rpms/gnutls
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c9s
rpms:c10
rpms:c9
rpms:c9-beta
rpms:c8s
rpms:c10s
rpms:c8-beta
rpms:imports/c10/gnutls-3.8.10-2.el10
rpms:imports/c9/gnutls-3.8.3-9.el9
rpms:imports/c8/gnutls-3.6.16-8.el8_10.4
rpms:imports/c9/gnutls-3.8.3-6.el9_6.2
rpms:imports/c10/gnutls-3.8.9-9.el10_0.14
rpms:imports/c9-beta/gnutls-3.8.3-9.el9
rpms:imports/c10s/gnutls-3.8.10-2.el10
rpms:imports/c10s/gnutls-3.8.10-1.el10
rpms:imports/c10s/gnutls-3.8.9-18.el10
rpms:imports/c10/gnutls-3.8.9-9.el10_0
rpms:imports/c9/gnutls-3.8.3-6.el9
rpms:imports/c10s/gnutls-3.8.9-16.el10
rpms:imports/c10s/gnutls-3.8.9-14.el10
rpms:imports/c8/gnutls-3.6.16-8.el8_10.3
rpms:imports/c9-beta/gnutls-3.8.3-6.el9
rpms:imports/c10s/gnutls-3.8.9-9.el10
rpms:imports/c10s/gnutls-3.8.9-1.el10
rpms:imports/c10s/gnutls-3.8.8-1.el10
rpms:imports/c10s/gnutls-3.8.7-3.el10
rpms:imports/c10s/gnutls-3.8.7-1.el10
rpms:imports/c10s/gnutls-3.8.5-7.el10
rpms:imports/c9/gnutls-3.8.3-4.el9_4
rpms:imports/c9/gnutls-3.7.6-23.el9_3.4
rpms:imports/c8/gnutls-3.6.16-8.el8_9.3
rpms:imports/c8/gnutls-3.6.16-8.el8_9.1
rpms:imports/c9/gnutls-3.7.6-23.el9_3.3
rpms:imports/c8/gnutls-3.6.16-8.el8_9
rpms:imports/c8/gnutls-3.6.16-7.el8
rpms:imports/c9/gnutls-3.7.6-23.el9
rpms:imports/c8-beta/gnutls-3.6.16-7.el8
rpms:imports/c9-beta/gnutls-3.7.6-23.el9
rpms:imports/c9/gnutls-3.7.6-21.el9_2
rpms:imports/c9/gnutls-3.7.6-20.el9_2
rpms:imports/c8/gnutls-3.6.16-6.el8_7
rpms:imports/c9-beta/gnutls-3.7.6-18.el9
rpms:imports/c8-beta/gnutls-3.6.16-6.el8
rpms:imports/c8s/gnutls-3.6.16-6.el8_7
rpms:imports/c9/gnutls-3.7.6-18.el9_1
rpms:imports/c8s/gnutls-3.6.16-6.el8
rpms:imports/c8/gnutls-3.6.16-5.el8_6
rpms:imports/c9/gnutls-3.7.6-12.el9_0
rpms:imports/c9-beta/gnutls-3.7.6-11.el9_0
rpms:imports/c8s/gnutls-3.6.16-5.el8_6
rpms:imports/c9/gnutls-3.7.3-9.el9
rpms:imports/c9-beta/gnutls-3.7.3-9.el9
rpms:imports/c9-beta/gnutls-3.7.3-5.el9
rpms:imports/c9-beta/gnutls-3.7.2-8.el9
rpms:imports/c9-beta/gnutls-3.7.2-4.el9
rpms:imports/c8/gnutls-3.6.16-4.el8
rpms:imports/c8-beta/gnutls-3.6.16-4.el8
rpms:imports/c8-beta/gnutls-3.6.14-7.el8_3
rpms:imports/c8-beta/gnutls-3.6.14-3.el8
rpms:imports/c8-beta/gnutls-3.6.8-9.el8
rpms:imports/c8-beta/gnutls-3.6.8-3.el8
rpms:imports/c8s/gnutls-3.6.16-4.el8
rpms:imports/c8s/gnutls-3.6.16-3.el8
rpms:imports/c8s/gnutls-3.6.14-7.el8_3
rpms:imports/c8s/gnutls-3.6.14-6.el8
rpms:imports/c8s/gnutls-3.6.14-5.el8
rpms:imports/c8/gnutls-3.6.14-8.el8_3
rpms:imports/c8/gnutls-3.6.14-7.el8_3
rpms:imports/c8/gnutls-3.6.14-6.el8
rpms:imports/c8/gnutls-3.6.8-11.el8_2
rpms:imports/c8/gnutls-3.6.8-10.el8_2
..
compare: rpms:c10
Branches Tags
rpms:c9s
rpms:c10
rpms:c9
rpms:c8
rpms:c9-beta
rpms:c8s
rpms:c10s
rpms:c8-beta
rpms:imports/c10/gnutls-3.8.10-2.el10
rpms:imports/c9/gnutls-3.8.3-9.el9
rpms:imports/c8/gnutls-3.6.16-8.el8_10.4
rpms:imports/c9/gnutls-3.8.3-6.el9_6.2
rpms:imports/c10/gnutls-3.8.9-9.el10_0.14
rpms:imports/c9-beta/gnutls-3.8.3-9.el9
rpms:imports/c10s/gnutls-3.8.10-2.el10
rpms:imports/c10s/gnutls-3.8.10-1.el10
rpms:imports/c10s/gnutls-3.8.9-18.el10
rpms:imports/c10/gnutls-3.8.9-9.el10_0
rpms:imports/c9/gnutls-3.8.3-6.el9
rpms:imports/c10s/gnutls-3.8.9-16.el10
rpms:imports/c10s/gnutls-3.8.9-14.el10
rpms:imports/c8/gnutls-3.6.16-8.el8_10.3
rpms:imports/c9-beta/gnutls-3.8.3-6.el9
rpms:imports/c10s/gnutls-3.8.9-9.el10
rpms:imports/c10s/gnutls-3.8.9-1.el10
rpms:imports/c10s/gnutls-3.8.8-1.el10
rpms:imports/c10s/gnutls-3.8.7-3.el10
rpms:imports/c10s/gnutls-3.8.7-1.el10
rpms:imports/c10s/gnutls-3.8.5-7.el10
rpms:imports/c9/gnutls-3.8.3-4.el9_4
rpms:imports/c9/gnutls-3.7.6-23.el9_3.4
rpms:imports/c8/gnutls-3.6.16-8.el8_9.3
rpms:imports/c8/gnutls-3.6.16-8.el8_9.1
rpms:imports/c9/gnutls-3.7.6-23.el9_3.3
rpms:imports/c8/gnutls-3.6.16-8.el8_9
rpms:imports/c8/gnutls-3.6.16-7.el8
rpms:imports/c9/gnutls-3.7.6-23.el9
rpms:imports/c8-beta/gnutls-3.6.16-7.el8
rpms:imports/c9-beta/gnutls-3.7.6-23.el9
rpms:imports/c9/gnutls-3.7.6-21.el9_2
rpms:imports/c9/gnutls-3.7.6-20.el9_2
rpms:imports/c8/gnutls-3.6.16-6.el8_7
rpms:imports/c9-beta/gnutls-3.7.6-18.el9
rpms:imports/c8-beta/gnutls-3.6.16-6.el8
rpms:imports/c8s/gnutls-3.6.16-6.el8_7
rpms:imports/c9/gnutls-3.7.6-18.el9_1
rpms:imports/c8s/gnutls-3.6.16-6.el8
rpms:imports/c8/gnutls-3.6.16-5.el8_6
rpms:imports/c9/gnutls-3.7.6-12.el9_0
rpms:imports/c9-beta/gnutls-3.7.6-11.el9_0
rpms:imports/c8s/gnutls-3.6.16-5.el8_6
rpms:imports/c9/gnutls-3.7.3-9.el9
rpms:imports/c9-beta/gnutls-3.7.3-9.el9
rpms:imports/c9-beta/gnutls-3.7.3-5.el9
rpms:imports/c9-beta/gnutls-3.7.2-8.el9
rpms:imports/c9-beta/gnutls-3.7.2-4.el9
rpms:imports/c8/gnutls-3.6.16-4.el8
rpms:imports/c8-beta/gnutls-3.6.16-4.el8
rpms:imports/c8-beta/gnutls-3.6.14-7.el8_3
rpms:imports/c8-beta/gnutls-3.6.14-3.el8
rpms:imports/c8-beta/gnutls-3.6.8-9.el8
rpms:imports/c8-beta/gnutls-3.6.8-3.el8
rpms:imports/c8s/gnutls-3.6.16-4.el8
rpms:imports/c8s/gnutls-3.6.16-3.el8
rpms:imports/c8s/gnutls-3.6.14-7.el8_3
rpms:imports/c8s/gnutls-3.6.14-6.el8
rpms:imports/c8s/gnutls-3.6.14-5.el8
rpms:imports/c8/gnutls-3.6.14-8.el8_3
rpms:imports/c8/gnutls-3.6.14-7.el8_3
rpms:imports/c8/gnutls-3.6.14-6.el8
rpms:imports/c8/gnutls-3.6.8-11.el8_2
rpms:imports/c8/gnutls-3.6.8-10.el8_2

3 Commits
c8 ... c10

Author SHA1 Message Date
eabdullin
41a78c78ca import UBI gnutls-3.8.10-2.el10 2025-11-11 21:41:49 +00:00
eabdullin
2d3c2b7902 import UBI gnutls-3.8.9-9.el10_0.14 2025-09-17 18:02:29 +00:00
eabdullin
552b3c5442 import UBI gnutls-3.8.9-9.el10 2025-05-14 14:46:59 +00:00
38 changed files with 10160 additions and 15535 deletions
Show Stats Expand all files Collapse all files

9
.gitignore vendored
View File

@ -1,3 +1,6 @@
SOURCES/gnutls-3.6.16.tar.xz
SOURCES/gnutls-3.6.16.tar.xz.sig
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
gmp-6.2.1.tar.xz
gnutls-3.8.10.tar.xz
gnutls-3.8.10.tar.xz.sig
leancrypto-1.5.0.tar.gz
nettle-3.10.1.tar.gz
nettle-3.10.1.tar.gz.sig

3
.gnutls.metadata
View File

@ -1,3 +0,0 @@
6ba8fb898dcf4b4046b60662ba97df835593e687 SOURCES/gnutls-3.6.16.tar.xz
b41ac56ff6cca4539c8b084db2c84e8bc21d60ac SOURCES/gnutls-3.6.16.tar.xz.sig
648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg

7849
SOURCES/gnutls-3.6.13-enable-intel-cet.patch
View File

File diff suppressed because it is too large Load Diff

204
SOURCES/gnutls-3.6.14-fips-dh-selftests.patch
View File

@ -1,204 +0,0 @@
From f09b7627a63defb1c55e9965fb05e0bbddb90247 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 6 Oct 2020 11:54:21 +0200
Subject: [PATCH] fips: use larger prime for DH self-tests
According to FIPS140-2 IG 7.5, the minimum key size of FFC through
2030 is defined as 2048 bits. This updates the relevant self-test
using ffdhe3072 defined in RFC 7919.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/crypto-selftests-pk.c | 142 ++++++++++++++++++++++++++++++++++----
lib/dh-primes.c | 4 --
2 files changed, 130 insertions(+), 16 deletions(-)
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
index 70b0f618f..9b7c692a8 100644
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -620,32 +620,150 @@ static int test_dh(void)
gnutls_pk_params_st priv;
gnutls_pk_params_st pub;
gnutls_datum_t out = {NULL, 0};
+
+ /* FFDHE 3072 test vector provided by Stephan Mueller in:
+ * https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424430996
+ */
static const uint8_t known_dh_k[] = {
- 0x10, 0x25, 0x04, 0xb5, 0xc6, 0xc2, 0xcb,
- 0x0c, 0xe9, 0xc5, 0x58, 0x0d, 0x22, 0x62};
- static const uint8_t test_p[] = {
- 0x24, 0x85, 0xdd, 0x3a, 0x74, 0x42, 0xe4,
- 0xb3, 0xf1, 0x0b, 0x13, 0xf9, 0x17, 0x4d };
- static const uint8_t test_g[] = { 0x02 };
+ 0xec, 0xb3, 0x85, 0x0c, 0x72, 0x55, 0x55, 0xc2, 0x98, 0x36,
+ 0xbe, 0x75, 0x9e, 0xc9, 0x9d, 0x8b, 0x16, 0xa6, 0xe6, 0x84,
+ 0x33, 0x12, 0x80, 0x1d, 0xac, 0xde, 0x6a, 0xd7, 0x3b, 0x1e,
+ 0x15, 0xca, 0x5d, 0x26, 0xb3, 0x0a, 0x35, 0xf4, 0xbb, 0xad,
+ 0x71, 0xcb, 0x03, 0x1a, 0xcb, 0xfb, 0x83, 0xf0, 0xa8, 0xde,
+ 0xed, 0x5e, 0x3d, 0x98, 0xd2, 0xb0, 0xef, 0xad, 0xdf, 0x32,
+ 0xa0, 0x16, 0x7d, 0x0e, 0x29, 0xd8, 0x85, 0xca, 0x12, 0x97,
+ 0x56, 0xab, 0x6a, 0x26, 0xa4, 0x46, 0x3d, 0x87, 0xd7, 0xe0,
+ 0xb4, 0x3e, 0x28, 0x75, 0xac, 0x59, 0xc5, 0x71, 0x3a, 0x24,
+ 0x15, 0x76, 0x98, 0x72, 0x94, 0x2d, 0xd0, 0x0e, 0xbc, 0x9a,
+ 0x77, 0xd4, 0xe2, 0xb2, 0x76, 0x54, 0x4a, 0x56, 0xbe, 0x0b,
+ 0x43, 0xf8, 0x21, 0x6f, 0x54, 0x32, 0xde, 0xb7, 0xd5, 0xb7,
+ 0x08, 0x00, 0xd2, 0x57, 0x8c, 0x0b, 0x8b, 0x02, 0x3e, 0xdb,
+ 0x72, 0x54, 0x3a, 0xc0, 0x50, 0x66, 0xbc, 0xc9, 0x67, 0xf5,
+ 0x22, 0x28, 0xf2, 0x3c, 0x51, 0x94, 0x61, 0x26, 0x9a, 0xc6,
+ 0x42, 0x0e, 0x8b, 0x42, 0xad, 0x79, 0x40, 0xa9, 0x0b, 0xdc,
+ 0x84, 0xd5, 0x71, 0x83, 0x94, 0xd9, 0x83, 0x2f, 0x08, 0x74,
+ 0xbc, 0x37, 0x6a, 0x3e, 0x1e, 0xbc, 0xcc, 0x09, 0x23, 0x30,
+ 0x79, 0x01, 0x39, 0xf6, 0xe3, 0xa8, 0xc0, 0xfa, 0x7e, 0xdb,
+ 0x0b, 0x71, 0x3e, 0x4f, 0x1f, 0x69, 0x84, 0xa6, 0x58, 0x6c,
+ 0x36, 0x2c, 0xcc, 0xb4, 0x7c, 0x94, 0xec, 0x06, 0x0b, 0x11,
+ 0x53, 0x95, 0xe6, 0x05, 0x43, 0xa4, 0xe4, 0xea, 0x1d, 0x4f,
+ 0xdc, 0xd0, 0x38, 0x0e, 0x32, 0xa1, 0xde, 0xd9, 0x8d, 0xd8,
+ 0x20, 0xac, 0x04, 0x83, 0xf8, 0x1b, 0x55, 0x52, 0x16, 0x20,
+ 0xe3, 0x2e, 0x6d, 0x11, 0x15, 0x29, 0x2f, 0x3a, 0x7c, 0x80,
+ 0x0a, 0x71, 0x3d, 0x31, 0x9c, 0x1b, 0x73, 0x59, 0xe1, 0x0d,
+ 0x27, 0xc5, 0xc0, 0x6a, 0x72, 0x3a, 0x5b, 0xd6, 0xf6, 0x50,
+ 0xe6, 0x69, 0x48, 0x1e, 0xfd, 0xeb, 0x4a, 0x47, 0x73, 0xfb,
+ 0x88, 0x14, 0xea, 0x6d, 0x36, 0xe1, 0x4c, 0x2c, 0xf9, 0x04,
+ 0xc1, 0xb7, 0x29, 0xfc, 0x5d, 0x02, 0x5d, 0x1c, 0x4d, 0x31,
+ 0x4a, 0x51, 0x3f, 0xa4, 0x45, 0x19, 0x29, 0xc4, 0x32, 0xa6,
+ 0x45, 0xdb, 0x94, 0x3a, 0xbd, 0x76, 0x2c, 0xd6, 0x1a, 0xb1,
+ 0xff, 0xe7, 0x62, 0x75, 0x16, 0xe5, 0x0b, 0xa3, 0x3a, 0x93,
+ 0x84, 0xd6, 0xad, 0xc2, 0x24, 0x68, 0x3d, 0xd6, 0x07, 0xe4,
+ 0xbe, 0x5a, 0x49, 0x31, 0x06, 0xad, 0x3f, 0x31, 0x4a, 0x1c,
+ 0xf7, 0x58, 0xdf, 0x34, 0xcb, 0xc8, 0xa9, 0x07, 0x24, 0x42,
+ 0x63, 0xa5, 0x8e, 0xdd, 0x37, 0x78, 0x92, 0x68, 0x3f, 0xd8,
+ 0x2f, 0xea, 0x8c, 0xf1, 0x8e, 0xd4, 0x8b, 0xa7, 0x3f, 0xa0,
+ 0xfa, 0xaf, 0xf0, 0x35,
+ };
static const uint8_t test_x[] = {
- 0x06, 0x2c, 0x96, 0xae, 0x0e, 0x9e, 0x9b,
- 0xbb, 0x41, 0x51, 0x7a, 0xa7, 0xc5, 0xfe };
+ 0x16, 0x5c, 0xa6, 0xe0, 0x9b, 0x87, 0xfa, 0x2d, 0xbc, 0x13,
+ 0x20, 0xcd, 0xac, 0x4e, 0xcc, 0x60, 0x1e, 0x48, 0xec, 0xbe,
+ 0x73, 0x0c, 0xa8, 0x6b, 0x6e, 0x2a, 0xee, 0xdd, 0xd8, 0xf3,
+ 0x2d, 0x5f, 0x75, 0xf3, 0x07, 0x94, 0x88, 0x3d, 0xb1, 0x38,
+ 0xcf, 0xae, 0x4a, 0xcc, 0xcb, 0x6a, 0x80, 0xbc, 0xeb, 0x3b,
+ 0xaa, 0x0b, 0x18, 0x74, 0x58, 0x7c, 0x3e, 0x74, 0xef, 0xb6,
+ 0xd3, 0x15, 0xee, 0x73, 0x29, 0x88, 0x7b, 0x65, 0x02, 0x39,
+ 0x33, 0xec, 0x22, 0x06, 0x8c, 0x5b, 0xd6, 0x2f, 0x4c, 0xf7,
+ 0xe0, 0x97, 0x6d, 0x2a, 0x90, 0x36, 0xfe, 0x1a, 0x44, 0x4d,
+ 0x9d, 0x41, 0x4b, 0xcb, 0xec, 0x25, 0xf4, 0xc3, 0xa5, 0x91,
+ 0xd0, 0x90, 0xc9, 0x34, 0x7b, 0xba, 0x27, 0x30, 0x5a, 0xa2,
+ 0x21, 0x58, 0xce, 0x88, 0x25, 0x39, 0xaf, 0xf1, 0x17, 0x02,
+ 0x12, 0xf8, 0x55, 0xdc, 0xd2, 0x08, 0x5b, 0xd3, 0xc7, 0x8e,
+ 0xcf, 0x29, 0x85, 0x85, 0xdb, 0x5c, 0x08, 0xc2, 0xd7, 0xb0,
+ 0x33, 0x0e, 0xe3, 0xb9, 0x2c, 0x1a, 0x1d, 0x4b, 0xe5, 0x76,
+ 0x8f, 0xd3, 0x14, 0xb6, 0x8c, 0xdc, 0x9a, 0xe8, 0x15, 0x60,
+ 0x60, 0x5e, 0xaa, 0xf9, 0xfa, 0xa6, 0xb2, 0x4f, 0xff, 0x46,
+ 0xc1, 0x5e, 0x93, 0x50, 0x90, 0x7e, 0x4c, 0x26, 0xd7, 0xbb,
+ 0x21, 0x05, 0x3d, 0x27, 0xc5, 0x9b, 0x0d, 0x46, 0x69, 0xe4,
+ 0x74, 0x87, 0x74, 0x55, 0xee, 0x5f, 0xe5, 0x72, 0x04, 0x46,
+ 0x1f, 0x2e, 0x55, 0xc7, 0xcc, 0x2b, 0x2b, 0x39, 0x6d, 0x90,
+ 0x60, 0x31, 0x37, 0x5b, 0x44, 0xde, 0xfd, 0xf2, 0xd1, 0xc6,
+ 0x9c, 0x12, 0x82, 0xcc, 0x7c, 0xb1, 0x0e, 0xa9, 0x95, 0x9d,
+ 0xe0, 0xa8, 0x3e, 0xc1, 0xa3, 0x4a, 0x6a, 0x37, 0x59, 0x17,
+ 0x93, 0x63, 0x1e, 0xbf, 0x04, 0xa3, 0xaa, 0xc0, 0x1d, 0xc4,
+ 0x6d, 0x7a, 0xdc, 0x69, 0x9c, 0xb0, 0x22, 0x56, 0xd9, 0x76,
+ 0x92, 0x2d, 0x1e, 0x62, 0xae, 0xfd, 0xd6, 0x9b, 0xfd, 0x08,
+ 0x2c, 0x95, 0xec, 0xe7, 0x02, 0x43, 0x62, 0x68, 0x1a, 0xaf,
+ 0x46, 0x59, 0xb7, 0xce, 0x8e, 0x42, 0x24, 0xae, 0xf7, 0x0e,
+ 0x9a, 0x3b, 0xf8, 0x77, 0xdf, 0x26, 0x85, 0x9f, 0x45, 0xad,
+ 0x8c, 0xa9, 0x54, 0x9c, 0x46, 0x44, 0xd5, 0x8a, 0xe9, 0xcc,
+ 0x34, 0x5e, 0xc5, 0xd1, 0x42, 0x6f, 0x44, 0xf3, 0x0f, 0x90,
+ 0x3a, 0x32, 0x1a, 0x9c, 0x2a, 0x63, 0xec, 0x21, 0xb4, 0xfc,
+ 0xfa, 0xa5, 0xcf, 0xe7, 0x9e, 0x43, 0xc7, 0x49, 0x56, 0xbc,
+ 0x50, 0xc5, 0x84, 0xf0, 0x42, 0xc8, 0x6a, 0xf1, 0x78, 0xe4,
+ 0xaa, 0x06, 0x37, 0xe1, 0x30, 0xf7, 0x65, 0x97, 0xca, 0xfd,
+ 0x35, 0xfa, 0xeb, 0x48, 0x6d, 0xaa, 0x45, 0x46, 0x9d, 0xbc,
+ 0x1d, 0x98, 0x17, 0x45, 0xa3, 0xee, 0x21, 0xa0, 0x97, 0x38,
+ 0x80, 0xc5, 0x28, 0x1f,
+ };
static const uint8_t test_y[] = { /* y=g^x mod p */
- 0x1e, 0xca, 0x23, 0x2a, 0xfd, 0x34, 0xe1,
- 0x10, 0x7a, 0xff, 0xaf, 0x2d, 0xaa, 0x53 };
+ 0x93, 0xeb, 0x5c, 0x37, 0x1d, 0x3c, 0x06, 0x6f, 0xbf, 0xbe,
+ 0x96, 0x51, 0x26, 0x58, 0x81, 0x36, 0xc6, 0x4f, 0x9a, 0x34,
+ 0xc4, 0xc5, 0xa8, 0xa3, 0x2c, 0x41, 0x76, 0xa8, 0xc6, 0xc0,
+ 0xa0, 0xc8, 0x51, 0x36, 0xc4, 0x40, 0x4e, 0x2c, 0x69, 0xf7,
+ 0x51, 0xbb, 0xb0, 0xd6, 0xf5, 0xdb, 0x40, 0x29, 0x50, 0x3b,
+ 0x8a, 0xf9, 0xf3, 0x53, 0x78, 0xfc, 0x86, 0xe9, 0xf1, 0xe9,
+ 0xac, 0x85, 0x13, 0x65, 0x62, 0x22, 0x04, 0x1b, 0x14, 0x2a,
+ 0xf4, 0x8f, 0x2f, 0xf1, 0x2f, 0x81, 0xd6, 0x18, 0x0e, 0x76,
+ 0x91, 0x43, 0xb2, 0xfc, 0x7c, 0x6f, 0x0c, 0x45, 0x37, 0x31,
+ 0x31, 0x58, 0x5c, 0xdf, 0x42, 0x24, 0x7a, 0xba, 0x8b, 0x7f,
+ 0x79, 0x06, 0x07, 0xef, 0xd6, 0x06, 0xeb, 0xcb, 0x3c, 0xbd,
+ 0xbc, 0xe5, 0xff, 0xfd, 0x62, 0x15, 0x0c, 0x40, 0x46, 0x37,
+ 0xef, 0xd0, 0xa1, 0xde, 0x63, 0x4f, 0x20, 0x0b, 0x45, 0x7d,
+ 0x06, 0x77, 0xfd, 0x23, 0xc1, 0x32, 0x8a, 0x89, 0x65, 0x16,
+ 0xe8, 0x48, 0x12, 0x1c, 0x25, 0x33, 0x2d, 0xbd, 0xd8, 0x9f,
+ 0x1c, 0x9d, 0xbc, 0xe3, 0x08, 0x60, 0x87, 0x1a, 0xc6, 0x06,
+ 0x36, 0xd2, 0xac, 0x09, 0x6d, 0x99, 0x02, 0x89, 0xc6, 0x12,
+ 0x93, 0x8c, 0x4b, 0xd0, 0x7e, 0x36, 0x8a, 0xd6, 0xa0, 0x97,
+ 0x4f, 0x97, 0x3f, 0x97, 0x0b, 0xfe, 0x05, 0xfc, 0xc8, 0xef,
+ 0x21, 0x4d, 0x4a, 0x06, 0x6e, 0xb4, 0xa6, 0x4f, 0xe1, 0xdd,
+ 0x44, 0x06, 0xfa, 0xd5, 0x0e, 0x54, 0xf5, 0x54, 0x3e, 0x8c,
+ 0xb9, 0x85, 0x86, 0x00, 0x40, 0x98, 0xe7, 0x01, 0xdd, 0x93,
+ 0x9d, 0x95, 0xea, 0xf0, 0xd3, 0x99, 0x4b, 0xeb, 0xd5, 0x79,
+ 0x47, 0xa4, 0xad, 0x2a, 0xe0, 0x4d, 0x36, 0x3b, 0x46, 0x10,
+ 0x96, 0xbb, 0x48, 0xe9, 0xa1, 0x78, 0x01, 0x35, 0x0a, 0x5c,
+ 0x7b, 0x3f, 0xf5, 0xf7, 0xb1, 0xe3, 0x97, 0x17, 0x4d, 0x76,
+ 0x10, 0x8d, 0x68, 0x4c, 0x94, 0x7d, 0xee, 0x0e, 0x20, 0x8b,
+ 0xce, 0x7d, 0x0a, 0xa3, 0x51, 0xfb, 0xe6, 0xcf, 0xf0, 0x0e,
+ 0x7f, 0x3c, 0xd4, 0xef, 0x56, 0x31, 0xb2, 0x95, 0xf0, 0x5f,
+ 0x4b, 0x9c, 0x03, 0x9e, 0xae, 0xb1, 0xc1, 0x46, 0xd7, 0xc0,
+ 0x4f, 0xb0, 0xf6, 0x6c, 0xe1, 0xe9, 0x2a, 0x97, 0xe0, 0x3f,
+ 0x3a, 0x93, 0x04, 0xcd, 0x41, 0x7d, 0x45, 0x03, 0xb3, 0x40,
+ 0x20, 0xe6, 0xad, 0x2d, 0xd3, 0xf7, 0x32, 0x7b, 0xcc, 0x4f,
+ 0x81, 0x18, 0x4c, 0x50, 0x77, 0xc4, 0xb7, 0x6a, 0x4d, 0x05,
+ 0xd8, 0x6d, 0xbf, 0x6f, 0xba, 0x1d, 0x38, 0x78, 0x87, 0xd2,
+ 0x8e, 0xc2, 0x6d, 0xb6, 0xed, 0x66, 0x61, 0xa8, 0xb9, 0x19,
+ 0x0e, 0x93, 0xd1, 0xcd, 0x5b, 0xbe, 0x19, 0x05, 0x52, 0x43,
+ 0xd6, 0xc1, 0x07, 0x3c, 0x6a, 0x62, 0xbd, 0x33, 0x9b, 0x1b,
+ 0x02, 0x42, 0x61, 0x14,
+ };
gnutls_pk_params_init(&priv);
gnutls_pk_params_init(&pub);
priv.algo = pub.algo = GNUTLS_PK_DH;
- ret = _gnutls_mpi_init_scan(&priv.params[DH_P], test_p, sizeof(test_p));
+ ret = _gnutls_mpi_init_scan(&priv.params[DH_P],
+ gnutls_ffdhe_3072_group_prime.data,
+ gnutls_ffdhe_3072_group_prime.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = _gnutls_mpi_init_scan(&priv.params[DH_G], test_g, sizeof(test_g));
+ ret = _gnutls_mpi_init_scan(&priv.params[DH_G],
+ gnutls_ffdhe_3072_group_generator.data,
+ gnutls_ffdhe_3072_group_generator.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
diff --git a/lib/dh-primes.c b/lib/dh-primes.c
index a440b5b98..94b69e345 100644
--- a/lib/dh-primes.c
+++ b/lib/dh-primes.c
@@ -23,8 +23,6 @@
#include "gnutls_int.h"
#include <gnutls/gnutls.h>
-#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
-
#include "dh.h"
static const unsigned char ffdhe_generator = 0x02;
@@ -1934,5 +1932,3 @@ _gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
return 0;
}
-
-#endif
--
2.26.2

