
--      &nettle_streebog512, &nettle_sm3,
-+      &nettle_streebog512, SM3(&nettle_sm3)
-       NULL
-     };
- 
-diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c
-index 2245dfb7..6d4563d9 100644
---- a/nettle-meta-hashes.c
-+++ b/nettle-meta-hashes.c
-@@ -57,7 +57,9 @@ const struct nettle_hash * const _nettle_hashes[] = {
-   &nettle_sha3_512,
-   &nettle_streebog256,
-   &nettle_streebog512,
-+#if WITH_SM3
-   &nettle_sm3,
-+#endif
-   NULL
- };
- 
-diff --git a/nettle-meta-macs.c b/nettle-meta-macs.c
-index 48b2176e..866f0766 100644
---- a/nettle-meta-macs.c
-+++ b/nettle-meta-macs.c
-@@ -52,7 +52,9 @@ const struct nettle_mac * const _nettle_macs[] = {
-   &nettle_hmac_sha512,
-   &nettle_hmac_streebog256,
-   &nettle_hmac_streebog512,
-+#if WITH_SM3
-   &nettle_hmac_sm3,
-+#endif
-   NULL
- };
- 
-diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
-index 0699fa0d..a45ddf77 100644
---- a/testsuite/Makefile.in
-+++ b/testsuite/Makefile.in
-@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c aes-keywrap-test.c arcfour-test.c arctwo-test.c \
- 		    sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
- 		    sha3-384-test.c sha3-512-test.c \
- 		    shake128-test.c shake256-test.c \
--		    streebog-test.c sm3-test.c sm4-test.c \
-+		    streebog-test.c sm4-test.c \
- 		    serpent-test.c twofish-test.c version-test.c \
- 		    knuth-lfib-test.c \
- 		    cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \
-@@ -60,6 +60,8 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
- 		     gostdsa-sign-test.c gostdsa-verify-test.c \
- 		     gostdsa-keygen-test.c gostdsa-vko-test.c
- 
-+TS_NETTLE_SOURCES += @IF_SM3@ sm3-test.c
-+
- TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
- CXX_SOURCES = cxx-test.cxx
- 
-diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c
-index d7af2475..d34127bf 100644
---- a/testsuite/hmac-test.c
-+++ b/testsuite/hmac-test.c
-@@ -949,9 +949,11 @@ test_main (void)
- 	    SHEX("a1aa5f7de402d7b3d323f2991c8d4534"
- 		 "013137010a83754fd0af6d7cd4922ed9"));
- 
-+#if WITH_SM3
-   test_mac (&nettle_hmac_sm3, (nettle_hash_update_func*) hmac_sm3_set_key,
- 	    SDATA("monkey monkey monkey monkey"),
- 	    SDATA("abc"),
- 	    SHEX("7a9388e2ca5343b5d76e7c2c3d84f239"
- 		 "f306c0b60d5e0dc4d2771e42860a6a2b"));
-+#endif
- }
-diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c
-index ec4e0d1e..8427e0a1 100644
---- a/testsuite/meta-hash-test.c
-+++ b/testsuite/meta-hash-test.c
-@@ -24,7 +24,9 @@ const char* hashes[] = {
-   "sha3_512",
-   "streebog256",
-   "streebog512",
-+#if WITH_SM3
-   "sm3",
-+#endif
- };
- 
- void
-diff --git a/testsuite/meta-mac-test.c b/testsuite/meta-mac-test.c
-index 6c848a88..c00efd3c 100644
---- a/testsuite/meta-mac-test.c
-+++ b/testsuite/meta-mac-test.c
-@@ -16,7 +16,9 @@ const char* macs[] = {
-   "hmac_sha512",
-   "hmac_streebog256",
-   "hmac_streebog512",
-+#if WITH_SM3
-   "hmac_sm3",
-+#endif
- };
- 
- void
--- 
-2.48.1
-
-
-From 04ef86ac0ad034f44b325cd6b0ff7880d64f762f Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Wed, 24 Jul 2024 15:28:13 +0900
-Subject: [PATCH 2/3] Add --disable-sm4 configure option
-
-Signed-off-by: Daiki Ueno <dueno@redhat.com>
----
- Makefile.in                  |  3 +--
- configure.ac                 | 14 ++++++++++++++
- examples/nettle-benchmark.c  |  8 +++++++-
- nettle-meta-aeads.c          |  2 ++
- nettle-meta-ciphers.c        |  2 ++
- testsuite/Makefile.in        |  3 ++-
- testsuite/gcm-test.c         |  2 ++
- testsuite/meta-aead-test.c   |  2 ++
- testsuite/meta-cipher-test.c |  4 +++-
- 9 files changed, 35 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index cb7b3d99..9c8b8b59 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -117,7 +117,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
- 		 gcm-aes256.c gcm-aes256-meta.c \
- 		 gcm-camellia128.c gcm-camellia128-meta.c \
- 		 gcm-camellia256.c gcm-camellia256-meta.c \
--		 gcm-sm4.c gcm-sm4-meta.c \
- 		 cmac.c cmac64.c cmac-aes128.c cmac-aes256.c cmac-des3.c \
- 		 cmac-aes128-meta.c cmac-aes256-meta.c cmac-des3-meta.c \
- 		 gost28147.c gosthash94.c gosthash94-meta.c \
-@@ -157,7 +156,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
- 		 serpent-meta.c \
- 		 streebog.c streebog-meta.c \
- 		 twofish.c twofish-meta.c \
--		 sm4.c sm4-meta.c \
- 		 umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \
- 		 umac-poly64.c umac-poly128.c umac-set-key.c \
- 		 umac32.c umac64.c umac96.c umac128.c \
-@@ -229,6 +227,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
- 
- 
- nettle_SOURCES += @IF_SM3@ hmac-sm3.c hmac-sm3-meta.c sm3.c sm3-meta.c
-+nettle_SOURCES += @IF_SM4@ gcm-sm4.c gcm-sm4-meta.c sm4.c sm4-meta.c
- 
- OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
- 
-diff --git a/configure.ac b/configure.ac
-index fe174919..494c7d2c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -128,6 +128,10 @@ AC_ARG_ENABLE(sm3,
-   AS_HELP_STRING([--disable-sm3], [Disable SM3 hash algorithm]),,
-   [enable_sm3=yes])
- 
-+AC_ARG_ENABLE(sm4,
-+  AS_HELP_STRING([--disable-sm4], [Disable SM4 symmetric cipher algorithm]),,
-+  [enable_sm4=yes])
-+
- AC_ARG_VAR(ASM_FLAGS, [Extra flags for processing assembly source files])
- 
- if test "x$enable_mini_gmp" = xyes ; then
-@@ -1170,6 +1174,15 @@ else
-   IF_SM3='#'
- fi
- 
-+AH_TEMPLATE([WITH_SM4], [Defined if SM4 symmetric cipher is enabled])
-+
-+if test "x$enable_sm4" = xyes ; then
-+  AC_DEFINE(WITH_SM4)
-+  IF_SM4=''
-+else
-+  IF_SM4='#'
-+fi
-+
- AC_SUBST(IF_HOGWEED)
- AC_SUBST(IF_STATIC)
- AC_SUBST(IF_SHARED)
-@@ -1179,6 +1192,7 @@ AC_SUBST(IF_DOCUMENTATION)
- AC_SUBST(IF_DLL)
- AC_SUBST(IF_MINI_GMP)
- AC_SUBST(IF_SM3)
-+AC_SUBST(IF_SM4)
- 
- OPENSSL_LIBFLAGS=''
- 
-diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
-index 36835854..66f92f6e 100644
---- a/examples/nettle-benchmark.c
-+++ b/examples/nettle-benchmark.c
-@@ -907,6 +907,12 @@ bench_ghash_update(void)
- # define SM3(x)
- #endif
- 
-+#if WITH_SM4
-+# define SM4(x) x,
-+#else
-+# define SM4(x)
-+#endif
-+
- int
- main(int argc, char **argv)
- {
-@@ -943,7 +949,7 @@ main(int argc, char **argv)
-       &nettle_des3,
-       &nettle_serpent256,
-       &nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
--      &nettle_sm4,
-+      SM4(&nettle_sm4)
-       NULL
-     };
- 
-diff --git a/nettle-meta-aeads.c b/nettle-meta-aeads.c
-index 78f38a3c..c94fecd5 100644
---- a/nettle-meta-aeads.c
-+++ b/nettle-meta-aeads.c
-@@ -43,7 +43,9 @@ const struct nettle_aead * const _nettle_aeads[] = {
-   &nettle_gcm_aes256,
-   &nettle_gcm_camellia128,
-   &nettle_gcm_camellia256,
-+#if WITH_SM4
-   &nettle_gcm_sm4,
-+#endif
-   &nettle_eax_aes128,
-   &nettle_chacha_poly1305,
-   NULL
-diff --git a/nettle-meta-ciphers.c b/nettle-meta-ciphers.c
-index f8d691cf..6a84a43a 100644
---- a/nettle-meta-ciphers.c
-+++ b/nettle-meta-ciphers.c
-@@ -54,7 +54,9 @@ const struct nettle_cipher * const _nettle_ciphers[] = {
-   &nettle_arctwo64,
-   &nettle_arctwo128,
-   &nettle_arctwo_gutmann128,
-+#if WITH_SM4
-   &nettle_sm4,
-+#endif
-   NULL
- };
- 
-diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
-index a45ddf77..3483f409 100644
---- a/testsuite/Makefile.in
-+++ b/testsuite/Makefile.in
-@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c aes-keywrap-test.c arcfour-test.c arctwo-test.c \
- 		    sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
- 		    sha3-384-test.c sha3-512-test.c \
- 		    shake128-test.c shake256-test.c \
--		    streebog-test.c sm4-test.c \
-+		    streebog-test.c \
- 		    serpent-test.c twofish-test.c version-test.c \
- 		    knuth-lfib-test.c \
- 		    cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \
-@@ -61,6 +61,7 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
- 		     gostdsa-keygen-test.c gostdsa-vko-test.c
- 
- TS_NETTLE_SOURCES += @IF_SM3@ sm3-test.c
-+TS_NETTLE_SOURCES += @IF_SM4@ sm4-test.c
- 
- TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
- CXX_SOURCES = cxx-test.cxx
-diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c
-index e8228ed7..fad9184a 100644
---- a/testsuite/gcm-test.c
-+++ b/testsuite/gcm-test.c
-@@ -825,6 +825,7 @@ test_main(void)
- 		 "16aedbf5a0de6a57 a637b39b"),	/* iv */
- 	    SHEX("5791883f822013f8bd136fc36fb9946b"));	/* tag */
- 
-+#if WITH_SM4
-   /*
-    * GCM-SM4 Test Vectors from
-    * https://datatracker.ietf.org/doc/html/rfc8998
-@@ -842,6 +843,7 @@ test_main(void)
- 	         "A56834CBCF98C397B4024A2691233B8D"),
- 	    SHEX("00001234567800000000ABCD"),
- 	    SHEX("83DE3541E4C2B58177E065A9BF7B62EC"));
-+#endif
- 
-   /* Test gcm_hash, with varying message size, keys and iv all zero.