713
SOURCES/gnutls-3.6.14-fips-kdf-selftests.patch
View File

@ -1,713 +0,0 @@
From 93c0e3ba4d2cfee86b32f28f33303a2193c4133c Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 5 Oct 2020 16:12:46 +0200
Subject: [PATCH 1/4] fips: add self-tests for HKDF
FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
with HMAC-SHA-256 as the underlying MAC.
Although HKDF is non-approved, it would be sensible to do that as it
will be approved in FIPS140-3.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
devel/libgnutls-latest-x86_64.abi | 1 +
lib/crypto-selftests.c | 159 ++++++++++++++++++++++++++++++
lib/fips.c | 7 ++
lib/includes/gnutls/self-test.h | 1 +
lib/libgnutls.map | 1 +
5 files changed, 169 insertions(+)
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
index 7a1c7729c..bd148b6af 100644
--- a/lib/crypto-selftests.c
+++ b/lib/crypto-selftests.c
@@ -2917,3 +2917,162 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest)
return 0;
}
+
+struct hkdf_vectors_st {
+ const uint8_t *ikm;
+ unsigned int ikm_size;
+ const uint8_t *salt;
+ unsigned int salt_size;
+ const uint8_t *prk;
+ unsigned int prk_size;
+ const uint8_t *info;
+ unsigned int info_size;
+ const uint8_t *okm;
+ unsigned int okm_size;
+};
+
+const struct hkdf_vectors_st hkdf_sha256_vectors[] = {
+ /* RFC 5869: A.1. Test Case 1: Basic test case with SHA-256 */
+ {
+ STR(ikm, ikm_size,
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
+ STR(salt, salt_size,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"),
+ STR(prk, prk_size,
+ "\x07\x77\x09\x36\x2c\x2e\x32\xdf\x0d\xdc\x3f\x0d\xc4\x7b"
+ "\xba\x63\x90\xb6\xc7\x3b\xb5\x0f\x9c\x31\x22\xec\x84\x4a"
+ "\xd7\xc2\xb3\xe5"),
+ STR(info, info_size,
+ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9"),
+ STR(okm, okm_size,
+ "\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36"
+ "\x2f\x2a\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56"
+ "\xec\xc4\xc5\xbf\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65"),
+ },
+ /* RFC 5869: A.2. Test Case 2: Test with SHA-256 and longer inputs/outputs */
+ {
+ STR(ikm, ikm_size,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
+ "\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b"
+ "\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29"
+ "\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45"
+ "\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"),
+ STR(salt, salt_size,
+ "\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d"
+ "\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b"
+ "\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89"
+ "\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97"
+ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5"
+ "\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"),
+ STR(prk, prk_size,
+ "\x06\xa6\xb8\x8c\x58\x53\x36\x1a\x06\x10\x4c\x9c\xeb\x35"
+ "\xb4\x5c\xef\x76\x00\x14\x90\x46\x71\x01\x4a\x19\x3f\x40"
+ "\xc1\x5f\xc2\x44"),
+ STR(info, info_size,
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd"
+ "\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb"
+ "\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9"
+ "\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
+ "\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5"
+ "\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"),
+ STR(okm, okm_size,
+ "\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a"
+ "\x49\x34\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c"
+ "\x19\xaf\xa9\x7c\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb"
+ "\x41\xc6\x5e\x59\x0e\x09\xda\x32\x75\x60\x0c\x2f\x09\xb8"
+ "\x36\x77\x93\xa9\xac\xa3\xdb\x71\xcc\x30\xc5\x81\x79\xec"
+ "\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f\x1d\x87"),
+ },
+};
+
+static int test_hkdf(gnutls_mac_algorithm_t mac,
+ const struct hkdf_vectors_st *vectors,
+ size_t vectors_size, unsigned flags)
+{
+ unsigned int i;
+
+ for (i = 0; i < vectors_size; i++) {
+ gnutls_datum_t ikm, prk, salt, info;
+ uint8_t output[4096];
+ int ret;
+
+ ikm.data = (void *) vectors[i].ikm;
+ ikm.size = vectors[i].ikm_size;
+ salt.data = (void *) vectors[i].salt;
+ salt.size = vectors[i].salt_size;
+
+ ret = gnutls_hkdf_extract(mac, &ikm, &salt, output);
+ if (ret < 0) {
+ _gnutls_debug_log("error extracting HKDF: MAC-%s\n",
+ gnutls_mac_get_name(mac));
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
+ if (memcmp(output, vectors[i].prk, vectors[i].prk_size) != 0) {
+ _gnutls_debug_log
+ ("HKDF extract: MAC-%s test vector failed!\n",
+ gnutls_mac_get_name(mac));
+
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
+ prk.data = (void *) vectors[i].prk;
+ prk.size = vectors[i].prk_size;
+ info.data = (void *) vectors[i].info;
+ info.size = vectors[i].info_size;
+
+ ret = gnutls_hkdf_expand(mac, &prk, &info,
+ output, vectors[i].okm_size);
+ if (ret < 0) {
+ _gnutls_debug_log("error extracting HKDF: MAC-%s\n",
+ gnutls_mac_get_name(mac));
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
+ if (memcmp(output, vectors[i].okm, vectors[i].okm_size) != 0) {
+ _gnutls_debug_log
+ ("HKDF expand: MAC-%s test vector failed!\n",
+ gnutls_mac_get_name(mac));
+
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+ }
+
+ _gnutls_debug_log
+ ("HKDF: MAC-%s self check succeeded\n",
+ gnutls_mac_get_name(mac));
+
+ return 0;
+}
+
+/*-
+ * gnutls_hkdf_self_test:
+ * @flags: GNUTLS_SELF_TEST_FLAG flags
+ * @mac: the message authentication algorithm to use
+ *
+ * This function will run self tests on HKDF with the provided mac.
+ *
+ * Returns: Zero or a negative error code on error.
+ *
+ * Since: 3.3.0-FIPS140
+ -*/
+int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
+{
+ int ret;
+
+ if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
+ mac = GNUTLS_MAC_UNKNOWN;
+
+ switch (mac) {
+ case GNUTLS_MAC_UNKNOWN:
+ CASE(GNUTLS_MAC_SHA256, test_hkdf, hkdf_sha256_vectors);
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
+ }
+
+ return 0;
+}
diff --git a/lib/fips.c b/lib/fips.c
index f8b10f750..48891ed57 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -423,6 +423,13 @@ int _gnutls_fips_perform_self_checks2(void)
goto error;
}
+ /* HKDF */
+ ret = gnutls_hkdf_self_test(0, GNUTLS_MAC_SHA256);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
if (_gnutls_rnd_ops.self_test == NULL) {
gnutls_assert();
goto error;
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
index aacbe94ca..9b7be8159 100644
--- a/lib/includes/gnutls/self-test.h
+++ b/lib/includes/gnutls/self-test.h
@@ -34,5 +34,6 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher);
int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
+int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
#endif
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 61276e534..386b66f83 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1347,6 +1347,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_pk_self_test;
gnutls_mac_self_test;
gnutls_digest_self_test;
+ gnutls_hkdf_self_test;
#for FIPS140-2 validation
drbg_aes_reseed;
drbg_aes_init;
--
2.26.2
From 31cc94275cd267f4e0db60999cc932fd76d43d5a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 5 Oct 2020 16:59:50 +0200
Subject: [PATCH 2/4] fips: add self-tests for PBKDF2
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the
underlying MAC algorithm.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
devel/libgnutls-latest-x86_64.abi | 1 +
lib/crypto-selftests.c | 107 ++++++++++++++++++++++++++++++
lib/fips.c | 7 ++
lib/includes/gnutls/self-test.h | 1 +
lib/libgnutls.map | 1 +
5 files changed, 117 insertions(+)
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
index bd148b6af..c4b0bd207 100644
--- a/lib/crypto-selftests.c
+++ b/lib/crypto-selftests.c
@@ -3076,3 +3076,110 @@ int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
return 0;
}
+
+struct pbkdf2_vectors_st {
+ const uint8_t *key;
+ size_t key_size;
+ const uint8_t *salt;
+ size_t salt_size;
+ unsigned iter_count;
+ const uint8_t *output;
+ size_t output_size;
+};
+
+const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
+ /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
+ {
+ STR(key, key_size, "passwd"),
+ STR(salt, salt_size, "salt"),
+ .iter_count = 1,
+ STR(output, output_size,
+ "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
+ "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
+ "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
+ "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
+ "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
+ },
+ /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
+ {
+ STR(key, key_size, "Password"),
+ STR(salt, salt_size, "NaCl"),
+ .iter_count = 80000,
+ STR(output, output_size,
+ "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
+ "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
+ "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
+ "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
+ "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
+ },
+};
+
+static int test_pbkdf2(gnutls_mac_algorithm_t mac,
+ const struct pbkdf2_vectors_st *vectors,
+ size_t vectors_size, unsigned flags)
+{
+ unsigned int i;
+
+ for (i = 0; i < vectors_size; i++) {
+ gnutls_datum_t key, salt;
+ uint8_t output[4096];
+ int ret;
+
+ key.data = (void *) vectors[i].key;
+ key.size = vectors[i].key_size;
+ salt.data = (void *) vectors[i].salt;
+ salt.size = vectors[i].salt_size;
+
+ ret = gnutls_pbkdf2(mac, &key, &salt, vectors[i].iter_count,
+ output, vectors[i].output_size);
+ if (ret < 0) {
+ _gnutls_debug_log("error calculating PBKDF2: MAC-%s\n",
+ gnutls_mac_get_name(mac));
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
+ if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) {
+ _gnutls_debug_log
+ ("PBKDF2: MAC-%s test vector failed!\n",
+ gnutls_mac_get_name(mac));
+
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+ }
+
+ _gnutls_debug_log
+ ("PBKDF2: MAC-%s self check succeeded\n",
+ gnutls_mac_get_name(mac));
+
+ return 0;
+}
+
+/*-
+ * gnutls_pbkdf2_self_test:
+ * @flags: GNUTLS_SELF_TEST_FLAG flags
+ * @mac: the message authentication algorithm to use
+ *
+ * This function will run self tests on PBKDF2 with the provided mac.
+ *
+ * Returns: Zero or a negative error code on error.
+ *
+ * Since: 3.3.0-FIPS140
+ -*/
+int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
+{
+ int ret;
+
+ if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
+ mac = GNUTLS_MAC_UNKNOWN;
+
+ switch (mac) {
+ case GNUTLS_MAC_UNKNOWN:
+ CASE(GNUTLS_MAC_SHA256, test_pbkdf2, pbkdf2_sha256_vectors);
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
+ }
+
+ return 0;
+}
diff --git a/lib/fips.c b/lib/fips.c
index 48891ed57..7cfab1049 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -430,6 +430,13 @@ int _gnutls_fips_perform_self_checks2(void)
goto error;
}
+ /* PBKDF2 */
+ ret = gnutls_pbkdf2_self_test(0, GNUTLS_MAC_SHA256);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
if (_gnutls_rnd_ops.self_test == NULL) {
gnutls_assert();
goto error;
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
index 9b7be8159..958c0da8f 100644
--- a/lib/includes/gnutls/self-test.h
+++ b/lib/includes/gnutls/self-test.h
@@ -35,5 +35,6 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
#endif
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 386b66f83..f5537a386 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1348,6 +1348,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_mac_self_test;
gnutls_digest_self_test;
gnutls_hkdf_self_test;
+ gnutls_pbkdf2_self_test;
#for FIPS140-2 validation
drbg_aes_reseed;
drbg_aes_init;
--
2.26.2
From d1a3235e8c829855969d00364d8b5456fce2c78c Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 5 Oct 2020 17:44:30 +0200
Subject: [PATCH 3/4] fips: add self-tests for TLS-PRF
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
the guidance only requires to run a single instance of each KDF
mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the
underlying MAC algorithm.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
devel/libgnutls-latest-x86_64.abi | 1 +
lib/crypto-selftests.c | 196 ++++++++++++++++++++++++++++++
lib/fips.c | 7 ++
lib/includes/gnutls/self-test.h | 1 +
lib/libgnutls.map | 1 +
5 files changed, 206 insertions(+)
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
index c4b0bd207..b740936d6 100644
--- a/lib/crypto-selftests.c
+++ b/lib/crypto-selftests.c
@@ -3183,3 +3183,199 @@ int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
return 0;
}
+
+struct tlsprf_vectors_st {
+ const uint8_t *key;
+ size_t key_size;
+ const uint8_t *label;
+ size_t label_size;
+ const uint8_t *seed;
+ size_t seed_size;
+ const uint8_t *output;
+ size_t output_size;
+};
+
+const struct tlsprf_vectors_st tls10prf_vectors[] = {
+ /* tests/tls10-prf.c: test1 */
+ {
+ STR(key, key_size,
+ "\x26\x3b\xdb\xbb\x6f\x6d\x4c\x66\x4e\x05\x8d\x0a\xa9\xd3"
+ "\x21\xbe"),
+ STR(label, label_size,
+ "test label"),
+ STR(seed, seed_size,
+ "\xb9\x20\x57\x3b\x19\x96\x01\x02\x4f\x04\xd6\xdc\x61\x96"
+ "\x6e\x65"),
+ STR(output, output_size,
+ "\x66\x17\x99\x37\x65\xfa\x6c\xa7\x03\xd1\x9e\xc7\x0d\xd5"
+ "\xdd\x16\x0f\xfc\xc0\x77\x25\xfa\xfb\x71\x4a\x9f\x81\x5a"
+ "\x2a\x30\xbf\xb7\xe3\xbb\xfb\x7e\xee\x57\x4b\x3b\x61\x3e"
+ "\xb7\xfe\x80\xee\xc9\x69\x1d\x8c\x1b\x0e\x2d\x9b\x3c\x8b"
+ "\x4b\x02\xb6\xb6\xd6\xdb\x88\xe2\x09\x46\x23\xef\x62\x40"
+ "\x60\x7e\xda\x7a\xbe\x3c\x84\x6e\x82\xa3"),
+ },
+};
+
+const struct tlsprf_vectors_st tls12prf_sha256_vectors[] = {
+ /* tests/tls12-prf.c: sha256_test1 */
+ {
+ STR(key, key_size,
+ "\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8"
+ "\x6f\x4a"),
+ STR(label, label_size,
+ "test label"),
+ STR(seed, seed_size,
+ "\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60"
+ "\x1d\x8b"),
+ STR(output, output_size,
+ "\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97"
+ "\x9e\x1d"),
+ },
+ /* tests/tls12-prf.c: sha256_test2 */
+ {
+ STR(key, key_size,
+ "\x34\x20\x4a\x9d\xf0\xbe\x6e\xb4\xe9\x25\xa8\x02\x7c\xf6"
+ "\xc6\x02"),
+ STR(label, label_size,
+ "test label"),
+ STR(seed, seed_size,
+ "\x98\xb2\xc4\x0b\xcd\x66\x4c\x83\xbb\x92\x0c\x18\x20\x1a"
+ "\x63\x95"),
+ STR(output, output_size,
+ "\xaf\xa9\x31\x24\x53\xc2\x2f\xa8\x3d\x2b\x51\x1b\x37\x2d"
+ "\x73\xa4\x02\xa2\xa6\x28\x73\x23\x9a\x51\xfa\xde\x45\x08"
+ "\x2f\xaf\x3f\xd2\xbb\x7f\xfb\x3e\x9b\xf3\x6e\x28\xb3\x14"
+ "\x1a\xab\xa4\x84\x00\x53\x32\xa9\xf9\xe3\x88\xa4\xd3\x29"
+ "\xf1\x58\x7a\x4b\x31\x7d\xa0\x77\x08\xea\x1b\xa9\x5a\x53"
+ "\xf8\x78\x67\x24\xbd\x83\xce\x4b\x03\xaf"),
+ },
+ /* tests/tls12-prf.c: sha256_test3 */
+ {
+ STR(key, key_size,
+ "\xa3\x69\x1a\xa1\xf6\x81\x4b\x80\x59\x2b\xf1\xcf\x2a\xcf"
+ "\x16\x97"),
+ STR(label, label_size,
+ "test label"),
+ STR(seed, seed_size,
+ "\x55\x23\xd4\x1e\x32\x0e\x69\x4d\x0c\x1f\xf5\x73\x4d\x83"
+ "\x0b\x93\x3e\x46\x92\x70\x71\xc9\x26\x21"),
+ STR(output, output_size,
+ "\x6a\xd0\x98\x4f\xa0\x6f\x78\xfe\x16\x1b\xd4\x6d\x7c\x26"
+ "\x1d\xe4\x33\x40\xd7\x28\xdd\xdc\x3d\x0f\xf0\xdd\x7e\x0d"),
+ },
+ /* tests/tls12-prf.c: sha256_test4 */
+ {
+ STR(key, key_size,
+ "\x21\x0e\xc9\x37\x06\x97\x07\xe5\x46\x5b\xc4\x6b\xf7\x79"
+ "\xe1\x04\x10\x8b\x18\xfd\xb7\x93\xbe\x7b\x21\x8d\xbf\x14"
+ "\x5c\x86\x41\xf3"),
+ STR(label, label_size,
+ "test label"),
+ STR(seed, seed_size,
+ "\x1e\x35\x1a\x0b\xaf\x35\xc7\x99\x45\x92\x43\x94\xb8\x81"
+ "\xcf\xe3\x1d\xae\x8f\x1c\x1e\xd5\x4d\x3b"),
+ STR(output, output_size,
+ "\x76\x53\xfa\x80\x9c\xde\x3b\x55\x3c\x4a\x17\xe2\xcd\xbc"
+ "\xc9\x18\xf3\x65\x27\xf2\x22\x19\xa7\xd7\xf9\x5d\x97\x24"
+ "\x3f\xf2\xd5\xde\xe8\x26\x5e\xf0\xaf\x03"),
+ },
+};
+
+const struct tlsprf_vectors_st tls12prf_sha384_vectors[] = {
+ /* tests/tls12-prf.c: sha384_test1
+ * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
+ */
+ {
+ STR(key, key_size,
+ "\xb8\x0b\x73\x3d\x6c\xee\xfc\xdc\x71\x56\x6e\xa4\x8e\x55"
+ "\x67\xdf"),
+ STR(label, label_size,
+ "test label"),
+ STR(seed, seed_size,
+ "\xcd\x66\x5c\xf6\xa8\x44\x7d\xd6\xff\x8b\x27\x55\x5e\xdb"
+ "\x74\x65"),
+ STR(output, output_size,
+ "\x7b\x0c\x18\xe9\xce\xd4\x10\xed\x18\x04\xf2\xcf\xa3\x4a"
+ "\x33\x6a\x1c\x14\xdf\xfb\x49\x00\xbb\x5f\xd7\x94\x21\x07"
+ "\xe8\x1c\x83\xcd\xe9\xca\x0f\xaa\x60\xbe\x9f\xe3\x4f\x82"
+ "\xb1\x23\x3c\x91\x46\xa0\xe5\x34\xcb\x40\x0f\xed\x27\x00"
+ "\x88\x4f\x9d\xc2\x36\xf8\x0e\xdd\x8b\xfa\x96\x11\x44\xc9"
+ "\xe8\xd7\x92\xec\xa7\x22\xa7\xb3\x2f\xc3\xd4\x16\xd4\x73"
+ "\xeb\xc2\xc5\xfd\x4a\xbf\xda\xd0\x5d\x91\x84\x25\x9b\x5b"
+ "\xf8\xcd\x4d\x90\xfa\x0d\x31\xe2\xde\xc4\x79\xe4\xf1\xa2"
+ "\x60\x66\xf2\xee\xa9\xa6\x92\x36\xa3\xe5\x26\x55\xc9\xe9"
+ "\xae\xe6\x91\xc8\xf3\xa2\x68\x54\x30\x8d\x5e\xaa\x3b\xe8"
+ "\x5e\x09\x90\x70\x3d\x73\xe5\x6f"),
+ },
+};
+
+static int test_tlsprf(gnutls_mac_algorithm_t mac,
+ const struct tlsprf_vectors_st *vectors,
+ size_t vectors_size, unsigned flags)
+{
+ unsigned int i;
+
+ for (i = 0; i < vectors_size; i++) {
+ char output[4096];
+ int ret;
+
+ ret = _gnutls_prf_raw(mac,
+ vectors[i].key_size, vectors[i].key,
+ vectors[i].label_size, (const char *)vectors[i].label,
+ vectors[i].seed_size, vectors[i].seed,
+ vectors[i].output_size, output);
+ if (ret < 0) {
+ _gnutls_debug_log("error calculating TLS-PRF: MAC-%s\n",
+ gnutls_mac_get_name(mac));
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
+ if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) {
+ _gnutls_debug_log
+ ("TLS-PRF: MAC-%s test vector failed!\n",
+ gnutls_mac_get_name(mac));
+
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+ }
+
+ _gnutls_debug_log
+ ("TLS-PRF: MAC-%s self check succeeded\n",
+ gnutls_mac_get_name(mac));
+
+ return 0;
+}
+
+/*-
+ * gnutls_tlsprf_self_test:
+ * @flags: GNUTLS_SELF_TEST_FLAG flags
+ * @mac: the message authentication algorithm to use
+ *
+ * This function will run self tests on TLS-PRF with the provided mac.
+ *
+ * Returns: Zero or a negative error code on error.
+ *
+ * Since: 3.3.0-FIPS140
+ -*/
+int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
+{
+ int ret;
+
+ if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
+ mac = GNUTLS_MAC_UNKNOWN;
+
+ switch (mac) {
+ case GNUTLS_MAC_UNKNOWN:
+ NON_FIPS_CASE(GNUTLS_MAC_MD5_SHA1, test_tlsprf, tls10prf_vectors);
+ FALLTHROUGH;
+ CASE(GNUTLS_MAC_SHA256, test_tlsprf, tls12prf_sha256_vectors);
+ FALLTHROUGH;
+ CASE(GNUTLS_MAC_SHA384, test_tlsprf, tls12prf_sha384_vectors);
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
+ }
+
+ return 0;
+}
diff --git a/lib/fips.c b/lib/fips.c
index 7cfab1049..30d396b2c 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -437,6 +437,13 @@ int _gnutls_fips_perform_self_checks2(void)
goto error;
}
+ /* TLS-PRF */
+ ret = gnutls_tlsprf_self_test(0, GNUTLS_MAC_SHA256);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
if (_gnutls_rnd_ops.self_test == NULL) {
gnutls_assert();
goto error;
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
index 958c0da8f..88b5a8dbf 100644
--- a/lib/includes/gnutls/self-test.h
+++ b/lib/includes/gnutls/self-test.h
@@ -36,5 +36,6 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
#endif
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index f5537a386..643d400a1 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1349,6 +1349,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_digest_self_test;
gnutls_hkdf_self_test;
gnutls_pbkdf2_self_test;
+ gnutls_tlsprf_self_test;
#for FIPS140-2 validation
drbg_aes_reseed;
drbg_aes_init;
--
2.26.2
From af3df0102fc377591a6de3112b034d4a492fc92c Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 5 Oct 2020 17:59:46 +0200
Subject: [PATCH 4/4] fips: run CMAC self-tests
FIPS140-2 IG D.8 mandates self-tests on CMAC.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/fips.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/fips.c b/lib/fips.c
index 30d396b2c..51567953d 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -398,6 +398,12 @@ int _gnutls_fips_perform_self_checks2(void)
goto error;
}
+ ret = gnutls_mac_self_test(0, GNUTLS_MAC_AES_CMAC_256);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
/* PK */
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
if (ret < 0) {
--
2.26.2

247
SOURCES/gnutls-3.6.16-cpuid.patch
View File

@ -1,247 +0,0 @@
From 300c6315d2e644ae81b43fa2dd7bbf68b3afb5b2 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 18 Nov 2021 19:02:03 +0100
Subject: [PATCH 1/2] accelerated: fix CPU feature detection for Intel CPUs
This fixes read_cpuid_vals to correctly read the CPUID quadruple, as
well as to set the bit the ustream CRYPTOGAMS uses to identify Intel
CPUs.
Suggested by Rafael Gieschke in:
https://gitlab.com/gnutls/gnutls/-/issues/1282
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/accelerated/x86/x86-common.c | 91 +++++++++++++++++++++++++-------
1 file changed, 71 insertions(+), 20 deletions(-)
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index 3845c6b4c9..cf615ef24f 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -81,15 +81,38 @@ unsigned int _gnutls_x86_cpuid_s[4];
# define bit_AVX 0x10000000
#endif
-#ifndef OSXSAVE_MASK
-/* OSXSAVE|FMA|MOVBE */
-# define OSXSAVE_MASK (0x8000000|0x1000|0x400000)
+#ifndef bit_AVX2
+# define bit_AVX2 0x00000020
+#endif
+
+#ifndef bit_AVX512F
+# define bit_AVX512F 0x00010000
+#endif
+
+#ifndef bit_AVX512IFMA
+# define bit_AVX512IFMA 0x00200000
+#endif
+
+#ifndef bit_AVX512BW
+# define bit_AVX512BW 0x40000000
+#endif
+
+#ifndef bit_AVX512VL
+# define bit_AVX512VL 0x80000000
+#endif
+
+#ifndef bit_OSXSAVE
+# define bit_OSXSAVE 0x8000000
#endif
#ifndef bit_MOVBE
# define bit_MOVBE 0x00400000
#endif
+#ifndef OSXSAVE_MASK
+# define OSXSAVE_MASK (bit_OSXSAVE|bit_MOVBE)
+#endif
+
#define via_bit_PADLOCK (0x3 << 6)
#define via_bit_PADLOCK_PHE (0x3 << 10)
#define via_bit_PADLOCK_PHE_SHA512 (0x3 << 25)
@@ -127,7 +150,7 @@ static unsigned read_cpuid_vals(unsigned int vals[4])
unsigned t1, t2, t3;
vals[0] = vals[1] = vals[2] = vals[3] = 0;
- if (!__get_cpuid(1, &t1, &vals[0], &vals[1], &t2))
+ if (!__get_cpuid(1, &t1, &t2, &vals[1], &vals[0]))
return 0;
/* suppress AVX512; it works conditionally on certain CPUs on the original code */
vals[1] &= 0xfffff7ff;
@@ -145,7 +168,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx)
{
uint32_t xcr0;
- if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK)
+ if ((ecx & bit_OSXSAVE) != bit_OSXSAVE)
return 0;
#if defined(_MSC_VER) && !defined(__clang__)
@@ -233,10 +256,7 @@ static unsigned check_sha(void)
#ifdef ASM_X86_64
static unsigned check_avx_movbe(void)
{
- if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0)
- return 0;
-
- return ((_gnutls_x86_cpuid_s[1] & bit_AVX));
+ return (_gnutls_x86_cpuid_s[1] & bit_AVX);
}
static unsigned check_pclmul(void)
@@ -514,33 +534,47 @@ void register_x86_padlock_crypto(unsigned capabilities)
}
#endif
-static unsigned check_intel_or_amd(void)
+enum x86_cpu_vendor {
+ X86_CPU_VENDOR_OTHER,
+ X86_CPU_VENDOR_INTEL,
+ X86_CPU_VENDOR_AMD,
+};
+
+static enum x86_cpu_vendor check_x86_cpu_vendor(void)
{
unsigned int a, b, c, d;
- if (!__get_cpuid(0, &a, &b, &c, &d))
- return 0;
+ if (!__get_cpuid(0, &a, &b, &c, &d)) {
+ return X86_CPU_VENDOR_OTHER;
+ }
- if ((memcmp(&b, "Genu", 4) == 0 &&
- memcmp(&d, "ineI", 4) == 0 &&
- memcmp(&c, "ntel", 4) == 0) ||
- (memcmp(&b, "Auth", 4) == 0 &&
- memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
- return 1;
+ if (memcmp(&b, "Genu", 4) == 0 &&
+ memcmp(&d, "ineI", 4) == 0 &&
+ memcmp(&c, "ntel", 4) == 0) {
+ return X86_CPU_VENDOR_INTEL;
}
- return 0;
+ if (memcmp(&b, "Auth", 4) == 0 &&
+ memcmp(&d, "enti", 4) == 0 &&
+ memcmp(&c, "cAMD", 4) == 0) {
+ return X86_CPU_VENDOR_AMD;
+ }
+
+ return X86_CPU_VENDOR_OTHER;
}
static
void register_x86_intel_crypto(unsigned capabilities)
{
int ret;
+ enum x86_cpu_vendor vendor;
memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
- if (check_intel_or_amd() == 0)
+ vendor = check_x86_cpu_vendor();
+ if (vendor == X86_CPU_VENDOR_OTHER) {
return;
+ }
if (capabilities == 0) {
if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
@@ -549,6 +583,23 @@ void register_x86_intel_crypto(unsigned capabilities)
capabilities_to_intel_cpuid(capabilities);
}
+ /* CRYPTOGAMS uses the (1 << 30) bit as an indicator of Intel CPUs */
+ if (vendor == X86_CPU_VENDOR_INTEL) {
+ _gnutls_x86_cpuid_s[0] |= 1 << 30;
+ } else {
+ _gnutls_x86_cpuid_s[0] &= ~(1 << 30);
+ }
+
+ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
+ _gnutls_x86_cpuid_s[1] &= ~bit_AVX;
+
+ /* Clear AVX2 bits as well, according to what OpenSSL does.
+ * Should we clear bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, and
+ * bit_AVX512CD? */
+ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|bit_AVX512F|bit_AVX512IFMA|
+ bit_AVX512BW|bit_AVX512BW);
+ }
+
if (check_ssse3()) {
_gnutls_debug_log("Intel SSSE3 was detected\n");
--
2.37.3
From cd509dac9e6d1bf76fd12c72c1fd61f1708c254a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 15 Aug 2022 09:39:18 +0900
Subject: [PATCH 2/2] accelerated: clear AVX bits if it cannot be queried
through XSAVE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
Architectures Software Developers Manual".
GnuTLS previously only followed that algorithm when registering the
crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
that the extension bits are propagated to _gnutls_x86_cpuid_s.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/accelerated/x86/x86-common.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index cf615ef24f..655d0c65f2 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -210,7 +210,8 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
}
if (capabilities & INTEL_AVX) {
- if ((a[1] & bit_AVX) && check_4th_gen_intel_features(a[1])) {
+ if ((a[1] & bit_AVX) && (a[1] & bit_MOVBE) &&
+ check_4th_gen_intel_features(a[1])) {
_gnutls_x86_cpuid_s[1] |= bit_AVX|bit_MOVBE;
} else {
_gnutls_debug_log
@@ -256,7 +257,7 @@ static unsigned check_sha(void)
#ifdef ASM_X86_64
static unsigned check_avx_movbe(void)
{
- return (_gnutls_x86_cpuid_s[1] & bit_AVX);
+ return (_gnutls_x86_cpuid_s[1] & (bit_AVX|bit_MOVBE)) == (bit_AVX|bit_MOVBE);
}
static unsigned check_pclmul(void)
@@ -579,6 +580,19 @@ void register_x86_intel_crypto(unsigned capabilities)
if (capabilities == 0) {
if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
return;
+ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
+ _gnutls_x86_cpuid_s[1] &= ~bit_AVX;
+
+ /* Clear AVX2 bits as well, according to what
+ * OpenSSL does. Should we clear
+ * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER,
+ * and bit_AVX512CD? */
+ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|
+ bit_AVX512F|
+ bit_AVX512IFMA|
+ bit_AVX512BW|
+ bit_AVX512BW);
+ }
} else {
capabilities_to_intel_cpuid(capabilities);
}
--
2.37.3

38
SOURCES/gnutls-3.6.16-cve-2025-32988.patch
View File

@ -1,38 +0,0 @@
commit 3b68043ef7e338118bce3ccdcbfafc8f005a6725
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jul 7 10:44:12 2025 +0900
x509: avoid double free when exporting othernames in SAN
Previously, the _gnutls_write_new_othername function, called by
gnutls_x509_ext_export_subject_alt_names to export "otherName" in a
certificate's SAN extension, freed the caller allocated ASN.1
structure upon error, resulting in a potential double-free.
Reported by OpenAI Security Research Team.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Backported-by: Alexander Sosedkin <asosedki@redhat.com>
Backported-from: 608829769cbc247679ffe98841109fc73875e573
Fixes: CVE-2025-32988
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index c9fef21a12..c0acdf9a94 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -805,7 +805,6 @@ _gnutls_write_new_othername(ASN1_TYPE ext, const char *ext_name,
result = asn1_write_value(ext, name2, oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
@@ -814,7 +813,6 @@ _gnutls_write_new_othername(ASN1_TYPE ext, const char *ext_name,
result = asn1_write_value(ext, name2, data, data_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}

2085
SOURCES/gnutls-3.6.16-cve-2025-32990.patch
View File

File diff suppressed because it is too large Load Diff

272
SOURCES/gnutls-3.6.16-cve-2025-6395.patch
View File

@ -1,272 +0,0 @@
commit 8af3c1686d41b059f6f4b8352d36d9686cf7febe
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jul 7 11:15:45 2025 +0900
handshake: clear HSK_PSK_SELECTED is when resetting binders
When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
second Client Hello omits PSK, the server would result in a NULL
pointer dereference as the PSK binder information is cleared while the
HSK_PSK_SELECTED flag is still set. This makes sure that
HSK_PSK_SELECTED flag is always cleared when the PSK binders are
reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
only during a handshake; after that, whether PSK is used can be
checked with gnutls_auth_client_get_type.
Reported by Stefan Bühler.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Backported-by: Alexander Sosedkin <asosedki@redhat.com>
Backported-from: 23135619773e6ec087ff2abc65405bd4d5676bad
Fixes: CVE-2025-6395
diff --git a/lib/handshake.c b/lib/handshake.c
index ce2d160e20..b156223cbc 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -580,9 +580,28 @@ static int set_auth_types(gnutls_session_t session)
/* Under TLS1.3 this returns a KX which matches the negotiated
* groups from the key shares; if we are resuming then the KX seen
* here doesn't match the original session. */
- if (session->internals.resumed == RESUME_FALSE)
- kx = gnutls_kx_get(session);
- else
+ if (session->internals.resumed == RESUME_FALSE) {
+ const gnutls_group_entry_st *group = get_group(session);
+
+ if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+ if (group) {
+ kx = group->pk == GNUTLS_PK_DH ?
+ GNUTLS_KX_DHE_PSK :
+ GNUTLS_KX_ECDHE_PSK;
+ } else {
+ kx = GNUTLS_KX_PSK;
+ }
+ } else if (group) {
+ /* Not necessarily be RSA, but just to
+ * make _gnutls_map_kx_get_cred below
+ * work.
+ */
+ kx = group->pk == GNUTLS_PK_DH ?
+ GNUTLS_KX_DHE_RSA :
+ GNUTLS_KX_ECDHE_RSA;
+ } else
+ kx = GNUTLS_KX_UNKNOWN;
+ } else
kx = GNUTLS_KX_UNKNOWN;
} else {
/* TLS1.2 or earlier, kx is associated with ciphersuite */
diff --git a/lib/state.c b/lib/state.c
index 817a7b8cd8..2bd08c3190 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -175,7 +175,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
const gnutls_group_entry_st *group = get_group(session);
if (ver->tls13_sem) {
- if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+ if (gnutls_auth_client_get_type(session) ==
+ GNUTLS_CRD_PSK) {
if (group) {
if (group->pk == GNUTLS_PK_DH)
return GNUTLS_KX_DHE_PSK;
@@ -264,6 +265,7 @@ void reset_binders(gnutls_session_t session)
_gnutls_free_temp_key_datum(&session->key.binders[0].psk);
_gnutls_free_temp_key_datum(&session->key.binders[1].psk);
memset(session->key.binders, 0, sizeof(session->key.binders));
+ session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
}
/* Check whether certificate credentials of type @cert_type are set
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b04cb081b4..1019f6c1d8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -118,6 +118,8 @@ ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \
ctests += tls13/hello_retry_request
+ctests += tls13/hello_retry_request_psk
+
ctests += tls13/psk-ext
ctests += tls13/key_update
diff --git a/tests/tls13/hello_retry_request_psk.c b/tests/tls13/hello_retry_request_psk.c
new file mode 100644
index 0000000000..a20cb0d965
--- /dev/null
+++ b/tests/tls13/hello_retry_request_psk.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2017-2025 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#include <string.h>
+#include <gnutls/gnutls.h>
+#include <assert.h>
+
+#include "cert-common.h"
+#include "utils.h"
+#include "tls13/ext-parse.h"
+#include "eagain-common.h"
+
+/* This program exercises the case where a TLS 1.3 handshake ends up
+ * with HRR, and the first CH includes PSK while the 2nd CH omits
+ * it */
+
+const char *testname = "hello entry request";
+
+const char *side = "";
+
+#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__)
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+struct ctx_st {
+ unsigned hrr_seen;
+ unsigned hello_counter;
+};
+
+static int pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t *key)
+{
+ if (debug)
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
+}
+
+static int hello_callback(gnutls_session_t session, unsigned int htype,
+ unsigned post, unsigned int incoming,
+ const gnutls_datum_t *msg)
+{
+ struct ctx_st *ctx = gnutls_session_get_ptr(session);
+ assert(ctx != NULL);
+
+ if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST)
+ ctx->hrr_seen = 1;
+
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+ if (post == GNUTLS_HOOK_POST)
+ ctx->hello_counter++;
+ else {
+ /* Unset the PSK credential to omit the extension */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL);
+ }
+ }
+
+ return 0;
+}
+
+void doit(void)
+{
+ int sret, cret;
+ gnutls_psk_server_credentials_t scred;
+ gnutls_psk_client_credentials_t ccred;
+ gnutls_certificate_credentials_t ccred2;
+ gnutls_session_t server, client;
+ /* Need to enable anonymous KX specifically. */
+ const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
+
+ struct ctx_st ctx;
+ memset(&ctx, 0, sizeof(ctx));
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(9);
+
+ /* Init server */
+ assert(gnutls_psk_allocate_server_credentials(&scred) >= 0);
+ gnutls_psk_set_server_credentials_function(scred, pskfunc);
+
+ gnutls_init(&server, GNUTLS_SERVER);
+
+ assert(gnutls_priority_set_direct(
+ server,
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK",
+ NULL) >= 0);
+
+ gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0);
+ gnutls_psk_set_client_credentials(ccred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+ assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0);
+
+ assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_KEY_SHARE_TOP) >= 0);
+
+ gnutls_session_set_ptr(client, &ctx);
+
+ cret = gnutls_priority_set_direct(
+ client,
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK",
+ NULL);
+ if (cret < 0)
+ myfail("cannot set TLS 1.3 priorities\n");
+
+ gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY,
+ GNUTLS_HOOK_BOTH, hello_callback);
+
+ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ assert(ctx.hrr_seen != 0);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_psk_free_server_credentials(scred);
+ gnutls_psk_free_client_credentials(ccred);
+ gnutls_certificate_free_credentials(ccred2);
+
+ gnutls_global_deinit();
+ reset_buffers();
+}

474
SOURCES/gnutls-3.6.16-deterministic-ecdsa-fixes.patch
View File

@ -1,474 +0,0 @@
From 0d39e4120bc5ece53c86c5802c546259b8ca286a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jan 2024 17:56:58 +0900
Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA
This removes function calls that potentially leak bit-length of a
private key used to calculate a nonce in deterministic ECDSA. Namely:
- _gnutls_dsa_compute_k has been rewritten to work on always
zero-padded mp_limb_t arrays instead of mpz_t
- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
by a byte array instead of an mpz_t value
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/int/dsa-compute-k.c | 84 +++++++++++++++++++------------
lib/nettle/int/dsa-compute-k.h | 31 +++++++++---
lib/nettle/int/ecdsa-compute-k.c | 71 +++++++++-----------------
lib/nettle/int/ecdsa-compute-k.h | 8 +--
lib/nettle/pk.c | 79 ++++++++++++++++++++---------
tests/sign-verify-deterministic.c | 2 +-
6 files changed, 158 insertions(+), 117 deletions(-)
diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
index 17d63318c4..ddeb6f6d1e 100644
--- a/lib/nettle/int/dsa-compute-k.c
+++ b/lib/nettle/int/dsa-compute-k.c
@@ -31,33 +31,37 @@
#include "mpn-base256.h"
#include <string.h>
-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
-
-/* The maximum size of q, choosen from the fact that we support
- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
- * maximum. */
-#define MAX_Q_BITS 521
-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
-
-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
-
-int
-_gnutls_dsa_compute_k(mpz_t k,
- const mpz_t q,
- const mpz_t x,
- gnutls_mac_algorithm_t mac,
- const uint8_t *digest,
- size_t length)
+/* For mini-gmp */
+#ifndef GMP_LIMB_BITS
+#define GMP_LIMB_BITS GMP_NUMB_BITS
+#endif
+
+static inline int is_zero_limb(mp_limb_t x)
+{
+ x |= (x << 1);
+ return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
+}
+
+static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
+{
+ volatile mp_limb_t w;
+ mp_size_t i;
+
+ for (i = 0, w = 0; i < n; i++)
+ w |= ap[i];
+
+ return is_zero_limb(w);
+}
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
+ gnutls_mac_algorithm_t mac, const uint8_t *digest,
+ size_t length)
{
uint8_t V[MAX_HASH_SIZE];
uint8_t K[MAX_HASH_SIZE];
uint8_t xp[MAX_Q_SIZE];
uint8_t tp[MAX_Q_SIZE];
- mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)];
- mp_bitcnt_t q_bits = mpz_sizeinbase (q, 2);
- mp_size_t qn = mpz_size(q);
mp_bitcnt_t h_bits = length * 8;
mp_size_t hn = BITS_TO_LIMBS(h_bits);
size_t nbytes = (q_bits + 7) / 8;
@@ -66,6 +70,7 @@ _gnutls_dsa_compute_k(mpz_t k,
mp_limb_t cy;
gnutls_hmac_hd_t hd;
int ret = 0;
+ mp_limb_t scratch[MAX_Q_LIMBS];
if (unlikely(q_bits > MAX_Q_BITS))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -73,7 +78,7 @@ _gnutls_dsa_compute_k(mpz_t k,
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* int2octets(x) */
- mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
+ mpn_get_base256(xp, nbytes, x, qn);
/* bits2octets(h) */
mpn_set_base256(h, hn, digest, length);
@@ -97,12 +102,12 @@ _gnutls_dsa_compute_k(mpz_t k,
mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
}
- cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
+ cy = mpn_sub_n(h, h, q, qn);
/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
#ifdef mpn_cnd_add_n
- mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
+ mpn_cnd_add_n(cy, h, h, q, qn);
#else
- mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
+ mpn_addmul_1(h, q, qn, cy != 0);
#endif
mpn_get_base256(tp, nbytes, h, qn);
@@ -178,12 +183,8 @@ _gnutls_dsa_compute_k(mpz_t k,
if (tlen * 8 > q_bits)
mpn_rshift (h, h, qn, tlen * 8 - q_bits);
/* Check if k is in [1,q-1] */
- if (!mpn_zero_p (h, qn) &&
- mpn_cmp (h, mpz_limbs_read(q), qn) < 0) {
- mpn_copyi(mpz_limbs_write(k, qn), h, qn);
- mpz_limbs_finish(k, qn);
+ if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
break;
- }
ret = gnutls_hmac_init(&hd, mac, K, length);
if (ret < 0)
@@ -207,3 +208,24 @@ _gnutls_dsa_compute_k(mpz_t k,
return ret;
}
+
+/* cancel-out dsa_sign's addition of 1 to random data */
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ /* Fall back to sub_1, if nettle is linked with mini-gmp. */
+#ifdef mpn_sec_sub_1
+ mp_limb_t t[MAX_Q_LIMBS];
+
+ mpn_sec_sub_1(h, h, n, 1, t);
+#else
+ mpn_sub_1(h, h, n, 1);
+#endif
+ mpn_get_base256(k, nbytes, h, n);
+}
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ mpn_get_base256(k, nbytes, h, n);
+}
diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
index 64e90e0ca2..e88fce0a6d 100644
--- a/lib/nettle/int/dsa-compute-k.h
+++ b/lib/nettle/int/dsa-compute-k.h
@@ -26,12 +26,29 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int
-_gnutls_dsa_compute_k(mpz_t k,
- const mpz_t q,
- const mpz_t x,
- gnutls_mac_algorithm_t mac,
- const uint8_t *digest,
- size_t length);
+#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+
+/* The maximum size of q, chosen from the fact that we support
+ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
+ * maximum. */
+#define MAX_Q_BITS 521
+#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
+#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+
+#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
+#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+
+#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
+ gnutls_mac_algorithm_t mac, const uint8_t *digest,
+ size_t length);
+
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
#endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
index 94914ebdfa..819302c1c7 100644
--- a/lib/nettle/int/ecdsa-compute-k.c
+++ b/lib/nettle/int/ecdsa-compute-k.c
@@ -29,67 +29,46 @@
#include "dsa-compute-k.h"
#include "gnutls_int.h"
-static inline int
-_gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)
{
switch (curve) {
#ifdef ENABLE_NON_SUITEB_CURVES
case GNUTLS_ECC_CURVE_SECP192R1:
- mpz_init_set_str(*q,
- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
- "146BC9B1B4D22831",
- 16);
+ mpz_set_str(q,
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
+ "146BC9B1B4D22831",
+ 16);
return 0;
case GNUTLS_ECC_CURVE_SECP224R1:
- mpz_init_set_str(*q,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
- "E0B8F03E13DD29455C5C2A3D",
- 16);
+ mpz_set_str(q,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
+ "E0B8F03E13DD29455C5C2A3D",
+ 16);
return 0;
#endif
case GNUTLS_ECC_CURVE_SECP256R1:
- mpz_init_set_str(*q,
- "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
- "BCE6FAADA7179E84F3B9CAC2FC632551",
- 16);
+ mpz_set_str(q,
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
+ "BCE6FAADA7179E84F3B9CAC2FC632551",
+ 16);
return 0;
case GNUTLS_ECC_CURVE_SECP384R1:
- mpz_init_set_str(*q,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
- "581A0DB248B0A77AECEC196ACCC52973",
- 16);
+ mpz_set_str(q,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
+ "581A0DB248B0A77AECEC196ACCC52973",
+ 16);
return 0;
case GNUTLS_ECC_CURVE_SECP521R1:
- mpz_init_set_str(*q,
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFA51868783BF2F966B7FCC0148F709A"
- "5D03BB5C9B8899C47AEBB6FB71E91386"
- "409",
- 16);
+ mpz_set_str(q,
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFA51868783BF2F966B7FCC0148F709A"
+ "5D03BB5C9B8899C47AEBB6FB71E91386"
+ "409",
+ 16);
return 0;
default:
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
}
-
-int
-_gnutls_ecdsa_compute_k (mpz_t k,
- gnutls_ecc_curve_t curve,
- const mpz_t x,
- gnutls_mac_algorithm_t mac,
- const uint8_t *digest,
- size_t length)
-{
- mpz_t q;
- int ret;
-
- ret = _gnutls_ecc_curve_to_dsa_q(&q, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_dsa_compute_k (k, q, x, mac, digest, length);
- mpz_clear(q);
- return ret;
-}
diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h
index 7ca401d6e4..a7e612bcab 100644
--- a/lib/nettle/int/ecdsa-compute-k.h
+++ b/lib/nettle/int/ecdsa-compute-k.h
@@ -26,12 +26,6 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int
-_gnutls_ecdsa_compute_k (mpz_t k,
- gnutls_ecc_curve_t curve,
- const mpz_t x,
- gnutls_mac_algorithm_t mac,
- const uint8_t *digest,
- size_t length);
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve);
#endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 588e9df502..b19fe3804a 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -102,10 +102,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t * data)
}
}
-static void rnd_mpz_func(void *_ctx, size_t length, uint8_t * data)
+static void rnd_datum_func(void *ctx, size_t length, uint8_t *data)
{
- mpz_t *k = _ctx;
- nettle_mpz_get_str_256 (length, data, *k);
+ gnutls_datum_t *d = ctx;
+
+ if (length > d->size) {
+ memset(data, 0, length - d->size);
+ memcpy(data + (length - d->size), d->data, d->size);
+ } else {
+ memcpy(data, d->data, length);
+ }
}
static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t * data)
@@ -976,7 +982,10 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_signature sig;
int curve_id = pk_params->curve;
const struct ecc_curve *curve;
- mpz_t k;
+ mpz_t q;
+ /* 521-bit elliptic curve generator at maximum */
+ uint8_t buf[(521 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1005,19 +1014,32 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
hash_len = vdata->size;
}
- mpz_init(k);
+ mpz_init(q);
+
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
- ret = _gnutls_ecdsa_compute_k(k,
- curve_id,
- pk_params->params[ECC_K],
- DIG_TO_MAC(sign_params->dsa_dig),
- vdata->data,
- vdata->size);
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
+ ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id);
if (ret < 0)
goto ecdsa_cleanup;
+
+ ret = _gnutls_dsa_compute_k(
+ h, mpz_limbs_read(q), priv.p,
+ ecc_size(priv.ecc), ecc_bit_size(priv.ecc),
+ DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
+ vdata->size);
+ if (ret < 0)
+ goto ecdsa_cleanup;
+
+ k.data = buf;
+ k.size = (ecc_bit_size(priv.ecc) + 7) / 8;
+
+ _gnutls_ecdsa_compute_k_finish(k.data, k.size, h,
+ ecc_size(priv.ecc));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1038,7 +1060,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
ecdsa_cleanup:
dsa_signature_clear(&sig);
ecc_scalar_zclear(&priv);
- mpz_clear(k);
+ mpz_clear(q);
if (ret < 0) {
gnutls_assert();
@@ -1051,7 +1073,9 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_params pub;
bigint_t priv;
struct dsa_signature sig;
- mpz_t k;
+ /* 512-bit DSA subgroup at maximum */
+ uint8_t buf[(512 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1074,21 +1098,27 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
hash_len = vdata->size;
}
- mpz_init(k);
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
- ret = _gnutls_dsa_compute_k(k,
- pub.q,
- TOMPZ(priv),
- DIG_TO_MAC(sign_params->dsa_dig),
- vdata->data,
- vdata->size);
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
+ ret = _gnutls_dsa_compute_k(
+ h, mpz_limbs_read(pub.q),
+ mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q),
+ mpz_sizeinbase(pub.q, 2),
+ DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
+ vdata->size);
if (ret < 0)
goto dsa_fail;
- /* cancel-out dsa_sign's addition of 1 to random data */
- mpz_sub_ui (k, k, 1);
+
+ k.data = buf;
+ k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8;
+
+ _gnutls_dsa_compute_k_finish(k.data, k.size, h,
+ mpz_size(pub.q));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1108,7 +1138,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
dsa_fail:
dsa_signature_clear(&sig);
- mpz_clear(k);
if (ret < 0) {
gnutls_assert();
diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c
index 6e907288ee..25aa553a59 100644
--- a/tests/sign-verify-deterministic.c
+++ b/tests/sign-verify-deterministic.c
@@ -197,7 +197,7 @@ void doit(void)
&signature);
if (ret < 0)
testfail("gnutls_pubkey_verify_data2\n");
- success(" - pass");
+ success(" - pass\n");
next:
gnutls_free(signature.data);
--
2.44.0

14
SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch
View File

@ -1,14 +0,0 @@
--- gnutls-3.7.2/doc/manpages/p11tool.1 2021-05-29 10:15:22.000000000 +0200
+++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1 2021-06-28 09:35:23.000000000 +0200
@@ -230,8 +230,9 @@
.NOP \f\*[B-Font]\-\-write\f[]
Writes the loaded objects to a PKCS #11 token.
.sp
-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with
- one of \--load-privkey, \--load-pubkey, \--load-certificate option.
+It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option.
+.sp
+When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand.
.TP
.NOP \f\*[B-Font]\-\-delete\f[]
Deletes the objects matching the given PKCS #11 URL.

266
SOURCES/gnutls-3.6.16-pkcs7-verify.patch
View File

@ -1,266 +0,0 @@
From e5dc27d1a457d1b3abc0582cd133910dff0fc309 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri, 22 Jul 2022 12:00:11 +0200
Subject: [PATCH] Fix double free during gnutls_pkcs7_verify
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
.gitignore | 1 +
lib/x509/pkcs7.c | 3 +-
tests/Makefile.am | 3 +-
tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++
4 files changed, 220 insertions(+), 2 deletions(-)
create mode 100644 tests/pkcs7-verify-double-free.c
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 0ff55ba04b..878f867862 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags);
if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) {
- if (prev) gnutls_x509_crt_deinit(prev);
+ if (prev && prev != signer)
+ gnutls_x509_crt_deinit(prev);
prev = issuer;
break;
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b04cb081b4..0563d3c754 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -220,7 +220,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \
tls13-without-timeout-func buffer status-request-revoked \
set_x509_ocsp_multi_cli kdf-api keylog-func \
- dtls_hello_random_value tls_hello_random_value x509cert-dntypes
+ dtls_hello_random_value tls_hello_random_value x509cert-dntypes \
+ pkcs7-verify-double-free
if HAVE_SECCOMP_TESTS
ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c
new file mode 100644
index 0000000000..fadf307829
--- /dev/null
+++ b/tests/pkcs7-verify-double-free.c
@@ -0,0 +1,215 @@
+/*
+ * Copyright (C) 2022 Red Hat, Inc.
+ *
+ * Author: Zoltan Fridrich
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <gnutls/pkcs7.h>
+#include <gnutls/x509.h>
+
+#include "utils.h"
+
+static char rca_pem[] =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
+ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n"
+ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n"
+ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n"
+ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n"
+ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n"
+ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n"
+ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n"
+ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n"
+ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n"
+ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n"
+ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n"
+ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n"
+ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n"
+ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n"
+ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n"
+ "LirBWjg89RoAjFQ7bTE=\n"
+ "-----END CERTIFICATE-----\n";
+
+static char ca_pem[] =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
+ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n"
+ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n"
+ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n"
+ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n"
+ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n"
+ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n"
+ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n"
+ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n"
+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n"
+ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n"
+ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n"
+ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n"
+ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n"
+ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n"
+ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n"
+ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n"
+ "-----END CERTIFICATE-----\n";
+
+static char ee_pem[] =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n"
+ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n"
+ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n"
+ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n"
+ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n"
+ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n"
+ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n"
+ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n"
+ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n"
+ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n"
+ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n"
+ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n"
+ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n"
+ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n"
+ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n"
+ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n"
+ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n"
+ "-----END CERTIFICATE-----\n";
+
+static char msg_pem[] =
+ "-----BEGIN PKCS7-----\n"
+ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n"
+ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n"
+ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n"
+ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n"
+ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n"
+ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n"
+ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n"
+ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n"
+ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n"
+ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n"
+ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n"
+ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n"
+ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n"
+ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n"
+ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n"
+ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n"
+ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n"
+ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n"
+ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n"
+ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n"
+ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n"
+ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n"
+ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n"
+ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n"
+ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n"
+ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n"
+ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n"
+ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n"
+ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n"
+ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n"
+ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n"
+ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n"
+ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n"
+ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n"
+ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n"
+ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n"
+ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n"
+ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n"
+ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n"
+ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n"
+ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n"
+ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n"
+ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n"
+ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n"
+ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n"
+ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n"
+ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n"
+ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n"
+ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n"
+ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n"
+ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n"
+ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n"
+ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n"
+ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n"
+ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n"
+ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n"
+ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n"
+ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n"
+ "-----END PKCS7-----\n";
+
+const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 };
+const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 };
+const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 };
+const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 };
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "%s |<%d>| %s", "err", level, str);
+}
+
+#define CHECK(X)\
+{\
+ r = X;\
+ if (r < 0)\
+ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\
+}\
+
+void doit(void)
+{
+ int r;
+ gnutls_x509_crt_t rca_cert = NULL;
+ gnutls_x509_crt_t ca_cert = NULL;
+ gnutls_x509_crt_t ee_cert = NULL;
+ gnutls_x509_trust_list_t tlist = NULL;
+ gnutls_pkcs7_t pkcs7 = NULL;
+ gnutls_datum_t data = { (unsigned char *)"xxx", 3 };
+
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ // Import certificates
+ CHECK(gnutls_x509_crt_init(&rca_cert));
+ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM));
+ CHECK(gnutls_x509_crt_init(&ca_cert));
+ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM));
+ CHECK(gnutls_x509_crt_init(&ee_cert));
+ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM));
+
+ // Setup trust store
+ CHECK(gnutls_x509_trust_list_init(&tlist, 0));
+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0));
+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0));
+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0));
+
+ // Setup pkcs7 structure
+ CHECK(gnutls_pkcs7_init(&pkcs7));
+ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM));
+
+ // Signature verification
+ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0);
+
+ gnutls_x509_crt_deinit(rca_cert);
+ gnutls_x509_crt_deinit(ca_cert);
+ gnutls_x509_crt_deinit(ee_cert);
+ gnutls_x509_trust_list_deinit(tlist, 0);
+ gnutls_pkcs7_deinit(pkcs7);
+}
--
2.37.2

242
SOURCES/gnutls-3.6.16-rehandshake-tickets.patch
View File

@ -1,242 +0,0 @@
From 9b50d94bf1c8e749d7dfc593c89e689a161444ae Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 26 Jun 2023 09:30:03 +0200
Subject: [PATCH] gnutls-3.6.16-rehandshake-tickets.patch
Signed-off-by: rpm-build <rpm-build>
---
lib/ext/session_ticket.c | 6 ++
lib/ext/session_ticket.h | 1 +
lib/libgnutls.map | 2 +
lib/state.c | 1 +
tests/Makefile.am | 3 +-
tests/tls12-rehandshake-ticket.c | 152 +++++++++++++++++++++++++++++++
6 files changed, 164 insertions(+), 1 deletion(-)
create mode 100644 tests/tls12-rehandshake-ticket.c
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 8f22462..8d83a6c 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -618,6 +618,12 @@ gnutls_session_ticket_enable_server(gnutls_session_t session,
return 0;
}
+void
+_gnutls_session_ticket_disable_server(gnutls_session_t session)
+{
+ session->internals.flags |= GNUTLS_NO_TICKETS;
+}
+
/*
* Return zero if session tickets haven't been enabled.
*/
diff --git a/lib/ext/session_ticket.h b/lib/ext/session_ticket.h
index da804ec..660c9d3 100644
--- a/lib/ext/session_ticket.h
+++ b/lib/ext/session_ticket.h
@@ -36,5 +36,6 @@ int _gnutls_encrypt_session_ticket(gnutls_session_t session,
int _gnutls_decrypt_session_ticket(gnutls_session_t session,
const gnutls_datum_t *ticket_data,
gnutls_datum_t *state);
+void _gnutls_session_ticket_disable_server(gnutls_session_t session);
#endif /* GNUTLS_LIB_EXT_SESSION_TICKET_H */
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index d2f7c0a..6748b3a 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1432,4 +1432,6 @@ GNUTLS_PRIVATE_3_4 {
_gnutls_buffer_unescape;
_gnutls_buffer_pop_datum;
_gnutls_buffer_clear;
+ # needed by tests/tls12-rehandshake-cert-ticket
+ _gnutls_session_ticket_disable_server;
} GNUTLS_3_4;
diff --git a/lib/state.c b/lib/state.c
index 817a7b8..f1e9daa 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -452,6 +452,7 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
session->internals.tfo.connect_addrlen = 0;
session->internals.tfo.connect_only = 0;
session->internals.early_data_received = 0;
+ session->internals.session_ticket_renew = 0;
}
/**
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0563d3c..7c5f5c4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -221,7 +221,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
tls13-without-timeout-func buffer status-request-revoked \
set_x509_ocsp_multi_cli kdf-api keylog-func \
dtls_hello_random_value tls_hello_random_value x509cert-dntypes \
- pkcs7-verify-double-free
+ pkcs7-verify-double-free \
+ tls12-rehandshake-ticket
if HAVE_SECCOMP_TESTS
ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
diff --git a/tests/tls12-rehandshake-ticket.c b/tests/tls12-rehandshake-ticket.c
new file mode 100644
index 0000000..f96e46e
--- /dev/null
+++ b/tests/tls12-rehandshake-ticket.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2022 Red Hat, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <gnutls/gnutls.h>
+#include <assert.h>
+#include "cert-common.h"
+
+#include "utils.h"
+#include "eagain-common.h"
+
+const char *side = "";
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+#define MAX_BUF 1024
+
+void _gnutls_session_ticket_disable_server(gnutls_session_t session);
+
+static void run(void)
+{
+ char buffer[MAX_BUF + 1];
+ /* Server stuff. */
+ gnutls_certificate_credentials_t scred;
+ gnutls_session_t server;
+ gnutls_datum_t session_ticket_key = { NULL, 0 };
+ int sret;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t ccred;
+ gnutls_session_t client;
+ int cret;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(9);
+
+ /* Init server */
+ assert(gnutls_certificate_allocate_credentials(&scred) >= 0);
+ assert(gnutls_certificate_set_x509_key_mem(scred,
+ &server_ca3_localhost_cert,
+ &server_ca3_key,
+ GNUTLS_X509_FMT_PEM) >= 0);
+ assert(gnutls_certificate_set_x509_trust_mem(scred,
+ &ca3_cert,
+ GNUTLS_X509_FMT_PEM) >= 0);
+
+ assert(gnutls_init(&server, GNUTLS_SERVER) >= 0);
+ gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
+ assert(gnutls_priority_set_direct(server,
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2",
+ NULL) >= 0);
+
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ gnutls_session_ticket_key_generate(&session_ticket_key);
+ gnutls_session_ticket_enable_server(server, &session_ticket_key);
+
+ /* Init client */
+ assert(gnutls_certificate_allocate_credentials(&ccred) >= 0);
+ assert(gnutls_certificate_set_x509_key_mem
+ (ccred, &cli_ca3_cert_chain, &cli_ca3_key, GNUTLS_X509_FMT_PEM) >= 0);
+ assert(gnutls_certificate_set_x509_trust_mem
+ (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0);
+
+ gnutls_init(&client, GNUTLS_CLIENT);
+ assert(gnutls_priority_set_direct(client,
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2",
+ NULL) >= 0);
+
+ assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred) >= 0);
+
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ /* Server initiates rehandshake */
+ switch_side("server");
+ sret = gnutls_rehandshake(server);
+ if (sret < 0) {
+ fail("Error sending %d byte packet: %s\n",
+ (int)sizeof(buffer), gnutls_strerror(sret));
+ } else if (debug)
+ success("server: starting rehandshake\n");
+
+ /* Stop sending session ticket */
+ _gnutls_session_ticket_disable_server(server);
+
+ /* Client gets notified with rehandshake */
+ switch_side("client");
+ do {
+ do {
+ cret = gnutls_record_recv(client, buffer, MAX_BUF);
+ } while (cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_INTERRUPTED);
+ } while (cret > 0);
+
+ if (cret != GNUTLS_E_REHANDSHAKE) {
+ fail("client: Error receiving rehandshake: %s\n",
+ gnutls_strerror(cret));
+ }
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(scred);
+ gnutls_certificate_free_credentials(ccred);
+
+ gnutls_free(session_ticket_key.data);
+
+ gnutls_global_deinit();
+ reset_buffers();
+}
+
+void doit(void)
+{
+ run();
+}
--
2.41.0

121
SOURCES/gnutls-3.6.16-rsa-psk-timing-followup.patch
View File

@ -1,121 +0,0 @@
From fe912c5dba49dcecbd5c32bf8184e60a949af452 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Wed, 10 Jan 2024 19:13:17 +0900
Subject: [PATCH] rsa-psk: minimize branching after decryption
This moves any non-trivial code between gnutls_privkey_decrypt_data2
and the function return in _gnutls_proc_rsa_psk_client_kx up until the
decryption. This also avoids an extra memcpy to session->key.key.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/auth/rsa_psk.c | 68 ++++++++++++++++++++++++----------------------
1 file changed, 35 insertions(+), 33 deletions(-)
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index 93c2dc9998..8f3fe5a4bd 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -269,7 +269,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
int ret, dsize;
ssize_t data_size = _data_size;
gnutls_psk_server_credentials_t cred;
- gnutls_datum_t premaster_secret = { NULL, 0 };
volatile uint8_t ver_maj, ver_min;
cred = (gnutls_psk_server_credentials_t)
@@ -329,24 +328,48 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
ver_maj = _gnutls_get_adv_version_major(session);
ver_min = _gnutls_get_adv_version_minor(session);
- premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
- if (premaster_secret.data == NULL) {
+ /* Find the key of this username. A random value will be
+ * filled in if the key is not found.
+ */
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Allocate memory for premaster secret, and fill in the
+ * fields except the decryption result.
+ */
+ session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
gnutls_assert();
+ _gnutls_free_key_datum(&pwd_psk);
+ /* No need to zeroize, as the secret is not copied in yet */
+ _gnutls_free_datum(&session->key.key);
return GNUTLS_E_MEMORY_ERROR;
}
- premaster_secret.size = GNUTLS_MASTER_SIZE;
/* Fallback value when decryption fails. Needs to be unpredictable. */
- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
- premaster_secret.size);
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2,
+ GNUTLS_MASTER_SIZE);
if (ret < 0) {
gnutls_assert();
- goto cleanup;
+ _gnutls_free_key_datum(&pwd_psk);
+ /* No need to zeroize, as the secret is not copied in yet */
+ _gnutls_free_datum(&session->key.key);
+ return ret;
}
+ _gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data);
+ _gnutls_write_uint16(pwd_psk.size,
+ &session->key.key.data[2 + GNUTLS_MASTER_SIZE]);
+ memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2],
+ pwd_psk.data, pwd_psk.size);
+ _gnutls_free_key_datum(&pwd_psk);
+
gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
- &ciphertext, premaster_secret.data,
- premaster_secret.size);
+ &ciphertext, session->key.key.data + 2,
+ GNUTLS_MASTER_SIZE);
/* After this point, any conditional on failure that cause differences
* in execution may create a timing or cache access pattern side
* channel that can be used as an oracle, so tread carefully */
@@ -365,31 +388,10 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
/* This is here to avoid the version check attack
* discussed above.
*/
- premaster_secret.data[0] = ver_maj;
- premaster_secret.data[1] = ver_min;
-
- /* find the key of this username
- */
- ret =
- _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret =
- set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ session->key.key.data[2] = ver_maj;
+ session->key.key.data[3] = ver_min;
- ret = 0;
- cleanup:
- _gnutls_free_key_datum(&pwd_psk);
- _gnutls_free_temp_key_datum(&premaster_secret);
-
- return ret;
+ return 0;
}
static int
--
2.43.0

202
SOURCES/gnutls-3.6.16-rsa-psk-timing.patch
View File

@ -1,202 +0,0 @@
From e007a54432c98618bde500649817d153225abf6b Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 7 Dec 2023 11:52:08 +0900
Subject: [PATCH] gnutls-3.6.16-rsa-psk-timing.patch
Signed-off-by: rpm-build <rpm-build>
---
lib/auth/rsa.c | 2 +-
lib/auth/rsa_psk.c | 93 +++++++++++++++++-----------------------------
lib/gnutls_int.h | 4 --
lib/priority.c | 1 -
4 files changed, 35 insertions(+), 65 deletions(-)
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 858701f..02b6a34 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -207,7 +207,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
session->key.key.size);
/* After this point, any conditional on failure that cause differences
* in execution may create a timing or cache access pattern side
- * channel that can be used as an oracle, so treat very carefully */
+ * channel that can be used as an oracle, so tread carefully */
/* Error handling logic:
* In case decryption fails then don't inform the peer. Just use the
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index 1a9dab5..93c2dc9 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -264,14 +264,13 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
{
gnutls_datum_t username;
psk_auth_info_t info;
- gnutls_datum_t plaintext;
gnutls_datum_t ciphertext;
gnutls_datum_t pwd_psk = { NULL, 0 };
int ret, dsize;
- int randomize_key = 0;
ssize_t data_size = _data_size;
gnutls_psk_server_credentials_t cred;
gnutls_datum_t premaster_secret = { NULL, 0 };
+ volatile uint8_t ver_maj, ver_min;
cred = (gnutls_psk_server_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_PSK);
@@ -327,71 +326,47 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
}
ciphertext.size = dsize;
- ret =
- gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
- &ciphertext, &plaintext);
- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
- /* In case decryption fails then don't inform
- * the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formatting).
- */
+ ver_maj = _gnutls_get_adv_version_major(session);
+ ver_min = _gnutls_get_adv_version_minor(session);
+
+ premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
+ if (premaster_secret.data == NULL) {
gnutls_assert();
- _gnutls_debug_log
- ("auth_rsa_psk: Possible PKCS #1 format attack\n");
- if (ret >= 0) {
- gnutls_free(plaintext.data);
- }
- randomize_key = 1;
- } else {
- /* If the secret was properly formatted, then
- * check the version number.
- */
- if (_gnutls_get_adv_version_major(session) !=
- plaintext.data[0]
- || (session->internals.allow_wrong_pms == 0
- && _gnutls_get_adv_version_minor(session) !=
- plaintext.data[1])) {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert();
- _gnutls_debug_log
- ("auth_rsa: Possible PKCS #1 version check format attack\n");
- }
+ return GNUTLS_E_MEMORY_ERROR;
}
+ premaster_secret.size = GNUTLS_MASTER_SIZE;
-
- if (randomize_key != 0) {
- premaster_secret.size = GNUTLS_MASTER_SIZE;
- premaster_secret.data =
- gnutls_malloc(premaster_secret.size);
- if (premaster_secret.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* we do not need strong random numbers here.
- */
- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- } else {
- premaster_secret.data = plaintext.data;
- premaster_secret.size = plaintext.size;
+ /* Fallback value when decryption fails. Needs to be unpredictable. */
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
}
+ gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
+ &ciphertext, premaster_secret.data,
+ premaster_secret.size);
+ /* After this point, any conditional on failure that cause differences
+ * in execution may create a timing or cache access pattern side
+ * channel that can be used as an oracle, so tread carefully */
+
+ /* Error handling logic:
+ * In case decryption fails then don't inform the peer. Just use the
+ * random key previously generated. (in order to avoid attack against
+ * pkcs-1 formatting).
+ *
+ * If we get version mismatches no error is returned either. We
+ * proceed normally. This is to defend against the attack described
+ * in the paper "Attacking RSA-based sessions in SSL/TLS" by
+ * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
+ */
+
/* This is here to avoid the version check attack
* discussed above.
*/
-
- premaster_secret.data[0] = _gnutls_get_adv_version_major(session);
- premaster_secret.data[1] = _gnutls_get_adv_version_minor(session);
+ premaster_secret.data[0] = ver_maj;
+ premaster_secret.data[1] = ver_min;
/* find the key of this username
*/
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 31cec5c..815f69b 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -971,7 +971,6 @@ struct gnutls_priority_st {
bool _no_etm;
bool _no_ext_master_secret;
bool _allow_key_usage_violation;
- bool _allow_wrong_pms;
bool _dumbfw;
unsigned int _dh_prime_bits; /* old (deprecated) variable */
@@ -989,7 +988,6 @@ struct gnutls_priority_st {
(x)->no_etm = 1; \
(x)->no_ext_master_secret = 1; \
(x)->allow_key_usage_violation = 1; \
- (x)->allow_wrong_pms = 1; \
(x)->dumbfw = 1
#define ENABLE_PRIO_COMPAT(x) \
@@ -998,7 +996,6 @@ struct gnutls_priority_st {
(x)->_no_etm = 1; \
(x)->_no_ext_master_secret = 1; \
(x)->_allow_key_usage_violation = 1; \
- (x)->_allow_wrong_pms = 1; \
(x)->_dumbfw = 1
/* DH and RSA parameters types.
@@ -1123,7 +1120,6 @@ typedef struct {
bool no_etm;
bool no_ext_master_secret;
bool allow_key_usage_violation;
- bool allow_wrong_pms;
bool dumbfw;
/* old (deprecated) variable. This is used for both srp_prime_bits
diff --git a/lib/priority.c b/lib/priority.c
index 0a284ae..67ec887 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -681,7 +681,6 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
COPY_TO_INTERNALS(no_etm);
COPY_TO_INTERNALS(no_ext_master_secret);
COPY_TO_INTERNALS(allow_key_usage_violation);
- COPY_TO_INTERNALS(allow_wrong_pms);
COPY_TO_INTERNALS(dumbfw);
COPY_TO_INTERNALS(dh_prime_bits);
--
2.43.0

125
SOURCES/gnutls-3.6.16-tls12-cert-type.patch
View File

@ -1,125 +0,0 @@
From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 14 May 2021 15:59:37 +0200
Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR
When the server is advertising signature algorithms in TLS 1.2
CertificateRequest, it shouldn't send certificate_types not backed by
any of those algorithms.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/auth/cert.c | 76 +++++++++++++++++++++++--
tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++
2 files changed, 89 insertions(+), 6 deletions(-)
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 3073a33d3..0b0f04b2b 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64,
#endif
} CertificateSigType;
+enum CertificateSigTypeFlags {
+ RSA_SIGN_FLAG = 1,
+ DSA_SIGN_FLAG = 1 << 1,
+ ECDSA_SIGN_FLAG = 1 << 2,
+#ifdef ENABLE_GOST
+ GOSTR34102012_256_SIGN_FLAG = 1 << 3,
+ GOSTR34102012_512_SIGN_FLAG = 1 << 4
+#endif
+};
+
/* Moves data from an internal certificate struct (gnutls_pcert_st) to
* another internal certificate struct (cert_auth_info_t), and deinitializes
* the former.
@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
uint8_t tmp_data[CERTTYPE_SIZE];
const version_entry_st *ver = get_version(session);
unsigned init_pos = data->length;
+ enum CertificateSigTypeFlags flags;
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- i = 1;
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ size_t j;
+
+ flags = 0;
+ for (j = 0; j < session->internals.priorities->sigalg.size; j++) {
+ const gnutls_sign_entry_st *se =
+ session->internals.priorities->sigalg.entry[j];
+ switch (se->pk) {
+ case GNUTLS_PK_RSA:
+ case GNUTLS_PK_RSA_PSS:
+ flags |= RSA_SIGN_FLAG;
+ break;
+ case GNUTLS_PK_DSA:
+ flags |= DSA_SIGN_FLAG;
+ break;
+ case GNUTLS_PK_ECDSA:
+ flags |= ECDSA_SIGN_FLAG;
+ break;
#ifdef ENABLE_GOST
- if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) {
- tmp_data[i++] = GOSTR34102012_256_SIGN;
- tmp_data[i++] = GOSTR34102012_512_SIGN;
- } else
+ case GNUTLS_PK_GOST_12_256:
+ flags |= GOSTR34102012_256_SIGN_FLAG;
+ break;
+ case GNUTLS_PK_GOST_12_512:
+ flags |= GOSTR34102012_512_SIGN_FLAG;
+ break;
+#endif
+ default:
+ gnutls_assert();
+ _gnutls_debug_log(
+ "%s is unsupported for cert request\n",
+ gnutls_pk_get_name(se->pk));
+ }
+ }
+
+ } else {
+#ifdef ENABLE_GOST
+ if (_gnutls_kx_is_vko_gost(session->security_parameters.
+ cs->kx_algorithm)) {
+ flags = GOSTR34102012_256_SIGN_FLAG |
+ GOSTR34102012_512_SIGN_FLAG;
+ } else
#endif
- {
+ {
+ flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG;
+ }
+ }
+
+ i = 1;
+ if (flags & RSA_SIGN_FLAG) {
tmp_data[i++] = RSA_SIGN;
+ }
+ if (flags & DSA_SIGN_FLAG) {
tmp_data[i++] = DSA_SIGN;
+ }
+ if (flags & ECDSA_SIGN_FLAG) {
tmp_data[i++] = ECDSA_SIGN;
}
+#ifdef ENABLE_GOST
+ if (flags & GOSTR34102012_256_SIGN_FLAG) {
+ tmp_data[i++] = GOSTR34102012_256_SIGN;
+ }
+ if (flags & GOSTR34102012_512_SIGN_FLAG) {
+ tmp_data[i++] = GOSTR34102012_512_SIGN;
+ }
+#endif
tmp_data[0] = i - 1;
ret = _gnutls_buffer_append_data(data, tmp_data, i);
--
2.31.1

283
SOURCES/gnutls-3.6.16-trust-ca-sha1.patch
View File

@ -1,283 +0,0 @@
From c2409e479df41620bceac314c76cabb1d35a4075 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 3 May 2021 16:35:43 +0200
Subject: [PATCH] x509/verify: treat SHA-1 signed CA in the trusted set
differently
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Suppose there is a certificate chain ending with an intermediate CA:
EE → ICA1 → ICA2. If the system trust store contains a root CA
generated with the same key as ICA2 but signed with a prohibited
algorithm, such as SHA-1, the library previously reported a
verification failure, though the situation is not uncommon during a
transition period of root CA.
This changes the library behavior such that the check on signature
algorithm will be skipped when examining the trusted root CA.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/x509/verify.c | 26 ++++---
tests/test-chains.h | 165 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 182 insertions(+), 9 deletions(-)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index fd7c6a164..a50b5ea44 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -415,14 +415,19 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
#define CASE_SEC_PARAM(profile, level) \
case profile: \
sym_bits = gnutls_sec_param_to_symmetric_bits(level); \
- hash = gnutls_sign_get_hash_algorithm(sigalg); \
- entry = mac_to_entry(hash); \
- if (hash <= 0 || entry == NULL) { \
+ se = _gnutls_sign_to_entry(sigalg); \
+ if (unlikely(se == NULL)) { \
+ _gnutls_cert_log("cert", crt); \
+ _gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \
+ return gnutls_assert_val(0); \
+ } \
+ if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \
_gnutls_cert_log("cert", crt); \
_gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \
return gnutls_assert_val(0); \
} \
- if (_gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
+ if (!trusted && \
+ _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
_gnutls_cert_log("cert", crt); \
_gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \
return gnutls_assert_val(0); \
@@ -449,19 +454,22 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
* @crt: a certificate
* @issuer: the certificates issuer (allowed to be NULL)
* @sigalg: the signature algorithm used
+ * @trusted: whether @crt is treated as trusted (e.g., present in the system
+ * trust list); if it is true, the check on signature algorithm will
+ * be skipped
* @flags: the specified verification flags
*/
static unsigned is_level_acceptable(
gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_sign_algorithm_t sigalg, unsigned flags)
+ gnutls_sign_algorithm_t sigalg, bool trusted,
+ unsigned flags)
{
gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags);
- const mac_entry_st *entry;
int issuer_pkalg = 0, pkalg, ret;
unsigned bits = 0, issuer_bits = 0, sym_bits = 0;
gnutls_pk_params_st params;
gnutls_sec_param_t sp;
- int hash;
+ const gnutls_sign_entry_st *se;
gnutls_certificate_verification_profiles_t min_profile;
min_profile = _gnutls_get_system_wide_verification_profile();
@@ -798,7 +806,7 @@ verify_crt(gnutls_x509_crt_t cert,
}
if (sigalg >= 0 && se) {
- if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) {
+ if (is_level_acceptable(cert, issuer, sigalg, false, flags) == 0) {
MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
}
@@ -893,7 +901,7 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer,
/* we explicitly allow CAs which we do not support their self-algorithms
* to pass. */
- if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, flags)) {
+ if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) {
status |= GNUTLS_CERT_INSECURE_ALGORITHM|GNUTLS_CERT_INVALID;
}
diff --git a/tests/test-chains.h b/tests/test-chains.h
index 9b06b85f5..64f50fabf 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -4106,6 +4106,163 @@ static const char *superseding_ca[] = {
NULL
};
+static const char *rsa_sha1_in_trusted[] = {
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n"
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n"
+ "MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
+ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
+ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
+ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
+ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
+ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
+ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
+ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
+ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
+ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
+ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
+ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
+ "AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n"
+ "eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n"
+ "flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n"
+ "x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n"
+ "PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n"
+ "CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n"
+ "W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n"
+ "-----END CERTIFICATE-----\n",
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n"
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n"
+ "MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
+ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
+ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
+ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
+ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
+ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
+ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
+ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
+ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
+ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
+ "GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n"
+ "EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n"
+ "arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n"
+ "AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n"
+ "3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n"
+ "zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n"
+ "b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n"
+ "vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n"
+ "sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
+static const char *rsa_sha1_in_trusted_ca[] = {
+ /* This CA is generated with the same key as rsa_sha1_in_trusted[1], but
+ * self-signed using SHA-1.
+ */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n"
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n"
+ "MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n"
+ "Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n"
+ "b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n"
+ "rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n"
+ "fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n"
+ "4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n"
+ "UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n"
+ "MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n"
+ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n"
+ "S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n"
+ "Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n"
+ "gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n"
+ "Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n"
+ "9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n"
+ "wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n"
+ "w3SV1ZRcNg==\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
+static const char *rsa_sha1_not_in_trusted[] = {
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n"
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n"
+ "MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
+ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
+ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
+ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
+ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
+ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
+ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
+ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
+ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
+ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
+ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
+ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
+ "AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n"
+ "+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n"
+ "/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n"
+ "3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n"
+ "X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n"
+ "7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n"
+ "4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA with SHA1 signature */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n"
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n"
+ "NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
+ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
+ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
+ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
+ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
+ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
+ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
+ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
+ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
+ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
+ "GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n"
+ "muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n"
+ "2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n"
+ "cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n"
+ "dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n"
+ "qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n"
+ "VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n"
+ "5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n"
+ "PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
+static const char *rsa_sha1_not_in_trusted_ca[] = {
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n"
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n"
+ "MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n"
+ "Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n"
+ "OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n"
+ "K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n"
+ "lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n"
+ "fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n"
+ "pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n"
+ "1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n"
+ "aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n"
+ "kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n"
+ "VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n"
+ "S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n"
+ "WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n"
+ "C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n"
+ "o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n"
+ "7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n"
+ "Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n"
+ "nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n"
+ "6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n"
+ "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wunused-variable"
@@ -4275,6 +4432,14 @@ static struct
{ "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
0, NULL, 1584352960, 1},
{ "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
+ { "rsa-sha1 in trusted - ok",
+ rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca,
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
+ 0, NULL, 1620052390, 1},
+ { "rsa-sha1 not in trusted - not ok",
+ rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca,
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1},
{ NULL, NULL, NULL, 0, 0}
};
--
2.31.1

13
SOURCES/gnutls-3.6.4-no-now-guile.patch
View File

@ -1,13 +0,0 @@
diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in
index 95e1e9c..1dfc88e 100644
--- a/guile/src/Makefile.in
+++ b/guile/src/Makefile.in
@@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la
# Use '-module' to build a "dlopenable module", in Libtool terms.
# Use '-undefined' to placate Libtool on Windows; see
# <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
+guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy
# Linking against GnuTLS.
GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la