-      Not compared to any other implementation. */
-diff --git a/testsuite/meta-aead-test.c b/testsuite/meta-aead-test.c
-index ceeca227..d1a3193f 100644
---- a/testsuite/meta-aead-test.c
-+++ b/testsuite/meta-aead-test.c
-@@ -8,7 +8,9 @@ const char* aeads[] = {
-   "gcm_aes256",
-   "gcm_camellia128",
-   "gcm_camellia256",
-+#if WITH_SM4
-   "gcm_sm4",
-+#endif
-   "eax_aes128",
-   "chacha_poly1305",
- };
-diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c
-index 912fac5a..b57fcbe1 100644
---- a/testsuite/meta-cipher-test.c
-+++ b/testsuite/meta-cipher-test.c
-@@ -20,7 +20,9 @@ const char* ciphers[] = {
-   "twofish128",
-   "twofish192",
-   "twofish256",
--  "sm4"
-+#if WITH_SM4
-+  "sm4",
-+#endif
- };
- 
- void
--- 
-2.48.1
-
-
-From cef5228a90257430d4151163c259bc83fd2f7900 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Thu, 22 Aug 2024 10:49:46 +0900
-Subject: [PATCH 3/3] Add --disable-ecc-{secp192r1,secp224r1} configure option
-
-Signed-off-by: Daiki Ueno <dueno@redhat.com>
----
- Makefile.in                   |  5 ++++-
- configure.ac                  | 36 ++++++++++++++++++++++++++++++++++-
- examples/ecc-benchmark.c      |  4 ++++
- examples/hogweed-benchmark.c  |  6 ++++++
- testsuite/ecdh-test.c         |  4 ++++
- testsuite/ecdsa-sign-test.c   |  6 ++++++
- testsuite/ecdsa-verify-test.c |  4 ++++
- testsuite/testutils.c         | 10 +++++++++-
- 8 files changed, 72 insertions(+), 3 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 9c8b8b59..1e9ed61c 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -202,7 +202,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
- 		  ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
- 		  ecc-curve25519.c ecc-curve448.c \
- 		  ecc-gost-gc256b.c ecc-gost-gc512a.c \
--		  ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
-+		  ecc-secp256r1.c \
- 		  ecc-secp384r1.c ecc-secp521r1.c \
- 		  ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
- 		  ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c ecc-nonsec-add-jjj.c \
-@@ -229,6 +229,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \
- nettle_SOURCES += @IF_SM3@ hmac-sm3.c hmac-sm3-meta.c sm3.c sm3-meta.c
- nettle_SOURCES += @IF_SM4@ gcm-sm4.c gcm-sm4-meta.c sm4.c sm4-meta.c
- 
-+hogweed_SOURCES += @IF_ECC_SECP192R1@ ecc-secp192r1.c
-+hogweed_SOURCES += @IF_ECC_SECP224R1@ ecc-secp224r1.c
-+
- OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
- 
- HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \
-diff --git a/configure.ac b/configure.ac
-index 494c7d2c..105640e1 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -132,6 +132,14 @@ AC_ARG_ENABLE(sm4,
-   AS_HELP_STRING([--disable-sm4], [Disable SM4 symmetric cipher algorithm]),,
-   [enable_sm4=yes])
- 
-+AC_ARG_ENABLE(ecc-secp192r1,
-+  AS_HELP_STRING([--disable-ecc-secp192r1], [Disable NIST secp192r1 curve]),,
-+  [enable_ecc_secp192r1=yes])
-+
-+AC_ARG_ENABLE(ecc-secp224r1,
-+  AS_HELP_STRING([--disable-ecc-secp224r1], [Disable NIST secp224r1 curve]),,
-+  [enable_ecc_secp224r1=yes])
-+
- AC_ARG_VAR(ASM_FLAGS, [Extra flags for processing assembly source files])
- 
- if test "x$enable_mini_gmp" = xyes ; then
-@@ -624,9 +632,15 @@ asm_nettle_optional_list="cpuid.asm cpu-facility.asm \
- 
- asm_hogweed_optional_list=""
- if test "x$enable_public_key" = "xyes" ; then
--  asm_hogweed_optional_list="ecc-secp192r1-modp.asm ecc-secp224r1-modp.asm \
-+  asm_hogweed_optional_list="\
-     ecc-secp256r1-redc.asm ecc-secp384r1-modp.asm ecc-secp521r1-modp.asm \
-     ecc-curve25519-modp.asm ecc-curve448-modp.asm"
-+  if test "x$enable_ecc_secp192r1" = "xyes" ; then
-+    asm_hogweed_optional_list="ecc-secp192r1-modp.asm $asm_hogweed_optional_list"
-+  fi
-+  if test "x$enable_ecc_secp224r1" = "xyes" ; then
-+    asm_hogweed_optional_list="ecc-secp224r1-modp.asm $asm_hogweed_optional_list"
-+  fi
- fi
- 
- OPT_NETTLE_OBJS=""
-@@ -1183,6 +1197,24 @@ else
-   IF_SM4='#'
- fi
- 
-+AH_TEMPLATE([WITH_ECC_SECP192R1], [Defined if NIST secp192r1 curve is enabled])
-+
-+if test "x$enable_ecc_secp192r1" = xyes ; then
-+  AC_DEFINE(WITH_ECC_SECP192R1)
-+  IF_ECC_SECP192R1=''
-+else
-+  IF_ECC_SECP192R1='#'
-+fi
-+
-+AH_TEMPLATE([WITH_ECC_SECP224R1], [Defined if NIST secp224r1 curve is enabled])
-+
-+if test "x$enable_ecc_secp224r1" = xyes ; then
-+  AC_DEFINE(WITH_ECC_SECP224R1)
-+  IF_ECC_SECP224R1=''
-+else
-+  IF_ECC_SECP224R1='#'
-+fi
-+
- AC_SUBST(IF_HOGWEED)
- AC_SUBST(IF_STATIC)
- AC_SUBST(IF_SHARED)
-@@ -1193,6 +1225,8 @@ AC_SUBST(IF_DLL)
- AC_SUBST(IF_MINI_GMP)
- AC_SUBST(IF_SM3)
- AC_SUBST(IF_SM4)
-+AC_SUBST(IF_ECC_SECP192R1)
-+AC_SUBST(IF_ECC_SECP224R1)
- 
- OPENSSL_LIBFLAGS=''
- 
-diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
-index 7e857f80..ebcced65 100644
---- a/examples/ecc-benchmark.c
-+++ b/examples/ecc-benchmark.c
-@@ -314,8 +314,12 @@ bench_curve (const struct ecc_curve *ecc)
- }
- 
- const struct ecc_curve * const curves[] = {
-+#if WITH_ECC_SECP192R1
-   &_nettle_secp_192r1,
-+#endif
-+#if WITH_ECC_SECP224R1
-   &_nettle_secp_224r1,
-+#endif
-   &_nettle_curve25519,
-   &_nettle_secp_256r1,
-   &_nettle_secp_384r1,
-diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
-index 3f858833..df608ffa 100644
---- a/examples/hogweed-benchmark.c
-+++ b/examples/hogweed-benchmark.c
-@@ -410,6 +410,7 @@ bench_ecdsa_init (unsigned size)
- 
-   switch (size)
-     {
-+#if WITH_ECC_SECP192R1
-     case 192:
-       ecc = &_nettle_secp_192r1;
-       xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
-@@ -418,6 +419,8 @@ bench_ecdsa_init (unsigned size)
-       ctx->digest = hash_string (&nettle_sha1, "abc");
-       ctx->digest_size = 20;
-       break;
-+#endif
-+#if WITH_ECC_SECP224R1
-     case 224:
-       ecc = &_nettle_secp_224r1;
-       xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
-@@ -426,6 +429,7 @@ bench_ecdsa_init (unsigned size)
-       ctx->digest = hash_string (&nettle_sha224, "abc");
-       ctx->digest_size = 28;
-       break;
-+#endif
- 
-       /* From RFC 4754 */
-     case 256:
-@@ -864,7 +868,9 @@ struct alg alg_list[] = {
- #if 0
-   { "dsa",2048, bench_dsa_init, bench_dsa_sign,   bench_dsa_verify, bench_dsa_clear },
- #endif
-+#if WITH_ECC_SECP192R1
-   { "ecdsa",  192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
-+#endif
-   { "ecdsa",  224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
-   { "ecdsa",  256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
-   { "ecdsa",  384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
-diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
-index ff4f7233..f852d813 100644
---- a/testsuite/ecdh-test.c
-+++ b/testsuite/ecdh-test.c
-@@ -159,6 +159,7 @@ test_public_key (const char *label, const struct ecc_curve *ecc,
- void
- test_main(void)
- {
-+#if WITH_ECC_SECP192R1
-   test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
-   test_public_key (
-     "(P,0) with secp-192r1", &_nettle_secp_192r1,
-@@ -188,7 +189,9 @@ test_main(void)
- 	   "293088185788565313717816218507714888251468410990708684573",
- 	   "149293809021051532782730990145509724807636529827149481690",
- 	   "2891131861147398318714693938158856874319184314120776776192");
-+#endif
- 
-+#if WITH_ECC_SECP224R1
-   test_dh ("secp-224r1", &_nettle_secp_224r1,
- 	   "1321072106881784386340709783538698930880431939595776773514895067682",
- 	   "6768311794185371282972144247871764855860666277647541840973645586477",
-@@ -198,6 +201,7 @@ test_main(void)
- 	   "24223309755162432227459925493224336241652868856405241018762887667883",
- 	   "8330362698029245839097779050425944245826040430538860338085968752913",
- 	   "24167244512472228715617822000878192535267113543393576038737592837010");	   
-+#endif
- 
-   test_dh ("secp-256r1", &_nettle_secp_256r1,
- 	   "94731533361265297353914491124013058635674217345912524033267198103710636378786",
-diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
-index 46fc2738..aa44adb5 100644
---- a/testsuite/ecdsa-sign-test.c
-+++ b/testsuite/ecdsa-sign-test.c
-@@ -74,6 +74,7 @@ test_main (void)
-   if (test_side_channel)
-     SKIP();
- #endif
-+#if WITH_ECC_SECP224R1
-   /* Producing the signature for corresponding test in
-      ecdsa-verify-test.c, with special u1 and u2. */
-   test_ecdsa (&_nettle_secp_224r1,
-@@ -86,6 +87,7 @@ test_main (void)
- 	      "d16dc18032d268fd1a704fa6", /* r */
- 	      "3a41e1423b1853e8aa89747b1f987364"
- 	      "44705d6d6d8371ea1f578f2e"); /* s */
-+#endif
- 
-   /* Produce a signature where verify operation results in a point duplication. */
-   test_ecdsa (&_nettle_secp_256r1,
-@@ -99,6 +101,7 @@ test_main (void)
- 	      "53f097727a0e0dc284a0daa0da0ab77d"
- 	      "5792ae67ed075d1f8d5bda0f853fa093"); /* s */
- 
-+#if WITH_ECC_SECP192R1
-   /* Test cases for the smaller groups, verified with a
-      proof-of-concept implementation done for Yubico AB. */
-   test_ecdsa (&_nettle_secp_192r1,
-@@ -116,7 +119,9 @@ test_main (void)
- 
- 	      "a91fb738f9f175d72f9c98527e881c36"
- 	      "8de68cb55ffe589"); /* s */
-+#endif
- 
-+#if WITH_ECC_SECP224R1
-   test_ecdsa (&_nettle_secp_224r1,
- 	      "446df0a771ed58403ca9cb316e617f6b"
- 	      "158420465d00a69601e22858",  /* z */
-@@ -132,6 +137,7 @@ test_main (void)
- 
- 	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
- 	      "f2715c38a95c31a2b486995f"); /* s */
-+#endif
- 
-   /* From RFC 4754 */
-   test_ecdsa (&_nettle_secp_256r1,
-diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
-index 8d527000..1fa69f09 100644
---- a/testsuite/ecdsa-verify-test.c
-+++ b/testsuite/ecdsa-verify-test.c
-@@ -81,6 +81,7 @@ test_ecdsa (const struct ecc_curve *ecc,
- void
- test_main (void)
- {
-+#if WITH_ECC_SECP224R1
-   /* Corresponds to nonce k = 2 and private key z =
-      0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and
-      hash are chosen so that intermediate scalars in the verify
-@@ -100,7 +101,9 @@ test_main (void)
- 	      "d16dc18032d268fd1a704fa6", /* r */
- 	      "3a41e1423b1853e8aa89747b1f987364"
- 	      "44705d6d6d8371ea1f578f2e"); /* s */
-+#endif
- 
-+#if WITH_ECC_SECP192R1
-   /* Test case provided by Guido Vranken, from oss-fuzz */
-   test_ecdsa (&_nettle_secp_192r1,
- 	      "14683086 f1734c6d e68743a6 48181b54 a74d4c5b 383eb6a8", /* x */
-@@ -108,6 +111,7 @@ test_main (void)
- 	      SHEX("00"), /* h == 0 corner case*/
- 	      "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */
- 	      "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */
-+#endif
- 
-   /* Test case provided by Guido Vranken, from oss-fuzz. Triggers
-      point duplication in the verify operation by using private key =
-diff --git a/testsuite/testutils.c b/testsuite/testutils.c
-index 76aa5563..5b7c7deb 100644
---- a/testsuite/testutils.c
-+++ b/testsuite/testutils.c
-@@ -2230,8 +2230,12 @@ test_dsa_key(const struct dsa_params *params,
- }
- 
- const struct ecc_curve * const ecc_curves[] = {
-+#if WITH_ECC_SECP192R1
-   &_nettle_secp_192r1,
-+#endif
-+#if WITH_ECC_SECP224R1
-   &_nettle_secp_224r1,
-+#endif
-   &_nettle_secp_256r1,
-   &_nettle_secp_384r1,
-   &_nettle_secp_521r1,
-@@ -2355,7 +2359,8 @@ test_ecc_point (const struct ecc_curve *ecc,
- }
- 
- /* For each curve, the points g, 2 g, 3 g and 4 g */
--static const struct ecc_ref_point ecc_ref[9][4] = {
-+static const struct ecc_ref_point ecc_ref[][4] = {
-+#if WITH_ECC_SECP192R1
-   { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
-       "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
-     { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
-@@ -2365,6 +2370,8 @@ static const struct ecc_ref_point ecc_ref[9][4] = {
-     { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
- 	"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
-   },
-+#endif
-+#if WITH_ECC_SECP224R1
-   { { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
- 	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
-     { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
-@@ -2374,6 +2381,7 @@ static const struct ecc_ref_point ecc_ref[9][4] = {
-     { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
- 	"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
-   },
-+#endif
-   { { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
- 	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
-     { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
--- 
-2.48.1
-

nettle-3.8-zeroize-stack.patch

@@ -1,334 +0,0 @@
-From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Wed, 24 Aug 2022 17:19:57 +0900
-Subject: [PATCH] Clear any intermediate data allocate on stack
-
-Signed-off-by: Daiki Ueno <dueno@redhat.com>
----
- cbc.c                 |  3 +++
- cfb.c                 | 13 +++++++++++++
- ctr.c                 |  4 ++++
- ctr16.c               |  2 ++
- ecc-random.c          |  3 +++
- ecdsa-keygen.c        |  2 ++
- ecdsa-sign.c          |  2 ++
- ed25519-sha512-sign.c |  2 ++
- ed448-shake256-sign.c |  2 ++
- gostdsa-sign.c        |  2 ++
- hmac.c                | 10 +++++++---
- nettle-internal.h     |  5 +++++
- pbkdf2.c              |  5 ++++-
- pss-mgf1.c            |  5 ++++-
- pss.c                 |  4 ++++
- 15 files changed, 59 insertions(+), 5 deletions(-)
-
-diff --git a/cbc.c b/cbc.c
-index 76b6492d..b9da3aa0 100644
---- a/cbc.c
-+++ b/cbc.c
-@@ -128,6 +128,9 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
- 	      length - block_size);
-       /* Writes first block. */
-       memxor3(dst, buffer, initial_iv, block_size);
-+
-+      TMP_CLEAR(buffer, buffer_size);
-+      TMP_CLEAR(initial_iv, block_size);
-     }
- }
- 
-diff --git a/cfb.c b/cfb.c
-index b9da3159..b1b01b9e 100644
---- a/cfb.c
-+++ b/cfb.c
-@@ -83,6 +83,8 @@ cfb_encrypt(const void *ctx, nettle_cipher_func *f,
-       /* We do not care about updating IV here. This is the last call in
-        * message sequence and one has to set IV afterwards anyway */
-     }
-+
-+  TMP_CLEAR(buffer, block_size);
- }
- 
- /* Don't allocate any more space than this on the stack */
-@@ -115,6 +117,8 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
- 
- 	  f(ctx, block_size, buffer, iv);
- 	  memxor3(dst + length, src + length, buffer, left);
-+
-+	  TMP_CLEAR(buffer, block_size);
- 	}
-     }
-   else
-@@ -160,6 +164,9 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
- 	  f(ctx, block_size, buffer, iv);
- 	  memxor(dst, buffer, left);
- 	}
-+
-+      TMP_CLEAR(buffer, buffer_size);
-+      TMP_CLEAR(initial_iv, block_size);
-     }
- }
- 
-@@ -196,6 +203,9 @@ cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
-       pos ++;
-     }
-   memcpy(iv, buffer + pos, block_size);
-+
-+  TMP_CLEAR(buffer, block_size * 2);
-+  TMP_CLEAR(outbuf, block_size);
- }
- 
- void
-@@ -235,4 +245,7 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
-     }
- 
-   memcpy(iv, buffer + i, block_size);
-+
-+  TMP_CLEAR(buffer, block_size * 2);
-+  TMP_CLEAR(outbuf, block_size * 2);
- }
-diff --git a/ctr.c b/ctr.c
-index 8c6b4626..217d1abb 100644
---- a/ctr.c
-+++ b/ctr.c
-@@ -137,6 +137,8 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
- 	  f(ctx, block_size, block, ctr);
- 	  INCREMENT(block_size, ctr);
- 	  memxor3(dst + filled, src + filled, block, length - filled);
-+
-+	  TMP_CLEAR(block, block_size);
- 	}
-     }
-   else
-@@ -173,5 +175,7 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
- 	  INCREMENT(block_size, ctr);
- 	  memxor(dst, buffer, length);
- 	}
-+
-+      TMP_CLEAR(buffer, buffer_size);
-     }
- }
-diff --git a/ctr16.c b/ctr16.c
-index d744d2a9..ec0abd72 100644
---- a/ctr16.c
-+++ b/ctr16.c
-@@ -102,5 +102,7 @@ _nettle_ctr_crypt16(const void *ctx, nettle_cipher_func *f,
- 	done:
- 	  memxor3 (dst + i, src + i, buffer->b, length - i);