114
SOURCES/gnutls-3.7.8-rsa-kx-timing.patch
View File

@ -1,114 +0,0 @@
From c149dd0767f32789e391280cb1eb06b7eb7c6bce Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 9 Aug 2022 16:05:53 +0200
Subject: [PATCH 1/2] auth/rsa: side-step potential side-channel
Remove branching that depends on secret data.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Signed-off-by: Hubert Kario <hkario@redhat.com>
Tested-by: Hubert Kario <hkario@redhat.com>
---
lib/auth/rsa.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 8108ee841d..6b158bacb2 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -155,7 +155,6 @@ static int
proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
{
- const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
gnutls_datum_t ciphertext;
int ret, dsize;
ssize_t data_size = _data_size;
@@ -235,15 +234,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
- if (ok) {
- /* call logging function unconditionally so all branches are
- * indistinguishable for timing and cache access when debug
- * logging is disabled */
- _gnutls_no_log("%s", attack_error);
- } else {
- _gnutls_debug_log("%s", attack_error);
- }
-
/* This is here to avoid the version check attack
* discussed above.
*/
--
2.39.1
From 7c963102ec2119eecc1789b993aabe5edfd75f3b Mon Sep 17 00:00:00 2001
From: Hubert Kario <hkario@redhat.com>
Date: Wed, 8 Feb 2023 14:32:09 +0100
Subject: [PATCH 2/2] rsa: remove dead code
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
Signed-off-by: Hubert Kario <hkario@redhat.com>
---
lib/auth/rsa.c | 20 +++-----------------
1 file changed, 3 insertions(+), 17 deletions(-)
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 6b158bacb2..858701fe6e 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -159,8 +159,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
int ret, dsize;
ssize_t data_size = _data_size;
volatile uint8_t ver_maj, ver_min;
- volatile uint8_t check_ver_min;
- volatile uint32_t ok;
#ifdef ENABLE_SSL3
if (get_num_version(session) == GNUTLS_SSL3) {
@@ -186,7 +184,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
ver_maj = _gnutls_get_adv_version_major(session);
ver_min = _gnutls_get_adv_version_minor(session);
- check_ver_min = (session->internals.allow_wrong_pms == 0);
session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
if (session->key.key.data == NULL) {
@@ -205,10 +202,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
return ret;
}
- ret =
- gnutls_privkey_decrypt_data2(session->internals.selected_key,
- 0, &ciphertext, session->key.key.data,
- session->key.key.size);
+ gnutls_privkey_decrypt_data2(session->internals.selected_key,
+ 0, &ciphertext, session->key.key.data,
+ session->key.key.size);
/* After this point, any conditional on failure that cause differences
* in execution may create a timing or cache access pattern side
* channel that can be used as an oracle, so treat very carefully */
@@ -224,16 +220,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
* Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
*/
- /* ok is 0 in case of error and 1 in case of success. */
-
- /* if ret < 0 */
- ok = CONSTCHECK_EQUAL(ret, 0);
- /* session->key.key.data[0] must equal ver_maj */
- ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj);
- /* if check_ver_min then session->key.key.data[1] must equal ver_min */
- ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
- CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
-
/* This is here to avoid the version check attack
* discussed above.
*/
--
2.39.1

1168
SOURCES/gnutls-3.8.9-CVE-2024-12243.patch
View File

File diff suppressed because it is too large Load Diff

1099
SPECS/gnutls.spec
View File

File diff suppressed because it is too large Load Diff

3515
gmp-6.2.1-intel-cet.patch Normal file
View File

File diff suppressed because it is too large Load Diff

0
SOURCES/gnutls-3.2.7-rpath.patch → gnutls-3.2.7-rpath.patch
View File

2567
gnutls-3.7.2-enable-intel-cet.patch Normal file
View File

File diff suppressed because it is too large Load Diff

33
gnutls-3.7.2-no-explicit-init.patch Normal file
View File

@ -0,0 +1,33 @@
From c7f4ce40eaecafdefbf4db0ac2d3665bc0c41b33 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 21 Nov 2023 14:13:38 +0900
Subject: [PATCH] gnutls-3.7.2-no-explicit-init.patch
Signed-off-by: rpm-build <rpm-build>
---
lib/global.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/lib/global.c b/lib/global.c
index 924ec94..3baa202 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -510,15 +510,6 @@ static void _CONSTRUCTOR lib_init(void)
return;
}
- e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT");
- if (e != NULL) {
- _gnutls_debug_log(
- "GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n");
- ret = atoi(e);
- if (ret == 1)
- return;
- }
-
ret = _gnutls_global_init(1);
if (ret < 0) {
fprintf(stderr, "Error in GnuTLS initialization: %s\n",
--
2.41.0

26
gnutls-3.7.3-disable-config-reload.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/lib/priority.c b/lib/priority.c
index 9feec47fe2..40511710fd 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -2001,13 +2001,14 @@ char *_gnutls_resolve_priorities(const char* priorities)
additional++;
}
- /* Always try to refresh the cached data, to allow it to be
- * updated without restarting all applications.
- */
- ret = _gnutls_update_system_priorities(false /* defer_system_wide */);
- if (ret < 0) {
- _gnutls_debug_log("failed to update system priorities: %s\n",
- gnutls_strerror(ret));
+ /* If priority string is not constructed yet, construct and finalize */
+ if (!system_wide_config.priority_string) {
+ ret = _gnutls_update_system_priorities(false
+ /* defer_system_wide */);
+ if (ret < 0) {
+ _gnutls_debug_log("failed to update system priorities: "
+ " %s\n", gnutls_strerror(ret));
+ }
}
do {

41
gnutls-3.7.6-drbg-reseed.patch Normal file
View File

@ -0,0 +1,41 @@
From 968de8a9779788a853a4c0cd75beda779cb15f52 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 16 Nov 2023 17:09:58 +0900
Subject: [PATCH] gnutls-3.7.6-drbg-reseed.patch
Signed-off-by: rpm-build <rpm-build>
---
lib/nettle/sysrng-linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/nettle/sysrng-linux.c b/lib/nettle/sysrng-linux.c
index 25d74fe..8b9cc46 100644
--- a/lib/nettle/sysrng-linux.c
+++ b/lib/nettle/sysrng-linux.c
@@ -31,6 +31,9 @@
#include "num.h"
#include <errno.h>
#include "rnd-common.h"
+#include "fips.h"
+#else
+#define _gnutls_fips_mode_enabled() 0
#endif
#include <sys/types.h>
@@ -104,7 +107,12 @@ static int force_getrandom(void *buf, size_t buflen, unsigned int flags)
static int _rnd_get_system_entropy_getrandom(void *_rnd, size_t size)
{
int ret;
- ret = force_getrandom(_rnd, size, 0);
+ unsigned int flags = 0;
+
+ if (_gnutls_fips_mode_enabled()) {
+ flags |= 2/*GRND_RANDOM*/;
+ }
+ ret = force_getrandom(_rnd, size, flags);
if (ret == -1) {
int e = errno;
gnutls_assert();
--
2.41.0

295
gnutls-3.8.10-keyupdate.patch Normal file
View File

@ -0,0 +1,295 @@
From 5376a0cabf94314316005e6bf411ffcc7628b386 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 22 Jul 2025 10:49:33 +0900
Subject: [PATCH 1/3] key_update: fix state transition in KTLS code path
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/record.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/record.c b/lib/record.c
index d37f79a550..ebc75addec 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -2045,7 +2045,7 @@ ssize_t gnutls_record_send2(gnutls_session_t session, const void *data,
FALLTHROUGH;
case RECORD_SEND_KEY_UPDATE_3:
if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
- return _gnutls_ktls_send(
+ ret = _gnutls_ktls_send(
session,
session->internals.record_key_update_buffer.data,
session->internals.record_key_update_buffer
--
2.50.1
From 30c264b661d49d135ef342426c6c4cd853209c06 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 31 Jul 2025 15:34:48 +0900
Subject: [PATCH 2/3] constate: switch epoch lookup to linear search
The previous logic of epoch lookup was utilizing the fact that epoch
numbers are monotonically increasing and there are no gaps in between
after garbarge collection. That is, however, no longer true when a TLS
1.3 key update is happening in only one direction.
This patch switches to using linear search instead, at the cost of
approx MAX_EPOCH_INDEX * 2 (= 8) comparison.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/constate.c | 47 ++++++++++++++++-------------------------------
lib/gnutls_int.h | 3 ---
2 files changed, 16 insertions(+), 34 deletions(-)
diff --git a/lib/constate.c b/lib/constate.c
index ca253a2bea..b091d891ff 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -932,17 +932,23 @@ static inline int epoch_resolve(gnutls_session_t session,
static inline record_parameters_st **epoch_get_slot(gnutls_session_t session,
uint16_t epoch)
{
- uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
+ /* First look for a non-empty slot */
+ for (size_t i = 0; i < MAX_EPOCH_INDEX; i++) {
+ record_parameters_st **slot = &session->record_parameters[i];
+ if (*slot != NULL && (*slot)->epoch == epoch)
+ return slot;
+ }
- if (epoch_index >= MAX_EPOCH_INDEX) {
- _gnutls_handshake_log(
- "Epoch %d out of range (idx: %d, max: %d)\n",
- (int)epoch, (int)epoch_index, MAX_EPOCH_INDEX);
- gnutls_assert();
- return NULL;
+ /* Then look for an empty slot */
+ for (size_t i = 0; i < MAX_EPOCH_INDEX; i++) {
+ record_parameters_st **slot = &session->record_parameters[i];
+ if (*slot == NULL)
+ return slot;
}
- /* The slot may still be empty (NULL) */
- return &session->record_parameters[epoch_index];
+
+ gnutls_assert();
+ _gnutls_handshake_log("No slot available for epoch %u\n", epoch);
+ return NULL;
}
int _gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel,
@@ -1063,8 +1069,7 @@ static inline int epoch_alive(gnutls_session_t session,
void _gnutls_epoch_gc(gnutls_session_t session)
{
- int i, j;
- unsigned int min_index = 0;
+ int i;
_gnutls_record_log("REC[%p]: Start of epoch cleanup\n", session);
@@ -1091,26 +1096,6 @@ void _gnutls_epoch_gc(gnutls_session_t session)
}
}
- /* Look for contiguous NULLs at the start of the array */
- for (i = 0;
- i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL; i++)
- ;
- min_index = i;
-
- /* Pick up the slack in the epoch window. */
- if (min_index != 0) {
- for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++) {
- session->record_parameters[i] =
- session->record_parameters[j];
- session->record_parameters[j] = NULL;
- }
- }
-
- /* Set the new epoch_min */
- if (session->record_parameters[0] != NULL)
- session->security_parameters.epoch_min =
- session->record_parameters[0]->epoch;
-
gnutls_mutex_unlock(&session->internals.epoch_lock);
_gnutls_record_log("REC[%p]: End of epoch cleanup\n", session);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 539486bc7d..e083520055 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -876,9 +876,6 @@ typedef struct {
/* The epoch that the next handshake will initialize. */
uint16_t epoch_next;
- /* The epoch at index 0 of record_parameters. */
- uint16_t epoch_min;
-
/* this is the ciphersuite we are going to use
* moved here from internals in order to be restored
* on resume;
--
2.50.1
From 1d830baac2f8a08a40b13e9eecfcc64ad032e7b5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 19 Jul 2025 07:08:24 +0900
Subject: [PATCH 3/3] key_update: rework the rekeying logic
While RFC 8446 4.6.3 says that the sender of a KeyUpdate message
should only update its sending key, the previous implementation
updated both the sending and receiving keys, preventing that any
application data interleaved being decrypted.
This splits the key update logic into 2 phases: when sending a
KeyUpdate, only update the sending key, and when receiving a
KeyUpdate, only update the receiving key. In both cases, KeyUpdate
messages are encrypted/decrypted with the old keys.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/gnutls_int.h | 2 +-
lib/tls13/key_update.c | 72 +++++++++++++++++++++++++++---------------
2 files changed, 47 insertions(+), 27 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index e083520055..f3caea1170 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1672,7 +1672,7 @@ typedef struct {
} internals_st;
/* Maximum number of epochs we keep around. */
-#define MAX_EPOCH_INDEX 4
+#define MAX_EPOCH_INDEX 16
#define reset_cand_groups(session) \
session->internals.cand_ec_group = session->internals.cand_dh_group = \
diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
index 41243651b5..beee1dc41a 100644
--- a/lib/tls13/key_update.c
+++ b/lib/tls13/key_update.c
@@ -52,45 +52,47 @@ static inline int set_ktls_keys(gnutls_session_t session,
return 0;
}
-static int update_keys(gnutls_session_t session, hs_stage_t stage)
+static int update_sending_key(gnutls_session_t session, hs_stage_t stage)
{
int ret;
- ret = _tls13_update_secret(session,
- session->key.proto.tls13.temp_secret,
- session->key.proto.tls13.temp_secret_size);
+ _gnutls_epoch_bump(session);
+ ret = _gnutls_epoch_dup(session, EPOCH_WRITE_CURRENT);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_epoch_bump(session);
- ret = _gnutls_epoch_dup(session, EPOCH_READ_CURRENT);
+ ret = _tls13_write_connection_state_init(session, stage);
if (ret < 0)
return gnutls_assert_val(ret);
- /* If we send a key update during early start, only update our
- * write keys */
- if (session->internals.recv_state == RECV_STATE_EARLY_START) {
- ret = _tls13_write_connection_state_init(session, stage);
+ if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
+ ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
if (ret < 0)
return gnutls_assert_val(ret);
+ }
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
- ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
- } else {
- ret = _tls13_connection_state_init(session, stage);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ return 0;
+}
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) &&
- stage == STAGE_UPD_OURS)
- ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
- else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) &&
- stage == STAGE_UPD_PEERS)
- ret = set_ktls_keys(session, GNUTLS_KTLS_RECV);
- }
+static int update_receiving_key(gnutls_session_t session, hs_stage_t stage)
+{
+ int ret;
+
+ _gnutls_epoch_bump(session);
+ ret = _gnutls_epoch_dup(session, EPOCH_READ_CURRENT);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _tls13_read_connection_state_init(session, stage);
if (ret < 0)
return gnutls_assert_val(ret);
+ if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV)) {
+ ret = set_ktls_keys(session, GNUTLS_KTLS_RECV);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
return 0;
}
@@ -128,7 +130,13 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
switch (buf->data[0]) {
case 0:
/* peer updated its key, not requested our key update */
- ret = update_keys(session, STAGE_UPD_PEERS);
+ ret = _tls13_update_secret(
+ session, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = update_receiving_key(session, STAGE_UPD_PEERS);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -141,7 +149,13 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
}
/* peer updated its key, requested our key update */
- ret = update_keys(session, STAGE_UPD_PEERS);
+ ret = _tls13_update_secret(
+ session, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = update_receiving_key(session, STAGE_UPD_PEERS);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -248,7 +262,13 @@ int gnutls_session_key_update(gnutls_session_t session, unsigned flags)
_gnutls_epoch_gc(session);
/* it was completely sent, update the keys */
- ret = update_keys(session, STAGE_UPD_OURS);
+ ret = _tls13_update_secret(session,
+ session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = update_sending_key(session, STAGE_UPD_OURS);
if (ret < 0)
return gnutls_assert_val(ret);
--
2.50.1

114
gnutls-3.8.10-tests-ktls.patch Normal file
View File

@ -0,0 +1,114 @@
From e0eb2bbb212a5c9d72311c59e7235832a0075dcc Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 9 Jul 2025 18:54:48 +0900
Subject: [PATCH] add tests/ktls_utils.h
Signed-off-by: rpm-build <rpm-build>
---
tests/ktls_utils.h | 94 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
create mode 100644 tests/ktls_utils.h
diff --git a/tests/ktls_utils.h b/tests/ktls_utils.h
new file mode 100644
index 0000000..231618d
--- /dev/null
+++ b/tests/ktls_utils.h
@@ -0,0 +1,94 @@
+#ifndef GNUTLS_TESTS_KTLS_UTILS_H
+#define GNUTLS_TESTS_KTLS_UTILS_H
+
+#include <fcntl.h>
+#include <signal.h>
+
+#include <netinet/in.h>
+
+#include <sys/socket.h>
+#include <sys/wait.h>
+
+/* Sets the NONBLOCK flag on the socket(fd) */
+inline static int set_nonblocking(int fd)
+{
+ int flags = fcntl(fd, F_GETFL, 0);
+ if (flags == -1) {
+ return 1;
+ }
+
+ if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
+ return 2;
+ }
+
+ return 0;
+}
+
+/* Creates a pair of TCP connected sockets */
+static int create_socket_pair(int *client_fd, int *server_fd)
+{
+ int ret;
+ struct sockaddr_in saddr;
+ socklen_t addrlen;
+ int listener;
+
+ listener = socket(AF_INET, SOCK_STREAM, 0);
+ if (listener == -1) {
+ fail("error in listener(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ int opt = 0;
+ setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+
+ memset(&saddr, 0, sizeof(saddr));
+ saddr.sin_family = AF_INET;
+ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ saddr.sin_port = 0;
+
+ ret = bind(listener, (struct sockaddr *)&saddr, sizeof(saddr));
+ if (ret == -1) {
+ fail("error in bind(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ addrlen = sizeof(saddr);
+ ret = getsockname(listener, (struct sockaddr *)&saddr, &addrlen);
+ if (ret == -1) {
+ fail("error in getsockname(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ ret = listen(listener, 1);
+ if (ret == -1) {
+ fail("error in listen(): %s\n", strerror(errno));
+ close(listener);
+ return 1;
+ }
+
+ *client_fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (*client_fd < 0) {
+ fail("error in socket(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ ret = connect(*client_fd, (struct sockaddr *)&saddr, addrlen);
+ if (ret < 0) {
+ fail("error in connect(): %s\n", strerror(errno));
+ close(listener);
+ close(*client_fd);
+ return 1;
+ }
+
+ *server_fd = accept(listener, NULL, NULL);
+ if (*server_fd < 0) {
+ fail("error in accept(): %s\n", strerror(errno));
+ close(listener);
+ close(*client_fd);
+ return 1;
+ }
+
+ return 0;
+}
+
+#endif //GNUTLS_TESTS_KTLS_UTILS_H
--
2.49.0

58
gnutls-3.8.10-tests-mldsa.patch Normal file
View File

@ -0,0 +1,58 @@
From 15fb5ad536c375a74cc0d87859c9fc919d924c9d Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 10 Jul 2025 05:45:06 +0900
Subject: [PATCH] support VPATH build for mldsa tests
Signed-off-by: rpm-build <rpm-build>
---
tests/cert-tests/mldsa.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tests/cert-tests/mldsa.sh b/tests/cert-tests/mldsa.sh
index 7e31e11..55e31ce 100644
--- a/tests/cert-tests/mldsa.sh
+++ b/tests/cert-tests/mldsa.sh
@@ -130,7 +130,7 @@ for variant in 44 65 87; do
# Check default
TMPKEYDEFAULT=$testdir/key-$algo-$format-default
TMPKEY=$testdir/key-$algo-$format
- ${VALGRIND} "${CERTTOOL}" -k --no-text --infile "data/key-$algo-$format.pem" >"$TMPKEYDEFAULT"
+ ${VALGRIND} "${CERTTOOL}" -k --no-text --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEYDEFAULT"
if [ $? != 0 ]; then
cat "$TMPKEYDEFAULT"
exit 1
@@ -138,19 +138,19 @@ for variant in 44 65 87; do
# The "expandedKey" format doesn't have public key part
if [ "$format" = seed ] || [ "$format" = both ]; then
- if ! "${DIFF}" "$TMPKEYDEFAULT" "data/key-$algo-both.pem"; then
+ if ! "${DIFF}" "$TMPKEYDEFAULT" "$srcdir/data/key-$algo-both.pem"; then
exit 1
fi
fi
# Check roundtrip with --key-format
- ${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "data/key-$algo-$format.pem" >"$TMPKEY"
+ ${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEY"
if [ $? != 0 ]; then
cat "$TMPKEY"
exit 1
fi
- if ! "${DIFF}" "$TMPKEY" "data/key-$algo-$format.pem"; then
+ if ! "${DIFF}" "$TMPKEY" "$srcdir/data/key-$algo-$format.pem"; then
exit 1
fi
done
@@ -164,7 +164,7 @@ for n in 1; do
fi
echo "Testing inconsistent ML-DSA key ($n)"
- if "${CERTTOOL}" -k --infile "data/key-mldsa-inconsistent$n.pem"; then
+ if "${CERTTOOL}" -k --infile "$srcdir/data/key-mldsa-inconsistent$n.pem"; then
exit 1
fi
done
--
2.49.0

29
gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch Normal file
View File

@ -0,0 +1,29 @@
From a36b73a21e4b5b6e051b23192a645dea34c9d6af Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 5 Nov 2024 14:45:46 +0900
Subject: [PATCH] tests: skip CHACHA20-POLY1305 in TLS 1.2 when KTLS is enabled
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
tests/gnutls_ktls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
index 90d3e9af91..d5ac4efecc 100644
--- a/tests/gnutls_ktls.c
+++ b/tests/gnutls_ktls.c
@@ -347,9 +347,11 @@ void doit(void)
{
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
+#if 0
if (!gnutls_fips140_mode_enabled()) {
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
}
+#endif
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
if (!gnutls_fips140_mode_enabled()) {
--
2.47.0

775
gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch Normal file
View File

@ -0,0 +1,775 @@
From 56402841df86125e2eb21fd548bae1bf482d939b Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Wed, 18 Dec 2024 01:11:50 +0900
Subject: [PATCH 1/6] pk: use deterministic RNG for RSA-PSS in self-tests
This ports the logic to use a specialized RNG with deterministic
behavior from RSA PKCS#1 v1.5 signature creation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/pk.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 5986a410c2..7baf003f41 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1494,11 +1494,7 @@ static int _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig,
if (salt == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- ret = gnutls_rnd(GNUTLS_RND_NONCE, salt, salt_size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ rnd_func(NULL, salt_size, salt);
}
ret = sign_func(pub, priv, rnd_ctx, rnd_func, salt_size, salt, digest,
@@ -1509,7 +1505,6 @@ static int _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig,
} else
ret = 0;
-cleanup:
gnutls_free(salt);
return ret;
}
@@ -2126,6 +2121,7 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
case GNUTLS_PK_RSA_PSS: {
struct rsa_private_key priv;
struct rsa_public_key pub;
+ nettle_random_func *random_func;
mpz_t s;
_rsa_params_to_privkey(pk_params, &priv);
@@ -2157,8 +2153,12 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
not_approved = true;
}
+ if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST)
+ random_func = rnd_nonce_func_fallback;
+ else
+ random_func = rnd_nonce_func;
ret = _rsa_pss_sign_digest_tr(sign_params->rsa_pss_dig, &pub,
- &priv, NULL, rnd_nonce_func,
+ &priv, NULL, random_func,
sign_params->salt_size,
vdata->data, s);
if (ret < 0) {
--
2.49.0
From 9f60b84e1496fa7bc62a136b83519e54ba935721 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 17 Dec 2024 16:55:47 +0900
Subject: [PATCH 2/6] fips: perform RSA self-tests using RSA-PSS instead of
PKCS#1 v1.5
Previously the RSA self-tests were using PKCS#1 v1.5, for both
signature generation and encryption/decryption, which turned a bit
problematic as GnuTLS now has a run-time option to disable that
scheme.
According to FIPS 140-3 IG 10.3.A, for each FIPS 186-4 and FIPS 186-5
public key digital signature algorithm, a CAST shall be performed
using at least one of the schemes approved for use in the approved
mode. Similarly, the IG annex D.G mentions that if the RSA signature
generation algorithm and RSA un-encapsulation scheme use the same
implementation, only test for signature generation suffices.
Therefore, this switches to using RSA-PSS only and drop the
RSA encryption/decryption self-tests.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/crypto-selftests-pk.c | 54 ++++++++++++++++++++++++++++++++++++---
lib/fips.c | 8 +++---
2 files changed, 53 insertions(+), 9 deletions(-)
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
index 9d6aca4b49..42f6004030 100644
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -87,6 +87,24 @@ static const char rsa_2048_sig[] =
"\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07"
"\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb";
+static const char rsa_pss_2048_sig[] =
+ "\x28\x77\x99\x8b\xc6\xe2\x59\x5c\xa5\x5c\x30\x78\x13\xe2\xca\xe1"
+ "\x13\xf5\x5d\xd5\x9a\xd7\x71\xff\x41\x82\xf4\x61\xda\x3a\xb6\x10"
+ "\x20\x87\x63\x5a\x7e\x4e\xc2\x5e\xb1\x85\x0f\x84\x58\xa3\x27\x2d"
+ "\xe5\x03\xcf\x65\x1a\xb2\xe6\x8b\xcc\x28\xd8\xcc\x1a\x64\x2a\x2d"
+ "\x9a\x0b\xb7\x32\xfe\x03\x57\x8c\xa0\x9b\xf5\xd0\x51\xb5\x6c\x65"
+ "\xfe\xf9\xf3\xa4\xba\x09\x43\x80\x31\xc1\x02\x88\x78\xaa\x65\x87"
+ "\x8d\xb8\x51\xba\x76\x57\xa6\x55\x18\x45\x95\x4e\x22\x82\xb6\xfd"
+ "\xc9\x04\xf9\xb0\x56\x24\x31\x84\x2b\x70\x91\x55\x7d\x05\x1a\xd0"
+ "\x30\xae\x5c\xfd\x11\x0a\x2e\x86\x09\x05\x44\x9a\xb5\xaf\x30\x8a"
+ "\xb6\xa8\x65\x54\xaf\xdf\xf8\x9a\xca\xa0\x96\x26\x45\x09\x41\x33"
+ "\xf3\x44\x71\xe1\x31\x31\x4c\x53\x60\xcb\x7f\x0b\x02\x08\x39\xf9"
+ "\xe4\xb2\x43\xa6\x07\x1b\x7e\x15\x32\x36\x3d\xc6\x78\x0b\xf1\x9a"
+ "\x33\xe3\xee\x8c\x48\xd4\x7e\xcb\xd1\xe6\x93\x29\x13\x04\x40\x8c"
+ "\x72\xc6\x39\xab\xa1\x76\x4e\x87\x3b\x91\x06\xdf\x1d\x1e\x07\x5e"
+ "\xc2\x26\x7c\xd6\x38\x5d\xba\x9b\x50\x38\x44\x63\x91\x2a\x98\xd2"
+ "\x30\x3f\xfb\x79\x15\x5f\x2e\xd2\x3f\xb7\xc4\x69\xc2\x2d\x79\x8d";
+
#ifdef ENABLE_DSA
/* DSA 2048 private key and signature */
static const char dsa_2048_privkey[] =
@@ -532,6 +550,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
gnutls_privkey_t key;
char param_name[32];
unsigned vflags = 0;
+ gnutls_x509_spki_t spki = NULL;
if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 ||
pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512 ||
@@ -564,6 +583,22 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
goto cleanup;
}
+ if (pk == GNUTLS_PK_RSA_PSS) {
+ ret = gnutls_x509_spki_init(&spki);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ gnutls_x509_spki_set_rsa_pss_params(spki, dig, 32);
+
+ ret = gnutls_privkey_set_spki(key, spki, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
if (pk != (unsigned)gnutls_privkey_get_pk_algorithm(key, NULL)) {
ret = GNUTLS_E_SELF_TEST_ERROR;
goto cleanup;
@@ -629,10 +664,12 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
ret = 0;
cleanup:
- gnutls_free(sig.data);
- if (pub != 0)
+ if (spki != NULL)
+ gnutls_x509_spki_deinit(spki);
+ if (pub != NULL)
gnutls_pubkey_deinit(pub);
gnutls_privkey_deinit(key);
+ gnutls_free(sig.data);
if (ret == 0)
_gnutls_debug_log("%s-%s-known-sig self test succeeded\n",
@@ -1026,8 +1063,17 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
FALLTHROUGH;
case GNUTLS_PK_RSA_PSS:
- PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048,
- GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
+ /* In POST, we switch the RNG to deterministic one so
+ * the KAT for RSA-PSS work. */
+ if (is_post) {
+ PK_KNOWN_TEST(GNUTLS_PK_RSA_PSS, 2048,
+ GNUTLS_DIG_SHA256, rsa_2048_privkey,
+ rsa_pss_2048_sig,
+ GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS);
+ } else {
+ PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048,
+ GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
+ }
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
diff --git a/lib/fips.c b/lib/fips.c
index 63306705aa..84a70b5619 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -622,11 +622,9 @@ int _gnutls_fips_perform_self_checks2(void)
}
/* PK */
- if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
- ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
- if (ret < 0) {
- return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
- }
+ ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS);
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
}
ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
--
2.49.0
From f653b2c15f4dd550f7937cf86d255a3c96bdb236 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Wed, 12 Feb 2025 07:23:59 +0900
Subject: [PATCH 3/6] pk: sprinkle SPKI over encryption functions
Similarly to signing, the encrypt/decrypt/decrypt2 functions defined
in gnutls_crypto_pk_st now take SPKI as an additional parameter, so
the encryption/decryption behavior can be overridden.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/auth/rsa.c | 2 +-
lib/auth/rsa_psk.c | 2 +-
lib/crypto-backend.h | 9 ++++++---
lib/nettle/pk.c | 40 ++++++++++++++++++++++++----------------
lib/pk.h | 17 +++++++++++------
lib/pkcs11/p11_pk.c | 23 +++++++++++++----------
lib/privkey.c | 6 ++++--
lib/pubkey.c | 2 +-
8 files changed, 61 insertions(+), 40 deletions(-)
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index b5ecc092f8..4d181327ba 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -280,7 +280,7 @@ int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st *data)
}
ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
- &params);
+ &params, &params.spki);
gnutls_pk_params_release(&params);
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index 399fb4da14..9f97569c5b 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -178,7 +178,7 @@ static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
/* Encrypt premaster secret */
if ((ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret,
- &params)) < 0) {
+ &params, &params.spki)) < 0) {
gnutls_assert();
return ret;
}
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index 74e29a7cb9..24cbb60f77 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -386,13 +386,16 @@ typedef struct gnutls_crypto_pk {
* parameters, depending on the operation */
int (*encrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *ciphertext,
const gnutls_datum_t *plaintext,
- const gnutls_pk_params_st *pub);
+ const gnutls_pk_params_st *pub,
+ const gnutls_x509_spki_st *encrypt);
int (*decrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *plaintext,
const gnutls_datum_t *ciphertext,
- const gnutls_pk_params_st *priv);
+ const gnutls_pk_params_st *priv,
+ const gnutls_x509_spki_st *encrypt);
int (*decrypt2)(gnutls_pk_algorithm_t, const gnutls_datum_t *ciphertext,
unsigned char *plaintext, size_t paintext_size,
- const gnutls_pk_params_st *priv);
+ const gnutls_pk_params_st *priv,
+ const gnutls_x509_spki_st *encrypt);
int (*sign)(gnutls_pk_algorithm_t, gnutls_datum_t *signature,
const gnutls_datum_t *data, const gnutls_pk_params_st *priv,
const gnutls_x509_spki_st *sign);
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 7baf003f41..ffd7493748 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1018,7 +1018,8 @@ static inline int _rsa_oaep_encrypt(gnutls_digest_algorithm_t dig,
static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *ciphertext,
const gnutls_datum_t *plaintext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret;
bool not_approved = false;
@@ -1094,10 +1095,10 @@ static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
goto cleanup;
}
- ret = _rsa_oaep_encrypt(pk_params->spki.rsa_oaep_dig, &pub,
+ ret = _rsa_oaep_encrypt(encrypt_params->rsa_oaep_dig, &pub,
NULL, random_func,
- pk_params->spki.rsa_oaep_label.size,
- pk_params->spki.rsa_oaep_label.data,
+ encrypt_params->rsa_oaep_label.size,
+ encrypt_params->rsa_oaep_label.data,
plaintext->size, plaintext->data, buf);
if (ret == 0 || HAVE_LIB_ERROR()) {
ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
@@ -1192,7 +1193,8 @@ static inline int _rsa_oaep_decrypt(gnutls_digest_algorithm_t dig,
static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *plaintext,
const gnutls_datum_t *ciphertext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret;
bool not_approved = false;
@@ -1200,7 +1202,7 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
FAIL_IF_LIB_ERROR;
- if (algo == GNUTLS_PK_RSA && pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) {
+ if (algo == GNUTLS_PK_RSA && encrypt_params->pk == GNUTLS_PK_RSA_OAEP) {
algo = GNUTLS_PK_RSA_OAEP;
}
@@ -1285,10 +1287,10 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
random_func = rnd_nonce_func_fallback;
else
random_func = rnd_nonce_func;
- ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub,
+ ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub,
&priv, NULL, random_func,
- pk_params->spki.rsa_oaep_label.size,
- pk_params->spki.rsa_oaep_label.data,
+ encrypt_params->rsa_oaep_label.size,
+ encrypt_params->rsa_oaep_label.data,
&length, buf, ciphertext->data);
if (ret == 0 || HAVE_LIB_ERROR()) {
@@ -1354,7 +1356,8 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
const gnutls_datum_t *ciphertext,
unsigned char *plaintext,
size_t plaintext_size,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
struct rsa_private_key priv;
struct rsa_public_key pub;
@@ -1370,7 +1373,7 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
goto fail;
}
- if (pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) {
+ if (encrypt_params->pk == GNUTLS_PK_RSA_OAEP) {
algo = GNUTLS_PK_RSA_OAEP;
}
@@ -1407,10 +1410,10 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
ciphertext->data);
break;
case GNUTLS_PK_RSA_OAEP:
- ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub,
+ ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub,
&priv, NULL, random_func,
- pk_params->spki.rsa_oaep_label.size,
- pk_params->spki.rsa_oaep_label.data,
+ encrypt_params->rsa_oaep_label.size,
+ encrypt_params->rsa_oaep_label.data,
&plaintext_size, plaintext,
ciphertext->data);
break;
@@ -3255,6 +3258,11 @@ static int pct_test(gnutls_pk_algorithm_t algo,
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
goto cleanup;
}
+ } else if (algo == GNUTLS_PK_RSA_OAEP) {
+ if (spki.rsa_oaep_dig == GNUTLS_DIG_UNKNOWN)
+ spki.rsa_oaep_dig = GNUTLS_DIG_SHA256;
+ ddata.data = (void *)const_data;
+ ddata.size = sizeof(const_data);
} else {
ddata.data = (void *)const_data;
ddata.size = sizeof(const_data);
@@ -3280,7 +3288,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
}
}
- ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params);
+ ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params, &spki);
if (ret < 0) {
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
@@ -3289,7 +3297,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
if (ret == 0 &&
- _gnutls_pk_decrypt(algo, &tmp, &sig, params) < 0) {
+ _gnutls_pk_decrypt(algo, &tmp, &sig, params, &spki) < 0) {
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
if (ret == 0 &&
diff --git a/lib/pk.h b/lib/pk.h
index 6969b534de..246d6e0299 100644
--- a/lib/pk.h
+++ b/lib/pk.h
@@ -27,13 +27,18 @@
extern int crypto_pk_prio;
-#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params) \
- _gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params)
-#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params) \
- _gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params)
-#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params) \
+#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params) \
+ _gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params)
+#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params) \
+ _gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params)
+#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params, \
+ encrypt_params) \
_gnutls_pk_backend()->decrypt2(algo, ciphertext, plaintext, size, \
- params)
+ params, encrypt_params)
#define _gnutls_pk_sign(algo, sig, data, params, sign_params) \
_gnutls_pk_backend()->sign(algo, sig, data, params, sign_params)
#define _gnutls_pk_verify(algo, data, sig, params, sign_params) \
diff --git a/lib/pkcs11/p11_pk.c b/lib/pkcs11/p11_pk.c
index 34a9cd24bc..8227998a2f 100644
--- a/lib/pkcs11/p11_pk.c
+++ b/lib/pkcs11/p11_pk.c
@@ -228,9 +228,9 @@ cleanup:
}
static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_x509_spki_st *encrypt_params)
{
- switch (pk_params->spki.rsa_oaep_dig) {
+ switch (encrypt_params->rsa_oaep_dig) {
case GNUTLS_DIG_SHA256:
param->hashAlg = CKM_SHA256;
param->mgf = CKG_MGF1_SHA256;
@@ -247,8 +247,8 @@ static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param,
return false;
}
param->source = CKZ_DATA_SPECIFIED;
- param->pSourceData = pk_params->spki.rsa_oaep_label.data;
- param->ulSourceDataLen = pk_params->spki.rsa_oaep_label.size;
+ param->pSourceData = encrypt_params->rsa_oaep_label.data;
+ param->ulSourceDataLen = encrypt_params->rsa_oaep_label.size;
return true;
}
@@ -706,7 +706,8 @@ static int derive_ecdh_secret(CK_SESSION_HANDLE session,
static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *ciphertext,
const gnutls_datum_t *plaintext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret = 0;
CK_RV rv;
@@ -742,7 +743,7 @@ static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo,
mech.pParameter = &param_rsa_oaep;
mech.ulParameterLen = sizeof(param_rsa_oaep);
- if (!init_rsa_oaep_param(&param_rsa_oaep, pk_params)) {
+ if (!init_rsa_oaep_param(&param_rsa_oaep, encrypt_params)) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
@@ -798,7 +799,8 @@ cleanup:
static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *plaintext,
const gnutls_datum_t *ciphertext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret = 0;
CK_RV rv;
@@ -834,7 +836,7 @@ static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo,
mech.pParameter = &param_rsa_oaep;
mech.ulParameterLen = sizeof(param_rsa_oaep);
- if (!init_rsa_oaep_param(&param_rsa_oaep, pk_params)) {
+ if (!init_rsa_oaep_param(&param_rsa_oaep, encrypt_params)) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
@@ -890,7 +892,8 @@ static int _wrap_p11_pk_decrypt2(gnutls_pk_algorithm_t algo,
const gnutls_datum_t *ciphertext,
unsigned char *plaintext,
size_t plaintext_size,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret = 0;
uint32_t is_err;
@@ -928,7 +931,7 @@ static int _wrap_p11_pk_decrypt2(gnutls_pk_algorithm_t algo,
mech.pParameter = &param_rsa_oaep;
mech.ulParameterLen = sizeof(param_rsa_oaep);
- if (!init_rsa_oaep_param(&param_rsa_oaep, pk_params)) {
+ if (!init_rsa_oaep_param(&param_rsa_oaep, encrypt_params)) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
diff --git a/lib/privkey.c b/lib/privkey.c
index 84e984f6b9..05a3804c25 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -1590,7 +1590,8 @@ int gnutls_privkey_decrypt_data(gnutls_privkey_t key, unsigned int flags,
switch (key->type) {
case GNUTLS_PRIVKEY_X509:
return _gnutls_pk_decrypt(key->pk_algorithm, plaintext,
- ciphertext, &key->key.x509->params);
+ ciphertext, &key->key.x509->params,
+ &key->key.x509->params.spki);
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_decrypt_data(
@@ -1657,7 +1658,8 @@ int gnutls_privkey_decrypt_data2(gnutls_privkey_t key, unsigned int flags,
case GNUTLS_PRIVKEY_X509:
return _gnutls_pk_decrypt2(key->pk_algorithm, ciphertext,
plaintext, plaintext_size,
- &key->key.x509->params);
+ &key->key.x509->params,
+ &key->key.x509->params.spki);
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_decrypt_data2(key->key.pkcs11,
diff --git a/lib/pubkey.c b/lib/pubkey.c
index 02a08b8163..73dd9e16b0 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -2336,7 +2336,7 @@ int gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags,
}
return _gnutls_pk_encrypt(key->params.algo, ciphertext, plaintext,
- &key->params);
+ &key->params, &key->params.spki);
}
static int pubkey_supports_sig(gnutls_pubkey_t pubkey,
--
2.49.0
From e1be1e6b805b50a43ada57757ffe9cdf201289b5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Wed, 12 Feb 2025 12:13:47 +0900
Subject: [PATCH 4/6] pk: exercise decrypt2 in PCT
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/pk.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index ffd7493748..e4ad772842 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1368,7 +1368,8 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo,
FAIL_IF_LIB_ERROR;
- if (algo != GNUTLS_PK_RSA || plaintext == NULL) {
+ if ((algo != GNUTLS_PK_RSA && algo != GNUTLS_PK_RSA_OAEP) ||
+ plaintext == NULL) {
ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
goto fail;
}
@@ -3305,6 +3306,16 @@ static int pct_test(gnutls_pk_algorithm_t algo,
memcmp(tmp.data, ddata.data, tmp.size) == 0)) {
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
+ if (ret == 0 &&
+ _gnutls_pk_decrypt2(algo, &sig, tmp.data, tmp.size, params,
+ &spki) < 0) {
+ ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
+ }
+ if (ret == 0 &&
+ !(tmp.size == ddata.size &&
+ memcmp(tmp.data, ddata.data, tmp.size) == 0)) {
+ ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
+ }
if (algo == GNUTLS_PK_RSA) {
if (unlikely(gnutls_fips140_pop_context() < 0)) {
--
2.49.0
From 4e7b9e800f17bb0655e6d4de8f101d8a3b601fbc Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 27 Jan 2025 16:36:41 +0900
Subject: [PATCH 5/6] fips: perform both PCTs for unrestricted RSA key
As PKCS#1 v1.5-padding is no longer allowed, exercise PCT with both
RSA-PSS and RSA-OAEP for unrestricted RSA keys. Note that, it is no
longer possible to create 512-bit RSA key under FIPS mode, because
there is a restriction of message size in RSA-OAEP based on the key
size, i.e., mLen > k - 2hLen - 2.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/pk.c | 50 +++++++++++++-------------------------
tests/fips-override-test.c | 4 +--
tests/fips-rsa-sizes.c | 6 -----
3 files changed, 19 insertions(+), 41 deletions(-)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index e4ad772842..f7f7c0637b 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -3213,7 +3213,6 @@ static int pct_test(gnutls_pk_algorithm_t algo,
gnutls_datum_t ddata, tmp = { NULL, 0 };
char *gen_data = NULL;
gnutls_x509_spki_st spki;
- gnutls_fips140_context_t context;
ret = _gnutls_x509_spki_copy(&spki, &params->spki);
if (ret < 0) {
@@ -3271,25 +3270,23 @@ static int pct_test(gnutls_pk_algorithm_t algo,
switch (algo) {
case GNUTLS_PK_RSA:
- case GNUTLS_PK_RSA_OAEP:
- if (algo == GNUTLS_PK_RSA) {
- /* Push a temporary FIPS context because _gnutls_pk_encrypt and
- * _gnutls_pk_decrypt below will mark RSAES-PKCS1-v1_5 operation
- * non-approved */
- if (gnutls_fips140_context_init(&context) < 0) {
- ret = gnutls_assert_val(
- GNUTLS_E_PK_GENERATION_ERROR);
- goto cleanup;
- }
- if (gnutls_fips140_push_context(context) < 0) {
- ret = gnutls_assert_val(
- GNUTLS_E_PK_GENERATION_ERROR);
- gnutls_fips140_context_deinit(context);
- goto cleanup;
- }
+ /* To comply with FIPS 140-3 IG 10.3.A, additional comment 1,
+ * Perform both key transport and signature PCTs for
+ * unrestricted RSA key. */
+ ret = pct_test(GNUTLS_PK_RSA_OAEP, params);
+ if (ret < 0) {
+ gnutls_assert();
+ break;
}
-
- ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params, &spki);
+ ret = pct_test(GNUTLS_PK_RSA_PSS, params);
+ if (ret < 0) {
+ gnutls_assert();
+ break;
+ }
+ break;
+ case GNUTLS_PK_RSA_OAEP:
+ ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA_OAEP, &sig, &ddata,
+ params, &spki);
if (ret < 0) {
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
@@ -3317,14 +3314,6 @@ static int pct_test(gnutls_pk_algorithm_t algo,
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
- if (algo == GNUTLS_PK_RSA) {
- if (unlikely(gnutls_fips140_pop_context() < 0)) {
- ret = gnutls_assert_val(
- GNUTLS_E_PK_GENERATION_ERROR);
- }
- gnutls_fips140_context_deinit(context);
- }
-
if (ret < 0) {
goto cleanup;
}
@@ -3332,12 +3321,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
free(sig.data);
sig.data = NULL;
- /* RSA-OAEP can't be used for signing */
- if (algo == GNUTLS_PK_RSA_OAEP) {
- break;
- }
-
- FALLTHROUGH;
+ break;
case GNUTLS_PK_EC: /* we only do keys for ECDSA */
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_EDDSA_ED448:
diff --git a/tests/fips-override-test.c b/tests/fips-override-test.c
index 82db3c0c79..6fbd444d47 100644
--- a/tests/fips-override-test.c
+++ b/tests/fips-override-test.c
@@ -67,9 +67,9 @@ static void try_crypto(void)
}
assert(gnutls_x509_privkey_init(&privkey) == 0);
- ret = gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 512, 0);
+ ret = gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 768, 0);
if (ret < 0) {
- fail("gnutls_x509_privkey_generate failed for 512-bit key\n");
+ fail("gnutls_x509_privkey_generate failed for 768-bit key\n");
}
gnutls_x509_privkey_deinit(privkey);
}
diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
index 61a76d3c09..2963ccd531 100644
--- a/tests/fips-rsa-sizes.c
+++ b/tests/fips-rsa-sizes.c
@@ -250,12 +250,6 @@ void doit(void)
assert(gnutls_fips140_context_init(&fips_context) == 0);
- generate_unsuccessfully(&privkey, &pubkey, 512);
- sign_verify_unsuccessfully(privkey, pubkey);
- generate_unsuccessfully(&privkey, &pubkey, 512);
- sign_verify_unsuccessfully(privkey, pubkey);
- generate_unsuccessfully(&privkey, &pubkey, 600);
- sign_verify_unsuccessfully(privkey, pubkey);
generate_unsuccessfully(&privkey, &pubkey, 768);
sign_verify_unsuccessfully(privkey, pubkey);
generate_unsuccessfully(&privkey, &pubkey, 1024);
--
2.49.0
From 7b5f1bddcd77d61531fdb5c084c43947786b27ab Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 10 Feb 2025 15:57:39 +0900
Subject: [PATCH 6/6] tests: do not assume RSAES-PKCS1-v1_5 is enabled in
system config
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
tests/system-override-allow-rsa-pkcs1-encrypt.sh | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
index 714d0af946..30cb77ca50 100755
--- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh
+++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
@@ -56,14 +56,4 @@ if [ $? = 0 ]; then
fi
echo "RSAES-PKCS1-v1_5 successfully disabled"
-unset GNUTLS_SYSTEM_PRIORITY_FILE
-unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID
-
-${TEST}
-if [ $? != 0 ]; then
- echo "${TEST} expected to succeed by default"
- exit 1
-fi
-echo "RSAES-PKCS1-v1_5 successfully enabled by default"
-
exit 0
--
2.49.0