- 	}
-+
-+      TMP_CLEAR(buffer, MIN(blocks, CTR_BUFFER_LIMIT / 16));
-     }
- }
-diff --git a/ecc-random.c b/ecc-random.c
-index a7b48d6a..676f5933 100644
---- a/ecc-random.c
-+++ b/ecc-random.c
-@@ -36,6 +36,7 @@
- #endif
- 
- #include <assert.h>
-+#include <string.h>
- 
- #include "ecc.h"
- #include "ecc-internal.h"
-@@ -79,4 +80,6 @@ ecc_scalar_random (struct ecc_scalar *x,
-   TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
- 
-   ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
-+
-+  TMP_CLEAR (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
- }
-diff --git a/ecdsa-keygen.c b/ecdsa-keygen.c
-index 870282b0..05dd827a 100644
---- a/ecdsa-keygen.c
-+++ b/ecdsa-keygen.c
-@@ -59,4 +59,6 @@ ecdsa_generate_keypair (struct ecc_point *pub,
-   ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
-   ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
-   ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
-+
-+  TMP_CLEAR (p, itch);
- }
-diff --git a/ecdsa-sign.c b/ecdsa-sign.c
-index e6fb3287..e6b960bf 100644
---- a/ecdsa-sign.c
-+++ b/ecdsa-sign.c
-@@ -68,4 +68,6 @@ ecdsa_sign (const struct ecc_scalar *key,
-       mpz_limbs_finish (signature->s, size);
-     }
-   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
-+
-+  TMP_CLEAR (k, size + ECC_ECDSA_SIGN_ITCH (size));
- }
-diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
-index 389a157e..52a46ea5 100644
---- a/ed25519-sha512-sign.c
-+++ b/ed25519-sha512-sign.c
-@@ -38,6 +38,7 @@
- 
- #include "ecc-internal.h"
- #include "sha2.h"
-+#include <string.h>
- 
- void
- ed25519_sha512_sign (const uint8_t *pub,
-@@ -61,6 +62,7 @@ ed25519_sha512_sign (const uint8_t *pub,
- 	       length, msg, signature, scratch_out);
- 
-   gmp_free_limbs (scratch, itch);
-+  explicit_bzero (digest, sizeof(digest));
- #undef k1
- #undef k2
- #undef scratch_out
-diff --git a/ed448-shake256-sign.c b/ed448-shake256-sign.c
-index c524593d..01abf457 100644
---- a/ed448-shake256-sign.c
-+++ b/ed448-shake256-sign.c
-@@ -39,6 +39,7 @@
- #include "ecc-internal.h"
- #include "eddsa-internal.h"
- #include "sha3.h"
-+#include <string.h>
- 
- void
- ed448_shake256_sign (const uint8_t *pub,
-@@ -63,6 +64,7 @@ ed448_shake256_sign (const uint8_t *pub,
- 	       length, msg, signature, scratch_out);
- 
-   gmp_free_limbs (scratch, itch);
-+  explicit_bzero (digest, sizeof(digest));
- #undef k1
- #undef k2
- #undef scratch_out
-diff --git a/gostdsa-sign.c b/gostdsa-sign.c
-index 892c0742..a7e0c21d 100644
---- a/gostdsa-sign.c
-+++ b/gostdsa-sign.c
-@@ -71,4 +71,6 @@ gostdsa_sign (const struct ecc_scalar *key,
-       mpz_limbs_finish (signature->s, size);
-     }
-   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
-+
-+  TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
- }
-diff --git a/hmac.c b/hmac.c
-index ea356970..6a55551b 100644
---- a/hmac.c
-+++ b/hmac.c
-@@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state,
- {
-   TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
-   TMP_ALLOC(pad, hash->block_size);
-+  TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
-+  TMP_ALLOC(digest, hash->digest_size);
-   
-   hash->init(outer);
-   hash->init(inner);
-@@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state,
-       /* Reduce key to the algorithm's hash size. Use the area pointed
-        * to by state for the temporary state. */
- 
--      TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
--      TMP_ALLOC(digest, hash->digest_size);
--
-       hash->init(state);
-       hash->update(state, key_length, key);
-       hash->digest(state, hash->digest_size, digest);
-@@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state,
-   hash->update(inner, hash->block_size, pad);
- 
-   memcpy(state, inner, hash->context_size);
-+
-+  TMP_CLEAR(pad, hash->block_size);
-+  TMP_CLEAR(digest, hash->digest_size);
- }
- 
- void
-@@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
-   hash->digest(state, length, dst);
- 
-   memcpy(state, inner, hash->context_size);
-+
-+  TMP_CLEAR(digest, hash->digest_size);
- }
-diff --git a/nettle-internal.h b/nettle-internal.h
-index c41f3ee0..62b89e11 100644
---- a/nettle-internal.h
-+++ b/nettle-internal.h
-@@ -76,6 +76,11 @@
-   do { assert((size_t)(size) <= (sizeof(name))); } while (0)
- #endif 
- 
-+#include <string.h>		/* explicit_bzero */
-+
-+#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
-+#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
-+
- /* Limits that apply to systems that don't have alloca */
- #define NETTLE_MAX_HASH_BLOCK_SIZE 144  /* For sha3_224*/
- #define NETTLE_MAX_HASH_DIGEST_SIZE 64
-diff --git a/pbkdf2.c b/pbkdf2.c
-index 291d138a..a8ecba5b 100644
---- a/pbkdf2.c
-+++ b/pbkdf2.c
-@@ -92,8 +92,11 @@ pbkdf2 (void *mac_ctx,
-       if (length <= digest_size)
- 	{
- 	  memcpy (dst, T, length);
--	  return;
-+	  break;
- 	}
-       memcpy (dst, T, digest_size);
-     }
-+
-+  TMP_CLEAR (U, digest_size);
-+  TMP_CLEAR (T, digest_size);
- }
-diff --git a/pss-mgf1.c b/pss-mgf1.c
-index 3f5e204b..3644c642 100644
---- a/pss-mgf1.c
-+++ b/pss-mgf1.c
-@@ -66,8 +66,11 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
-       if (length <= hash->digest_size)
- 	{
- 	  hash->digest(state, length, mask);
--	  return;
-+	  break;
- 	}
-       hash->digest(state, hash->digest_size, mask);
-     }
-+
-+  TMP_CLEAR(h, hash->digest_size);
-+  TMP_CLEAR_ALIGN(state, hash->context_size);
- }
-diff --git a/pss.c b/pss.c
-index d28e7b13..8106ebf2 100644
---- a/pss.c
-+++ b/pss.c
-@@ -77,6 +77,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
-   if (key_size < hash->digest_size + salt_length + 2)
-     {
-       TMP_GMP_FREE(em);
-+      TMP_CLEAR_ALIGN(state, hash->context_size);
-       return 0;
-     }
- 
-@@ -111,6 +112,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
- 
-   nettle_mpz_set_str_256_u(m, key_size, em);
-   TMP_GMP_FREE(em);
-+  TMP_CLEAR_ALIGN(state, hash->context_size);
-   return 1;
- }
- 
-@@ -194,5 +196,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
-   ret = 1;
-  cleanup:
-   TMP_GMP_FREE(em);
-+  TMP_CLEAR(h2, hash->digest_size);
-+  TMP_CLEAR_ALIGN(state, hash->context_size);
-   return ret;
- }
--- 
-2.41.0
-

nettle-release-keyring.gpg

@@ -1,486 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQFNBFDrIWMBCgCyyYoTAD/aL6Yl90eSJ1xuFpODTcwyRZsNSUZKSmKwnqXo9LgS
-2B00yVZ2nO2OrSmWPiYikTciitv04bAqFaggSstx6hlni6n3h2PL0jXpf9EI6qOO
-oKwi2IVtbBnJAhWpfRcAce6WEqvnav6KjuBM3lr8/5GzDV8tm6+X/G/paTnBqTB9
-pBxrH7smB+iRjDt/6ykWkbYLd6uBKzIkAp4HqAZb/aZMvxI28PeWGjZJQYq2nVPf
-LroM6Ub/sNlXpv/bmHJusFQjUL368njhZD1+aVLCUfBCCDzvZc3EYt3wBkbmuCiA
-xOb9ramHgiVkNENtzXR+sbQHtKRQv/jllY1qxROM2/rWmL+HohdxL5E0VPple2bg
-U/zqX0Hg2byb8FbpzPJO5PnBD+1PME3Uirsly4N7XT80OvhXlYe4t+9X0QARAQAB
-tCROaWVscyBNw7ZsbGVyIDxuaXNzZUBseXNhdG9yLmxpdS5zZT6IRgQQEQIABgUC
-UO+4OwAKCRCRWsxFqPTC/VJ2AJ476S2rmYBjmVkDeUD8jqEAoiTazgCfQvldeNG9
-0cjFjkdJU2ZGfKIi32eIRgQQEQgABgUCUu+lQgAKCRCBP+g6dJdIJHrvAJ9X3GhH
-fPtxjAJNuKmEbELLIF9yGACg0B7IAguP2w4FzvEBB+nwyg0YfR+IRgQTEQgABgUC
-UvTduAAKCRCl5JmPpsyF+2FPAJ94GdVamtip6qD4VGP5gmsvMOpTbQCghDnaG7dI
-00yYHiArAVuHqs9W9umIXgQQEQgABgUCUu66wAAKCRAyCarWkNOa0bTTAQChJitT
-Ico+A99v3AqjSGnQavQT7+6XBZWcRJIf3zY3VgD/aDsmZwtWmVTZIwNzwol37ERj
-RkXbxAyBXwru9v/ivzCIXgQQEQgABgUCUu9apAAKCRACWrAQaxfqHr0QAP4jFQbV
-jzSY1+3b7ujNkA9p+4fXQn+BiwLy10rFU7BtCQD/UwWRwl/uw49eX7+aKWYJXt5u
-Z0hhFMP2KMWiOz/KXtKIXgQQEQgABgUCUvQNRAAKCRDJ8LaXneN+1AXXAP9adCRf
-DSWgN8p62AGtCOjTHNtuxZayYHD4OcrOoenN4AD/f3fnuR/uULcYvdkDuHXDP7ob
-5dDuqMgTNqBaa5nJUe+IZQQTEQoAJQUCUwDn+x4aaHR0cDovL3d3dy5nb3RoZ29v
-c2UubmV0L3BncC8ACgkQtHXiB7q1gikVmgCglC90w/dZfmB//263FOW/I18/t0MA
-oN6Hx7doF3NvvCDpeCAqQPRFPitUiGUEExEKACUFAlMA6AYeGmh0dHA6Ly93d3cu
-Z290aGdvb3NlLm5ldC9wZ3AvAAoJEJSP1qDhD1Auyx4AoP5JnZHPOCnHAO6jGMMl
-4xfOoABUAJ0eYzrHNG/Ei0yzyyGdKdgiTW/GK4kBHAQQAQIABgUCUu693QAKCRAx