226
gnutls-release-keyring.gpg Normal file
View File

@ -0,0 +1,226 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYcRaoxYJKwYBBAHaRw8BAQdA5U8Cb4ZMYCjuAa6tqNKbRxXzycS2iLvNzWki
bGD2fe60JVpvbHRhbiBGcmlkcmljaCA8emZyaWRyaWNAcmVkaGF0LmNvbT6ImgQT
FgoAQgIbAwULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AWIQRdRssPdjQFpwU1
VvR6daZIs/kiDAUCZZQM4wUJCXNMwAAKCRB6daZIs/kiDBq0AQD4kutiBvEtpeI5
oHE5am/JgQUbUNQ8hGiHeJ+epRc5NQEA0xzJPYCIlvZ4jgf7K7RiKkqjzozOLwun
GummhMd1vQ24OARhxFqjEgorBgEEAZdVAQUBAQdAxKg6y4A69qT7doTni8/zKuKy
QKXEORZTCNxkcnz3dXoDAQgHiH4EGBYKACYCGwwWIQRdRssPdjQFpwU1VvR6daZI
s/kiDAUCZZQL3wUJCXNLvAAKCRB6daZIs/kiDCtdAQC6p+B26g72CLXjq6xmaLqs
1fi1auyPW/SnNRbbaW9UlwD/Up5lkp+r2n5d74vj4Y43nORpipb4kR3mP5g4SZak
IQKZAg0ESmfuLgEQAKHTAV7YHndSUjFY5DfCsrdMjIembP3PIwKR0g/vHVvvhn9L
FkDs3y46TkFCHcYsGdhOEmXcxJY4CClui7IjkSH1/7JnbsCgGRBx3wl4dyRsu9cL
EbwY86fVypIFSy6z7q24bzosjeu50lIqwVna4fRqZF8lIEGfJuuizLl1OfnkYgnc
FupZ1pM/u40VZEzOLoMDj2bzzSEnaq6eS4A5f+ryS8ql9G4kJ2Z72RdlzWXzwWoZ
QSV0JVikb5KN0IU/0KZklFiEXpS5EdJlfIlPDVYyainuBiPYXdBOyh2d/V714OO7
/JanOY8HhYAK2us7vDM+W5+x6UU0isfDHq3KS/N+VphODZuuf2imZlMAzt5heEGT
wAS85cKDWrhReJIa0WmjAFRW2g4ZAeVILbXw6dDJowSwLsJqBvURCpk1tee9wxXM
whxdwocVIBCuTn4h81NA6iTwUhZdabxNhUOpUilYQoOAePQ/Bw9a2mSGOWAg/TVr
m6+u+/TDVOrY1yMumnJjKegS8RsZaiOS7iXIJRZ1YAv2fmHcgKXIEKp0fw4y10vd
aJsYiWRs5xZd+xH4VREK/l6zAxECVkq7Mt/pjIPOllVbI6h75Bz5LgOXwn5Z5js+
q40nAZ20uSVKLTjfpVgq6niSChPeIAdhU4G3QrTecO2CeybZTGIRH57X3RhXABEB
AAG0HkRhaWtpIFVlbm8gPHVlbm9AdW5peHVzZXIub3JnPokCVAQTAQIAPgIbAwIe
AQIXgAULCQgHAwUVCgkICwUWAgMBABYhBEYiJcO0bzSHn8hJbNYFhI7X5phxBQJb
qxq7BQkaqS4NAAoJENYFhI7X5phx7qYP/R0/oCwNjM0treJEL7U1CAaPD8VMOrzl
Fvc4Kx5pJq5VLoMTpl1ikgyk/LAbNleWdgxCEtAGf4NbI9nxyV6Jh2EwGSwLf/HV
Kh5x6kWwRMqpSY5NcgJsQeAIojJT0ui3HANwNxvqcIHCsPlCjSbKidgEkl/PGiSJ
j/UiP/OJ5Z0DqKg7hrd29XgVuBMIKcFQXysiHfy+N+9UQbHtb6qjkriRZAZ4Jb6Q
LrwIzMqKOINj2NNKtxH1AaosxLQ+pcsmRA3OQPPKk5ptQE70+R+OiGbFbfkL4Uui
gjhMAf9qmppiMnxq9gkt/lLteCpTFZZ2FeL9mSKu9eN0jewweVVcZdgm0vVmub4m
rrkciJGl8Le3dZG3sZ1KYink6gSbYY8bJCfYo36+JqQx9KmyAQKLV8YwgQGlHyy/
6vHZdsPRsugmR0dbZEXxr0VE/CI26Ed68u2ZxtscVdurWeNhsFnJpY8Dljah8QYn
kObRp7DyEMUqD9cDC7Jlmgdq8fe9IIPxVNfDgHub6gh15dA7XdRWB2Fd1rtSQ0xM
/so3rfMDrssJ25RTkbA6gLNy54NO1Pz2xpsuL3MLlVF0xFdCIf7LD95vikfcXY6R
iaJwniDS6bm1UOkaRzgG/o5FERS7Ea9cowsxoxypybDHefH0Qn74J6B4BtgEB3cg
fiJHjFjSzTcetBlEYWlraSBVZW5vIDx1ZW5vQGdudS5vcmc+iQJVBBMBCAA/AhsD
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBEYiJcO0bzSHn8hJbNYFhI7X5phx
BQJknpE0BQkf2j2GAAoJENYFhI7X5phxAzUP/2WLxI23iiF12lVVlxj84g3F/XyE
u7oi5nVHY9wtmw0PoM3/sHHDO4H2LXH9Beb4Nitpvzy3WkMMOiAGdoDad0CC8gD8
TChjAd4vh5arT9PGgTHNUdp33m80j5xl0TuDEvfbXaoL2ZTyW4TApmpiPX+a024L
mx+Xf+WBj8PlEjXSjh21mXQs+L3gZGwZFXc2VoQNg/rBGt9rmv2JcaO4q+BbVhY6
o1PYL0C7RBWfz/sdIhWazYMa8L243a4LQU6CkILwum0yJ37ERJ2jkGc8NaHsqXCi
zbmFFp3If6u7F7iFrIN0W76hUL69nwszGlz4OyLHJsDLDnp1fJbOBk2gZZCMoFIS
OXqxTZPUdxbjWaVNRz1/ze5LcGF5yB52lgqOxykZCIIGs9mn11Q1kWPoB2BovoXd
fqTgMwx68qvQXWUzHj8fVemA3kCwqK9udjFok62GVKBy7uxBes+Le74aMg17Pp3R
siMuL4jpTppEuBpc5/gMQDJSv53niGWLyrUCa+9lDGqxpHiV+SRrEXekQlFCi+cG
FS36mT/Vnvsnss4ioKjEPWv4OuASkC78GvGMSXZrFMHrILgRrLhErbO/g8d2/+X9
3p02A5R9vbhdOSOAgjvvGLPzR7LidOoBOZYaTq28HB7cNmBkpAp4cM59pQwTVZYm
ryZF066njjn5TEoVuQINBEtrT7wBEACjRnNKXpiD/tbVSiF3bicZpf4C1JFIDvvJ
HQZEuK35SqeAe/tUpMAwbBfgW5sExUoB3Cy1lEK2Bi1kO7GU+tkdCHhi6jrcLYiM
g7QXavYZ/ebYHVfhVY2vGhOJVz4qm0/WvQYT3OpJSqrD1jT+AbRpDxFk9h2CBPw1
roBrh8TqYKyIOBPSswLwP05IKk9h7SwQnl/stXRchLMVaMrKL33V2bpZSI4NtYhJ
QGzX7PHVsv4JYBCXCeFRhAJwLLySfGM3DXdAChsOjtGob/sW84Kv5YM65sHxmhit
4NC5o5IxVQntvYaOsTafF9KOC8egostPsARxUNNihGYvJ5WL8NS2wQVMWsiRMK+/
QsK6PEMXny4q9+lMPGBZpuGicUX68RIIJynAaHatdorA0hFSDQIVxbhDTQdrBnmt
fSx33Yd9LlaW+oFz3oNtsUP57JQMvn7/RYMSheRqtlhSOOHQV/DdORo2B1uhd2Dl
uZOzsVz88o/2eZ9dhO8ArNhQRpWgcx7dq+kI7FyUH0Idrw29qD3IT/PnEOTF84ro
l0HEagP1ozVB32krJIDRQleTmdTogtT69FYLHnK9fYrk1m3Pcc3TWb/1PCcccN0D
2RJCl2kry5wJdx6g2bi7wg4twpRJshi5jREPJAAGNy5MKA+oon6D6gbwwNP3xuz/
/9BU0AUDYQARAQABiQJ+BBgBCAByBYJkorMiCRDWBYSO1+aYcUcUAAAAAAAeACBz
YWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeZgZGsUjuRusvhjME6v0SyZCTB
ZHc9vQ5i7qV5OPZtLgIbDBYhBEYiJcO0bzSHn8hJbNYFhI7X5phxAADssg/9G6Sj
nPi7yLDgXwmdQnZS20afRXa+T/YrsupbcKtXz+9As/QeZjnwuWI+LMDEjQSGnbQ4
w4Uyz5hnpRnWYDq62hsFml1eJr5xwImscJMUYkVdBVTxvrYn9Dxr+C+FkeJfBIkO
qZpFfe03VNwNU7zm6lg2BzKzBY3MY0nm/J/fWhmIXGOvUXHmRC6NnRkiTQcLsPU5
TrJoDXP3qI2shr77IE3TFZ60xD1mdoaZol+CQEXjoAzd+PuWBltdkMVSqtLFkyEy
L0kup+u/JdBrZxDNKRYwvoIi+cpzefq6Cp52L4WOhKxYQxrGPaFXzuOjf5uA6YHj
nikhvtm2W1C4FxEJ9OaDgP5EtdUmwnAOdPc+uNwpmChpFZmno26pqZfl7st6hjWK
qc9bEGncemxqregsCZPz8S/xHtFIKG7tGu7bmXVqnlkbz40t+1dQSN7jM6/pEIKr
2xWiZOnQ9/1cwuS84ZIQiwvOT4tGlLxnhdPjrCdgjtse2rf0Z1e29D36VKvxEQvh
lyAkqu4/8polwDVjHA3e3wlM8oCIoV4QvWWiqwaYmcFIk67TeTFx/rADZdDk/1w6
Ym+aOkPah1KLj7ERikSi3L3WJsrqZl7ij7fW8UrU5hz1Ncwc5cshFtdICAHA2ZpT
vELN+aCng2VkpPsR3NGa4ihB2Rbyq2SsGJdkf1OZAg0EV+o2lwEQAKWMXF8xc4hs
2nI+Tl6s/QTiw1X8gGJCztuEpLgVUqfL8bmQx91t1F7bpfVBN/wmrxXcWDZCTnlZ
NFJ81F/5AyMr1d8CBCuFaBHNx5KIl0Mo96wlFlYt2ANIjs2duM70fNgQPx0NgV9U
ZrvuXtW7hH7G+bQE83NvEjBg/OC16JaImRK9IV3FMsv4V7H5QrUwe9dAkN/EnaKk
I6B4jTd2DBq4JPfK+0FmEj/09Fv8N9EPgUm/TQePzOedMRhON9qX7vTczHsslmqD
d5DSXbCgYamiuI0e3Xw48i07R6Bz5h0/gm6PKzS7effIKopZJitF4/ry5m2/ryf9
piv0koeaC+ygYTALnWmqlS2PeFUbxfqvllz0nUk2wGsHVIeBKAkMeWyvluqFPLey
zouexNl99s86fMhvMKCUbYNN1CvwMJtXCmabaviN1sbMrWa8UdW4h5RNxs4ot/9M
uZOtTTJNtRbESXiyB8VTQuBZAh+eUTkuSa2AC4O6M1UEnc+a5pzRVy99MF335Kat
S42S50THIshZvCehjZNL/BHXnyd1Acqf9VBJZXJYLuvw3wlH2qYl2GGS7fR6V4ii
94dp/EE/kOZyzx5DJSNd6evYLwgJsFQvkGGqsCy8myXfDjK5Y+gx5kxBinikAigk
OcnwYBlAlXBs2mxmG0qiCO2ooMl8/g0rABEBAAG0J0FsZXhhbmRlciBTb3NlZGtp
biA8bW9ua0B1bmJvaWxlZC5pbmZvPokCTgQTAQgAIQIbAwIeAQIXgAUCV+o3dAUL
CQgHAwUVCgkICwUWAgMBAAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCy
nxQyflAP/1o4u6QvvBqAA4SK8eDgCaDjfKltjDn52jx4JfxBWlfS/zdnz8qPDTXX
iEh2JKpitlG+bmRnSngOqPH+sfFQvUz7czidUfF+Tlt0jO3Q/Zt5/OiGh3vgmOre
B4I5cObNGQmT/Ma5si6NfTQU0+okvd3j6fRNswsNP26TF+m7gSd27/S1/WkGLe+D
Ukq+fYXjCNn4qCg9KthAULJkZWiCP2rok/m2xCHmAq0ALVyDTE/IKRbDEqc04qsI
/XqGPavLdHmG8On1g8sek7QvJKkRgN29BUzdS6KBYfZGSLJ9KLGST7BPegyFLXvD
SMxUx4KrJRxgytMcmzI5SYTA6u6RdA1t5AY6Jw17YgP4Ba/yPPTbrTxJb7qM4NOA
1c/xc+j3+A6bWjLUbHMESlldcZae3s9cFjmOfDW9jn0WcmV2e4W1u2kTF0um1kfV
8kriiHKKT0RJ8iVLfpJpnJ0/7hgsyUE4O8BH1J+Pho0zVfTE1TBp1FwRZJQ3ls9X
3f5Zpn/KZy7gjseQSPx6r7pra7U5gSv/0Y1qDRrNvtULt1+0SobAmzp84iqn3GRd
/NybJz5jB526fm16WIE3MLoEB2yj+T+4AQ5Va1NHLqRR5oXa/anIzzFrmoUe8dRY
le/PhIvHEjzRrMzLFrmXX6eQZH1Gle59KbCFJus0bfSE0PL0xmKsuQINBGEgbmMB
EAC6sAEM9vo0ocfnyAlhmG+clkdNIH0J8NLzZIbnHOAfTnnLzUeWOT14JR7Q//kT
CdorjbX0dWD/+TRIwFHdXtLQngqaqSc77+1nRkx/4R5tbzJrd/FYA/4zk+sPpDHD
idcntJQ5chduyiuESn3L0H0OT0muck0g92BAkGATaswNWLLnu/TC1486krkG0aQx
DDFIYggzJR6v/saCrTGtMVMOhoMcWKGGQpFCYznB+3scYucTc4o9CGY/hpYeukZZ
72xmaYWZqIQnCm7pfLyJWNkw70EO1r1EBStuhYWEUqgTfgfu6KQHRpRiMPWf0Oss
44DQR5fIkY/VTCBeIWOdX2TC6qVfgMKASfIyYzPMorDtAcrXhRb4aEZqh9p7AjLs
8izfFR8/GSdoxIda3b+cfFPZ5dk05oOS3wkMQOy5ZeGv/jp8WZds7MC9+xNMhdZ9
4hRU6dN7S6yq+btrgPLWXk96yl4VZkwRz9fxk7PqZZ8riz9VAfKE2llkC5pEXx09
B0oUxu9DXzGZI9acOG3YAtXlezhCaS6AcvQZbQ7CXKHd/sGXrf9T+sqYX9k4FnLm
7eoWHH0rEMC3QVPGbIs4rGZbjBBybVrgSL8ShFpmhw9F1PyD6ug2t41NBIbZr9e2
eFaVO2LaPpZPoKFGZoILrtB/vW32BmQV20Ibr7cK2dPcbQARAQABiQI2BBgBCAAg
FiEE6Yerf36JZnd20Fs7sOndILKfFDIFAmEgbmMCGyAACgkQsOndILKfFDKCmw/7
BUinZ7uO+ax1hV25Emdg9qJsbtW32FLMypecexEK/CrOM+fadQe+xzPOoSlHw5tS
1ZB4rdKUT0jIingmmgaBWFd0FQPSsxHlERvhTfgDBlzAl7CkFisOPYY/ErL+lCjM
4t8VgsHsQZQZ7Nx7wMuIbT99n1lt79lt3YXgkZfIerDmb5mWuGP10b1/GDFv0s2R
T2dyNfdTNFtfzpehA4ea7Qgcz1ayqeyjWqDpoIXP+KCC368vv7kukBrdSpn7RLS2
xYeP8zB8ovfe+TzYc7ZSt9UdjbW7U7qzU49Kq5C4n/qvj7R5kcAm+UDSLVrvnbAf
nLVWWfgo0sOmtD5/EoMhlgKtN6DrVTSgf6xW6oWsf+8Pz1NROhqLwkcDvpET6zuT
YEWOK9vFik3XEtdaSlONvaBPN8aYfjoPze28MgEEcf3dw/+QIczw8+kXWXjmAHth
L8RpC1fiMmdOXlB1d7gkUPQkJmc4NeRM53fgE097IbXbEFhMtDSu8yzKltG70ahO
WoNKwdArrQhbiFKc4hoCx/caRy8jK0kFb5ZaNkljbtyQWFXm75lEDpaa2RFvE0T7
pFrMnrOEts0tlJwEf5s/SxWpFniXW7mCov3eYFnrE8Lgq173z7NmjmMTms29bro8
UW8eHMflRchZsrEUAQOtlA3k159Wt/2MTK9LnIz1I7a5Ag0EV+o3eQEQAL7E7DWm
gc1YdUV35LU1JCYqu8LScbyPtnilMYjgYORLc2DqXLIBWuIdP7hQ8lkQosQmn+oj
EfIEBpwbU+q5fsyxK31nReXxQQgDGwobjdGsZykjf6Dj1Jd9y2LDsBpZnvpFVhqp
YAv3bmyaGpIh+9y5xyLRsCTloVL1R+JyHuOromVllR25+zFwvoFhjfq27VK9QjTF
DYzqhdr3e0sx1LKb0DaiDHc8PT2LBjmND7KMGUKOjDwiFY6Uxd1eTB6Y+FkkwfMa
bk1JRgF+rGA9pvy0sjJcWkbTvW8erBJhhWNN4V7rtSHMMRdzFvqzhgWeO7r3TarK
js7pQCM8t+rnT7YFm1n0rHLfW7ECV6WBvWyk1N7a0C4Q5ekJ+fls4U+Iy20bOmhs
3vRxNA0XaGdp/NH1ldi5KExYbTpQpNQ0XK6j1KwE+TdM24v7su6qWGgmWUJKWFfC
ms+/zwAVGypTXa7rDi9X/+Ubb8nLLkQbf4W4/OrXBWffkbG+4J2EDRxF1UeHrHu5
NpnFP8J7sWYKV45Vh3pK5le2zYbDPF84Ge6BY2wiYvvWnPEqg7pLPZfaRSMJkqxT
QLSwnHf8vBvVXHAmp0WpYwOYBE+onFcZX3/t8d2uiEKuhElNfxdC1O4UolaBBEpz
FC9hN1IXWIpTgRLo+G4ket8FlTugwe+l1HN9ABEBAAGJBFUEGAEIAAkFAlfqN3kC
GwICQAkQsOndILKfFDLBXSAEGQEIAAYFAlfqN3kACgkQQSdIpAr8wvsH/hAAlSnz
UTzOU+x7/P4fPxl9M7dLWcOIKaaGrjNExz9bVCGXGnHZR3f4gRl/bowRFjGi++vh
nlCz2Hj18lFRXG3HjlSOwdzJYSa6ZMqdA2AW4167kJtQNEXpfV//C5mXhfe3U68O
33+acvqU5cG4/+QNvun81j8SQlOyYJlsQwW6W1EH2wxfuvpid3SNn5yDZ7GFhfZh
oxBwzITWRiWifcy8r3xufAVrFZKwAMvWrG5LRJD6pgyW/1oMsWUIH0U+QD0vgBoa
RCAW/gqLRf2836n7PeZaLuqiHMQgYOUs41KJ9jy6rYiHLuZsZPJ4luFbFuUylJxj
KUfnjVuAoBhm9XouywKckE3oXUf2Sa504MQlo+pNvtf4LK8RALpkTe8joq5olEnV
NNIq+UBxK0ZEG6SaCnf4wtYcL4uUVgLj/QYm9fob3gakVlfEVZx2SnCqrB2NAtMO
RUo1iOm//EwAnaFP4XaqPEQLZaEnKF454n05xFvt21UGgM81z2q9DrAbAolrpf3Y
8LtC42TQTMlGmyVmxUzgqyVcDc8Pjj0VP+9twp8za31bPXs88/o3E+tYIN46pxYV
9fWxdns+eNupVm8ZeZ+sblhkQGb2yyOPM7SEsP4MKzITPHheBxSzniYo0D6jrX4A
lDza7Gjw4YsOxus2NlhzBsWxmTpYat1QSW8cEQgWIQTph6t/folmd3bQWzuw6d0g
sp8UMpnkEACd4nfSJZIVX/jGtbR9kwOhnchAEkW9nwCxwgujJxvkPSqgMLbwtGhv
KMunhOOU10JWWT2pZ6JvYTzRRPJwl8snXwNlv9HKa/XUlbo7SGuliAya0J3UKxtG
Jd9+yOj81BznQjlZF18yqjERP1cyewmuGIUEqU1ODVE5SVajZSSOpe9EnT0TENZ3
SJcodwtg8rd1V4pqUecx5cpG01szohDuqXJ1NbvoRIYXbxwyx9b7JK3YuoDhRylG
rmCyP5n5Sb0J+5yfcOL33CPVK7SLladTlopCcaeieIIMSqMdUSHpLKqvOrRt3Cz7
9A777L9MHND1yf2Mm/IQlih/1d6JblNSJ2znD7hfpo1ReYmzYtG35a3m6FZt4QT1
5gGLQ0QC9a4s4LpqY9zPxaW9jpQPsyodoiCk/j2ZkwHLIa580V3Kh6dxjI+LwXlZ
/9T+Q/C3L5Has5yBijtCdekyrsD6XVfEn5gg+yFkDc6TKYCGhsro0yA9J+BOGRD2
HDxVbH3njCiP5wDvxIgOQLN06LQLDX+Qq++MRnJe4e0i1CQA+ow7ROSGUEPX7k3p
qoxJcQ2i2SCKz1PooV/ii/iN1PfU/IK3GAJEO2ktpQM9APKP//tvc00CAbarnlc9
G22yWAxW3R5JN7SfeX+lqC+Mok1cS7WGCQOOOC+B0EelTaj6Zcb7wbkCDQRX6jaX
ARAAxAQjAzi2kzXnWnX6yAkijTQk0j5raWb7+2Qprqr+I4ZbjEFiQFodw7Ei8eFt
sY5LSSvFWe8WXl0Ahvmfi+/9TPFwgEtLWTOqguCjJQN0VkOfjhEDWLuAFHoa3IzV
ySoZhDgIDQ/LY7cRg+Ryi0AaInesYx0cxdYkt93X1tPtcV4q7KiTIWZWBsWlBZF3
qHgneIfq6lBObjd/QfKhaFGleXi4UhJfcwnVj01h6dCKWUSNPRr6/sbdQztsnDYn
ghka+pdUAmVqpj+Cpb0ppUuzO78tW0lImybRUGOomhivQbw2/TcYcgwQmdUi7+Ie
Td/8H9Msff2P9u54vFbhUt1XlNk4KWyOi2Xu9CvidXqNcg6wpdAPthIjeZ3tRT3H
nFt9N5cPlhaQwV7SuGx9eaiMk2Oj2dBPvV4M18guwfA98iyNJ4tBmmiFLagfaDuN
aMgyt5cQA0tORt5d8AUoF3OrYQ/wdiToa6IJ7RO2WaSlFaYOHFJzMUDLNSUzKbVI
OR7No7QIOvKYJR4njnHBgIK5AeQNu5ucBxbFDOqnmu0E75pHOrVn8l5OOuHN/EiO
SGzRTdSh/iVftUgZC3vj+XnIlen1RBU63DRkFn97knlQGtmJgi6yIJhWHYk9LvDG
rUAdtPgrIr4844O3E5ZNTDW0YTmWtkfqnmfgEVBUdMWjj1sAEQEAAYkCNgQYAQgA
CQUCV+o2lwIbDAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCynxQy0eUP
/RLpSjdHZzZxJ0gorRbNkUZ+hJL4eCZC+V+JGBvTgLd58lN8ah/vqQafn3vUXwB4
3tW/if/Oz9ZRrLhfPtfROEQjxroo4xNRY9PPrEO1yQ5O6i81CcZGRKpZ391Q2fPl
2+lWT4VKXpn+XbF33FXAox9Rdfc/H5bXF+EiT00EnuxKWv6yyC48lNgKGBmSdhRE
iXTzzRzGxBxN3GWQV+2rIrHMy3Bp2DgKb2kHLhA2sLg8oCoszhWcW1+le34ioqNB
Yt/HLvM+nVzxgrD6RMQg0aiFQJvIw68Z48g5oD44xIjJT6YWXLbZA0XaXLn+m1CR
6xqxSeXsXSCnvbF5KQs6MsxKFs07T2GDEMuHJO35IfEfg1JWWgzqJfGe8bKBeQ2U
wFaZrYlmOYpq4VIdWwgDHlzuXynb/7MLe6NyxJPun57Ex7NsS//sfrR5nPunk43e
0W0lqmT50WJxRhBHhxXmkQ0fH6tzra8GJxo99+MJzaSfENvdRz39BQXM56nv0/1w
lRdfqJJcqYqVav/gKvKaB5eH3dXHKGZK5YSiQbtvqKBOwsOhHxtvsE18lu5LwiYd
nTaI0DmUcl2o4iC0+cpSFSesGSGd2XIIid0E4yre89Cf4kfuCQhvUkBrgYwU3mFM
/MhgH9hH7MKAmRVfm+pwNOk3owA/vBcSuRRLeeVGDGeqmQINBFOsE5ABEADD/k0t
8to+R0kPhr2k7d0P/p1SYgxkwSaYgdv4/MgO/yEbQDMsqs1mw88mWnFKKdbH4QUS
qCj21SiiJVrcoY7dNNapkKNiaMNCylAxkLtDw9/up0AVdkJ/7iHvrKlwIb3SBQV1
oJYBrXF9rzFBtkW9NhLc+DzloeHfPtABCIi0XoIOGSDn+RQvppe/13phBj+2fd5I
LNWiHfKIrr6228TynSPqy7H4z5DYcnYIJ7f7FO+MgaZjj28GFCyCFz7DMJsR/JX8
CDsaOHvBsBRtBIKSQ7ce9KtAnemsmyGVkaHpGvxo3gaWj8pROIiQRbDYfXXvMbpT
Yh/OTxbbx3SgBNjk3fH6ZjYZXuz+1kjJ9aajRKWvhZbMCjKEGjm3n+PrYdd2o9W6
j5+aOhSWDs54z7froPmt291NdykF4kHb3W3SwGaIACV3/ZorrwG8wHhnV8dEwqTr
E6xcTIwr2+C07yFDKrSgTbZsjEb6RbZA9SKsj6+ct8TrAxVPAigj7eMdWcF8yxxQ
CCZci8UIx9hyHAfr4fKCYl0KlG3SoZ8kTKiB0AvjsK+QowE7gKuHeKOvEn8cb2Di
BWjDfJoTO19xhzm51jxcDneIkVoeSg5QJqtiQZybyhf7vP9vl1fS9O8I9y1uR2lC
x7UkWAGTTVTtzs+O47125jsj/BjLMECT/Ub33QARAQABtCBUaW0gUsO8aHNlbiA8
dGltLnJ1ZWhzZW5AZ214LmRlPokCTgQTAQoAOAIbAwULCQgHAwUVCgkICwUWAgMB
AAIeAQIXgBYhBByyfbyYYUstWEFkbQgwLbaiZwQoBQJgRRE9AAoJEAgwLbaiZwQo
1nQP/igf0pGcHlUqHSGmaapDoqRJfHcwUMfC3FjK4fmV94D3KUVU9txWbb02qX5n
1yQXcpweHEAQEY7YVUbZLND2kMqq/unyi6TqdXK6wtz1t6tO2IsPXceAzI5pC6hX
QbN/sQIBD+ytdUVpvuOGDLUfbn95PYqNx/2t3GzW2hSglt6MUFDHVvQpglkQnCGI
1C2ulqPOarKcxggH4pTWQ2PR9JOJMS4iUGEyZeVUA8m21V+KZS3CZjaEuq+/3dLW
WzC1vtl7WMa3JahCGaJHL7kauVa0qgEkG1FENDxNhjb9m7nXh7+DRSOQM8oT4EbC
kSt5mLAwPl6JoAiRa3l+oVy6SldpdkMl6ycCnYEWki5K5xTUeJugw95Hm5mkD6Dt
li7tTtIlqcQ8i2kQB+BmtD2HSKBWrFONE4DQaBv8GcqzoDMFmw72sOStbnbAGEtz
IU41pmOaV6AnfN/hVqNNH3P8vzrSJifU0WCR9TEZoZoN0Rxbt4vYbLrArgiGE94K
rUEJ08c7Q4VOAdbQcENgzu+MnQC7jWk471eJ05hWMtqvW2PKh/2bF/LgIYJuBcNX
CKFBkDNTBNibJ8MnVn0uBZ3X9G6Kx9wU5e89Qvj7V6MM4SoTiOmhlbxH8GxXXSYf
AWosuWUSOFyXzG5yhurvUmYW+OIFPRZ6Wb5gKSgoLdgB+DhfuQINBFOsE5ABEADr
LQL3bP7+M6PTCjuVbqqHBDhBAKEEuxKffwDz1AJKfRhvqTYIKQqgZwaIzXdbOkmP
rTEgWHJKbwssaRmdBVRSYkE2DXLEcnuxqAgNyc5RMoVHWIE4jFNkxmrN6ZcVWel2
OwCo9A6bzUftKKYJRPAYou4nmv87+CdKT16JV40dMG/phLyPINByy9wThIodpJQX
/H1O6OCsMM/ZQJQ8zJCXbCCCe/c5gcg6+RJLsNa1CjIjQH0F1XZuncxz3nvKLxXL
uQG8HCcU5GxW/z2byjEkoJrlakmcwUzuih7IuFrvSaexb8so2N6u5H8vm+SBkCwU
c28lBsKECOJUeH28CBcMmFuRKFgF/fBpRiXDKI8Fl3IRm5vFIfL6oIBJBSDfunfZ
5FPXup5fVGT9k0dhBlD48zDQ22kVVmRkpctxGwd3yE4BM9/sQ3nK4HwrB9+9X2Rq
xbAzwz8LGvRE7/rusBg9HaO8kIOO/7NjutCvJkHGPfJSF7i9XvBcoQpkTIJFPaxu
pk7TCFOVDAzUYh82MzNq89SVe49017/nuXzKJ3SAtok7xDYVsXXriYgnmouL7f+c
DXdXmLIxPZN6LKkwKb9/rU0/9xPuvxS25zCSgjig8/SFEdSt6wvs94npSn6RcmVx
i5VN1Ni4IMRgQn7hXpGKATlM6CQ32V7QBJN24mFECQARAQABiQI2BBgBCgAgAhsM
FiEEHLJ9vJhhSy1YQWRtCDAttqJnBCgFAmBFEU0ACgkQCDAttqJnBCh3ahAAo9lG
UYfbbuQd6XRb7bkXWsoPoTI+o2S9wQOvZQLb/sANCkK0HqwAWdNeBKWF3o9NUG5y
/gQ3wNJv7WBGzCBL/N87K0doq6s9MiwXFIykr/yIlN7la3lCQvOUDn1OmO9zHGq4
t4arfCiInm5Hc6NhStV3aKtgIJoGWDMu9aIcy9canuAO+oO8l1ayV1kPDKWskVEX
ZsdvnxY0rhInvUfgw27uY2ziPLO3iTfPJLJ8wx2V3cyxkVWgk+08DHKQz0gwObJA
iAFtWJXSd8kO7mzcNVPgDAgje/7Lf2wlP4GQYO6Ht5RnhzbzIcgHxcK6pJeIS5oA
vDySWASwD66dkdYQUAjYHE2OQnwTjxU907uf1Foaa6yiOFBcQku4NQNdoUDfv+HW
0C5TR2XVcO9UBPTlEGMjMeqhTHs3E3HXKGiFWT7WYtdG9fBhVNoLvZ39eYnWEM8N
svcRUmOKzvoAJbmbZAlH3necl20MeJnfkTx9Nu3D9afYnaw9IJ9BetTON3gXzTtG
wAJjMZ346k9MLvnSLFpD8of15R/jl+RbZ732stOJkbcM5cUj2Lgi7DE44y7BeBT5
XD5LAUwop30sm4Kxwv9oEyVjzoQPkB24l9YGeEOEIqESZLszZ44Jsh703+9n3Dq9
wNTn8cXhFYi0Of02Vt4nNiXryBL/zneXgb37qiI=
=8Avy
-----END PGP PUBLIC KEY BLOCK-----