-fqbGmBxOSD+LCACSqW/pB1BEaEPkxmJhkZgex06SqOAJza2Q5exmN/Nk1Wh/ZbTL
-DAgjq3zntQVqttrSxDCItOWB20vsnBS5xaQb7TwxV4oLrhxmqUktDXyWTrBE3qpL
-rq20tx5L0l9HbClvnYkxeBlojGQt5m2KwdKUnTWE5GrxvkDTRLonKnL3nXDvlTOJ
-QV3Dez6wlEqBYYj/fntw6eH8k1Gz7zYW2hrNZ7uzhlI4FYEThQv8mXrxp1TW8E0q
-l9ub7Cv+X0ljbhC7cXIcOcvtGesXduYACwGgHcUeiR85QdyFVqoMrMSlUqaxEbP4
-1Tt0p4KDy5slR0OIoSJ0ayzFCJjWxZ/sYRj9iQEcBBABAgAGBQJS8m+gAAoJEEH6
-0dUhuUq5UZoH/3e+Xtg1CTT6P5XndYxT/E5WKUSBLZt/7YRzPe5WY7gov32hXk7e
-7ThGGamQcvUpfcFaGqW86x+Pi+7e7e1A2VUaGRyvoCRZslOs5/PsGu6/8QXiQjJW
-+EUtEiiq+xh/ci++bHDIgo1/QzVAlpODwYlEgEvbV+N97Tcol0Ikp+4HWjNdXyn6
-0JYPcHmLE6cEAOuuKgOr0euWa6/1SINEiTtAhqim0zsWMzb/ry2rtZzkE0tisDq/
-fDDxAmqRuTrs51yRpmHobnZBMT1cDDuNplXqh9Q5YWRncesDSQEYyiy1Ffaq4TvA
-6webey/0Ns56YkX45evtMJrTWLaKLzTIzgKJARwEEAECAAYFAlfvfZ8ACgkQcdjx
-/zaMZne2TggAnYDb1+f5WiTit1fJIyuT0nCdFEjKc25a7qGpkXMfCW/6k0Jxp7Zp
-0ayDgOikLixF6tnfkET9chXOCqKK2av81QQAsWCCJUTcmeuUlqJXuOOITmjbSAda
-pbDWAF6Bsi25ofBSLvJPJ5R3DtoVdq0sp0KaL0ruBGJlbjhctAIvhO49BobfYOV7
-7MFWqo4ZJGBIaNmy/rQO/aZ0tPA5Nw+2sI7N2dR2K8Wf9lrl8UijCcZJdZpP8mIC
-yvc2xCECWtBrB7kbgBQ9wHi4luPi1Efm/4ug+P6YN2XrpmGb5gfZ87z1Pzwq60lo
-hDLRn3lfRICiCqvvvjR/Je5zSmzFtB4maYkBHAQSAQoABgUCUvfMxwAKCRDf0n/3
-9qDzEhUqB/9JfDebTUKfH+20MjOovr8qVlTirtOlWneR3tBfH6kODfWhFXZInCL+
-GEhVZJ2vNNT4BTEHdvjfavag5hFTEgDJWUIeDv+Cvp67BSfo2s55ONQN2rRy3RJ0
-l3XD1w52MOlrHqAzkfCqC37HlwBBgWk5Xc5/qTdLuyhyu+UfqEhnmxiJL4C9hoxg
-o8h95UQO5qWD8zPSLZqELsmckezIAgy0DMqL31U+LXeQ8w/Ua2XoJFkDMOWybYPI
-7CwbBvA/J9UiNInG98ds3jN5wWO+sYoMV6LoYIEivWGoCqn/tXs+PM6zYVLrk4yK
-Gdpz4n/X/MZ3RTkaZNxuHfZbnP3Br0V4iQEgBBABAgAKBQJXXJ+ZAwUCeAAKCRDw
-S2N2CHpewYvXB/4ywSL4+7Fakso++EzrYAbi1KP0f1GiTBA4SjdCR5IC01/+fNg3
-aqMWcebY5Oyeh1gUAnfF0tyPVFid4ZKbUbIMDCJK9hd4TYyp5qJ6t2T6hNT69BkN
-cU+BHU9uA8VYODUMNnvzrrltPvQm8av0qcuBcB70+zJdZsgELDS2AODV2PLkzZgX
-dH2ROpNLKMdtfM1k3JKewvEQOPK0OlhAYNcsu95mHeeisv/HHhNZiUlgqNUdpp4N
-sGYosMRDnXTyWaUS3Is6a5xIRUWllBV50imMd+AoEoIbwNloDeh9cmv0O7+rYCb0
-+jEKkzd2a4WEJDLy49iQf8pfiwKZVceTuuSGiQF+BBMBAgAoBQJQ6yFjAhsDBQkS
-zAMABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDzWZ/4KMZymKptCfwOG+kx
-Oaj1olo9JK4lAUpqcrN6lM/d4Eehbe8Nn+O/Cibs20mnb8p9Lj3Jz9ugBkzkKu+U
-YbYAiYHWG70aHE45TIfYzl+fOB8fIYv0Eq6QkmDJ4+nUCm7tGECBY2cfID3mL8xv
-Ld+BQjRM2dPUUGasv7pEcjffS5MBLj+BVquPOm+3aYL+xgvkh5WXDHKOlVvBSzk+
-yjGpR9OnJnYRT6xUmACBw7twrGIQvJJyEFffV856PynkpBMJKrWAznc9MeB1nTsB
-65dktl+hMdat0EV3KvOBGEMB89lhBmj0e1Xe+j+SdcIhzeq8DuHsX4LEck73OjQ0
-D0xapqAs8Lj74mJOiTZx6/ROU5C0+5QJxEhITC8siBv+1MKYLuQu9SDGk6TqX/Ax
-FPTVP87sYB6DGigWWnmCrNEturNc8BjpUF9E/YkCHAQQAQIABgUCUu+hmgAKCRB4
-kQzEU7yhDhRpD/sGaJwM5uV6ngy53C4emTE5NbkWF8e+UhG2GhdXrEhIgR1HkPY9
-X+tZwTZH4xrbzVax1ejeNzg3QM/2nCvxQoijzqaklCu4YKYut/cJmRUzMywRrSdx
-42ty4rKctLSYlwM4CsQzFbqpJWP4szW/Iipnj876zT5GMRvDGyPLrdAG1YYiZBFn
-1gzQCVbH2+gFokhWvyRTubt7c2X9Nw0TX/o+1yB5VjRBEwGWgoE56VrLosomGZ+I
-EdRdWr5Ax6iProEfrD0nY/zRB+AQREPQIaoYVJA1MJOgyZLgSCJR6Eb5mERr7aIy
-0jQ6QKbDPvaOJq/UxIPgDh2bZPmpMu8MpsEuZgh4yo/GSsWBiJLz8632j8ReGYCa
-Art44jGkGfv9qIAnEYmnxsJ6UZ592PLdhEYh2rgDJ7fMwcZ8A4AowwChy2ezRx+v
-Q/dUlkNq6EF1t/qEzeY2IJoeNzV/9Wpou1M98cnIAh2kuameFIpYarAmbpsPs0V3
-IBhwqLthaRXQkRas/yO+21TMGIXKTCUcZwxpdceoGu+IZvaGdXhem/GBdU/ls2Oj
-JSVt5CwioyjxrZsRS3cSK6xdhHCWiCOFH8+LSLc8663pySqIOEH1lELRVhAzbZV/
-XvAmmRcQbzxwemYxuejlonFnYLFhNRyoxJzkCOTEf8Wtj2GtjYVWxBXy44kCHAQQ
-AQIABgUCUvCdhgAKCRDbPna3qIpeL4ZAEAC4R6NIoHNwnhQPbUB6Wsk6bmguSoLj
-MSjNgJJPqSrYc3E9g4F4oJtLkZDX6drp8DuYyitWUn7MeAXHyXjnHViCW/DOq++0
-Oo21k1jUjvH5OYo4KMC735sVDKYtMzECMiVasnVYEONWW1Gt/P7ozYdErNyu6drE
-/ocUPklIJ+RKTS/EZBgqiqX4jWES71TGPH8oT8UtVzris5KG+/0XPby51uV2GOKO
-p0xeCAld0+cnOVqZDb8ptiyo7jnj3Z72548It2G/1/jrJ6ksvkiZojtYvtteOouj
-6VgPuOSg4cKQj4ayrupIA+/t4/pK2lfJg5PLDtNd7Z52PxLb3J2URPyNk89UMlUE
-cjMgvZujBh3zI7cl3UU4fHD9QrQvnegFysavck+bUTMbU6NWKAWxTqFWU1xHIfD4
-wnoF8bDAUGCsLCwfyOTs+sZZD5CJVp6XgTMrcg4gnhTFnWeBLnFiQBxrPwdOYrRe
-ROv5peODkzjp3iPMdiOTHQfAcbs/jZbpuzTyr4gw5U1oWfpyAEC/rui91J0UB18i
-571S4Ai9SuF4t8byqpo6fxhaO/661HnDcomD2HRrlG+jfhKmwwF2NOxz38jDDblh
-UnNmBVU/EYXdP9dfKRn3w3iLUinsNIbgGIEj6T+rVi4gEauNMxqdaiqvV7uc6trJ
-B1eBrOwG9Bo6zIkCHAQQAQIABgUCUvPnPgAKCRD2iB6QiKkfo7i5EAC2KwD94lhY
-GyfgXSb1SOx/I7jYFPNHIZbQB8GefAtmjCJF4aYpD7bGw2Ferc+zpseiblEQEmU9
-Ut3PIIOgqdq+/dXRbmQ5zAkKExvvles2uZ53ISSRz+S3qK0PRydFkrAQ7yYwAKBo
-jGLrEImpVl8BZNO2SiY2xArYVvUI1sIG8zvamuvr764Kh36IklS8CfQvzOHA3mYI
-mwAKX1i0p9VhVoVSMk1mv/NO+p5H79ZmI53YsBJwyWQ0xMu8rGjoKs8YsQtK5SbK
-w/U6+MTW1DBHcvG4C7pCuGtRghCpFQQGkPdXw3BsrF9daFCOcv6z0klsRSZbjlvA
-3qPizhXtWY/RR0UoYzdxfisW+RcUF5C1uijrTqHWP4z6iyKY0f86rZmvxMeiH643
-sDqiogunMw/DlY1pK3hDMgg5Ce1u0CNxAZcBJkbN0blkOCOlnnyW+hNyNBRxc1Tr
-RsjhAQHpRSE4j3hhesKv8+JnmnMkHmqKnoE7csFuued4WcejbjYE3ynEglDLC3jd
-8K+Cg1yUc1TzJaPiYDmNOK1jCJwy5M1osQ2c0oUVdSlmXwSa9jU6NcVuMoj9FlCB
-7/zIZemkZ5wlTRPuFLRtnijmyjW+V8hKl9ulfnZoh/wVzkxtUnGEizy9sK9wj58j
-VHBW0RyeKIN4Xd7Q/QD0zZEs5Z//ZPAXJokCHAQQAQIABgUCUvUCSQAKCRCrocsw
-6Zejr4XxD/9azzHC1w9X5PkYyyXL43+87YIkElhri4g8le+q9WknXU4JWid4n4gN
-luU9bsXK31f/+eI2BVyKxBXNl/CTb73Sq8Tqt0Ynp8C0xcuRIib8dH/x2Mb92PeY
-n8XHSgdnMsjFZc/VNXQGE12+Qd103Zy5tjqsiKSPXoDNS28Zere/sRdT1YHnHMoF
-JwPM+SuTDy+CXN7RVozT8gnLBHegPEisZMq7bDx/wT4UerBGWGPGKMAkFoRM3W3b
-U5/xFsWD8A7Uv1IdiB6E2kqfzdlStrTXAi3GwbVCZhZYsqB/UmCQBxwaX9/9yRek
-2M/25qy79aZtrpGpMEJc+wiBvEdrQzWq9C2efDrVeJM6Q3xPKJWTnPvbuKbXjzXU
-phbocZ5+M+ih589Kji/eUtlW+U2jOdRFyNJjPVijS8FU3+6UNxmT8F7gHIiVpNt9
-YvqD9+PsVQc0f5QsROGYZ31dGTyee7UG8XdKf2eBYV5i5Nz/z9X0peascBP3zJy1
-Tg6rfD3hMggIL54pL8ShDsJOOWXdoqwzFdsRjqAq/TNeYQBZFAJMR6/1vlRsJ6b3
-jacBDBA8EQ0NYOZL5CMFtxU4HD81/Tt2389P25klOSl8Iswl2tXw885hvG/pDWGH
-LMTeLX7n+PoxkemViyMtg+Cn7NrrVGVfVpibjhWJtVI+g8a8vPvpM4kCHAQQAQIA
-BgUCUv+BFwAKCRDmbmdsCUlMFErBEACWzWArLyyNdbvzWJFUDD6Dys4fUaqJ7tPC
-90CQ/nli8Q4SC8wJjnjiCWbjwdHpRRlFyyP061VfHb40OZnAYLi1WwocXj5XxQ1X
-tQlSLGSSYMKzWw6gKJGdtc2qhkTfoyINtekKWo1+ODx/SPfhsQIzXEZO9ymNy6Ss
-UcEdcO4ADigHovE7+aBj1It8yw1uNdtTNEVu1nIrUp4aiUsQrx8LDs+DTy9/LtBa
-gJDBcWrjuIuQNVX9g8Ul9l+3HvavAJceyzDycARFu9cR3jO1oDtJm8dnq97OM8Z4
-TKGTnmsl+zGBY17oIob773qVSWJNB5yMGHoMUOiItpRlaFlZKVd2AwT8ZhsX0yjE
-z5sAgSMZmh/Jhueoz3hwub5OnB0YdfdKgeGqpEmbyqL8Oqgq9aZ4lKNmk4uMJiaf
-tJzMTQkISoQ0b0Wdxav8ZiHMehr45mUJQSD/rLTzE/WrGjvJ3xDje2oyCkoWups3
-WTnCPDdYkae5V1AM5+4vz+V4Mc/0Owxvxr5LMhBj9QaZ7Q4mrZ6p7Sh3GDnXEB26
-N15s9rHNMgkkMSoTke4/WphJIlguua5i4WOUw+wOV6sD52R0XUMEdXa6NBvBwAhW
-kBxgtsVdkjK8EGRR9wuJJIbLc3OjeJs/Rp6od+L0gEx17F9r8tuDUs9IV9uI7Lx7
-fJG9uYziTokCHAQQAQIABgUCUv/N6QAKCRDJbos5REp+x/SXEAC6uhJVKk1qd/L1
-A9p/xH8kp28b5bokWHO5Im1Bfu7IQeJcD/SOs0hyUvAB1Of1boHJBehtcOikFQLP
-Y9d6airkAQ3I4/BX+ezEeZJdzbfVJDckESXHYkF633TtGE+n+udVr03JO+ZJic4U
-uIYOJ4HRdiUTnN5dkIL61uioPHW5GknayRSAfk7NhOyo5Vot9YauSe3woAdhzKyd
-7oWNKhuipCyObHxE3ICpYWrOdDy0mQh9livf3ebp3ltpXKASdd2+F3VEIUPdO11v
-K5J/rFWoD7Ume4V7Hz3KUJ8wQuSXXS1prcsW6uFC8A3BcFIyq2c+vx4pj4KuicBW
-rNIuZiYf9YKRYSEdc/Kwr0PE3qkxBogvsXcWCYMC9mWMKVhpFSyzEgaDoXg178Ab
-oVhQQdLN5rtw/pJ4nLHEw8u3+akqc09sk6mqf9GPSlaXURSGzl8Af+yrXlYJ2z26
-Is8pdny5VDoBOlAaDNcbDtaPUUJxJSjXbPU0guhTa6EvLNvANhLUJ1hW2y1C9Kyq
-eeeFkI8ttPbHGD+/d8T3fMNBBE6vMxBFEw/6qZv4/3zLV5gjCGeakXpwmOP7makK
-ofqtXJhM8MVL57AAuDVlkh5jKWq1tdC63bVnSo8+2fcpVaMB8k86mMNq9UhFYGkC
-SAZsjjwFHiy/XzHtTR9/Uhe/PMt0o4kCHAQQAQIABgUCUwp7CgAKCRAJllHuZTow
-Chh4EAC38nWflaXvyRp4KjW0uv1LZ3g06EX9GLj10JQ4Ip47q6//XzPNYcw414+v
-Z4vyh1Sq63dQeL7Zn3Y/rf31jk4pk15sLAkWYKZYhM9MS+1RZiLiHFznDaviSVJF
-LOAnxTaces5lfiqqmSw1i7KuyKSgwpP/NZN+BZhRRCSlV7xKUnCI6LDJ+JpREtFn
-UQ/9BfV0GTetTsz/y/eTFDBmX5LCeseD2qWf3ejDlawmhaG5fNgPix0mg0xEInlo
-2aJTX/t1Tjqr6zOg1AUVTDLrR3fOhIHIQLTSxOg3K+lm1l9oSHDQfUK3rXLXkqqh
-fcgD2WttwCNbPNeTN+FambwMtG01Yp0gxbee50WNmvsKeljdPh+ShcvUtkSx3NTJ
-YstonOhOI7XL4LBUPUJapDc8HjnINxgqzIueHS/8xNBowHMK/R9Dm8FLizkl8s58
-5nqTdU8nuY+P0PdeOZETkkhCZHHWIMibTDwb9AtapmIXepMXPq7W0vt3zBcPQVML
-SnQelEDKkqPno4Q2RmPKj7z/6Uckt0nGWVsJupd0CclJxs7GcaGoANfyPeVwSA89
-DJgl63zOn+4RgH5TPFMVd8Aa7sUuPSdUcKUKxvCQx3dyaypOnBdryF0OwlngljTV
-WZEuFVxWztxy7y3b6ZcQDo54OCMO+5ALCEnjxxxDpeS/ftNd8IkCHAQQAQIABgUC
-UwuSNwAKCRCC1SR7gb/ccA/ND/4xt40bAFSKIA5Bc8MxXj2JCeELVoisITndIhj4