900
gnutls.spec Normal file
View File

@ -0,0 +1,900 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 2;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
%define srpmhash() %{lua:
local files = rpm.expand("%_specdir/gnutls.spec")
for i, p in ipairs(patches) do
files = files.." "..p
end
for i, p in ipairs(sources) do
files = files.." "..p
end
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
local hash = sha256sum:read("*a")
sha256sum:close()
print(string.sub(hash, 0, 16))
}
Version: 3.8.10
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
# not upstreamed: can we drop this as configure is regenerated when bootstrapping?
Patch: gnutls-3.2.7-rpath.patch
# not upstreamed: modifies the generated code
Patch: gnutls-3.7.2-enable-intel-cet.patch
# not upstreamed: to ignore GNUTLS_NO_EXPLICIT_INIT, for long-term support purposes
Patch: gnutls-3.7.2-no-explicit-init.patch
# not upstreamed: to avoid any inconsistency between algorithms enabled through API vs the ones enabled through config file, for long-term support purposes
Patch: gnutls-3.7.3-disable-config-reload.patch
# not upstreamed, reseed source DRBG for prediction resistance
Patch: gnutls-3.7.6-drbg-reseed.patch
# not upstreamed: see https://gitlab.com/gnutls/gnutls/-/issues/1443
Patch: gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch
# not upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1932
Patch: gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch
# usptreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
Patch: gnutls-3.8.10-tests-ktls.patch
# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
Patch: gnutls-3.8.10-tests-mldsa.patch
# not yet upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990/diffs?commit_id=993a8055c03b60c95fc65962ed82adc80b049a9a
Patch: gnutls-3.8.10-keyupdate.patch
%bcond_without bootstrap
%bcond_without dane
%bcond_without fips
%bcond_with tpm12
%bcond_without tpm2
%if 0%{?rhel} >= 9
%bcond_with gost
%else
%bcond_without gost
%endif
%bcond_without certificate_compression
%bcond_without leancrypto
%bcond_without tests
%if 0%{?fedora} && 0%{?fedora} < 38
%bcond_without srp
%else
%bcond_with srp
%endif
%if 0%{?fedora}
%bcond_without mingw
%else
%bcond_with mingw
%endif
%if 0%{?rhel} >= 9 && %{with fips}
%bcond_without bundled_gmp
%else
%bcond_with bundled_gmp
%endif
%if 0%{?rhel} >= 10 && %{with fips}
%bcond_without bundled_nettle
%else
%bcond_with bundled_nettle
%endif
%define fips_requires() %{lua:
local f = assert(io.popen("rpm -q --queryformat '%{EVR}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))
local v = f:read("*all")
f:close()
print("Requires: "..rpm.expand("%1%{?_isa}").." = "..v.."\\n")
}
Summary: A TLS protocol implementation
Name: gnutls
# The libraries are LGPLv2.1+, utilities are GPLv3+
License: GPL-3.0-or-later AND LGPL-2.1-or-later
BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
BuildRequires: readline-devel, libtasn1-devel >= 4.3
%if %{with certificate_compression}
BuildRequires: zlib-devel, brotli-devel, libzstd-devel
%endif
%if %{with bootstrap}
BuildRequires: automake, autoconf, gperf, libtool, texinfo
%endif
%if !%{with bundled_nettle}
BuildRequires: nettle-devel >= 3.10.1
%endif
%if %{with leancrypto}
BuildRequires: meson
%endif
%if %{with tpm12}
BuildRequires: trousers-devel >= 0.3.11.2
%endif
%if %{with tpm2}
BuildRequires: tpm2-tss-devel >= 3.0.3
%endif
BuildRequires: libidn2-devel
BuildRequires: libunistring-devel
BuildRequires: net-tools, softhsm, gcc, gcc-c++
BuildRequires: gnupg2
BuildRequires: git-core
# for a sanity check on cert loading
BuildRequires: p11-kit-trust, ca-certificates
Requires: crypto-policies
Requires: p11-kit-trust
Requires: libtasn1 >= 4.3
%if !%{with bundled_nettle}
# always bump when a nettle release is packaged
Requires: nettle >= 3.10.1
%endif
%if %{with tpm12}
Recommends: trousers >= 0.3.11.2
%endif
%if %{with dane}
BuildRequires: unbound-devel unbound-libs
%endif
BuildRequires: make gtk-doc
%if %{with mingw}
BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc
BuildRequires: mingw32-gcc-c++
BuildRequires: mingw32-libtasn1 >= 4.3
BuildRequires: mingw32-readline
BuildRequires: mingw32-zlib
BuildRequires: mingw32-p11-kit >= 0.23.1
BuildRequires: mingw32-nettle >= 3.6
BuildRequires: mingw64-filesystem >= 95
BuildRequires: mingw64-gcc
BuildRequires: mingw64-gcc-c++
BuildRequires: mingw64-libtasn1 >= 4.3
BuildRequires: mingw64-readline
BuildRequires: mingw64-zlib
BuildRequires: mingw64-p11-kit >= 0.23.1
BuildRequires: mingw64-nettle >= 3.6
%endif
URL: http://www.gnutls.org/
%define short_version %(echo %{version} | grep -m1 -o "[0-9]*\.[0-9]*" | head -1)
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz.sig
Source2: https://gnutls.org/gnutls-release-keyring.gpg
%if %{with bundled_gmp}
Source100: gmp-6.2.1.tar.xz
# Taken from the main gmp package
Source101: gmp-6.2.1-intel-cet.patch
%endif
%if %{with bundled_nettle}
Source200: nettle-3.10.1.tar.gz
Source201: nettle-3.10.1.tar.gz.sig
Source202: nettle-release-keyring.gpg
# Taken from the main nettle package
Source203: nettle-3.8-zeroize-stack.patch
Source204: nettle-3.10-hobble-to-configure.patch
%endif
%if %{with leancrypto}
Source300: leancrypto-1.5.0.tar.gz
%endif
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
%package c++
Summary: The C++ interface to GnuTLS
Requires: %{name}%{?_isa} = %{version}-%{release}
%package devel
Summary: Development files for the %{name} package
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-c++%{?_isa} = %{version}-%{release}
%if %{with dane}
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
%endif
Requires: pkgconfig
%package utils
License: GPL-3.0-or-later
Summary: Command line tools for TLS protocol
Requires: %{name}%{?_isa} = %{version}-%{release}
%if %{with dane}
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
%endif
%if %{with dane}
%package dane
Summary: A DANE protocol implementation for GnuTLS
Requires: %{name}%{?_isa} = %{version}-%{release}
%endif
%if %{with fips}
%package fips
Summary: Virtual package to install packages required to use %{name} under FIPS mode
Requires: %{name}%{?_isa} = %{version}-%{release}
%if !%{with bundled_nettle}
%{fips_requires nettle}
%endif
%if !%{with bundled_gmp}
%{fips_requires gmp}
%endif
%endif
%description
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
%description c++
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
%description devel
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package contains files needed for developing applications with
the GnuTLS library.
%description utils
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package contains command line TLS client and server and certificate
manipulation tools.
%if %{with dane}
%description dane
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package contains library that implements the DANE protocol for verifying
TLS certificates through DNSSEC.
%endif
%if %{with fips}
%description fips
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package does not contain any file, but installs required packages
to use GnuTLS under FIPS mode.
%endif
%if %{with mingw}
%package -n mingw32-%{name}
Summary: MinGW GnuTLS TLS/SSL encryption library
Requires: pkgconfig
Requires: mingw32-libtasn1 >= 4.3
BuildArch: noarch
%description -n mingw32-gnutls
GnuTLS TLS/SSL encryption library. This library is cross-compiled
for MinGW.
%package -n mingw64-%{name}
Summary: MinGW GnuTLS TLS/SSL encryption library
Requires: pkgconfig
Requires: mingw64-libtasn1 >= 4.3
BuildArch: noarch
%description -n mingw64-gnutls
GnuTLS TLS/SSL encryption library. This library is cross-compiled
for MinGW.
%{?mingw_debug_package}
%endif
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1 -S git
%if %{with bundled_gmp}
mkdir -p bundled_gmp
pushd bundled_gmp
tar --strip-components=1 -xf %{SOURCE100}
patch -p1 < %{SOURCE101}
popd
%endif
%if %{with bundled_nettle}
%{gpgverify} --keyring='%{SOURCE202}' --signature='%{SOURCE201}' --data='%{SOURCE200}'
mkdir -p bundled_nettle
pushd bundled_nettle
tar --strip-components=1 -xf %{SOURCE200}
patch -p1 < %{SOURCE203}
patch -p1 < %{SOURCE204}
popd
%endif
%if %{with leancrypto}
mkdir -p bundled_leancrypto
pushd bundled_leancrypto
tar --strip-components=1 -xf %{SOURCE300}
popd
%endif
%if %{with bundled_gmp}
sed -i 's/@GMP_LIBS@//' lib/gnutls.pc.in
%endif
%build
%define _lto_cflags %{nil}
%if %{with bundled_gmp}
pushd bundled_gmp
autoreconf -ifv
%configure --disable-cxx --disable-shared --enable-fat --with-pic
%make_build
popd
export GMP_DIR="$PWD/bundled_gmp"
export GMP_CFLAGS="-I$GMP_DIR"
export GMP_LIBS="$GMP_DIR/.libs/libgmp.a"
%endif
%if %{with bundled_nettle}
pushd bundled_nettle
./.bootstrap
# Disable -ggdb3 which makes debugedit unhappy
sed s/ggdb3/g/ -i configure
autoreconf -ifv
# For annocheck
export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
%configure --disable-shared --enable-fat \
--disable-sm3 --disable-sm4 \
--disable-ecc-secp192r1 --disable-ecc-secp224r1 \
--disable-documentation \
--with-include-path="$GMP_DIR" \
--with-lib-path="$GMP_DIR/.libs" \
%{nil}
%make_build
ln -s . nettle
popd
export NETTLE_DIR="$PWD/bundled_nettle"
export NETTLE_CFLAGS="-I$NETTLE_DIR"
export NETTLE_LIBS="$NETTLE_DIR/libnettle.a"
export HOGWEED_CFLAGS="-I$NETTLE_DIR"
export HOGWEED_LIBS="$NETTLE_DIR/libhogweed.a $NETTLE_LIBS $GMP_LIBS"
%endif
%if %{with leancrypto}
pushd bundled_leancrypto
%set_build_flags
meson setup -Dprefix="$PWD/install" -Dlibdir="$PWD/install/lib" \
-Ddefault_library=static \
-Dascon=disabled -Dascon_keccak=disabled \
-Dbike_5=disabled -Dbike_3=disabled -Dbike_1=disabled \
-Dkyber_x25519=disabled -Ddilithium_ed25519=disabled \
-Dx509_parser=disabled -Dx509_generator=disabled \
-Dpkcs7_parser=disabled -Dpkcs7_generator=disabled \
-Dsha2-256=disabled \
-Dchacha20=disabled -Dchacha20_drng=disabled \
-Ddrbg_hash=disabled -Ddrbg_hmac=disabled \
-Dhash_crypt=disabled \
-Dhmac=disabled -Dhkdf=disabled \
-Dkdf_ctr=disabled -Dkdf_fb=disabled -Dkdf_dpi=disabled \
-Dpbkdf2=disabled \
-Dkmac_drng=disabled -Dcshake_drng=disabled \
-Dhotp=disabled -Dtotp=disabled \
-Daes_block=disabled -Daes_cbc=disabled -Daes_ctr=disabled \
-Daes_kw=disabled -Dapps=disabled \
_build
meson compile -v -C _build
meson install -C _build
popd
export LEANCRYPTO_DIR="$PWD/bundled_leancrypto/install"
export LEANCRYPTO_CFLAGS="-I$LEANCRYPTO_DIR/include"
export LEANCRYPTO_LIBS="$LEANCRYPTO_DIR/lib/libleancrypto.a"
%endif
%if %{with bootstrap}
autoreconf -fi
%endif
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
echo "SYSTEM=NORMAL" >> tests/system.prio
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
export CCASFLAGS
%if %{with fips}
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
%endif
mkdir native_build
pushd native_build
%global _configure ../configure
%configure \
%if %{with fips}
--enable-fips140-mode \
--with-fips140-module-name="$FIPS_MODULE_NAME" \
--with-fips140-module-version=%{version}-%{srpmhash} \
%endif
%if %{with gost}
--enable-gost \
%else
--disable-gost \
%endif
%if %{with srp}
--enable-srp-authentication \
%endif
%ifarch %{ix86}
--disable-year2038 \
%endif
--enable-sha1-support \
--disable-static \
--disable-openssl-compatibility \
--disable-non-suiteb-curves \
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
--with-default-trust-store-pkcs11="pkcs11:" \
%if %{with tpm12}
--with-trousers-lib=%{_libdir}/libtspi.so.1 \
%else
--without-tpm \
%endif
%if %{with tpm2}
--with-tpm2 \
%else
--without-tpm2 \
%endif
--enable-ktls \
--htmldir=%{_docdir}/manual \
%if %{with dane}
--with-unbound-root-key-file=/var/lib/unbound/root.key \
--enable-libdane \
%else
--disable-libdane \
%endif
%if %{with certificate_compression}
--with-zlib --with-brotli --with-zstd \
%else
--without-zlib --without-brotli --without-zstd \
%endif
%if %{with leancrypto}
--with-leancrypto \
%else
--without-leancrypto \
%endif
--disable-rpath \
--with-default-priority-string="@SYSTEM"
%make_build
%if %{with bundled_nettle}
sed -i '/^Requires.private:/s/\(nettle\|hogweed\)[ ,]*//g' lib/gnutls.pc
%endif
%if %{with leancrypto}
sed -i '/^Requires.private:/s/leancrypto[ ,]*//g' lib/gnutls.pc
%endif
popd
%if %{with mingw}
# MinGW does not support CCASFLAGS
export CCASFLAGS=""
%mingw_configure \
%if %{with srp}
--enable-srp-authentication \
%endif
--enable-sha1-support \
--disable-static \
--disable-openssl-compatibility \
--disable-non-suiteb-curves \
--disable-libdane \
--disable-rpath \
--disable-nls \
--disable-cxx \
--enable-shared \
--without-tpm \
--with-included-unistring \
--disable-doc \
--with-default-priority-string="@SYSTEM"
%mingw_make %{?_smp_mflags}
%endif
%install
%make_install -C native_build
pushd native_build
make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%if %{without dane}
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
%endif
%if %{with fips}
# doing it twice should be a no-op the second time,
# and this way we avoid redefining it and missing a future change
%global __debug_package 1
%{__spec_install_post}
fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*`
./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
sed -i "s^$RPM_BUILD_ROOT/usr^^" "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
ln -s ".$fname.hmac" "$RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac"
%endif
%if %{with fips}
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
%{nil}
%endif
%find_lang gnutls
popd
%if %{with mingw}
%mingw_make_install
# Remove .la files
rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/*.la
# The .def files aren't interesting for other binaries
rm -f $RPM_BUILD_ROOT%{mingw32_bindir}/*.def
rm -f $RPM_BUILD_ROOT%{mingw64_bindir}/*.def
# Remove info and man pages which duplicate stuff in Fedora already.
rm -rf $RPM_BUILD_ROOT%{mingw32_infodir}
rm -rf $RPM_BUILD_ROOT%{mingw32_mandir}
rm -rf $RPM_BUILD_ROOT%{mingw32_docdir}/gnutls
rm -rf $RPM_BUILD_ROOT%{mingw64_infodir}
rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
rm -rf $RPM_BUILD_ROOT%{mingw64_docdir}/gnutls
# Remove test libraries
rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/crypt32.dll*
rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/ncrypt.dll*
rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/crypt32.dll*
rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/ncrypt.dll*
%mingw_debug_install_post
%endif
%check
%if %{with tests}
pushd native_build
make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { cat tests/test-suite.log tests/cert-tests/test-suite.log tests/slow/test-suite.log src/gl/tests/test-suite.log; exit 1; }
popd
%endif
%files -f native_build/gnutls.lang
%{_libdir}/libgnutls.so.30*
%if %{with fips}
%{_libdir}/.libgnutls.so.30*.hmac
%endif
%doc README.md AUTHORS NEWS THANKS
%license COPYING COPYING.LESSERv2
%files c++
%{_libdir}/libgnutlsxx.so.*
%files devel
%{_includedir}/*
%{_libdir}/libgnutls*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%{_infodir}/gnutls*
%{_infodir}/pkcs11-vision*
%{_docdir}/manual/*
%files utils
%{_bindir}/certtool
%if %{with tpm12}
%{_bindir}/tpmtool
%endif
%{_bindir}/ocsptool
%{_bindir}/psktool
%{_bindir}/p11tool
%if %{with srp}
%{_bindir}/srptool
%endif
%if %{with dane}
%{_bindir}/danetool
%endif
%{_bindir}/gnutls*
%{_mandir}/man1/*
%doc doc/certtool.cfg
%if %{with dane}
%files dane
%{_libdir}/libgnutls-dane.so.*
%endif
%if %{with fips}
%files fips
%endif
%if %{with mingw}
%files -n mingw32-%{name}
%license COPYING COPYING.LESSERv2
%{mingw32_bindir}/certtool.exe
%{mingw32_bindir}/gnutls-cli-debug.exe
%{mingw32_bindir}/gnutls-cli.exe
%{mingw32_bindir}/gnutls-serv.exe
%{mingw32_bindir}/libgnutls-30.dll
%{mingw32_bindir}/ocsptool.exe
%{mingw32_bindir}/p11tool.exe
%{mingw32_bindir}/psktool.exe
%if %{with srp}
%{mingw32_bindir}/srptool.exe
%endif
%{mingw32_libdir}/libgnutls.dll.a
%{mingw32_libdir}/libgnutls-30.def
%{mingw32_libdir}/pkgconfig/gnutls.pc
%{mingw32_includedir}/gnutls/
%files -n mingw64-%{name}
%license COPYING COPYING.LESSERv2
%{mingw64_bindir}/certtool.exe
%{mingw64_bindir}/gnutls-cli-debug.exe
%{mingw64_bindir}/gnutls-cli.exe
%{mingw64_bindir}/gnutls-serv.exe
%{mingw64_bindir}/libgnutls-30.dll
%{mingw64_bindir}/ocsptool.exe
%{mingw64_bindir}/p11tool.exe
%{mingw64_bindir}/psktool.exe
%if %{with srp}
%{mingw64_bindir}/srptool.exe
%endif
%{mingw64_libdir}/libgnutls.dll.a
%{mingw64_libdir}/libgnutls-30.def
%{mingw64_libdir}/pkgconfig/gnutls.pc
%{mingw64_includedir}/gnutls/
%endif
%changelog
## START: Generated by rpmautospec
* Fri Aug 01 2025 Daiki Ueno <dueno@redhat.com> - 3.8.10-2
- key_update: rework the rekeying logic
* Thu Jul 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.10-1
- Update to 3.8.10 upstream release
* Fri Jul 04 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-19
- algorithms: assign hash strength to ML-DSA signature algorithms
* Wed Jun 25 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-18
- nettle/pk: mark ML-DSA as FIPS-unapproved
* Thu Jun 19 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-17
- Enable ML-DSA at TLS 1.3 level
* Thu May 08 2025 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.9-16
- Preserve ARM registers, reenable ARM assembly
* Wed May 07 2025 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.9-15
- Disable assembly on aarch64 as a stopgap measure
* Thu Apr 24 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-14
- tests: make pqc-hybrid-kx.sh work when system time set beyond 2038
* Tue Apr 22 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-13
- Update gnutls-3.8.9-cli-earlydata.patch to the upstream version
* Mon Apr 14 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-12
- Update leancrypto to 1.3.0
* Mon Feb 17 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-11
- Improve 0-RTT handling in commands
* Mon Feb 17 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-10
- Update bundled nettle to 3.10.1
* Thu Feb 13 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-9
- Update leancrypto-1.2.0-intel-cet.patch
* Thu Feb 13 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-8
- handshake: only shuffle extensions in the first Client Hello
* Thu Feb 13 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-7
- Enable Intel CET in leancrypto
* Wed Feb 12 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-6
- Update gnutls-3.8.9-allow-rsa-pkcs1-encrypt.patch
* Tue Feb 11 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-5
- Increase verbosity level of leancrypto compilation
* Tue Feb 11 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-4
- Fix static linking to libhogweed.a
* Mon Feb 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-3
- fips: perform only signature PCT for all RSA algorithms
* Mon Feb 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-2
- Switch from liboqs to leancrypto
* Mon Feb 10 2025 Daiki Ueno <dueno@redhat.com> - 3.8.9-1
- Update to 3.8.9 release
* Tue Nov 05 2024 Daiki Ueno <dueno@redhat.com> - 3.8.8-1
- Update to 3.8.8 upstream release
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.8.7-6
- Bump release for October 2024 mass rebuild:
* Thu Oct 10 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-5
- Disable GOST in RHEL-9 or later
* Tue Oct 08 2024 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.7-4
- Initial CI and gating setup for RHEL-10
* Wed Aug 21 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-3
- Fix issues in bundling nettle
* Tue Aug 20 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-2
- Statically link to Nettle libraries
* Fri Aug 16 2024 Daiki Ueno <dueno@redhat.com> - 3.8.7-1
- Update to 3.8.7 upstream release
* Thu Aug 15 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-7
- Forward port downstream patches from c9s
* Mon Jul 29 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-6
- liboqs: check whether Kyber768 is compiled in
* Sat Jul 27 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-5
- Fix configure check on nettle_rsa_oaep_* functions
* Sat Jul 27 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-4
- Enable X25519Kyber768Draft00 key exchange in TLS
* Sat Jul 27 2024 Daiki Ueno <dueno@redhat.com> - 3.8.6-3
- Switch to using dlwrap for loading compression libraries
* Sat Jul 27 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 3.8.6-2
- Fix FIPS build with RPM 4.20
* Sat Jul 27 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.6-1
- Update to 3.8.6 upstream release
* Tue Jul 02 2024 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.5-7
- Rebuild against nettle-3.9.1-11.el10
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.8.5-6
- Bump release for June 2024 mass rebuild
* Mon Jun 17 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.5-5
- Build with certificate compression enabled
* Thu May 16 2024 Alexander Sosedkin <asosedkin@redhat.com> - 3.8.5-4
- Add gmp tarball to sources file, add gmp patch
* Thu May 16 2024 Daiki Ueno <dueno@redhat.com> - 3.8.5-3
- Add bcond to statically link to GMP
* Thu May 16 2024 Daiki Ueno <dueno@redhat.com> - 3.8.5-2
- Add virtual package to pull in nettle/gmp dependencies for FIPS
* Thu May 16 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.5-1
- 3.8.5 upstream release
* Thu May 16 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.4-1
- 3.8.4 upstream release
* Thu May 16 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.3-3
- Fix mingw build failure
* Wed Jan 24 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.3-2
- Update keyring
* Tue Jan 23 2024 Zoltan Fridrich <zfridric@redhat.com> - 3.8.3-1
- [packit] 3.8.3 upstream release
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 12 2023 Simon de Vlieger <cmdr@supakeen.com> - 3.8.2-3
- Bump Nettle dependency.
* Fri Dec 01 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-2
- Tentatively revert newly added Ed448 keys support in PKCS#11
* Wed Nov 22 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-1
- [packit] 3.8.2 upstream release
* Wed Nov 22 2023 Daiki Ueno <dueno@redhat.com> - 3.8.1-4
- Remove patches no longer needed in 3.8.2
* Thu Nov 09 2023 Daiki Ueno <dueno@redhat.com> - 3.8.1-3
- Skip KTLS test if the host kernel is older than 5.11
* Tue Aug 29 2023 Stephen Gallagher <sgallagh@redhat.com> - 3.8.1-2
- Don't build with SRP on RHEL
* Fri Aug 25 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.8.1-1
- [packit] 3.8.1 upstream release
* Thu Aug 24 2023 Daiki Ueno <dueno@redhat.com> - 3.8.0-8
- Migrate License field to SPDX license identifier
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue May 23 2023 Peter Leitmann <peto.leitmann@gmail.com> - 3.8.0-6
- Add TMT interop tests
* Thu Apr 13 2023 Daiki Ueno <dueno@redhat.com> - 3.8.0-5
- Fix leftover of the previous %%bcond change
* Tue Apr 11 2023 Daiki Ueno <dueno@redhat.com>
- Use %%bcond instead of %%global for srp and mingw support
* Sat Mar 11 2023 Richard W.M. Jones <rjones@redhat.com> - 3.8.0-3
- Fix desychronisation with kTLS:
https://gitlab.com/gnutls/gnutls/-/issues/1470
* Thu Mar 02 2023 Daniel P. Berrangé <berrange@redhat.com> - 3.8.0-2
- Disable GNULIB's year2038 support for 64-bit time_t
* Thu Feb 16 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.8.0-1
- [packit] 3.8.0 upstream release
* Tue Feb 14 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-14
- Prepare for release
* Fri Jan 20 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.7.8-13
- KTLS: disable ktls_keyupdate & tls1.2 chachapoly tests
* Fri Jan 20 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.7.8-12
- KTLS additional ciphersuites
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.8-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Dec 14 2022 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.7.8-10
- gcc-analyzer: suppress warnings
* Thu Oct 27 2022 Daniel P. Berrangé <berrange@redhat.com> - 3.7.8-9
- Cross-compiled mingw sub-RPMs should be 'noarch'
* Wed Oct 19 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-8
- Add conditions for mingw
* Tue Oct 18 2022 Michael Cronenworth <mike@cchtml.com> - 3.7.8-6
- Initial MinGW package support
* Tue Oct 18 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-5
- Use make macros
* Tue Oct 18 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.8-4
- RPMAUTOSPEC: unresolvable merge
## END: Generated by rpmautospec

749
nettle-3.10-hobble-to-configure.patch Normal file
View File

@ -0,0 +1,749 @@
From 499fab03ff0b46c2328992595b057ae8db63d544 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 24 Jul 2024 15:19:01 +0900
Subject: [PATCH 1/3] Add --disable-sm3 configure option
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
Makefile.in | 8 +++++---
configure.ac | 14 ++++++++++++++
examples/nettle-benchmark.c | 8 +++++++-
nettle-meta-hashes.c | 2 ++
nettle-meta-macs.c | 2 ++
testsuite/Makefile.in | 4 +++-
testsuite/hmac-test.c | 2 ++
testsuite/meta-hash-test.c | 2 ++
testsuite/meta-mac-test.c | 2 ++
9 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 71ad761e..cb7b3d99 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -123,11 +123,11 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
gost28147.c gosthash94.c gosthash94-meta.c \
hmac.c hmac-gosthash94.c hmac-md5.c hmac-ripemd160.c \
hmac-sha1.c hmac-sha224.c hmac-sha256.c hmac-sha384.c \
- hmac-sha512.c hmac-streebog.c hmac-sm3.c \
+ hmac-sha512.c hmac-streebog.c \
hmac-md5-meta.c hmac-ripemd160-meta.c hmac-sha1-meta.c \
hmac-sha224-meta.c hmac-sha256-meta.c hmac-sha384-meta.c \
hmac-sha512-meta.c hmac-gosthash94-meta.c \
- hmac-streebog-meta.c hmac-sm3-meta.c \
+ hmac-streebog-meta.c \
knuth-lfib.c hkdf.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compat.c md5-meta.c \
@@ -153,7 +153,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
sha3-224.c sha3-224-meta.c sha3-256.c sha3-256-meta.c \
sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c \
sha3-shake.c shake128.c shake256.c \
- sm3.c sm3-meta.c \
serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \
serpent-meta.c \
streebog.c streebog-meta.c \
@@ -228,6 +227,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ed448-shake256.c ed448-shake256-pubkey.c \
ed448-shake256-sign.c ed448-shake256-verify.c
+
+nettle_SOURCES += @IF_SM3@ hmac-sm3.c hmac-sm3-meta.c sm3.c sm3-meta.c
+
OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \
diff --git a/configure.ac b/configure.ac
index 7c003bb7..fe174919 100644
--- a/configure.ac
+++ b/configure.ac
@@ -124,6 +124,10 @@ AC_ARG_ENABLE(mini-gmp,
AS_HELP_STRING([--enable-mini-gmp], [Enable mini-gmp, used instead of libgmp.]),,
[enable_mini_gmp=no])
+AC_ARG_ENABLE(sm3,
+ AS_HELP_STRING([--disable-sm3], [Disable SM3 hash algorithm]),,
+ [enable_sm3=yes])
+
AC_ARG_VAR(ASM_FLAGS, [Extra flags for processing assembly source files])
if test "x$enable_mini_gmp" = xyes ; then
@@ -1157,6 +1161,15 @@ else
IF_MINI_GMP='#'
fi
+AH_TEMPLATE([WITH_SM3], [Defined if SM3 hash algorithm is enabled])
+
+if test "x$enable_sm3" = xyes ; then
+ AC_DEFINE(WITH_SM3)
+ IF_SM3=''
+else
+ IF_SM3='#'
+fi
+
AC_SUBST(IF_HOGWEED)
AC_SUBST(IF_STATIC)
AC_SUBST(IF_SHARED)
@@ -1165,6 +1178,7 @@ AC_SUBST(IF_DLOPEN_TEST)
AC_SUBST(IF_DOCUMENTATION)
AC_SUBST(IF_DLL)
AC_SUBST(IF_MINI_GMP)
+AC_SUBST(IF_SM3)
OPENSSL_LIBFLAGS=''
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index 2a11a694..36835854 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -901,6 +901,12 @@ bench_ghash_update(void)
# define OPENSSL(x)
#endif
+#if WITH_SM3
+# define SM3(x) x,
+#else
+# define SM3(x)
+#endif
+
int
main(int argc, char **argv)
{
@@ -920,7 +926,7 @@ main(int argc, char **argv)
&nettle_sha3_384, &nettle_sha3_512,
&nettle_ripemd160, &nettle_gosthash94,
&nettle_gosthash94cp, &nettle_streebog256,
- &nettle_streebog512, &nettle_sm3,
+ &nettle_streebog512, SM3(&nettle_sm3)
NULL
};
diff --git a/nettle-meta-hashes.c b/nettle-meta-hashes.c
index 2245dfb7..6d4563d9 100644
--- a/nettle-meta-hashes.c
+++ b/nettle-meta-hashes.c
@@ -57,7 +57,9 @@ const struct nettle_hash * const _nettle_hashes[] = {
&nettle_sha3_512,
&nettle_streebog256,
&nettle_streebog512,
+#if WITH_SM3
&nettle_sm3,
+#endif
NULL
};
diff --git a/nettle-meta-macs.c b/nettle-meta-macs.c
index 48b2176e..866f0766 100644
--- a/nettle-meta-macs.c
+++ b/nettle-meta-macs.c
@@ -52,7 +52,9 @@ const struct nettle_mac * const _nettle_macs[] = {
&nettle_hmac_sha512,
&nettle_hmac_streebog256,
&nettle_hmac_streebog512,
+#if WITH_SM3
&nettle_hmac_sm3,
+#endif
NULL
};
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index 0699fa0d..a45ddf77 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c aes-keywrap-test.c arcfour-test.c arctwo-test.c \
sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
sha3-384-test.c sha3-512-test.c \
shake128-test.c shake256-test.c \
- streebog-test.c sm3-test.c sm4-test.c \
+ streebog-test.c sm4-test.c \
serpent-test.c twofish-test.c version-test.c \
knuth-lfib-test.c \
cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \
@@ -60,6 +60,8 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
gostdsa-sign-test.c gostdsa-verify-test.c \
gostdsa-keygen-test.c gostdsa-vko-test.c
+TS_NETTLE_SOURCES += @IF_SM3@ sm3-test.c
+
TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
CXX_SOURCES = cxx-test.cxx
diff --git a/testsuite/hmac-test.c b/testsuite/hmac-test.c
index d7af2475..d34127bf 100644
--- a/testsuite/hmac-test.c
+++ b/testsuite/hmac-test.c
@@ -949,9 +949,11 @@ test_main (void)
SHEX("a1aa5f7de402d7b3d323f2991c8d4534"
"013137010a83754fd0af6d7cd4922ed9"));
+#if WITH_SM3
test_mac (&nettle_hmac_sm3, (nettle_hash_update_func*) hmac_sm3_set_key,
SDATA("monkey monkey monkey monkey"),
SDATA("abc"),
SHEX("7a9388e2ca5343b5d76e7c2c3d84f239"
"f306c0b60d5e0dc4d2771e42860a6a2b"));
+#endif
}
diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c
index ec4e0d1e..8427e0a1 100644
--- a/testsuite/meta-hash-test.c
+++ b/testsuite/meta-hash-test.c
@@ -24,7 +24,9 @@ const char* hashes[] = {
"sha3_512",
"streebog256",
"streebog512",
+#if WITH_SM3
"sm3",
+#endif
};
void
diff --git a/testsuite/meta-mac-test.c b/testsuite/meta-mac-test.c
index 6c848a88..c00efd3c 100644
--- a/testsuite/meta-mac-test.c
+++ b/testsuite/meta-mac-test.c
@@ -16,7 +16,9 @@ const char* macs[] = {
"hmac_sha512",
"hmac_streebog256",
"hmac_streebog512",
+#if WITH_SM3
"hmac_sm3",
+#endif
};
void
--
2.48.1
From 04ef86ac0ad034f44b325cd6b0ff7880d64f762f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 24 Jul 2024 15:28:13 +0900
Subject: [PATCH 2/3] Add --disable-sm4 configure option
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
Makefile.in | 3 +--
configure.ac | 14 ++++++++++++++
examples/nettle-benchmark.c | 8 +++++++-
nettle-meta-aeads.c | 2 ++
nettle-meta-ciphers.c | 2 ++
testsuite/Makefile.in | 3 ++-
testsuite/gcm-test.c | 2 ++
testsuite/meta-aead-test.c | 2 ++
testsuite/meta-cipher-test.c | 4 +++-
9 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index cb7b3d99..9c8b8b59 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -117,7 +117,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
gcm-aes256.c gcm-aes256-meta.c \
gcm-camellia128.c gcm-camellia128-meta.c \
gcm-camellia256.c gcm-camellia256-meta.c \
- gcm-sm4.c gcm-sm4-meta.c \
cmac.c cmac64.c cmac-aes128.c cmac-aes256.c cmac-des3.c \
cmac-aes128-meta.c cmac-aes256-meta.c cmac-des3-meta.c \
gost28147.c gosthash94.c gosthash94-meta.c \
@@ -157,7 +156,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
serpent-meta.c \
streebog.c streebog-meta.c \
twofish.c twofish-meta.c \
- sm4.c sm4-meta.c \
umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \
umac-poly64.c umac-poly128.c umac-set-key.c \
umac32.c umac64.c umac96.c umac128.c \
@@ -229,6 +227,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
nettle_SOURCES += @IF_SM3@ hmac-sm3.c hmac-sm3-meta.c sm3.c sm3-meta.c
+nettle_SOURCES += @IF_SM4@ gcm-sm4.c gcm-sm4-meta.c sm4.c sm4-meta.c
OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
diff --git a/configure.ac b/configure.ac
index fe174919..494c7d2c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -128,6 +128,10 @@ AC_ARG_ENABLE(sm3,
AS_HELP_STRING([--disable-sm3], [Disable SM3 hash algorithm]),,
[enable_sm3=yes])
+AC_ARG_ENABLE(sm4,
+ AS_HELP_STRING([--disable-sm4], [Disable SM4 symmetric cipher algorithm]),,
+ [enable_sm4=yes])
+
AC_ARG_VAR(ASM_FLAGS, [Extra flags for processing assembly source files])
if test "x$enable_mini_gmp" = xyes ; then
@@ -1170,6 +1174,15 @@ else
IF_SM3='#'
fi
+AH_TEMPLATE([WITH_SM4], [Defined if SM4 symmetric cipher is enabled])
+
+if test "x$enable_sm4" = xyes ; then
+ AC_DEFINE(WITH_SM4)
+ IF_SM4=''
+else
+ IF_SM4='#'
+fi
+
AC_SUBST(IF_HOGWEED)
AC_SUBST(IF_STATIC)
AC_SUBST(IF_SHARED)
@@ -1179,6 +1192,7 @@ AC_SUBST(IF_DOCUMENTATION)
AC_SUBST(IF_DLL)
AC_SUBST(IF_MINI_GMP)
AC_SUBST(IF_SM3)
+AC_SUBST(IF_SM4)
OPENSSL_LIBFLAGS=''
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index 36835854..66f92f6e 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -907,6 +907,12 @@ bench_ghash_update(void)
# define SM3(x)
#endif
+#if WITH_SM4
+# define SM4(x) x,
+#else
+# define SM4(x)
+#endif
+
int
main(int argc, char **argv)
{
@@ -943,7 +949,7 @@ main(int argc, char **argv)
&nettle_des3,
&nettle_serpent256,
&nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
- &nettle_sm4,
+ SM4(&nettle_sm4)
NULL
};
diff --git a/nettle-meta-aeads.c b/nettle-meta-aeads.c
index 78f38a3c..c94fecd5 100644
--- a/nettle-meta-aeads.c
+++ b/nettle-meta-aeads.c
@@ -43,7 +43,9 @@ const struct nettle_aead * const _nettle_aeads[] = {
&nettle_gcm_aes256,
&nettle_gcm_camellia128,
&nettle_gcm_camellia256,
+#if WITH_SM4
&nettle_gcm_sm4,
+#endif
&nettle_eax_aes128,
&nettle_chacha_poly1305,
NULL
diff --git a/nettle-meta-ciphers.c b/nettle-meta-ciphers.c
index f8d691cf..6a84a43a 100644
--- a/nettle-meta-ciphers.c
+++ b/nettle-meta-ciphers.c
@@ -54,7 +54,9 @@ const struct nettle_cipher * const _nettle_ciphers[] = {
&nettle_arctwo64,
&nettle_arctwo128,
&nettle_arctwo_gutmann128,
+#if WITH_SM4
&nettle_sm4,
+#endif
NULL
};
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index a45ddf77..3483f409 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c aes-keywrap-test.c arcfour-test.c arctwo-test.c \
sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
sha3-384-test.c sha3-512-test.c \
shake128-test.c shake256-test.c \
- streebog-test.c sm4-test.c \
+ streebog-test.c \
serpent-test.c twofish-test.c version-test.c \
knuth-lfib-test.c \
cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \
@@ -61,6 +61,7 @@ TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
gostdsa-keygen-test.c gostdsa-vko-test.c
TS_NETTLE_SOURCES += @IF_SM3@ sm3-test.c
+TS_NETTLE_SOURCES += @IF_SM4@ sm4-test.c
TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
CXX_SOURCES = cxx-test.cxx
diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c
index e8228ed7..fad9184a 100644
--- a/testsuite/gcm-test.c
+++ b/testsuite/gcm-test.c
@@ -825,6 +825,7 @@ test_main(void)
"16aedbf5a0de6a57 a637b39b"), /* iv */
SHEX("5791883f822013f8bd136fc36fb9946b")); /* tag */
+#if WITH_SM4
/*
* GCM-SM4 Test Vectors from
* https://datatracker.ietf.org/doc/html/rfc8998
@@ -842,6 +843,7 @@ test_main(void)
"A56834CBCF98C397B4024A2691233B8D"),
SHEX("00001234567800000000ABCD"),
SHEX("83DE3541E4C2B58177E065A9BF7B62EC"));
+#endif
/* Test gcm_hash, with varying message size, keys and iv all zero.
Not compared to any other implementation. */
diff --git a/testsuite/meta-aead-test.c b/testsuite/meta-aead-test.c
index ceeca227..d1a3193f 100644
--- a/testsuite/meta-aead-test.c
+++ b/testsuite/meta-aead-test.c
@@ -8,7 +8,9 @@ const char* aeads[] = {
"gcm_aes256",
"gcm_camellia128",
"gcm_camellia256",
+#if WITH_SM4
"gcm_sm4",
+#endif
"eax_aes128",
"chacha_poly1305",
};
diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c
index 912fac5a..b57fcbe1 100644
--- a/testsuite/meta-cipher-test.c
+++ b/testsuite/meta-cipher-test.c
@@ -20,7 +20,9 @@ const char* ciphers[] = {
"twofish128",
"twofish192",
"twofish256",
- "sm4"
+#if WITH_SM4
+ "sm4",
+#endif
};
void
--
2.48.1
From cef5228a90257430d4151163c259bc83fd2f7900 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 22 Aug 2024 10:49:46 +0900
Subject: [PATCH 3/3] Add --disable-ecc-{secp192r1,secp224r1} configure option
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
Makefile.in | 5 ++++-
configure.ac | 36 ++++++++++++++++++++++++++++++++++-
examples/ecc-benchmark.c | 4 ++++
examples/hogweed-benchmark.c | 6 ++++++
testsuite/ecdh-test.c | 4 ++++
testsuite/ecdsa-sign-test.c | 6 ++++++
testsuite/ecdsa-verify-test.c | 4 ++++
testsuite/testutils.c | 10 +++++++++-
8 files changed, 72 insertions(+), 3 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 9c8b8b59..1e9ed61c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -202,7 +202,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
ecc-curve25519.c ecc-curve448.c \
ecc-gost-gc256b.c ecc-gost-gc512a.c \
- ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
+ ecc-secp256r1.c \
ecc-secp384r1.c ecc-secp521r1.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c ecc-nonsec-add-jjj.c \
@@ -229,6 +229,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \
nettle_SOURCES += @IF_SM3@ hmac-sm3.c hmac-sm3-meta.c sm3.c sm3-meta.c
nettle_SOURCES += @IF_SM4@ gcm-sm4.c gcm-sm4-meta.c sm4.c sm4-meta.c
+hogweed_SOURCES += @IF_ECC_SECP192R1@ ecc-secp192r1.c
+hogweed_SOURCES += @IF_ECC_SECP224R1@ ecc-secp224r1.c
+
OPT_SOURCES = fat-arm.c fat-arm64.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \
diff --git a/configure.ac b/configure.ac
index 494c7d2c..105640e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -132,6 +132,14 @@ AC_ARG_ENABLE(sm4,
AS_HELP_STRING([--disable-sm4], [Disable SM4 symmetric cipher algorithm]),,
[enable_sm4=yes])
+AC_ARG_ENABLE(ecc-secp192r1,
+ AS_HELP_STRING([--disable-ecc-secp192r1], [Disable NIST secp192r1 curve]),,
+ [enable_ecc_secp192r1=yes])
+
+AC_ARG_ENABLE(ecc-secp224r1,
+ AS_HELP_STRING([--disable-ecc-secp224r1], [Disable NIST secp224r1 curve]),,
+ [enable_ecc_secp224r1=yes])
+
AC_ARG_VAR(ASM_FLAGS, [Extra flags for processing assembly source files])
if test "x$enable_mini_gmp" = xyes ; then
@@ -624,9 +632,15 @@ asm_nettle_optional_list="cpuid.asm cpu-facility.asm \
asm_hogweed_optional_list=""
if test "x$enable_public_key" = "xyes" ; then
- asm_hogweed_optional_list="ecc-secp192r1-modp.asm ecc-secp224r1-modp.asm \
+ asm_hogweed_optional_list="\
ecc-secp256r1-redc.asm ecc-secp384r1-modp.asm ecc-secp521r1-modp.asm \
ecc-curve25519-modp.asm ecc-curve448-modp.asm"
+ if test "x$enable_ecc_secp192r1" = "xyes" ; then
+ asm_hogweed_optional_list="ecc-secp192r1-modp.asm $asm_hogweed_optional_list"
+ fi
+ if test "x$enable_ecc_secp224r1" = "xyes" ; then
+ asm_hogweed_optional_list="ecc-secp224r1-modp.asm $asm_hogweed_optional_list"
+ fi
fi
OPT_NETTLE_OBJS=""
@@ -1183,6 +1197,24 @@ else
IF_SM4='#'
fi
+AH_TEMPLATE([WITH_ECC_SECP192R1], [Defined if NIST secp192r1 curve is enabled])
+
+if test "x$enable_ecc_secp192r1" = xyes ; then
+ AC_DEFINE(WITH_ECC_SECP192R1)
+ IF_ECC_SECP192R1=''
+else
+ IF_ECC_SECP192R1='#'
+fi
+
+AH_TEMPLATE([WITH_ECC_SECP224R1], [Defined if NIST secp224r1 curve is enabled])
+
+if test "x$enable_ecc_secp224r1" = xyes ; then
+ AC_DEFINE(WITH_ECC_SECP224R1)
+ IF_ECC_SECP224R1=''
+else
+ IF_ECC_SECP224R1='#'
+fi
+
AC_SUBST(IF_HOGWEED)
AC_SUBST(IF_STATIC)
AC_SUBST(IF_SHARED)
@@ -1193,6 +1225,8 @@ AC_SUBST(IF_DLL)
AC_SUBST(IF_MINI_GMP)
AC_SUBST(IF_SM3)
AC_SUBST(IF_SM4)
+AC_SUBST(IF_ECC_SECP192R1)
+AC_SUBST(IF_ECC_SECP224R1)
OPENSSL_LIBFLAGS=''
diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
index 7e857f80..ebcced65 100644
--- a/examples/ecc-benchmark.c
+++ b/examples/ecc-benchmark.c
@@ -314,8 +314,12 @@ bench_curve (const struct ecc_curve *ecc)
}
const struct ecc_curve * const curves[] = {
+#if WITH_ECC_SECP192R1
&_nettle_secp_192r1,
+#endif
+#if WITH_ECC_SECP224R1
&_nettle_secp_224r1,
+#endif
&_nettle_curve25519,
&_nettle_secp_256r1,
&_nettle_secp_384r1,
diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
index 3f858833..df608ffa 100644
--- a/examples/hogweed-benchmark.c
+++ b/examples/hogweed-benchmark.c
@@ -410,6 +410,7 @@ bench_ecdsa_init (unsigned size)
switch (size)
{
+#if WITH_ECC_SECP192R1
case 192:
ecc = &_nettle_secp_192r1;
xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
@@ -418,6 +419,8 @@ bench_ecdsa_init (unsigned size)
ctx->digest = hash_string (&nettle_sha1, "abc");
ctx->digest_size = 20;
break;
+#endif
+#if WITH_ECC_SECP224R1
case 224:
ecc = &_nettle_secp_224r1;
xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
@@ -426,6 +429,7 @@ bench_ecdsa_init (unsigned size)
ctx->digest = hash_string (&nettle_sha224, "abc");
ctx->digest_size = 28;
break;
+#endif
/* From RFC 4754 */
case 256:
@@ -864,7 +868,9 @@ struct alg alg_list[] = {
#if 0
{ "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
#endif
+#if WITH_ECC_SECP192R1
{ "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+#endif
{ "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
{ "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
index ff4f7233..f852d813 100644
--- a/testsuite/ecdh-test.c
+++ b/testsuite/ecdh-test.c
@@ -159,6 +159,7 @@ test_public_key (const char *label, const struct ecc_curve *ecc,
void
test_main(void)
{
+#if WITH_ECC_SECP192R1
test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
test_public_key (
"(P,0) with secp-192r1", &_nettle_secp_192r1,
@@ -188,7 +189,9 @@ test_main(void)
"293088185788565313717816218507714888251468410990708684573",
"149293809021051532782730990145509724807636529827149481690",
"2891131861147398318714693938158856874319184314120776776192");
+#endif
+#if WITH_ECC_SECP224R1
test_dh ("secp-224r1", &_nettle_secp_224r1,
"1321072106881784386340709783538698930880431939595776773514895067682",
"6768311794185371282972144247871764855860666277647541840973645586477",
@@ -198,6 +201,7 @@ test_main(void)
"24223309755162432227459925493224336241652868856405241018762887667883",
"8330362698029245839097779050425944245826040430538860338085968752913",
"24167244512472228715617822000878192535267113543393576038737592837010");
+#endif
test_dh ("secp-256r1", &_nettle_secp_256r1,
"94731533361265297353914491124013058635674217345912524033267198103710636378786",
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
index 46fc2738..aa44adb5 100644
--- a/testsuite/ecdsa-sign-test.c
+++ b/testsuite/ecdsa-sign-test.c
@@ -74,6 +74,7 @@ test_main (void)
if (test_side_channel)
SKIP();
#endif
+#if WITH_ECC_SECP224R1
/* Producing the signature for corresponding test in
ecdsa-verify-test.c, with special u1 and u2. */
test_ecdsa (&_nettle_secp_224r1,
@@ -86,6 +87,7 @@ test_main (void)
"d16dc18032d268fd1a704fa6", /* r */
"3a41e1423b1853e8aa89747b1f987364"
"44705d6d6d8371ea1f578f2e"); /* s */
+#endif
/* Produce a signature where verify operation results in a point duplication. */
test_ecdsa (&_nettle_secp_256r1,
@@ -99,6 +101,7 @@ test_main (void)
"53f097727a0e0dc284a0daa0da0ab77d"
"5792ae67ed075d1f8d5bda0f853fa093"); /* s */
+#if WITH_ECC_SECP192R1
/* Test cases for the smaller groups, verified with a
proof-of-concept implementation done for Yubico AB. */
test_ecdsa (&_nettle_secp_192r1,
@@ -116,7 +119,9 @@ test_main (void)
"a91fb738f9f175d72f9c98527e881c36"
"8de68cb55ffe589"); /* s */
+#endif
+#if WITH_ECC_SECP224R1
test_ecdsa (&_nettle_secp_224r1,
"446df0a771ed58403ca9cb316e617f6b"
"158420465d00a69601e22858", /* z */
@@ -132,6 +137,7 @@ test_main (void)
"d0f069fd0f108eb07b7bbc54c8d6c88d"
"f2715c38a95c31a2b486995f"); /* s */
+#endif
/* From RFC 4754 */
test_ecdsa (&_nettle_secp_256r1,
diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
index 8d527000..1fa69f09 100644
--- a/testsuite/ecdsa-verify-test.c
+++ b/testsuite/ecdsa-verify-test.c
@@ -81,6 +81,7 @@ test_ecdsa (const struct ecc_curve *ecc,
void
test_main (void)
{
+#if WITH_ECC_SECP224R1
/* Corresponds to nonce k = 2 and private key z =
0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and
hash are chosen so that intermediate scalars in the verify
@@ -100,7 +101,9 @@ test_main (void)
"d16dc18032d268fd1a704fa6", /* r */
"3a41e1423b1853e8aa89747b1f987364"
"44705d6d6d8371ea1f578f2e"); /* s */
+#endif
+#if WITH_ECC_SECP192R1
/* Test case provided by Guido Vranken, from oss-fuzz */
test_ecdsa (&_nettle_secp_192r1,
"14683086 f1734c6d e68743a6 48181b54 a74d4c5b 383eb6a8", /* x */
@@ -108,6 +111,7 @@ test_main (void)
SHEX("00"), /* h == 0 corner case*/
"952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */
"ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */
+#endif
/* Test case provided by Guido Vranken, from oss-fuzz. Triggers
point duplication in the verify operation by using private key =
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 76aa5563..5b7c7deb 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -2230,8 +2230,12 @@ test_dsa_key(const struct dsa_params *params,
}
const struct ecc_curve * const ecc_curves[] = {
+#if WITH_ECC_SECP192R1
&_nettle_secp_192r1,
+#endif
+#if WITH_ECC_SECP224R1
&_nettle_secp_224r1,
+#endif
&_nettle_secp_256r1,
&_nettle_secp_384r1,
&_nettle_secp_521r1,
@@ -2355,7 +2359,8 @@ test_ecc_point (const struct ecc_curve *ecc,
}
/* For each curve, the points g, 2 g, 3 g and 4 g */
-static const struct ecc_ref_point ecc_ref[9][4] = {
+static const struct ecc_ref_point ecc_ref[][4] = {
+#if WITH_ECC_SECP192R1
{ { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
"07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
{ "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
@@ -2365,6 +2370,8 @@ static const struct ecc_ref_point ecc_ref[9][4] = {
{ "35433907297cc378b0015703374729d7a4fe46647084e4ba",
"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
},
+#endif
+#if WITH_ECC_SECP224R1
{ { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
{ "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
@@ -2374,6 +2381,7 @@ static const struct ecc_ref_point ecc_ref[9][4] = {
{ "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
},
+#endif
{ { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
{ "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
--
2.48.1

334
nettle-3.8-zeroize-stack.patch Normal file
View File

@ -0,0 +1,334 @@
From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 24 Aug 2022 17:19:57 +0900
Subject: [PATCH] Clear any intermediate data allocate on stack
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
cbc.c | 3 +++
cfb.c | 13 +++++++++++++
ctr.c | 4 ++++
ctr16.c | 2 ++
ecc-random.c | 3 +++
ecdsa-keygen.c | 2 ++
ecdsa-sign.c | 2 ++
ed25519-sha512-sign.c | 2 ++
ed448-shake256-sign.c | 2 ++
gostdsa-sign.c | 2 ++
hmac.c | 10 +++++++---
nettle-internal.h | 5 +++++
pbkdf2.c | 5 ++++-
pss-mgf1.c | 5 ++++-
pss.c | 4 ++++
15 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/cbc.c b/cbc.c
index 76b6492d..b9da3aa0 100644
--- a/cbc.c
+++ b/cbc.c
@@ -128,6 +128,9 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
length - block_size);
/* Writes first block. */
memxor3(dst, buffer, initial_iv, block_size);
+
+ TMP_CLEAR(buffer, buffer_size);
+ TMP_CLEAR(initial_iv, block_size);
}
}
diff --git a/cfb.c b/cfb.c
index b9da3159..b1b01b9e 100644
--- a/cfb.c
+++ b/cfb.c
@@ -83,6 +83,8 @@ cfb_encrypt(const void *ctx, nettle_cipher_func *f,
/* We do not care about updating IV here. This is the last call in
* message sequence and one has to set IV afterwards anyway */
}
+
+ TMP_CLEAR(buffer, block_size);
}
/* Don't allocate any more space than this on the stack */
@@ -115,6 +117,8 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
f(ctx, block_size, buffer, iv);
memxor3(dst + length, src + length, buffer, left);
+
+ TMP_CLEAR(buffer, block_size);
}
}
else
@@ -160,6 +164,9 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
f(ctx, block_size, buffer, iv);
memxor(dst, buffer, left);
}
+
+ TMP_CLEAR(buffer, buffer_size);
+ TMP_CLEAR(initial_iv, block_size);
}
}
@@ -196,6 +203,9 @@ cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
pos ++;
}
memcpy(iv, buffer + pos, block_size);
+
+ TMP_CLEAR(buffer, block_size * 2);
+ TMP_CLEAR(outbuf, block_size);
}
void
@@ -235,4 +245,7 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
}
memcpy(iv, buffer + i, block_size);
+
+ TMP_CLEAR(buffer, block_size * 2);
+ TMP_CLEAR(outbuf, block_size * 2);
}
diff --git a/ctr.c b/ctr.c
index 8c6b4626..217d1abb 100644
--- a/ctr.c
+++ b/ctr.c
@@ -137,6 +137,8 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
f(ctx, block_size, block, ctr);
INCREMENT(block_size, ctr);
memxor3(dst + filled, src + filled, block, length - filled);
+
+ TMP_CLEAR(block, block_size);
}
}
else
@@ -173,5 +175,7 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
INCREMENT(block_size, ctr);
memxor(dst, buffer, length);
}
+
+ TMP_CLEAR(buffer, buffer_size);
}
}
diff --git a/ctr16.c b/ctr16.c
index d744d2a9..ec0abd72 100644
--- a/ctr16.c
+++ b/ctr16.c
@@ -102,5 +102,7 @@ _nettle_ctr_crypt16(const void *ctx, nettle_cipher_func *f,
done:
memxor3 (dst + i, src + i, buffer->b, length - i);
}
+
+ TMP_CLEAR(buffer, MIN(blocks, CTR_BUFFER_LIMIT / 16));
}
}
diff --git a/ecc-random.c b/ecc-random.c
index a7b48d6a..676f5933 100644
--- a/ecc-random.c
+++ b/ecc-random.c
@@ -36,6 +36,7 @@
#endif
#include <assert.h>
+#include <string.h>
#include "ecc.h"
#include "ecc-internal.h"
@@ -79,4 +80,6 @@ ecc_scalar_random (struct ecc_scalar *x,
TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
+
+ TMP_CLEAR (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
}
diff --git a/ecdsa-keygen.c b/ecdsa-keygen.c
index 870282b0..05dd827a 100644
--- a/ecdsa-keygen.c
+++ b/ecdsa-keygen.c
@@ -59,4 +59,6 @@ ecdsa_generate_keypair (struct ecc_point *pub,
ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
+
+ TMP_CLEAR (p, itch);
}
diff --git a/ecdsa-sign.c b/ecdsa-sign.c
index e6fb3287..e6b960bf 100644
--- a/ecdsa-sign.c
+++ b/ecdsa-sign.c
@@ -68,4 +68,6 @@ ecdsa_sign (const struct ecc_scalar *key,
mpz_limbs_finish (signature->s, size);
}
while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
+
+ TMP_CLEAR (k, size + ECC_ECDSA_SIGN_ITCH (size));
}
diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
index 389a157e..52a46ea5 100644
--- a/ed25519-sha512-sign.c
+++ b/ed25519-sha512-sign.c
@@ -38,6 +38,7 @@
#include "ecc-internal.h"
#include "sha2.h"
+#include <string.h>
void
ed25519_sha512_sign (const uint8_t *pub,
@@ -61,6 +62,7 @@ ed25519_sha512_sign (const uint8_t *pub,
length, msg, signature, scratch_out);
gmp_free_limbs (scratch, itch);
+ explicit_bzero (digest, sizeof(digest));
#undef k1
#undef k2
#undef scratch_out
diff --git a/ed448-shake256-sign.c b/ed448-shake256-sign.c
index c524593d..01abf457 100644
--- a/ed448-shake256-sign.c
+++ b/ed448-shake256-sign.c
@@ -39,6 +39,7 @@
#include "ecc-internal.h"
#include "eddsa-internal.h"
#include "sha3.h"
+#include <string.h>
void
ed448_shake256_sign (const uint8_t *pub,
@@ -63,6 +64,7 @@ ed448_shake256_sign (const uint8_t *pub,
length, msg, signature, scratch_out);
gmp_free_limbs (scratch, itch);
+ explicit_bzero (digest, sizeof(digest));
#undef k1
#undef k2
#undef scratch_out
diff --git a/gostdsa-sign.c b/gostdsa-sign.c
index 892c0742..a7e0c21d 100644
--- a/gostdsa-sign.c
+++ b/gostdsa-sign.c
@@ -71,4 +71,6 @@ gostdsa_sign (const struct ecc_scalar *key,
mpz_limbs_finish (signature->s, size);
}
while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
+
+ TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
}
diff --git a/hmac.c b/hmac.c
index ea356970..6a55551b 100644
--- a/hmac.c
+++ b/hmac.c
@@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state,
{
TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
TMP_ALLOC(pad, hash->block_size);
+ TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+ TMP_ALLOC(digest, hash->digest_size);
hash->init(outer);
hash->init(inner);
@@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state,
/* Reduce key to the algorithm's hash size. Use the area pointed
* to by state for the temporary state. */
- TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
- TMP_ALLOC(digest, hash->digest_size);
-
hash->init(state);
hash->update(state, key_length, key);
hash->digest(state, hash->digest_size, digest);
@@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state,
hash->update(inner, hash->block_size, pad);
memcpy(state, inner, hash->context_size);
+
+ TMP_CLEAR(pad, hash->block_size);
+ TMP_CLEAR(digest, hash->digest_size);
}
void
@@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
hash->digest(state, length, dst);
memcpy(state, inner, hash->context_size);
+
+ TMP_CLEAR(digest, hash->digest_size);
}
diff --git a/nettle-internal.h b/nettle-internal.h
index c41f3ee0..62b89e11 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -76,6 +76,11 @@
do { assert((size_t)(size) <= (sizeof(name))); } while (0)
#endif
+#include <string.h> /* explicit_bzero */
+
+#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
+#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
+
/* Limits that apply to systems that don't have alloca */
#define NETTLE_MAX_HASH_BLOCK_SIZE 144 /* For sha3_224*/
#define NETTLE_MAX_HASH_DIGEST_SIZE 64
diff --git a/pbkdf2.c b/pbkdf2.c
index 291d138a..a8ecba5b 100644
--- a/pbkdf2.c
+++ b/pbkdf2.c
@@ -92,8 +92,11 @@ pbkdf2 (void *mac_ctx,
if (length <= digest_size)
{
memcpy (dst, T, length);
- return;
+ break;
}
memcpy (dst, T, digest_size);
}
+
+ TMP_CLEAR (U, digest_size);
+ TMP_CLEAR (T, digest_size);
}
diff --git a/pss-mgf1.c b/pss-mgf1.c
index 3f5e204b..3644c642 100644
--- a/pss-mgf1.c
+++ b/pss-mgf1.c
@@ -66,8 +66,11 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
if (length <= hash->digest_size)
{
hash->digest(state, length, mask);
- return;
+ break;
}
hash->digest(state, hash->digest_size, mask);
}
+
+ TMP_CLEAR(h, hash->digest_size);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
}
diff --git a/pss.c b/pss.c
index d28e7b13..8106ebf2 100644
--- a/pss.c
+++ b/pss.c
@@ -77,6 +77,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
if (key_size < hash->digest_size + salt_length + 2)
{
TMP_GMP_FREE(em);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
return 0;
}
@@ -111,6 +112,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
nettle_mpz_set_str_256_u(m, key_size, em);
TMP_GMP_FREE(em);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
return 1;
}
@@ -194,5 +196,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
ret = 1;
cleanup:
TMP_GMP_FREE(em);
+ TMP_CLEAR(h2, hash->digest_size);
+ TMP_CLEAR_ALIGN(state, hash->context_size);
return ret;
}
--
2.41.0