-E+7FU52+9yQVzPZnxKYND1sHL/2uMZ153KKGJGAW6fkf4ldQStgvIGlPJMnCt5XU
-gLE6aEq4HsH+ud9YH7e2UpkQKt2P0pYYQtf9bhGHIw708JtJ39vUV2stdya2o7Em
-3SWensfyEtDIPAbvx1A/bIFn2byyCe+4V3UKe76Xa7YiO3alxn2PzAVlm61woctZ
-VOkd/kxo2KG5/jw3kclgz+z64wUQD3ahhDt2P6MhbuAMZye4Oc5LCy6YWUgGB3CY
-kHv4zFvfJdobCKV9uSDBBJRHANAuxhTvREXnzF7IvQFjXUffb8Kn4oQ5h+Iy2Q6i
-7dGyVDBPxcB7euH9kHtsCIbAXzG/1/pxp9+EvHL/k1vU/fye2YJb5h4jBqlbuGqQ
-iecb3rSAMGDo0W/Uo2jkFRERoMPxUNHdZ2MjEYYTN0ksnB+GStludBOSouNXzWqu
-T4nzhtP4zAICHC6j90Po9iL79l54AVDvzbKeNMvYupZz9irjrFuyYCBKWP+Z2vC1
-Q5uQCb+0MGLSnkLGyLb+G1evRcA9GKCeReGeLKGf642iQxDvxMW+Cs0cBNNvjMdw
-U5kxTHEXyj/appSDwW/VlWXdkFYE2zw4r1kNfIksq20b9WIzQGCDnctH8TGOJAML
-UfTd34kCHAQQAQIABgUCU2ePJgAKCRCLWICvrAIYxyaeD/9fevRzlZBfU9PZ0qfk
-SvAmQ2NbBRXKllwiwE9u1YXd58g1S0duaRDNNzwzqSuvFP33nAjFpnZ4oWpBzX7t
-xunx4ROOMAFYoqK5cavYcD9WbuOO1p+FJXb7GfOdnkOwakE+EfJSMjuOu+E7jaia
-aCy0SkGjSI8xEcqqeh5nKO9+K4IRDWhQHIDu7I8nQ6GwwBCZyw5X/D4fHY5JMbKR
-IpaPMLuQZblzXE5qZq/Av7iWGao8Audvczh5kpAQGVctbNV57NWXLwO/4eicOrzC
-OxaJJrIjeeYoKY5KNQlAxE9PEisZXbU4Z5ccYuoJI7abQ5+eyWUimrCAzehM3om1
-DzFvbATj828fsvrU3oQB16jraPZ/9USfTsvVVzHxDj7+XK9wwE0rgf9/Qy0eVnV8
-fOSI3I+spu6im2K3QMbCNqHMwl0mDg5BOb04DtiS2pHZ5xzEeaR1sHcZwYaTWDaD
-SDkq+l6JGJmXh+JR/+KwTnDAlWWqBtrfmmCE9ZdcZCtFEUBa/lO/iC1HRt+NT/g9
-BH+w42GGWbZiXeS7KdNaWLbA2215hIWnrrFkAL8VJiCSKK/Ix7Es7d/Wa/VHWvWU
-RZrYzCcJqwq77OE57sRx6FMhJsyvnhXt4SRf/XTTbP64TfEKhutn4tfTbrHoZ0GC
-Gi7dir4+jt/vVpniaP2nk2ULuokCHAQQAQIABgUCU2ePNQAKCRBIBLS8P1Xu+zjI
-EACy1yVkGdJNFe0csPfW+SqW+D1GcyqQPs7vvnoMeKcaxepHTGtaF8leRme96FiF
-tazbmInmKJE1bPqHUPR5Bkar9slKcU1Gmx54/4LPBxCBE0hOC/uS05Wk3W5NpEcY
-2DbVgvA0HQX3BL5YAt5tHRXzafS/qhYYCpoNUCYTNKTOCAEJNVFybHFKPG3hxepv
-4tBX3O+oFiGxIg8xkgCs+OLPiffbWkGKlDDe5G3sloEfLXBn1JhxruDK0RrY3rN4
-PBM8WNBuhzfR+UW/HEK+tPUAQYn61G3AkFZHwGzICKfhtMtyXP1T3W8NIrJpGWvQ
-MP3V39czra69NvbKrrTrfFisKZoqeBsngdhUo1KV76/067viTKc69xfQ/uF4ccZ9
-b6dlxY6xASDKtIyFzb7bj32ISggYDHNo94ZZKFhIEKLSQBdTv7fShQsJfNJdVVod
-JQEt6s0jipEEoxSjymCviw/PHysY3CNsg3piCQgKiLovGzss+Oc6+t4uAXKhByMq
-5OrWJmiphldymURPkiRX1CHo4D4BaLRJGJjFZu3U2XHcY5oCWQIJQZTSOf2SLx/D
-buCmw/Hf+jA8btK7p3ph6exIXxG1Dj42YFKYgZuGIaPbWQuYH7JLuSj5V614pBdI
-e6jU3Ho+E+fLbrcoPATHxvio1AKlT9iDpSGTspYlO8fdkYkCHAQQAQIABgUCU4oC
-GQAKCRBDAE0JZl/Vc3kZEACOe2xr/qvzA3B1F6RjTS6TSgVAm+dxWjA6EHBFAor0
-Dq6U0/Ke31m+XOFrknA3AOQKecq3sTUTWrLn2b/s78/1xmp3nRLqWt2mnTiPtYVl
-pvj8GVtGcOwgodOub8VKmMTVikztSv3fsa7q7j9aM509n1SNjNZnZG4uQ+7FbGhy
-VZFUbPxb2PYDTbP7AFjj9NWqcnVZzQ1TGrhiIV5G947jLkOSngPry8WR1zZO8Tfp
-OQsM7C8JDasvh0gh92Ces51YB0JnHeGmorRPGQbUvUU4ebZwQB4WNH5wOaXAkSol
-kHzKOF32tPGNu9g6QLzpu7UR8q7atvrYSieVo/JuqAZsy6e4hw1HktSyajtSw2cQ
-cuRDFO2VTa8oO+ulMy1fjuUki7jn/gjyYPwAQJyH1w1UBlHWKvDtQWsWkq92xWJ8
-Yn1lOS3xiIXBAYPHxnvXZOBulh7xhc2h4nlvavPkOuDRxgINBoS3ja4MIKXII698
-0w9t8K/8j/QNJxtsZ/q2Hha1gm6pq/wOOFxKLUD1DZvLMs2Eld8TQBV/Gy730PWm
-DAk/PGNbxWQI9nPbdwXxp+WM7W0EOzSxaXjAV5WApc1otBr3ZK+kfGCgKa1dCZWG
-ZVMnPX4sF1z62UDA/fLWyMhNKm49sYi00q7Q8t2fmlP2WpfRgAsMHPU+/eHX7uY8
-f4kCHAQQAQgABgUCUu7WsgAKCRCL6HmwKHMeHM/tD/9KyMI9QbgAjzqenBjyCYFa
-lHJTYTRYYRserhEp1xBkpwkMoTxm4iuNkVZgRuLSj0N1GSfEr8OGdwN6b9hRuKRN
-1rfTVbrZg19M4n6hr369fNuMWOnhGY9wZm0gML1JNefn8p2sY+q1QDhBhbC/hZF4
-b1HiGMKhczZq9Bvo0XRzUjdHvW55rtxb0grZxUHfo8M4+vbvxwqxpsgdZNjh8TZ4
-H3ZqH1ClYBsdP7IBTFhFuUtLqyUdi3mvVhSzR6ioIqjXtJBZnzchoXY4/KsJdBtO
-Wn3YAbeZoNws0mTUmgIheLUUDqj/PcLpLnZxbdJ2u8VhJjbX4TQ7uhUN+MfU9VrY
-pO08waghSbdsrCkONjDd0E/FG9GWBH52AIUlt2tMw6fHZOlQdGBoxzS4RFB8SCFu
-nVW25DJyK/6R4UP4kDE4qv6Grt7ck0lRYj38KtnplrjWfYRTfJssf0acfzuw/wFJ
-gd/PNrAXewkROpJwzuFCKpbamj0sEmLfplnCxHilSFhVWKr4rY1auic5iF2GjXe/
-fU2Vxvd6l5y9NbTD6msjc6kWHMS3XWtGgE1PivUUrVmxH1DXMjFYT2HOy3dzj8th
-s/ima2NQcYTTYvBuJlHCprDEVgLSWFJD2kERNBeG8WPayA+QKYe6jT2TeA+hQ9I2
-g8KMul/RAFazXEDhqHa9UokCHAQQAQgABgUCUu+nPQAKCRA4dwaiaZjlxKGgD/9J
-cFkHJAAuP3MyVvzz5afT5IUHTGmeDo+KqoLjBz9iAUZeWQGZG43EHnd4HqwdnN57
-uFuoPkFjODAjqECHwuU8o5am7GWKZs1zAQgt9nXM/hGRJ4zLRHZv3FbBnhFuP7TT
-CbvS0zoxL5OhUhT7wRnmtNql76F3RqC7jA0UxeFVW8BF46Cwo3X1baHMEX8xQ/bh
-4g6VW2Y8ErOON+BpNmSPGs7OYrsopS9uO6QanOQk3VWhTVZryxZLtYKoWBzZ2Rzz
-+aQdct0jOouN+ZL7V3Xdrp0TjoaAqYx9n98gXgq94gR4j1OtmE7oPLrGtvs1mOZc
-otW1GVedaMlwVGXiJbyovJgsnAW7xhsvp0++SOIouviqBjEccuVKmVk+CWNW2Het
-CTG9Xg+Npqi959hHaDRMiePPWlkIOr1xclydDFr+yo802NA47V4v4Oc1pcd9tr19
-TBMgECrFChx7nMllu47/DipCTnBnysjOf2jWoTXdUNTavzPQtryEmiOM2jt/Yw/R
-SzylnnI6ZAS/LrcUEpFWZzfz5+9bft2hv1qs+PTjneTj2KEM++gmtn21l+k090On
-iYuhbWGdm70GuU5q83/znKr16gjYBNcnt5Td/j9nz2i1HClTCdUPdYkjZe6P80+i
-7fvsAPkrCnJDS3mkFD+ZiSLSz6ogdrOFw+OF1e+rvIkCHAQQAQgABgUCUvAzqgAK
-CRB9Ks2vRlPPKDhrEADArFcIXLsYbp3bmllxtyAmqXntuSt+LAwBJZ8HrLuxmtkD
-HWD7ByWf9rsAzV35ZsQSmzIXow5dZi66fEZ9MOHTRYAnEaNb4pkJcQbGfI8iKMCv
-haffp1rPcj4A/kDcufMSWzGpopqcOF6i/o/JPnpBpExoUKFaBwS4tFr2WUtM0kjT
-aOf8AS9o4xCK9+n7NiQqkHcZKMlmSTrU7e/YK4osaJOaBTOCVpLSuherUY0yXMa6
-vZM60JBLVu+cApnJRKGX0m9UvFDh+9d06sPywCki2Z3G6pIZo+TpbshdTgYeda+o
-EQXMJS6acd6O6cZMrqKTnyNWRIOPi0aM3e3Wwa/bcwITLsgTfmSE9BDmCj6jByqZ
-JPKZcXINfMYT4g3pqPHDTae0jLrZTOk15UvTqzKh2tmQmE3Jw2nHksuTCzgd4CZC
-Qwtg1ZSGV+up856L8fR74Q8Q2MhwH9BNJe+ET/vyyREdWLKln4rL8+nve5ucSU9P
-tCkx3pFbMkwterqV5uHFB4VvtbIJr+0Zvzh3JFlyBD/oYAPXx2oEGriL6Sfh7O4B
-iybQLODZeaIWJ6AcOPwuH1jlX19TXLM4BfU8R4WDbQkGxmXiiZfEjrh7vighzxty
-3J389ud+visUc4UuNbVNSV1FYr9AYAgM2bKNa0UN806zEu6grzxQ9vG35rHy/YkC
-HAQQAQgABgUCUvIskwAKCRBqbNW3ZWMtOj+9D/sFICkyrr33v0QlbFKFY7543Ikd
-nAMJo/XHVMOfeVzezgDR5/mpjrb8wbfLXEpYDqgV6UmLQzBwJlOGtHOyU+uzUmmZ
-WWsBQh7EJDREW5OC21XIHbGkIwF4i5iYXJFF0KL403eYGOkphvGg4HPS5D70IIZl
-ZAhYe7/bU72A3Nl41U/OZ14w4uDw6EXo+CraNkno6AzmRg/jKPMbrvr6C0k9rwpH
-VDoLpppYEY7iD+gcI1FakSFbsUxrKmlYJgDSHsCDj/IYoizBx7W7acykxHUPwzGm
-MxwPsNYHnMHIyc357erpbDo4zweKK489gJ94M7pvA9Te0x1PEi+AtgRc23kqIiXx
-THycRzJJ5GbpeVoTzbIuQfVGP4O1/iOIhJ8jOSCbeZIK8RU1n8lDt2TSRZRL1n3a
-kczsy7BAJAICGBM9R5o1yO5Qi78lOr6D9FWGCCHHyZ0508wypy5luZUTps5ZNy39
-6Rk3y4/9Vqx/8YQ3pTQTC2dqDXbP9IOPPAs3zA+fPGqZEKCyUcjD7cxfinH3vQAu
-xOdo6ZBppF5QeTTL+UyotRetdeq5p8QfJzZ2dvbxVOzOj6g2tA6iiyw2LtaH6ByE
-Go8MLZhDLiAaHLuJF3S/TOg3B70q44EjVqbWLZVRbNdeLjCP+M5hsRSLHXrAfww2
-qadD0049UHCDXZ86Q4kCHAQQAQoABgUCUu56pAAKCRB0gmVeMH40UhT8D/438F8+
-5u/7HhWs1f95hKMeoOr5Nu0UTh+hTlTEw/752sHdk5XObKsM9T/1nsvdQAra3hYd
-qN6MC7oXMM9rD1/9zSpP1BjPLUmULsZEB8oZ/HbUiNxsKp8PWA3MmTIbeaxX/aDl
-xR+uo8d1hcRLcle2AYQPgEKG1KRhdYpH62TOjb/QFsP7rxVhOQY99EPG2BzRcMUB
-YmiUdoOoWvUF/fdiJ2Brif0/fqq8G7DRtq0FgICxIzahFmtnIv7dOEgtWrAxAqmn
-ow5HeXiBv8a+Kjyp0seNfNUQpyb00EHP/f2GpFeHiwg2GZRsrYUAkdrpPYAOC6Se
-XgfoBSZn/9eIE/FQh9bSU+8kXmHoMehcfUqUk3SuwFqWknk2IZkPWj4Z11siIFxt
-/tNbsoL10V3Hs+ZxeNoXgB90PLH7VmUVqJHBsvr3ha6bwUDXGf5NYA23NQ83k/ls
-TenOT0+ZKWFQmyUdJLZ0HtQcjMe11iIk9D+lik2M7n2bvGN0+m41DUu19R4YiQg5
-53AeLgclmA/lfW/2isYGnRYgBpK4eCw0SV1xUwzVrbNpNOzJobTHhjLX4ZGdx5iU
-wYn0FKloDRtCaDyeeG1pWJuy+wp9DKnpkTa9Rbf0bwX8PHWH+OO4TLKTr+xcOxXP
-I593/hj6yh26+AeiDqrbZ5hUKCOLt7EwOr2i3IkCHAQQAQoABgUCUvATOAAKCRAG
-BPSQykBVvB9CEACLITF17WyU8rXc8jzmDCiWWWgBOr5r8jJiF7CY6QwWrvTqNh2M
-BI/N0Ej015oc0ijRv6fIvmvtLtcjDe3iemAZ7olTuHWvENGMX4QnVJ03cG1MDNiu
-qZxQbDckHi5uAyUWHqhFDlVeCr3anA0qYE7R04iozYi0Way9yw7yhiNd1kQ8gDFs
-PtQ/J3s2qtL3uklIGvr7XBBK5mATEKU7QQuLuog6pek7uC8lyOmFSN57Q9jpFBt3
-yGJEtjZDIJaUpCv1X+Yo9IXsV3i1+u8ZNemsTld1EZfNU4txLasJXL4Xsa7eYwdR
-GFn1zjglJOS3lMYBhrlW/kdsMX4HvH1fJJInyc4X0ZQ92PIpzjbaTh261uuXuxbK
-VEdcbvAsLhzoLdlt9lqbYrZ8CKDVOIxv8Ia3YvJSieoLydTj2enhq5pG8c4hZSIz
-DqoX3WJ2Cw/9paOyBujLHtSYanjySlcI/URyta4IbEjMlBHsgf7KN3AquUPRRw1q
-IvbsEMT5pgIShw40Mj3hsIqpSVA50MjbuViY6ilj0TTHwqCUA7UMFv53EJ9728yv
-iJcYrs9o7fr3gvl8YCrNrmeUPJEPz5i21jthgufVdGKoA8uT0mzEuJRYein4KOh8
-Q2ImFb5B9clTI2R4sLHe/pBm5YHDK+53poMN1hvBy5tM32mIAZV0cwgRfIkCHAQQ
-AQoABgUCUx6IhQAKCRA5J42oEJ5iRPQ1D/9nMB6+OLRV2mOg74R1B40e+k2P029e
-39yLy4r9a0IhAPJRRjv/8HhjH61m6QD+Yjj96ZkLgbyVdvv3sqeMO2DoKjmOMgis
-PLghprJQUfpoZPNTTCq4ULIxS82f7IxoyFC+GdqzpIIvpoRuZWqSlI4IxaGgjpHL
-9O5+QS2wuMzMY42EJ8UEfcQItcy9g1Rzv7SB6eSRfFABudBYNgG1OmaANEnV72YO
-PMtHu2yDNu/AMEkZQdBjfjUG5pp6Eg3iGzsUrX29s1K9xu5vIsDO54Iuhk+aeeN6
-jxu6lfeZFPFo46hSVLRQAJzL3ky8tK2KEr8bt22hiZlbcaQByMnLscwfW5yw9cY7
-G8yKxQ8EboIo0pghxic50/li1iJh5iW5Y3i/giTrpNVCGioqshOHR03Lggg30PI+
-yJ+cKOzsN+7wR5Eh2LiLlgzlcIbLHy3YCu2GzBQ4VzP++5PAiuU+VFLQ9iW5XVad
-RjFPFCg/kU6GvvN6vdldgbZDhhS4lUSSAD1deZKL3DlwJYKuih0oltMD9kYu8Sp/
-p6BlZ4qIA42KamH+C6nWekQO7hTvk56tPwK6WxaRnVNgzjb1avXZBO1k/7c9VoiB
-BruTsZ25SAG+FqY9EepemOAcRtvB5pLC0B4zKMntml12DYr0Pb5tf+JRRerbPh45
-Vj6nfJkH8luVWIkCHAQQAQoABgUCU3xTCgAKCRARRZNK4HrFtaruEACyykSlFW47
-Hrkrguzq62A6Wep1WtvCJDUDQLrQTtNGCj1oMcI1G53YaNCX36VFgURCL4rYJqgP
-F2H/zD6yQrhEeLYJdcyYN031TI9tRPbag1Q3FFl1PP1hFBniEJ0iPkQlE9U/NdLH
-3EOfbfO1AYbs+iAeHO70Co1QNpTQyql+3B5U9DdWt8uz3AFAYxwzzBuIK6Inpj6x
-1HvKWTVGSsxeaIoSuJT/TSaqbnI3Ude4E0J0LtIgIxjU8s8UkU3RFNG31CGczENp
-R47YN+toEE++mnobKbTa5GjSnkhDp5a/+vZjPCdjyBoUTe+2GDNPDyDF44kcaTv6
-oDdnNmAPQY8agGoIKp+zIC/wLszCd3zH9TKCLBu7N0G4Lb+PP/rfdI/TRPw1ut5B
-Ylo7T4CNgiT+WftrTodR6XkyAx8L/oJ/soZrLyCMkgDzU4GSgXT1GXZSHLk6VjCV
-K7puGqPlmMpWfwh3iaNMI5TizREE4FCxjzMM3N42TBx0xWBwKkisGy2PiqDEwAPs
-OB0eZ7GkgkrAR68h/AWvEEQoNIgoxduEdWADXim9en/U404LBvQPmp04m9uclQes
-w8AHK6cV6r3Exrc7CSRhVyPUyP7VC1Gsrj+468/E8SkYH8gQKAq1cZNnLTjGWlPb
-9Jk1J+SfpEAO9dW+3q6pIwQKf1WCRReV2IkCHAQRAQIABgUCU5OwIgAKCRBgvLtP
-XNf573NgD/9DNocnRe3VdfD2fn6csyYVhXQZBkILzFL1i3Nc+8K9qztMYtpjtDnW
-J9vWYw4WMT+dpKkiLT64aHrTCUxOsqzoQniReNFfLDDZkk0Oa+z2qr/tDt3ZGClj
-XpIaRSj2V6rf3BtjlATxMg1MSGOozr5qsfe/CxCil1JHKQSXvWoKnfeCp/H1sZM7
-VFYyiAOFXI0a5YYyHExY6NRBFVQo8HugcBFKElL4JlspdSvm6yC4CAMS7mE9X/Qo
-IE0FZ0d9H+7xEwTEnZZGJ8He7iudIHIw2cTJvRGVrlHxJY+UiUJaM/A8R9aQmS4k
-mnMwGVt5BVp37gJ7qHjhFRpbqd3KsY3NgMOCjFWlWWb56sGPkDdNE3KTOrv7wNy/
-TnN3NDCFoRXLEusIFKSn/jUAbJCIMtP0Z9jR9grtuA73kP8bDf9IJn/gigdYIs+u
-0k677rgFQfdykduutc+tUi1H5M5OxApj9CpFF86KzJfC+VcBMV6jpj/JrV+WutBy
-gIOMeUgz4iHBoo42pquEz4i/QRXbsoNRrpnQvAIINAN6gZCn028K6yHux+6YoSgd
-eHw1xUn5gUFt2lWkO3XcMQT11eEey7ojzeUhnZeBPlnbVv6EJEO/5vHpjWn8C+1U
-l4S3Q9VJThQKn1I02PKf21HX0cubshjXjAnjA7JOt3QsxILtGWXWxIkCHAQSAQIA
-BgUCUveVrQAKCRBbnqFhZpDPlHxaEADK/1Yqdvt4fPh0bSuUoGLeBP78CAN05glt
-bLUpr5X4wx50OI6JnejC98xhoLzg2z1pmjHJY4LeY8eR8xm7+mPiUOLe38CHG9Jl
-NOjFBZ5fadSZGJL1B+h7QC4oG6qsepsoGyOvhSna9xM6vuPWjDD3EBxYflt1ac8u
-Wt7xPTgK7FJqHobUBdUoViyaaOLQ634c3S4P4nfPnQeZS0gVe8iJYZRsL6O6STX9
-N+w2xzMPCgkuYILQOjWeGU35Er6lGa1NaZb2gWhnbo4uw72TEuodL4EY49se51C8
-TuKDdvVHRjN4Dg0PttWzZDHqtGU1Zq2vYfV7T2M0+dMVxHRiI/vLOXRk3GfXPLl3
-XWRMxMLH0aBe1dY+Dltr0SYr6d/nZKpGUKVG6XLsJSZjsHVo1BpRYoTJ2PolbTd7
-ncBI/dHlRf02zcMylvrAGGsaqK/dmXnO/bqZP6i/9hfqBnyXF3W7ODU8iOe8TVjx
-zLhlbpE35VLQfyppk57A1DWGUfZ3dYo4V9DT8Gp2ZMqdjA3p8JhggMbfQcOFuan/
-wC5cOw5GeLTYjMLYelMmGVeP7TUiwWDUQdb/WzUqF7Zoo7vNb7wJeXbxSoWK9Jwq
-IPr5W9y4ei7/IGkSnymQ0/561RUW27dNMa1p+8NWgOF9+qLTNyDIQB+wkRrRRcLe
-X2fUOcgZhIkCHAQSAQIABgUCUyGvBgAKCRDQsPXjGtuBmowCD/0bZNpCWiHnzTrb
-xrmuPjyyDRfAAWQSwTHuvNKWKUodlqMIRnNCuRHLxoYQDhrZXDP8U5RHDF8Oq8OF
-5AwMJWpiXTa2kwew3yXwp/Ioro1MMmHpGf8GfPJ+2zFP40B8v4T1VNYIhsIdsuov
-HJv6Oe5cA2KdQUeQ00FTaSGbppy9dF3pn32cTOixU2YJLnDtd9Iq2NGiilKVTDuq
-kWillGUHtpU9RS0C/5pN1kqRm3mIPWeVyEmrF4hDsGr2phqwQZzBdHGjIyxViTTb
-UlwJnmZUH18N47RGv5F6T80+OtZ7vDahidobR2k/sa1H7cfBb3tiNg4ZIPdyTjSz
-dOOZCQxhoXwGIQvp1yPr/G+42lZdeO+3bmRx1LsjVTEny/ht3XGjSn0bTZczQDfI
-kQDhPRL3UNWPQr6xeD131HTncYUOOlTg9nn8E2FcX/zR9bIRnxOhzD1SV1WDuBXX
-Qqt/06g8idOotGj1/AGYp8/NtnpKMs6DqJrwHSL04Jukq4DZsKS4NcmJE7Z3Q/Rp
-0TCLEqAT4zbEyBT+moA4FcHezb3hpWJICs2elXa90dWbzv3tBZElcF9xF98vMqpG
-WaFem/tnw9GPxvM39vMBzQ3y1tYzDH6XDknuclZCkxY/ZTFA+kXXTBPLGNv4tRek
-UAd3fKnL9Uxq5oqsoErtNZaeaii9YIkCHAQSAQgABgUCUyXdYgAKCRCRgV1nApgq
-SqwFEACVYopiSrIwLVzA2OLiQ/BDaIXb4nzh/M/QPv+nl1FQDpFPEV5G/E3qaKvl
-JkefbwS1/1pmvwxlTrtI/F/MuP1WtotbVBqU1qEyeAHVXVsoxVzDJXd/07HvYEFo
-m1KtXo7Wkky3/IZfrRCuURj2Rc3Df2Nw41KKZUqE++LfQoZjeKLBnY6jIO0MyxGS
-Edq1qvUYuYA9kuwmLcwjDfwWV4Yrcgw5Bzk9uB5fOuVoQ6d41vxYAwrZbBb6JImY
-rMMSMOSwJ9ynC2bdEUCSCnAUEjCUGJYA2yzK4ECT+zf9FyKxMHDROoWX0HUFOjDU
-WKie8Se7ArHhijSShZMPMJTREJYMuctn6/N1FHybi1FLlhJuqGhLWyafIfPq2u/9
-WXl2lg0i9SZpnHgXXMir684L+00t7go5sA2LSJ71pFE6hjoM7OuvYvCGTBlZA4XF
-FZMDq7q+RDNFkw1UvocAgh7KdarjcZEhkDaIjmv+E33rGDBn/QbXwJFGO8HR2BzM
-YoJdfvQTrupoB0Nav/MGl0yRo1oQu9PHyA0Q+NJGewgYVnSsXKborcUtvYfWd4uh
-FooYqjbt2X1kRgeDDlXeBXtQKAOPDoFg4hs2dRqZN8LHrIYJ4uncjNkvQwG6qAdC
-ce/BJ+J2xA0pC4/+JhtBWju+pwGwxB6FwBtA/NVU0CzRX7BGIIkCHAQSAQoABgUC
-UvOycgAKCRBIJckKRXWKIcxSEACDe0fs9tUbgdigsk0tASRBCVV5x3suHOV6AjaB
-BLAlWAWe/VFhZ03dpyPpg9J2ZLa3eJhLJcnnpL69SijVjcc2MfG9CHkVHSsZlSUR
-BaSKKOuYaj0r+Oz4kBDpFo1XBs39bdXJMeewCy36Y+vHwsfl0usbj5SpzR1y93lJ
-gJdn1MRZxewTnOj1YQBu6kevRrhSTqz5YOF2ebIzqALS/iXu1Q7IXzO66sMuAUBM
-rehhtqxXgQBvu9dYiKn6dS6HKeQtN+yLxklJ8Y8z2b+kAhtdLIPELyTv7jsPbMQb
-A0oExNXNZy7rQzOLWYRw3PCkEnD5pfhLV7v4JsLl0nb5EBYTy9O/qdCvSSLMmscl
-Dmien+9ZaydFN9KxJiAM9PzN2naZY9Madh7WHazhbgjJmZOo2MoxHMUJVq+7Uktv
-FgZHKMjkwbzEqwC9e9DIa6z4Yh8apDS8FCAkUhpbfQo3Cgtn9r+RYrBOLFkJaXLW
-EHifW4CdielGY64dlfAuxdTDdwYj0T7W3GPohdAoZRV8eumURQgMn4pS8qq6DkXK
-ISVKcsdUd3JKycykrF9uhaMQ530vERuxeBwrN4dSowA46jK7vCmw4cZIZoVYQJg/
-ELFIxYWoq4up3mAwaIojZc8vrLRsjL0nfTwrjMXT5g+FFlZaALP7kpzInFHKlgLE
-aD1TU4kCHAQTAQoABgUCUu/Q6wAKCRCpyGyN066NOiDKD/wPtMoGz3VJQABzU//3
-8eR566SAJiZ215Ahq7OUODM7ovHdbYWS5J82jcQmEmm35slgMroZeicClyyPm5BD
-3JNLXVuZsOfj/wl1Ip3qyO7AdX4wWf+IuYBOTbveUK3aodQwWIJbn6jsfnjHNGo+
-Y4nxU5OYAefqOHyj+lvKRrpPTFOY+9bvKq8PLe9rAocsQnmirN4WSUP76XOMNmy0
-AxKqo91D0+aX9N2g+xyH7NYEfFJ7G3R+4biyErnev2cEMzrnYFxj1J84Pf2TRWGs
-KrGeeEnBttQZGic/3/82uhvmHJb9lj3roHEo7PWh7B1JkE/XcJmTYGd7WAD3W2bW
-9KW2vBkOsYKsOtZNG9VcCupXU/iI8uXrusd5t17ojXdFVAfFIzaLQUGkDJIjG65k
-zqFiWCS3cIqW6M71xq1izAUgojtA7SvOuDdLDcRkyYZDgxcGPAqAcYi5NOVMwZG8
-u4BiJJiQ39p3d7F15z8bniXhFXyU3kFmi+n1LNYt3bf8kuqMlopOxl42egzX/S7J
-OdY9GAl17/z0dKNEFgHF0cMEfR96oNtx8ohjMMTP7exGYf59gdOCXjFJtT1FRvZ7
-VhVn+jtKD938wUoPjZBzT9s1ZXefX76JS77H+rPn/xGcDfFcfz+dHlYnxo9rjnI9
-ppHYQkWKrYVcHGW6XxlEzci5NokCOwQTAQoAJQUCUwDoCR4aaHR0cDovL3d3dy5n
-b3RoZ29vc2UubmV0L3BncC8ACgkQegaFQh6JkEJeHA/8DKGQ1LKDa6vCsiY5L5kD
-jOjxJiDV0y4wu0/X5kGCIbDmj2ptm+PPLiTMH96wiGuAKPVyjh9IxG20v1pxe9El
-3ROSlh8Ogv4kx+GX1CBkRO/ty6FM/1CpIJy7COTJXmLbdN2WgNicrcqitMl34Cvu
-uLNHMNr9oxP5TwpAzhwTJVG8dOamEJ3u2f9soObvs1tppt6M2YjKq+B5CO9/f4//
-otJXST7MPPUIy5BgsDSQtzc8hUHJo7xmFFmo94l5qhxmtTJZ2yIlvr8Jhi1HutFy
-LFAay4ppoUkQ+M79uuRl+HZzUJ8dKd82SiJNG5Q36tbPr2w6XpNvwYU5+y2GKS8y
-sH/bYTm5vgZPiOeZSjKVCC9ODo9AZarj5usfKYTLiQUARkGDrOHjk6rd0J3EQTAF
-R8yK/iQ8DZwejrAQNRrDimHLujLROZCWgrMX3/O7BGu5s0rER5O0VSxBNXh3Oo6e
-Qpolg6BgACZkQWJzbk8OEJyBk2OQYRYee/60lR02Ym4vj4c0OglZIQNjQna/K1sf
-4dI7FQGupUaEsvT0xU/r9HntzE6fSxNZKV7Ut4qHm8X197R+jBtr3Gw2wY/21a+D
-MrgYK9gieAAekJLOsBlicHnM1MkAMcXFvMcZXwEBA3XAAmXxirNqSUD3FDiB7S8w
-vvWM7U967O1vqtyl4Elu4XSJAs4EEgEIALgFAlL2RqYFgwHhM4ByFIAAAAAAHgBL
-b2NjYXNpb25AbmllbHMuZGVzdC11bnJlYWNoLmJlIlppbW1lcm1hbm7igJNTYXNz
-YW1hbiBiYXNlZCBrZXkgc2lnbmluZyBwYXJ0eSBhdCBGT1NERU0yMDE0IG9uIDIw
-MTQtMDItMDIiOBpodHRwOi8vbmllbHMuZGVzdC11bnJlYWNoLmJlL3BncC1rZXkt
-c2lnbmluZy1wb2xpY3kudHh0AAoJECW/SE8Iq0hJ3YMP/2tUD1dHE96JkIRT9dv8
-MC3aFZRGgv6HqvdmMWsurUvf8XEbf5MZvbBRl2rkQsDkEoqE6j1Q7Mu2odrOX3FQ
-S5u9L1V2BcGSVLksTEody2FfbXIZWDrSF/HnQ39UORtp1sWB7SxdfPMK2Dz0ZFd+
-4U5iw+4uzPynPI2n05Stn5kCJOUXEPhwO0sUliWb4BzOm4fP00BebKSPFsS97cM+
-1mtoZp+qSZo3F08xOtrOXmj/idild0GhZhGlmpddxf4P7eleWNW0PaaO6GvRnu4c
-Dd6/3vSLRGNkJYI1WHfNObwpnKjpJkoIHF4h7ylK83iiSSxh5ZNr1XAtbOSEzuJb
-VIwcYoVegHjPRAlULnseuxIPCVdEaPHhaxSouihGOVysBtU/0TjEiuBa2u/RLrfD
-T2vIeLvjCOkoRP+fiqmO1qJGhkGcJeponKqLlKXryzNZKc6ZWDC3zlyiTJiKphIi
-6zTORqByAdW6xjHzKy9hYSZQIHUDBTB1dST7org8byhzMtKbV2SRGItebvfRpm/5
-eg6nGBSdwzoyYCxO9nMeMsom8z6hyNWx5Oo5NZ9bWrEqTd/e7JjbnYWcsUpw6RFa
-3HmzV+DS6HFd1E0QT806yAJoJUOlhfDbFaDtcT66jQbj71xv/cGgllr0nLx97med
-oU4xeZ1dEVg2qhHLp5avpFN4iQOcBBABCAAGBQJS76FxAAoJEFmPlar2yZxfgrMc
-ALuDba+PUFXbAP0dp5+W/H7ZAPf5TzoBmgo45s05dom05fbrKUYI83mZ19yGWcVV
-ajrAtIp87TTFeGPmkrCEXqONKYa4vGJHGZA6S19EaLaseL0T3D+cT+1ycDi2/y9R
-jqBHOPw3sB1IlGTXzRwLZ6QyaAl7du16zhZqlwVEJnoAK6+0YMTQJ6a2DJdURIl9
-aLeC7Qwbofjzyzi9+JOg4tX0hrXzBnHYlyXJVZVcSzUuQZvD8J9oZZb1GNNwOl2S
-7X4UZoEqshLpXXoxaG4ROcr8/pRmEYUR0QdWap5ZTeW31NyTYArRsCvrxyZu/4Zd
-iumKElqThRWcXILozpfeqDhx0AZnn1wXTAELm1YGDNbhHtBUUQ9jcLOvhbPvgF4O
-bpFvsTec7dI0opEh7A0AcRoLtMXSsHH+L8NAOAfxXi8FDXyA1M2tmOu0ePQC8xDz
-8/bcDMw6NUBn2ls/P3m3irVznZoK83SjpkfvwvtEEjHieuLHp5TwxaiwO8P0S2Jy
-AYz3gQYWqnzhaXMcvXr0aMuRMJ3wx84R3tKdRZrxi2/OsUkxsztRTUi0eEZBoqXT
-/zcFs/g9UsS2t0qMxn8RyZygP4DN8623HMLpqzLQ7f3Jr+0ggUTzU4vOHdldvWBa
-jC44yqTVgB1UO8SzMoKJIIwbbtkUzQG+IFxukIrkeX2kngx1R4ENo13eqM6Ma/hI
-hCZdchSGcBw9T4QKVtbMClNr1JwWNBDLAGZHVKgtBeS7b51/1doz7yPmEJ+jghMK
-rpt30/dgZDWRuIzPJ4k/Do2NrhyjDp2x3axuqdXEpQjNREhi0AZWLkc0ySZuXfUp
-OsKjKFY1jLKwyhNaji+VaT3xy9JmngLM15EkWfeCHe0Q00CXxBwPztbzhfCvuC0V
-/cjxdwnVlhEKQjlEIqPCtnGBmm7j1jAwCWnl6uaVr9mI+rX5rL/YrMWpqRUGG395
-sKbCf8mn9rwadLjCXFHEnViJsD/vzbKbJy6CEvBzh7BFWVnzG21COc4hQIAqk6yb
-JgyPhnnV7pvSctCiId5FcrGPQhSacXBDpj2flx6zqHRldtv4ogvsX40dmm5NloA6
-iGVwoq3vUOu3Dxk4Qy/TGQPWh3y6RO5VqYduswM8B6GyIVm9sM84AlV2XrSM+P7q
-HsbfiRo+wBKpqcw9g5hQmjRh/IEOZgDdLDSHpfv1tpY8iQOcBBIBCAAGBQJS8Ct+
-AAoJEFmPlar2yZxfS64cAMjdwU9Q7eGyBs/wDGU6Z+cTRdNdf2WxXQO27CsU+yEr
-OdN2Di1Cq0SPoMvcmK8s/bRM40r7hBkPqPZDC8zZb13mh4f8k3mdZdyGOgnMhhyG
-Ns7eeiebSVfEZpaJzmJozeeac5V8NPn6K5nEutQLsyIIhVEXbr9VTApw3l4eLjMY
-UrOvhmOnqSjDnBrcS4jaBdIbj16pGmJTwyN9FRYH4lF5VPHIEL2c7PYv17i4H4WQ
-Fy80nyNCNlv+2LQNfMGTq49XviB2RmZ+VoYvoJC8O4iaewGFCbtWM4t4jLBKD5I7
-xGxOQnvVBjXj3si/ASsXR4tDM4mAZUpi0YPZeHM+DPIji67MDXIgwDVv4JRO9Cuu
-gARL1d2fRarNE8vTuA8mKoCllcCgoli9CG3RcCf/ZrnibT3hLT939UGqt7siBtpc
-iEKoYC+VtYTKEFf7fr6BYGA6DfJK/npYKjkkNiO1ptUO5d8Hzo/mdtIL74jorleX
-KCLOXu2ryCMmnbwhjRvv4+KBRUHHWotlL5KokBvMNyYvuAxFDQG0FapuZDna0GI6
-cGrGdlVRbpbjD/DvFzEXaEzKksI9VStcPeFPexGDCD8JbtWBWfwK7cPw/Y7mAdf6
-TCock5xmotLdDu07xwlE4amGGfVy2YO+f4tOcNXRjh+LpvO9AC9BngzqnSCBMYO/
-AIRdS0GUuXUqCGCdN0XXkWQJK5quEIALg4Qn4mivweHuw9QeBKqgKA9ku3AA1dJR
-cACbVer3njqhFxUrqusn6KnbURYigdzOtEk3QaglAL8ALC13MwE//dRnbyT0J4gU
-aMDs6yF5wc0Yyi8ur1VZj5Rk71SOetqaAHgm80myN4Y4pZWC35qPQdGcD+O12ECS
-PMY0LsbRT0QNVoVcuv+dqroWLPC3ldrtj6wDC2/XdlblJyo3p67TFAlX59E6GE3N
-n6k+AuodyA+ha18gXH0KS9Nbtvroxelp+DVn3lHEpkUbqE6CQs+nbj83TFmNyUp6
-+sObs6ivaco8SbJBlsyhdg7irP08CS/w2YBCYsYAHc2Gthpa5dxCKkEVVM+P/vP9
-MAu/VFsZs5b8gNRTynk7STW7DUHDoK1STQ0WOWonr3BUuBqaqab92LuJ7bHwM03r
-gsTIVVMPrN9BvgphLfV4zBBfSdGPnF3KDqoTSpl+QPQq3sg3avBQAjzqhwu3JQRN
-iQO8BDABCAAmBQJS8CtrHx0AU2NyZXdlZCB1cCBlbWFpbCB2ZXJpZmljYXRpb24A
-CgkQWY+VqvbJnF9GxBv/QuxL5zlNM8jhzk5fuPpN9i++W88qfveAaBtxLTWe2UJl
-1/10xHfjw1a7FjJ3osYnEv21yW/w+nfhnMUk2DugC40/zb/+EaPrAIPsvyXDRjJN
-f89qYLqi4cagsPI5rzTy230iYk1kXrN3pyIY7feNd0dWpkCsDI5ug3hbezCGYLcg
-0B+4msMkuAGOU1Ctus/L2sIpdY277QZqFarK0xgYSGTZt/ohGXo3NbUakbELxeTg
-QSdLmeH6SchzES7Kv4Wanv3LRNAZHhV7wJSrAiuHpgDn6d/YWqFwW2PoSTWN1CgC
-yZNOgn5cZTCTNnwo90USwyHid/x9oZlmMNALnWk93AOB1TByOBoSbjfiK0xQAmrQ
-lik+eOSYEeIxGg+B/CKy7wLqy5DEbf3IeNAiI1UVDQZb4woXJ+Kx+gvcIOstK5AG
-zLXowaXdWrqsrfRQEXi6qxewv7P5hFC/e1/7645lLHyivtTj4F5peuQYgopvxKbj
-j/9ky6YgPsp77vdYCZRhU4xHyWH9zXZwVCdMe5GNKYcxMyJ9ATECmKxfGmXAiqFx
-tzRHroblCVH4ad5h+/dShPH+LUwVJorzp0gBx9E+ZycukMPmEVzji6CT8na7ptNo
-exCIt1TH2vwwFJwLPxlRGVEcj6aA7iq54Kwp/hpjYMbg11QvQpqw4Ug4tXs331IP
-keYbKbaPudvfeBy3FucO5YSBFnKFIq77Q3ID500L7e9ttnvtn/s3ZIZqY5/87jv3
-0x39o0SoAInsco3hViAYRGZrLKk4jAyM/q88YCa6r7kcPSLpYmfI+7OxFYuS/NvN
-46UL2ozm3NQzmXJKiAeCQiAVys89eI5V+QOotMz/hMRb96OEM/AAtrZLGXXxlRC0
-aJJYXXPYELWC0qMxvrR6Z/0LYyKssICH5Qgv7VbrFRLlVw64VV/MZjI/grBXP5yH
-arUPBruCOHe35bl0r7Sc+WAyqFgmiP8EXq8vwTQvBouEG3Tl7sScHgKNQ6+2Bhy3
-F/deh4afN+21xZ35I4HS8MZNaFSnQXktdKqSMxnpUhp8oFoshQZ1mz5Muq+Rdgk8
-4LK1B+HxXqMaXz4pcF7SuvU8ZoeMlkbLBdLCAzgHUiL1PZ9uYa8BxOcKErg46Sak
-kkwbX90jEo2W2yv7zRuuKySPZaJ8VTHKQtzwuB+S5OmfE5WDzY/SHfQVGPZoKGOJ
-BBwEEgECAAYFAlMuylIACgkQ/UqR/oGOsfEG7SAAiSHuPmBO/FE20YKiYK58kKJh
-kfBe7g0W7rwjlXUbBDs2Nz0Fn2gyYJIJ7+BKD45bHxyL3zgCiltZ2wmVYLmTm7Hi
-LoBJlcusy+0aq8xF2t/am0PFIZQZsDMCs1KpTuRAvMIhQaLZ5/24/qE9RCOWvOkj
-OI/jDoxp+yMl78y6vk1te/4yl+TXp2W/y0QobJNDwFTDqFVaxEjJs8LJK7JbqtxF
-6plHOtk874AabUAhdvTtX3xNMNoZANoOWMcQKpVJyMuVCIsMohEuc4aGsGE4yKNv
-AnGwIG09QIRPva/HiGVl+BgJQgmfJ99iswjM83to9c+KBXlmBeIzrwB4YiNIepJi
-3uH5EtQ4v7txtyX8J7XsFZV1+s0UkYP/r8ioCYv2ym3O4Ki/6KcIdSiKWdkuuqLx
-DDrVMDBmlMaZyk2dkR107dJUg3CFkXcqi6oDk89y+FkVNf8wI4OUJYGzDUBYRfUT
-d95zJ/6IBrTC97xaaFVC0pBjem5XNog6TaCCj6fmiUOcVqLxpB0eaFBXj70t5j3C
-9Z0gVXCt2KJFXPLrwIpT41RNWalqRfT0ZHHOel17lxEWwvuBTLU1tx70DwQkV1U9
-qIwBm9uanjnkIfM1s451b662lee8kHXgx+qapYwK5fwTW0SodtuyrYg69bgK7Yls
-xUJ7okkdyrkPsgT3aFaW9Ep9A3UXCkw8K8BLH2n4cMwqhR634U30MT37rP6nyFES
-vZKzvo1d3CXoOPqiY8JxDCnSpTldt3t3Bdrc771cRzdx64S271TIwJYdXngsV+4i
-aSjJj5XkJFiwlGQPiZ6uCrGHvq61GL6+JAgkIvdlPWpWMFOEHpwzHKNBXuKYX/Yn
-8NLJHxUNySwOiUxBVLdOrQnFlu6psZUBuqpS6h+YHZzM3zb2Eo6eoZYl96i1ea/M
-rvhBGWR2j3CuNwoueZy94ovEhTFWlplC7C93CyjOwXAz4ExhbjekQ4dT0ooFx2aO
-OVOMElqbW0E5exwocZcAb5OPZOzYzt0YtM2NhNFIubiU5I9Pf7r1kf1yDlWLkFZ/
-twN51AvAFpNqmi3czFMBU/uEp9g0xmZ76w/g7h9qhja1hgnxEE8VCBCb2ZF5vXYL
-YLDx3OMHe4hBAgrcMnWS22TfHUJtM4DmsHMztmVj1e5/nf4XdBebf5wpzTOHNo2a
-nFf4XDbGr6dMf6/s/fFMbgmLypkVndrcypgTvSiBYr7nj/phiO/+5jqtC3ikhHZd
-+z4L24rj8HqdL16Oz4LprE3iB/8kwgN0Gie+PvzLIe38JO1HmS2l46RTsSLtkT5X
-ucbLvowrLax3yhaz5/zgRQFRymve0kpB83e0Wt1wdpLBbeUSrK3qen4PvCQWC4kB
-lQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQQ0PC/w++5ewu2+
-85nzWZ/4KMZymAUCXiHrCwUJFpzLKAAKCRDzWZ/4KMZymOhLCgCaihPZmNPfMD+S
-b2In2kMRmi+A7JWVNJl2iEpannG0jwLn25m7G4dX2ImKDI1acgFUGvwWMvpnHmlo
-1DX1KWUTVtjEvgnSPDmPQE/Sh1PmM5GQizKVwoeZH55KomJIy8cax3zbVRNqBhwm
-7p6Zq34pzCcMeQo+NsShGaLjqflTMgQb64e/SwZlSNZmyFMJBlUGcmPiwM0mX6QJ
-thOlSzR/YAQ+MofqkGTnq8goE/9s1azZDaz5V0Dv+DkDU3RKRo+3f/6o2yW7zipF
-0gVypzniy2ZH/9BrcLUQHGutPY/cTPOmQdbE7vaNoaXC43q61f7ti417kLLmWz8F
-KO6AoyJGoEQBi8WadspXZ4lLVupNJH6pPMuf5VLzzK926YAc004+wnIyYo/EkPTy
-ZowKyo47KzdMyXkn5jPltI8lABnua7kBTQRQ6yFjAQoAypTjSPuQanLuvfu9n5i2
-T4s8xFLCEQNmNMNkRO/rieRLPf2E6eT51gDaT0+xkvCSZ3OjSSXoehpDJBhsKuTq
-ewg7I1vaUGdLwFvdF458p4g2vVtFvpufl/yzzs4fp4rPWXH9ez/dbaaywi4vkzjm
-9+cbd/eqWfkvj8LldHS4iGHVWFd3uizQldC44RKqed00cE6y0zT0FZ7dAz2E4fyp
-9ceneczktDCuEMmyjdViVOp2CEEV8lipIsY27Pvo3IFf47nJPelXtG5b5+g36n6R
-vGM25qkQrny6OvNy7ZQVGdHPs56w9Z6Lql9hG/wspRvEPGVB14pgifoOkXx/ZDpr
-VR/9tPLv5w6H1S/0NHbwF31OTF+PXO12Muwdq05ZPuJ7jXmhzNGlNmNePkkMvrEe
-s8nbu3hi3ao81dAl/3pIK40AEQEAAYkBZQQYAQIADwUCUOshYwIbDAUJEswDAAAK
-CRDzWZ/4KMZymBlHCf4/i9P7s38AkdWkwWehQU/TnTcmrVY5s9tGobJBdwckppE9
-UdOitPGDhif/yz2o49HiqlPFioMTHO6VouUhvsjBZ9nW+R5yQxokpkowl1vwc7Er
-de/Oi7TtJtHoWrY/ZJeia8UDV2szpESdsMNdz+v/dUQWlekdPAZhU61HKNj+sPnY
-wheDZZ5Di2u3zOkLTWTPsgfhM2j40gRY2RudgVVmZHFxFTdHBIz7s57kDpsfA58u
-5UIpKePTbpq22pmsWRIpcdgYvYEm6LzWigbp3CovV26IhIjWwGqxsT+NEL5ZNgLl
-1r6vn4gZ1NXtZ1NqFe/+5wFh+5I/1a/ycXAXjqbDQxpFu2K3d5pCQq4RvozLNVdq
-jW/VIa+WSzgONLCM9jx3w60foHPEx5tqeTrwlhAHrpGCdtl01CLel6DztBEWA4kB
-fAQYAQgAJgIbDBYhBDQ8L/D77l7C7b7zmfNZn/goxnKYBQJeIe0PBQkWnM0sAAoJ
-EPNZn/goxnKYUl4KAIgdXi/Q+ExT3ZtE5Z5lFQ+wwgmRKLnc0yrvO2d4MJNt+Sy/
-EZK3dbzIRFWPZukYRg26Y4ySilv8g3Fq5bai2afv+Wo3322hL1RavbpItIYbDQ47
-gj9AlWyY8IN4ux3AOI6m4Di29itG5h9G8nY/vzf2S1MxnngKPVcm12zgtSoQ9Vbx
-4UZfwhyqs/VqIsPNiC59Asuaj45PGEX2JBUHNGBzc8xXfJWv/Jeh3iZAkZZTS+3U
-3S19/p29ChDBRCzAyjlQPPkFLBtJCyn8nt8pGZrJBJbyDTk3GW6FcOiI+Hqvn1eA
-JGC+/y5zRTcG+7w+o3Z1nGIDBBo0QvhYSp9mrOjOOUpqiwLa9utimVoLYgc8BFyY
-ObGKgo8l0WMMp0M6itctN6Od1Ww8rY1bqwH5uHdqQ23eUhdoyIu8B82gU2da
-=hpmd
------END PGP PUBLIC KEY BLOCK-----

sources

@@ -1,6 +0,0 @@
-SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
-SHA512 (gnutls-3.8.10.tar.xz) = d453bd4527af95cb3905ce8753ceafd969e3f442ad1d148544a233ebf13285b999930553a805a0511293cc25390bb6a040260df5544a7c55019640f920ad3d92
-SHA512 (gnutls-3.8.10.tar.xz.sig) = 72d6dd2c23f768f5041c3dca0f49b3f60cd01fc960ce77f097094a2aae6d76fddeb6295c425e3750c711d5f700957a62268aecc4873e53c31abb60eecf0fd4a8
-SHA512 (leancrypto-1.5.0.tar.gz) = 1170a502f58c9bce424578cece64a3ebf856620adc02f390b8877981bccf0c2bf35e64b1628094a06c069ec38a3be5889be22516d45d85f4e75b40085d9001c9
-SHA512 (nettle-3.10.1.tar.gz) = e8673bbcde9cde859ccae75ed6c9c30591e68a995a7c6d724106cfd67a5a5bd45b3468d742443b6565628849d0fd29505a28ca5ee4e89dd13197cdb51429f96c
-SHA512 (nettle-3.10.1.tar.gz.sig) = d074a921df31070a6e6562a9f7e213e67b8e6ce331e2683e8180f387aca92058a5fe8610800817a0aa5098b47176dfcb42b52d617648c84cc6262a09ef557eb8