486
nettle-release-keyring.gpg Normal file
View File

@ -0,0 +1,486 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQFNBFDrIWMBCgCyyYoTAD/aL6Yl90eSJ1xuFpODTcwyRZsNSUZKSmKwnqXo9LgS
2B00yVZ2nO2OrSmWPiYikTciitv04bAqFaggSstx6hlni6n3h2PL0jXpf9EI6qOO
oKwi2IVtbBnJAhWpfRcAce6WEqvnav6KjuBM3lr8/5GzDV8tm6+X/G/paTnBqTB9
pBxrH7smB+iRjDt/6ykWkbYLd6uBKzIkAp4HqAZb/aZMvxI28PeWGjZJQYq2nVPf
LroM6Ub/sNlXpv/bmHJusFQjUL368njhZD1+aVLCUfBCCDzvZc3EYt3wBkbmuCiA
xOb9ramHgiVkNENtzXR+sbQHtKRQv/jllY1qxROM2/rWmL+HohdxL5E0VPple2bg
U/zqX0Hg2byb8FbpzPJO5PnBD+1PME3Uirsly4N7XT80OvhXlYe4t+9X0QARAQAB
tCROaWVscyBNw7ZsbGVyIDxuaXNzZUBseXNhdG9yLmxpdS5zZT6IRgQQEQIABgUC
UO+4OwAKCRCRWsxFqPTC/VJ2AJ476S2rmYBjmVkDeUD8jqEAoiTazgCfQvldeNG9
0cjFjkdJU2ZGfKIi32eIRgQQEQgABgUCUu+lQgAKCRCBP+g6dJdIJHrvAJ9X3GhH
fPtxjAJNuKmEbELLIF9yGACg0B7IAguP2w4FzvEBB+nwyg0YfR+IRgQTEQgABgUC
UvTduAAKCRCl5JmPpsyF+2FPAJ94GdVamtip6qD4VGP5gmsvMOpTbQCghDnaG7dI
00yYHiArAVuHqs9W9umIXgQQEQgABgUCUu66wAAKCRAyCarWkNOa0bTTAQChJitT
Ico+A99v3AqjSGnQavQT7+6XBZWcRJIf3zY3VgD/aDsmZwtWmVTZIwNzwol37ERj
RkXbxAyBXwru9v/ivzCIXgQQEQgABgUCUu9apAAKCRACWrAQaxfqHr0QAP4jFQbV
jzSY1+3b7ujNkA9p+4fXQn+BiwLy10rFU7BtCQD/UwWRwl/uw49eX7+aKWYJXt5u
Z0hhFMP2KMWiOz/KXtKIXgQQEQgABgUCUvQNRAAKCRDJ8LaXneN+1AXXAP9adCRf
DSWgN8p62AGtCOjTHNtuxZayYHD4OcrOoenN4AD/f3fnuR/uULcYvdkDuHXDP7ob
5dDuqMgTNqBaa5nJUe+IZQQTEQoAJQUCUwDn+x4aaHR0cDovL3d3dy5nb3RoZ29v
c2UubmV0L3BncC8ACgkQtHXiB7q1gikVmgCglC90w/dZfmB//263FOW/I18/t0MA
oN6Hx7doF3NvvCDpeCAqQPRFPitUiGUEExEKACUFAlMA6AYeGmh0dHA6Ly93d3cu
Z290aGdvb3NlLm5ldC9wZ3AvAAoJEJSP1qDhD1Auyx4AoP5JnZHPOCnHAO6jGMMl
4xfOoABUAJ0eYzrHNG/Ei0yzyyGdKdgiTW/GK4kBHAQQAQIABgUCUu693QAKCRAx
fqbGmBxOSD+LCACSqW/pB1BEaEPkxmJhkZgex06SqOAJza2Q5exmN/Nk1Wh/ZbTL
DAgjq3zntQVqttrSxDCItOWB20vsnBS5xaQb7TwxV4oLrhxmqUktDXyWTrBE3qpL
rq20tx5L0l9HbClvnYkxeBlojGQt5m2KwdKUnTWE5GrxvkDTRLonKnL3nXDvlTOJ
QV3Dez6wlEqBYYj/fntw6eH8k1Gz7zYW2hrNZ7uzhlI4FYEThQv8mXrxp1TW8E0q
l9ub7Cv+X0ljbhC7cXIcOcvtGesXduYACwGgHcUeiR85QdyFVqoMrMSlUqaxEbP4
1Tt0p4KDy5slR0OIoSJ0ayzFCJjWxZ/sYRj9iQEcBBABAgAGBQJS8m+gAAoJEEH6
0dUhuUq5UZoH/3e+Xtg1CTT6P5XndYxT/E5WKUSBLZt/7YRzPe5WY7gov32hXk7e
7ThGGamQcvUpfcFaGqW86x+Pi+7e7e1A2VUaGRyvoCRZslOs5/PsGu6/8QXiQjJW
+EUtEiiq+xh/ci++bHDIgo1/QzVAlpODwYlEgEvbV+N97Tcol0Ikp+4HWjNdXyn6
0JYPcHmLE6cEAOuuKgOr0euWa6/1SINEiTtAhqim0zsWMzb/ry2rtZzkE0tisDq/
fDDxAmqRuTrs51yRpmHobnZBMT1cDDuNplXqh9Q5YWRncesDSQEYyiy1Ffaq4TvA
6webey/0Ns56YkX45evtMJrTWLaKLzTIzgKJARwEEAECAAYFAlfvfZ8ACgkQcdjx
/zaMZne2TggAnYDb1+f5WiTit1fJIyuT0nCdFEjKc25a7qGpkXMfCW/6k0Jxp7Zp
0ayDgOikLixF6tnfkET9chXOCqKK2av81QQAsWCCJUTcmeuUlqJXuOOITmjbSAda
pbDWAF6Bsi25ofBSLvJPJ5R3DtoVdq0sp0KaL0ruBGJlbjhctAIvhO49BobfYOV7
7MFWqo4ZJGBIaNmy/rQO/aZ0tPA5Nw+2sI7N2dR2K8Wf9lrl8UijCcZJdZpP8mIC
yvc2xCECWtBrB7kbgBQ9wHi4luPi1Efm/4ug+P6YN2XrpmGb5gfZ87z1Pzwq60lo
hDLRn3lfRICiCqvvvjR/Je5zSmzFtB4maYkBHAQSAQoABgUCUvfMxwAKCRDf0n/3
9qDzEhUqB/9JfDebTUKfH+20MjOovr8qVlTirtOlWneR3tBfH6kODfWhFXZInCL+
GEhVZJ2vNNT4BTEHdvjfavag5hFTEgDJWUIeDv+Cvp67BSfo2s55ONQN2rRy3RJ0
l3XD1w52MOlrHqAzkfCqC37HlwBBgWk5Xc5/qTdLuyhyu+UfqEhnmxiJL4C9hoxg
o8h95UQO5qWD8zPSLZqELsmckezIAgy0DMqL31U+LXeQ8w/Ua2XoJFkDMOWybYPI
7CwbBvA/J9UiNInG98ds3jN5wWO+sYoMV6LoYIEivWGoCqn/tXs+PM6zYVLrk4yK
Gdpz4n/X/MZ3RTkaZNxuHfZbnP3Br0V4iQEgBBABAgAKBQJXXJ+ZAwUCeAAKCRDw
S2N2CHpewYvXB/4ywSL4+7Fakso++EzrYAbi1KP0f1GiTBA4SjdCR5IC01/+fNg3
aqMWcebY5Oyeh1gUAnfF0tyPVFid4ZKbUbIMDCJK9hd4TYyp5qJ6t2T6hNT69BkN
cU+BHU9uA8VYODUMNnvzrrltPvQm8av0qcuBcB70+zJdZsgELDS2AODV2PLkzZgX
dH2ROpNLKMdtfM1k3JKewvEQOPK0OlhAYNcsu95mHeeisv/HHhNZiUlgqNUdpp4N
sGYosMRDnXTyWaUS3Is6a5xIRUWllBV50imMd+AoEoIbwNloDeh9cmv0O7+rYCb0
+jEKkzd2a4WEJDLy49iQf8pfiwKZVceTuuSGiQF+BBMBAgAoBQJQ6yFjAhsDBQkS
zAMABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDzWZ/4KMZymKptCfwOG+kx
Oaj1olo9JK4lAUpqcrN6lM/d4Eehbe8Nn+O/Cibs20mnb8p9Lj3Jz9ugBkzkKu+U
YbYAiYHWG70aHE45TIfYzl+fOB8fIYv0Eq6QkmDJ4+nUCm7tGECBY2cfID3mL8xv
Ld+BQjRM2dPUUGasv7pEcjffS5MBLj+BVquPOm+3aYL+xgvkh5WXDHKOlVvBSzk+
yjGpR9OnJnYRT6xUmACBw7twrGIQvJJyEFffV856PynkpBMJKrWAznc9MeB1nTsB
65dktl+hMdat0EV3KvOBGEMB89lhBmj0e1Xe+j+SdcIhzeq8DuHsX4LEck73OjQ0
D0xapqAs8Lj74mJOiTZx6/ROU5C0+5QJxEhITC8siBv+1MKYLuQu9SDGk6TqX/Ax
FPTVP87sYB6DGigWWnmCrNEturNc8BjpUF9E/YkCHAQQAQIABgUCUu+hmgAKCRB4
kQzEU7yhDhRpD/sGaJwM5uV6ngy53C4emTE5NbkWF8e+UhG2GhdXrEhIgR1HkPY9
X+tZwTZH4xrbzVax1ejeNzg3QM/2nCvxQoijzqaklCu4YKYut/cJmRUzMywRrSdx
42ty4rKctLSYlwM4CsQzFbqpJWP4szW/Iipnj876zT5GMRvDGyPLrdAG1YYiZBFn
1gzQCVbH2+gFokhWvyRTubt7c2X9Nw0TX/o+1yB5VjRBEwGWgoE56VrLosomGZ+I
EdRdWr5Ax6iProEfrD0nY/zRB+AQREPQIaoYVJA1MJOgyZLgSCJR6Eb5mERr7aIy
0jQ6QKbDPvaOJq/UxIPgDh2bZPmpMu8MpsEuZgh4yo/GSsWBiJLz8632j8ReGYCa
Art44jGkGfv9qIAnEYmnxsJ6UZ592PLdhEYh2rgDJ7fMwcZ8A4AowwChy2ezRx+v
Q/dUlkNq6EF1t/qEzeY2IJoeNzV/9Wpou1M98cnIAh2kuameFIpYarAmbpsPs0V3
IBhwqLthaRXQkRas/yO+21TMGIXKTCUcZwxpdceoGu+IZvaGdXhem/GBdU/ls2Oj
JSVt5CwioyjxrZsRS3cSK6xdhHCWiCOFH8+LSLc8663pySqIOEH1lELRVhAzbZV/
XvAmmRcQbzxwemYxuejlonFnYLFhNRyoxJzkCOTEf8Wtj2GtjYVWxBXy44kCHAQQ
AQIABgUCUvCdhgAKCRDbPna3qIpeL4ZAEAC4R6NIoHNwnhQPbUB6Wsk6bmguSoLj
MSjNgJJPqSrYc3E9g4F4oJtLkZDX6drp8DuYyitWUn7MeAXHyXjnHViCW/DOq++0
Oo21k1jUjvH5OYo4KMC735sVDKYtMzECMiVasnVYEONWW1Gt/P7ozYdErNyu6drE
/ocUPklIJ+RKTS/EZBgqiqX4jWES71TGPH8oT8UtVzris5KG+/0XPby51uV2GOKO
p0xeCAld0+cnOVqZDb8ptiyo7jnj3Z72548It2G/1/jrJ6ksvkiZojtYvtteOouj
6VgPuOSg4cKQj4ayrupIA+/t4/pK2lfJg5PLDtNd7Z52PxLb3J2URPyNk89UMlUE
cjMgvZujBh3zI7cl3UU4fHD9QrQvnegFysavck+bUTMbU6NWKAWxTqFWU1xHIfD4
wnoF8bDAUGCsLCwfyOTs+sZZD5CJVp6XgTMrcg4gnhTFnWeBLnFiQBxrPwdOYrRe
ROv5peODkzjp3iPMdiOTHQfAcbs/jZbpuzTyr4gw5U1oWfpyAEC/rui91J0UB18i
571S4Ai9SuF4t8byqpo6fxhaO/661HnDcomD2HRrlG+jfhKmwwF2NOxz38jDDblh
UnNmBVU/EYXdP9dfKRn3w3iLUinsNIbgGIEj6T+rVi4gEauNMxqdaiqvV7uc6trJ
B1eBrOwG9Bo6zIkCHAQQAQIABgUCUvPnPgAKCRD2iB6QiKkfo7i5EAC2KwD94lhY
GyfgXSb1SOx/I7jYFPNHIZbQB8GefAtmjCJF4aYpD7bGw2Ferc+zpseiblEQEmU9
Ut3PIIOgqdq+/dXRbmQ5zAkKExvvles2uZ53ISSRz+S3qK0PRydFkrAQ7yYwAKBo
jGLrEImpVl8BZNO2SiY2xArYVvUI1sIG8zvamuvr764Kh36IklS8CfQvzOHA3mYI
mwAKX1i0p9VhVoVSMk1mv/NO+p5H79ZmI53YsBJwyWQ0xMu8rGjoKs8YsQtK5SbK
w/U6+MTW1DBHcvG4C7pCuGtRghCpFQQGkPdXw3BsrF9daFCOcv6z0klsRSZbjlvA
3qPizhXtWY/RR0UoYzdxfisW+RcUF5C1uijrTqHWP4z6iyKY0f86rZmvxMeiH643
sDqiogunMw/DlY1pK3hDMgg5Ce1u0CNxAZcBJkbN0blkOCOlnnyW+hNyNBRxc1Tr
RsjhAQHpRSE4j3hhesKv8+JnmnMkHmqKnoE7csFuued4WcejbjYE3ynEglDLC3jd
8K+Cg1yUc1TzJaPiYDmNOK1jCJwy5M1osQ2c0oUVdSlmXwSa9jU6NcVuMoj9FlCB
7/zIZemkZ5wlTRPuFLRtnijmyjW+V8hKl9ulfnZoh/wVzkxtUnGEizy9sK9wj58j
VHBW0RyeKIN4Xd7Q/QD0zZEs5Z//ZPAXJokCHAQQAQIABgUCUvUCSQAKCRCrocsw
6Zejr4XxD/9azzHC1w9X5PkYyyXL43+87YIkElhri4g8le+q9WknXU4JWid4n4gN
luU9bsXK31f/+eI2BVyKxBXNl/CTb73Sq8Tqt0Ynp8C0xcuRIib8dH/x2Mb92PeY
n8XHSgdnMsjFZc/VNXQGE12+Qd103Zy5tjqsiKSPXoDNS28Zere/sRdT1YHnHMoF
JwPM+SuTDy+CXN7RVozT8gnLBHegPEisZMq7bDx/wT4UerBGWGPGKMAkFoRM3W3b
U5/xFsWD8A7Uv1IdiB6E2kqfzdlStrTXAi3GwbVCZhZYsqB/UmCQBxwaX9/9yRek
2M/25qy79aZtrpGpMEJc+wiBvEdrQzWq9C2efDrVeJM6Q3xPKJWTnPvbuKbXjzXU
phbocZ5+M+ih589Kji/eUtlW+U2jOdRFyNJjPVijS8FU3+6UNxmT8F7gHIiVpNt9
YvqD9+PsVQc0f5QsROGYZ31dGTyee7UG8XdKf2eBYV5i5Nz/z9X0peascBP3zJy1
Tg6rfD3hMggIL54pL8ShDsJOOWXdoqwzFdsRjqAq/TNeYQBZFAJMR6/1vlRsJ6b3
jacBDBA8EQ0NYOZL5CMFtxU4HD81/Tt2389P25klOSl8Iswl2tXw885hvG/pDWGH
LMTeLX7n+PoxkemViyMtg+Cn7NrrVGVfVpibjhWJtVI+g8a8vPvpM4kCHAQQAQIA
BgUCUv+BFwAKCRDmbmdsCUlMFErBEACWzWArLyyNdbvzWJFUDD6Dys4fUaqJ7tPC
90CQ/nli8Q4SC8wJjnjiCWbjwdHpRRlFyyP061VfHb40OZnAYLi1WwocXj5XxQ1X
tQlSLGSSYMKzWw6gKJGdtc2qhkTfoyINtekKWo1+ODx/SPfhsQIzXEZO9ymNy6Ss
UcEdcO4ADigHovE7+aBj1It8yw1uNdtTNEVu1nIrUp4aiUsQrx8LDs+DTy9/LtBa
gJDBcWrjuIuQNVX9g8Ul9l+3HvavAJceyzDycARFu9cR3jO1oDtJm8dnq97OM8Z4
TKGTnmsl+zGBY17oIob773qVSWJNB5yMGHoMUOiItpRlaFlZKVd2AwT8ZhsX0yjE
z5sAgSMZmh/Jhueoz3hwub5OnB0YdfdKgeGqpEmbyqL8Oqgq9aZ4lKNmk4uMJiaf
tJzMTQkISoQ0b0Wdxav8ZiHMehr45mUJQSD/rLTzE/WrGjvJ3xDje2oyCkoWups3
WTnCPDdYkae5V1AM5+4vz+V4Mc/0Owxvxr5LMhBj9QaZ7Q4mrZ6p7Sh3GDnXEB26
N15s9rHNMgkkMSoTke4/WphJIlguua5i4WOUw+wOV6sD52R0XUMEdXa6NBvBwAhW
kBxgtsVdkjK8EGRR9wuJJIbLc3OjeJs/Rp6od+L0gEx17F9r8tuDUs9IV9uI7Lx7
fJG9uYziTokCHAQQAQIABgUCUv/N6QAKCRDJbos5REp+x/SXEAC6uhJVKk1qd/L1
A9p/xH8kp28b5bokWHO5Im1Bfu7IQeJcD/SOs0hyUvAB1Of1boHJBehtcOikFQLP
Y9d6airkAQ3I4/BX+ezEeZJdzbfVJDckESXHYkF633TtGE+n+udVr03JO+ZJic4U
uIYOJ4HRdiUTnN5dkIL61uioPHW5GknayRSAfk7NhOyo5Vot9YauSe3woAdhzKyd
7oWNKhuipCyObHxE3ICpYWrOdDy0mQh9livf3ebp3ltpXKASdd2+F3VEIUPdO11v
K5J/rFWoD7Ume4V7Hz3KUJ8wQuSXXS1prcsW6uFC8A3BcFIyq2c+vx4pj4KuicBW
rNIuZiYf9YKRYSEdc/Kwr0PE3qkxBogvsXcWCYMC9mWMKVhpFSyzEgaDoXg178Ab
oVhQQdLN5rtw/pJ4nLHEw8u3+akqc09sk6mqf9GPSlaXURSGzl8Af+yrXlYJ2z26
Is8pdny5VDoBOlAaDNcbDtaPUUJxJSjXbPU0guhTa6EvLNvANhLUJ1hW2y1C9Kyq
eeeFkI8ttPbHGD+/d8T3fMNBBE6vMxBFEw/6qZv4/3zLV5gjCGeakXpwmOP7makK
ofqtXJhM8MVL57AAuDVlkh5jKWq1tdC63bVnSo8+2fcpVaMB8k86mMNq9UhFYGkC
SAZsjjwFHiy/XzHtTR9/Uhe/PMt0o4kCHAQQAQIABgUCUwp7CgAKCRAJllHuZTow
Chh4EAC38nWflaXvyRp4KjW0uv1LZ3g06EX9GLj10JQ4Ip47q6//XzPNYcw414+v
Z4vyh1Sq63dQeL7Zn3Y/rf31jk4pk15sLAkWYKZYhM9MS+1RZiLiHFznDaviSVJF
LOAnxTaces5lfiqqmSw1i7KuyKSgwpP/NZN+BZhRRCSlV7xKUnCI6LDJ+JpREtFn
UQ/9BfV0GTetTsz/y/eTFDBmX5LCeseD2qWf3ejDlawmhaG5fNgPix0mg0xEInlo
2aJTX/t1Tjqr6zOg1AUVTDLrR3fOhIHIQLTSxOg3K+lm1l9oSHDQfUK3rXLXkqqh
fcgD2WttwCNbPNeTN+FambwMtG01Yp0gxbee50WNmvsKeljdPh+ShcvUtkSx3NTJ
YstonOhOI7XL4LBUPUJapDc8HjnINxgqzIueHS/8xNBowHMK/R9Dm8FLizkl8s58
5nqTdU8nuY+P0PdeOZETkkhCZHHWIMibTDwb9AtapmIXepMXPq7W0vt3zBcPQVML
SnQelEDKkqPno4Q2RmPKj7z/6Uckt0nGWVsJupd0CclJxs7GcaGoANfyPeVwSA89
DJgl63zOn+4RgH5TPFMVd8Aa7sUuPSdUcKUKxvCQx3dyaypOnBdryF0OwlngljTV
WZEuFVxWztxy7y3b6ZcQDo54OCMO+5ALCEnjxxxDpeS/ftNd8IkCHAQQAQIABgUC
UwuSNwAKCRCC1SR7gb/ccA/ND/4xt40bAFSKIA5Bc8MxXj2JCeELVoisITndIhj4
E+7FU52+9yQVzPZnxKYND1sHL/2uMZ153KKGJGAW6fkf4ldQStgvIGlPJMnCt5XU
gLE6aEq4HsH+ud9YH7e2UpkQKt2P0pYYQtf9bhGHIw708JtJ39vUV2stdya2o7Em
3SWensfyEtDIPAbvx1A/bIFn2byyCe+4V3UKe76Xa7YiO3alxn2PzAVlm61woctZ
VOkd/kxo2KG5/jw3kclgz+z64wUQD3ahhDt2P6MhbuAMZye4Oc5LCy6YWUgGB3CY
kHv4zFvfJdobCKV9uSDBBJRHANAuxhTvREXnzF7IvQFjXUffb8Kn4oQ5h+Iy2Q6i
7dGyVDBPxcB7euH9kHtsCIbAXzG/1/pxp9+EvHL/k1vU/fye2YJb5h4jBqlbuGqQ
iecb3rSAMGDo0W/Uo2jkFRERoMPxUNHdZ2MjEYYTN0ksnB+GStludBOSouNXzWqu
T4nzhtP4zAICHC6j90Po9iL79l54AVDvzbKeNMvYupZz9irjrFuyYCBKWP+Z2vC1
Q5uQCb+0MGLSnkLGyLb+G1evRcA9GKCeReGeLKGf642iQxDvxMW+Cs0cBNNvjMdw
U5kxTHEXyj/appSDwW/VlWXdkFYE2zw4r1kNfIksq20b9WIzQGCDnctH8TGOJAML
UfTd34kCHAQQAQIABgUCU2ePJgAKCRCLWICvrAIYxyaeD/9fevRzlZBfU9PZ0qfk
SvAmQ2NbBRXKllwiwE9u1YXd58g1S0duaRDNNzwzqSuvFP33nAjFpnZ4oWpBzX7t
xunx4ROOMAFYoqK5cavYcD9WbuOO1p+FJXb7GfOdnkOwakE+EfJSMjuOu+E7jaia
aCy0SkGjSI8xEcqqeh5nKO9+K4IRDWhQHIDu7I8nQ6GwwBCZyw5X/D4fHY5JMbKR
IpaPMLuQZblzXE5qZq/Av7iWGao8Audvczh5kpAQGVctbNV57NWXLwO/4eicOrzC
OxaJJrIjeeYoKY5KNQlAxE9PEisZXbU4Z5ccYuoJI7abQ5+eyWUimrCAzehM3om1
DzFvbATj828fsvrU3oQB16jraPZ/9USfTsvVVzHxDj7+XK9wwE0rgf9/Qy0eVnV8
fOSI3I+spu6im2K3QMbCNqHMwl0mDg5BOb04DtiS2pHZ5xzEeaR1sHcZwYaTWDaD
SDkq+l6JGJmXh+JR/+KwTnDAlWWqBtrfmmCE9ZdcZCtFEUBa/lO/iC1HRt+NT/g9
BH+w42GGWbZiXeS7KdNaWLbA2215hIWnrrFkAL8VJiCSKK/Ix7Es7d/Wa/VHWvWU
RZrYzCcJqwq77OE57sRx6FMhJsyvnhXt4SRf/XTTbP64TfEKhutn4tfTbrHoZ0GC
Gi7dir4+jt/vVpniaP2nk2ULuokCHAQQAQIABgUCU2ePNQAKCRBIBLS8P1Xu+zjI
EACy1yVkGdJNFe0csPfW+SqW+D1GcyqQPs7vvnoMeKcaxepHTGtaF8leRme96FiF
tazbmInmKJE1bPqHUPR5Bkar9slKcU1Gmx54/4LPBxCBE0hOC/uS05Wk3W5NpEcY
2DbVgvA0HQX3BL5YAt5tHRXzafS/qhYYCpoNUCYTNKTOCAEJNVFybHFKPG3hxepv
4tBX3O+oFiGxIg8xkgCs+OLPiffbWkGKlDDe5G3sloEfLXBn1JhxruDK0RrY3rN4
PBM8WNBuhzfR+UW/HEK+tPUAQYn61G3AkFZHwGzICKfhtMtyXP1T3W8NIrJpGWvQ
MP3V39czra69NvbKrrTrfFisKZoqeBsngdhUo1KV76/067viTKc69xfQ/uF4ccZ9
b6dlxY6xASDKtIyFzb7bj32ISggYDHNo94ZZKFhIEKLSQBdTv7fShQsJfNJdVVod
JQEt6s0jipEEoxSjymCviw/PHysY3CNsg3piCQgKiLovGzss+Oc6+t4uAXKhByMq
5OrWJmiphldymURPkiRX1CHo4D4BaLRJGJjFZu3U2XHcY5oCWQIJQZTSOf2SLx/D
buCmw/Hf+jA8btK7p3ph6exIXxG1Dj42YFKYgZuGIaPbWQuYH7JLuSj5V614pBdI
e6jU3Ho+E+fLbrcoPATHxvio1AKlT9iDpSGTspYlO8fdkYkCHAQQAQIABgUCU4oC
GQAKCRBDAE0JZl/Vc3kZEACOe2xr/qvzA3B1F6RjTS6TSgVAm+dxWjA6EHBFAor0
Dq6U0/Ke31m+XOFrknA3AOQKecq3sTUTWrLn2b/s78/1xmp3nRLqWt2mnTiPtYVl
pvj8GVtGcOwgodOub8VKmMTVikztSv3fsa7q7j9aM509n1SNjNZnZG4uQ+7FbGhy
VZFUbPxb2PYDTbP7AFjj9NWqcnVZzQ1TGrhiIV5G947jLkOSngPry8WR1zZO8Tfp
OQsM7C8JDasvh0gh92Ces51YB0JnHeGmorRPGQbUvUU4ebZwQB4WNH5wOaXAkSol
kHzKOF32tPGNu9g6QLzpu7UR8q7atvrYSieVo/JuqAZsy6e4hw1HktSyajtSw2cQ
cuRDFO2VTa8oO+ulMy1fjuUki7jn/gjyYPwAQJyH1w1UBlHWKvDtQWsWkq92xWJ8
Yn1lOS3xiIXBAYPHxnvXZOBulh7xhc2h4nlvavPkOuDRxgINBoS3ja4MIKXII698
0w9t8K/8j/QNJxtsZ/q2Hha1gm6pq/wOOFxKLUD1DZvLMs2Eld8TQBV/Gy730PWm
DAk/PGNbxWQI9nPbdwXxp+WM7W0EOzSxaXjAV5WApc1otBr3ZK+kfGCgKa1dCZWG
ZVMnPX4sF1z62UDA/fLWyMhNKm49sYi00q7Q8t2fmlP2WpfRgAsMHPU+/eHX7uY8
f4kCHAQQAQgABgUCUu7WsgAKCRCL6HmwKHMeHM/tD/9KyMI9QbgAjzqenBjyCYFa
lHJTYTRYYRserhEp1xBkpwkMoTxm4iuNkVZgRuLSj0N1GSfEr8OGdwN6b9hRuKRN
1rfTVbrZg19M4n6hr369fNuMWOnhGY9wZm0gML1JNefn8p2sY+q1QDhBhbC/hZF4
b1HiGMKhczZq9Bvo0XRzUjdHvW55rtxb0grZxUHfo8M4+vbvxwqxpsgdZNjh8TZ4
H3ZqH1ClYBsdP7IBTFhFuUtLqyUdi3mvVhSzR6ioIqjXtJBZnzchoXY4/KsJdBtO
Wn3YAbeZoNws0mTUmgIheLUUDqj/PcLpLnZxbdJ2u8VhJjbX4TQ7uhUN+MfU9VrY
pO08waghSbdsrCkONjDd0E/FG9GWBH52AIUlt2tMw6fHZOlQdGBoxzS4RFB8SCFu
nVW25DJyK/6R4UP4kDE4qv6Grt7ck0lRYj38KtnplrjWfYRTfJssf0acfzuw/wFJ
gd/PNrAXewkROpJwzuFCKpbamj0sEmLfplnCxHilSFhVWKr4rY1auic5iF2GjXe/
fU2Vxvd6l5y9NbTD6msjc6kWHMS3XWtGgE1PivUUrVmxH1DXMjFYT2HOy3dzj8th
s/ima2NQcYTTYvBuJlHCprDEVgLSWFJD2kERNBeG8WPayA+QKYe6jT2TeA+hQ9I2
g8KMul/RAFazXEDhqHa9UokCHAQQAQgABgUCUu+nPQAKCRA4dwaiaZjlxKGgD/9J
cFkHJAAuP3MyVvzz5afT5IUHTGmeDo+KqoLjBz9iAUZeWQGZG43EHnd4HqwdnN57
uFuoPkFjODAjqECHwuU8o5am7GWKZs1zAQgt9nXM/hGRJ4zLRHZv3FbBnhFuP7TT
CbvS0zoxL5OhUhT7wRnmtNql76F3RqC7jA0UxeFVW8BF46Cwo3X1baHMEX8xQ/bh
4g6VW2Y8ErOON+BpNmSPGs7OYrsopS9uO6QanOQk3VWhTVZryxZLtYKoWBzZ2Rzz
+aQdct0jOouN+ZL7V3Xdrp0TjoaAqYx9n98gXgq94gR4j1OtmE7oPLrGtvs1mOZc
otW1GVedaMlwVGXiJbyovJgsnAW7xhsvp0++SOIouviqBjEccuVKmVk+CWNW2Het
CTG9Xg+Npqi959hHaDRMiePPWlkIOr1xclydDFr+yo802NA47V4v4Oc1pcd9tr19
TBMgECrFChx7nMllu47/DipCTnBnysjOf2jWoTXdUNTavzPQtryEmiOM2jt/Yw/R
SzylnnI6ZAS/LrcUEpFWZzfz5+9bft2hv1qs+PTjneTj2KEM++gmtn21l+k090On
iYuhbWGdm70GuU5q83/znKr16gjYBNcnt5Td/j9nz2i1HClTCdUPdYkjZe6P80+i
7fvsAPkrCnJDS3mkFD+ZiSLSz6ogdrOFw+OF1e+rvIkCHAQQAQgABgUCUvAzqgAK
CRB9Ks2vRlPPKDhrEADArFcIXLsYbp3bmllxtyAmqXntuSt+LAwBJZ8HrLuxmtkD
HWD7ByWf9rsAzV35ZsQSmzIXow5dZi66fEZ9MOHTRYAnEaNb4pkJcQbGfI8iKMCv
haffp1rPcj4A/kDcufMSWzGpopqcOF6i/o/JPnpBpExoUKFaBwS4tFr2WUtM0kjT
aOf8AS9o4xCK9+n7NiQqkHcZKMlmSTrU7e/YK4osaJOaBTOCVpLSuherUY0yXMa6
vZM60JBLVu+cApnJRKGX0m9UvFDh+9d06sPywCki2Z3G6pIZo+TpbshdTgYeda+o
EQXMJS6acd6O6cZMrqKTnyNWRIOPi0aM3e3Wwa/bcwITLsgTfmSE9BDmCj6jByqZ
JPKZcXINfMYT4g3pqPHDTae0jLrZTOk15UvTqzKh2tmQmE3Jw2nHksuTCzgd4CZC
Qwtg1ZSGV+up856L8fR74Q8Q2MhwH9BNJe+ET/vyyREdWLKln4rL8+nve5ucSU9P
tCkx3pFbMkwterqV5uHFB4VvtbIJr+0Zvzh3JFlyBD/oYAPXx2oEGriL6Sfh7O4B
iybQLODZeaIWJ6AcOPwuH1jlX19TXLM4BfU8R4WDbQkGxmXiiZfEjrh7vighzxty
3J389ud+visUc4UuNbVNSV1FYr9AYAgM2bKNa0UN806zEu6grzxQ9vG35rHy/YkC
HAQQAQgABgUCUvIskwAKCRBqbNW3ZWMtOj+9D/sFICkyrr33v0QlbFKFY7543Ikd
nAMJo/XHVMOfeVzezgDR5/mpjrb8wbfLXEpYDqgV6UmLQzBwJlOGtHOyU+uzUmmZ
WWsBQh7EJDREW5OC21XIHbGkIwF4i5iYXJFF0KL403eYGOkphvGg4HPS5D70IIZl
ZAhYe7/bU72A3Nl41U/OZ14w4uDw6EXo+CraNkno6AzmRg/jKPMbrvr6C0k9rwpH
VDoLpppYEY7iD+gcI1FakSFbsUxrKmlYJgDSHsCDj/IYoizBx7W7acykxHUPwzGm
MxwPsNYHnMHIyc357erpbDo4zweKK489gJ94M7pvA9Te0x1PEi+AtgRc23kqIiXx
THycRzJJ5GbpeVoTzbIuQfVGP4O1/iOIhJ8jOSCbeZIK8RU1n8lDt2TSRZRL1n3a
kczsy7BAJAICGBM9R5o1yO5Qi78lOr6D9FWGCCHHyZ0508wypy5luZUTps5ZNy39
6Rk3y4/9Vqx/8YQ3pTQTC2dqDXbP9IOPPAs3zA+fPGqZEKCyUcjD7cxfinH3vQAu
xOdo6ZBppF5QeTTL+UyotRetdeq5p8QfJzZ2dvbxVOzOj6g2tA6iiyw2LtaH6ByE
Go8MLZhDLiAaHLuJF3S/TOg3B70q44EjVqbWLZVRbNdeLjCP+M5hsRSLHXrAfww2
qadD0049UHCDXZ86Q4kCHAQQAQoABgUCUu56pAAKCRB0gmVeMH40UhT8D/438F8+
5u/7HhWs1f95hKMeoOr5Nu0UTh+hTlTEw/752sHdk5XObKsM9T/1nsvdQAra3hYd
qN6MC7oXMM9rD1/9zSpP1BjPLUmULsZEB8oZ/HbUiNxsKp8PWA3MmTIbeaxX/aDl
xR+uo8d1hcRLcle2AYQPgEKG1KRhdYpH62TOjb/QFsP7rxVhOQY99EPG2BzRcMUB
YmiUdoOoWvUF/fdiJ2Brif0/fqq8G7DRtq0FgICxIzahFmtnIv7dOEgtWrAxAqmn
ow5HeXiBv8a+Kjyp0seNfNUQpyb00EHP/f2GpFeHiwg2GZRsrYUAkdrpPYAOC6Se
XgfoBSZn/9eIE/FQh9bSU+8kXmHoMehcfUqUk3SuwFqWknk2IZkPWj4Z11siIFxt
/tNbsoL10V3Hs+ZxeNoXgB90PLH7VmUVqJHBsvr3ha6bwUDXGf5NYA23NQ83k/ls
TenOT0+ZKWFQmyUdJLZ0HtQcjMe11iIk9D+lik2M7n2bvGN0+m41DUu19R4YiQg5
53AeLgclmA/lfW/2isYGnRYgBpK4eCw0SV1xUwzVrbNpNOzJobTHhjLX4ZGdx5iU
wYn0FKloDRtCaDyeeG1pWJuy+wp9DKnpkTa9Rbf0bwX8PHWH+OO4TLKTr+xcOxXP
I593/hj6yh26+AeiDqrbZ5hUKCOLt7EwOr2i3IkCHAQQAQoABgUCUvATOAAKCRAG
BPSQykBVvB9CEACLITF17WyU8rXc8jzmDCiWWWgBOr5r8jJiF7CY6QwWrvTqNh2M
BI/N0Ej015oc0ijRv6fIvmvtLtcjDe3iemAZ7olTuHWvENGMX4QnVJ03cG1MDNiu
qZxQbDckHi5uAyUWHqhFDlVeCr3anA0qYE7R04iozYi0Way9yw7yhiNd1kQ8gDFs
PtQ/J3s2qtL3uklIGvr7XBBK5mATEKU7QQuLuog6pek7uC8lyOmFSN57Q9jpFBt3
yGJEtjZDIJaUpCv1X+Yo9IXsV3i1+u8ZNemsTld1EZfNU4txLasJXL4Xsa7eYwdR
GFn1zjglJOS3lMYBhrlW/kdsMX4HvH1fJJInyc4X0ZQ92PIpzjbaTh261uuXuxbK
VEdcbvAsLhzoLdlt9lqbYrZ8CKDVOIxv8Ia3YvJSieoLydTj2enhq5pG8c4hZSIz
DqoX3WJ2Cw/9paOyBujLHtSYanjySlcI/URyta4IbEjMlBHsgf7KN3AquUPRRw1q
IvbsEMT5pgIShw40Mj3hsIqpSVA50MjbuViY6ilj0TTHwqCUA7UMFv53EJ9728yv
iJcYrs9o7fr3gvl8YCrNrmeUPJEPz5i21jthgufVdGKoA8uT0mzEuJRYein4KOh8
Q2ImFb5B9clTI2R4sLHe/pBm5YHDK+53poMN1hvBy5tM32mIAZV0cwgRfIkCHAQQ
AQoABgUCUx6IhQAKCRA5J42oEJ5iRPQ1D/9nMB6+OLRV2mOg74R1B40e+k2P029e
39yLy4r9a0IhAPJRRjv/8HhjH61m6QD+Yjj96ZkLgbyVdvv3sqeMO2DoKjmOMgis
PLghprJQUfpoZPNTTCq4ULIxS82f7IxoyFC+GdqzpIIvpoRuZWqSlI4IxaGgjpHL
9O5+QS2wuMzMY42EJ8UEfcQItcy9g1Rzv7SB6eSRfFABudBYNgG1OmaANEnV72YO
PMtHu2yDNu/AMEkZQdBjfjUG5pp6Eg3iGzsUrX29s1K9xu5vIsDO54Iuhk+aeeN6
jxu6lfeZFPFo46hSVLRQAJzL3ky8tK2KEr8bt22hiZlbcaQByMnLscwfW5yw9cY7
G8yKxQ8EboIo0pghxic50/li1iJh5iW5Y3i/giTrpNVCGioqshOHR03Lggg30PI+
yJ+cKOzsN+7wR5Eh2LiLlgzlcIbLHy3YCu2GzBQ4VzP++5PAiuU+VFLQ9iW5XVad
RjFPFCg/kU6GvvN6vdldgbZDhhS4lUSSAD1deZKL3DlwJYKuih0oltMD9kYu8Sp/
p6BlZ4qIA42KamH+C6nWekQO7hTvk56tPwK6WxaRnVNgzjb1avXZBO1k/7c9VoiB
BruTsZ25SAG+FqY9EepemOAcRtvB5pLC0B4zKMntml12DYr0Pb5tf+JRRerbPh45
Vj6nfJkH8luVWIkCHAQQAQoABgUCU3xTCgAKCRARRZNK4HrFtaruEACyykSlFW47
Hrkrguzq62A6Wep1WtvCJDUDQLrQTtNGCj1oMcI1G53YaNCX36VFgURCL4rYJqgP
F2H/zD6yQrhEeLYJdcyYN031TI9tRPbag1Q3FFl1PP1hFBniEJ0iPkQlE9U/NdLH
3EOfbfO1AYbs+iAeHO70Co1QNpTQyql+3B5U9DdWt8uz3AFAYxwzzBuIK6Inpj6x
1HvKWTVGSsxeaIoSuJT/TSaqbnI3Ude4E0J0LtIgIxjU8s8UkU3RFNG31CGczENp
R47YN+toEE++mnobKbTa5GjSnkhDp5a/+vZjPCdjyBoUTe+2GDNPDyDF44kcaTv6
oDdnNmAPQY8agGoIKp+zIC/wLszCd3zH9TKCLBu7N0G4Lb+PP/rfdI/TRPw1ut5B
Ylo7T4CNgiT+WftrTodR6XkyAx8L/oJ/soZrLyCMkgDzU4GSgXT1GXZSHLk6VjCV
K7puGqPlmMpWfwh3iaNMI5TizREE4FCxjzMM3N42TBx0xWBwKkisGy2PiqDEwAPs
OB0eZ7GkgkrAR68h/AWvEEQoNIgoxduEdWADXim9en/U404LBvQPmp04m9uclQes
w8AHK6cV6r3Exrc7CSRhVyPUyP7VC1Gsrj+468/E8SkYH8gQKAq1cZNnLTjGWlPb
9Jk1J+SfpEAO9dW+3q6pIwQKf1WCRReV2IkCHAQRAQIABgUCU5OwIgAKCRBgvLtP
XNf573NgD/9DNocnRe3VdfD2fn6csyYVhXQZBkILzFL1i3Nc+8K9qztMYtpjtDnW
J9vWYw4WMT+dpKkiLT64aHrTCUxOsqzoQniReNFfLDDZkk0Oa+z2qr/tDt3ZGClj
XpIaRSj2V6rf3BtjlATxMg1MSGOozr5qsfe/CxCil1JHKQSXvWoKnfeCp/H1sZM7
VFYyiAOFXI0a5YYyHExY6NRBFVQo8HugcBFKElL4JlspdSvm6yC4CAMS7mE9X/Qo
IE0FZ0d9H+7xEwTEnZZGJ8He7iudIHIw2cTJvRGVrlHxJY+UiUJaM/A8R9aQmS4k
mnMwGVt5BVp37gJ7qHjhFRpbqd3KsY3NgMOCjFWlWWb56sGPkDdNE3KTOrv7wNy/
TnN3NDCFoRXLEusIFKSn/jUAbJCIMtP0Z9jR9grtuA73kP8bDf9IJn/gigdYIs+u
0k677rgFQfdykduutc+tUi1H5M5OxApj9CpFF86KzJfC+VcBMV6jpj/JrV+WutBy
gIOMeUgz4iHBoo42pquEz4i/QRXbsoNRrpnQvAIINAN6gZCn028K6yHux+6YoSgd
eHw1xUn5gUFt2lWkO3XcMQT11eEey7ojzeUhnZeBPlnbVv6EJEO/5vHpjWn8C+1U
l4S3Q9VJThQKn1I02PKf21HX0cubshjXjAnjA7JOt3QsxILtGWXWxIkCHAQSAQIA
BgUCUveVrQAKCRBbnqFhZpDPlHxaEADK/1Yqdvt4fPh0bSuUoGLeBP78CAN05glt
bLUpr5X4wx50OI6JnejC98xhoLzg2z1pmjHJY4LeY8eR8xm7+mPiUOLe38CHG9Jl
NOjFBZ5fadSZGJL1B+h7QC4oG6qsepsoGyOvhSna9xM6vuPWjDD3EBxYflt1ac8u
Wt7xPTgK7FJqHobUBdUoViyaaOLQ634c3S4P4nfPnQeZS0gVe8iJYZRsL6O6STX9
N+w2xzMPCgkuYILQOjWeGU35Er6lGa1NaZb2gWhnbo4uw72TEuodL4EY49se51C8
TuKDdvVHRjN4Dg0PttWzZDHqtGU1Zq2vYfV7T2M0+dMVxHRiI/vLOXRk3GfXPLl3
XWRMxMLH0aBe1dY+Dltr0SYr6d/nZKpGUKVG6XLsJSZjsHVo1BpRYoTJ2PolbTd7
ncBI/dHlRf02zcMylvrAGGsaqK/dmXnO/bqZP6i/9hfqBnyXF3W7ODU8iOe8TVjx
zLhlbpE35VLQfyppk57A1DWGUfZ3dYo4V9DT8Gp2ZMqdjA3p8JhggMbfQcOFuan/
wC5cOw5GeLTYjMLYelMmGVeP7TUiwWDUQdb/WzUqF7Zoo7vNb7wJeXbxSoWK9Jwq
IPr5W9y4ei7/IGkSnymQ0/561RUW27dNMa1p+8NWgOF9+qLTNyDIQB+wkRrRRcLe
X2fUOcgZhIkCHAQSAQIABgUCUyGvBgAKCRDQsPXjGtuBmowCD/0bZNpCWiHnzTrb
xrmuPjyyDRfAAWQSwTHuvNKWKUodlqMIRnNCuRHLxoYQDhrZXDP8U5RHDF8Oq8OF
5AwMJWpiXTa2kwew3yXwp/Ioro1MMmHpGf8GfPJ+2zFP40B8v4T1VNYIhsIdsuov
HJv6Oe5cA2KdQUeQ00FTaSGbppy9dF3pn32cTOixU2YJLnDtd9Iq2NGiilKVTDuq
kWillGUHtpU9RS0C/5pN1kqRm3mIPWeVyEmrF4hDsGr2phqwQZzBdHGjIyxViTTb
UlwJnmZUH18N47RGv5F6T80+OtZ7vDahidobR2k/sa1H7cfBb3tiNg4ZIPdyTjSz
dOOZCQxhoXwGIQvp1yPr/G+42lZdeO+3bmRx1LsjVTEny/ht3XGjSn0bTZczQDfI
kQDhPRL3UNWPQr6xeD131HTncYUOOlTg9nn8E2FcX/zR9bIRnxOhzD1SV1WDuBXX
Qqt/06g8idOotGj1/AGYp8/NtnpKMs6DqJrwHSL04Jukq4DZsKS4NcmJE7Z3Q/Rp
0TCLEqAT4zbEyBT+moA4FcHezb3hpWJICs2elXa90dWbzv3tBZElcF9xF98vMqpG
WaFem/tnw9GPxvM39vMBzQ3y1tYzDH6XDknuclZCkxY/ZTFA+kXXTBPLGNv4tRek
UAd3fKnL9Uxq5oqsoErtNZaeaii9YIkCHAQSAQgABgUCUyXdYgAKCRCRgV1nApgq
SqwFEACVYopiSrIwLVzA2OLiQ/BDaIXb4nzh/M/QPv+nl1FQDpFPEV5G/E3qaKvl
JkefbwS1/1pmvwxlTrtI/F/MuP1WtotbVBqU1qEyeAHVXVsoxVzDJXd/07HvYEFo
m1KtXo7Wkky3/IZfrRCuURj2Rc3Df2Nw41KKZUqE++LfQoZjeKLBnY6jIO0MyxGS
Edq1qvUYuYA9kuwmLcwjDfwWV4Yrcgw5Bzk9uB5fOuVoQ6d41vxYAwrZbBb6JImY
rMMSMOSwJ9ynC2bdEUCSCnAUEjCUGJYA2yzK4ECT+zf9FyKxMHDROoWX0HUFOjDU
WKie8Se7ArHhijSShZMPMJTREJYMuctn6/N1FHybi1FLlhJuqGhLWyafIfPq2u/9
WXl2lg0i9SZpnHgXXMir684L+00t7go5sA2LSJ71pFE6hjoM7OuvYvCGTBlZA4XF
FZMDq7q+RDNFkw1UvocAgh7KdarjcZEhkDaIjmv+E33rGDBn/QbXwJFGO8HR2BzM
YoJdfvQTrupoB0Nav/MGl0yRo1oQu9PHyA0Q+NJGewgYVnSsXKborcUtvYfWd4uh
FooYqjbt2X1kRgeDDlXeBXtQKAOPDoFg4hs2dRqZN8LHrIYJ4uncjNkvQwG6qAdC
ce/BJ+J2xA0pC4/+JhtBWju+pwGwxB6FwBtA/NVU0CzRX7BGIIkCHAQSAQoABgUC
UvOycgAKCRBIJckKRXWKIcxSEACDe0fs9tUbgdigsk0tASRBCVV5x3suHOV6AjaB
BLAlWAWe/VFhZ03dpyPpg9J2ZLa3eJhLJcnnpL69SijVjcc2MfG9CHkVHSsZlSUR
BaSKKOuYaj0r+Oz4kBDpFo1XBs39bdXJMeewCy36Y+vHwsfl0usbj5SpzR1y93lJ
gJdn1MRZxewTnOj1YQBu6kevRrhSTqz5YOF2ebIzqALS/iXu1Q7IXzO66sMuAUBM
rehhtqxXgQBvu9dYiKn6dS6HKeQtN+yLxklJ8Y8z2b+kAhtdLIPELyTv7jsPbMQb
A0oExNXNZy7rQzOLWYRw3PCkEnD5pfhLV7v4JsLl0nb5EBYTy9O/qdCvSSLMmscl
Dmien+9ZaydFN9KxJiAM9PzN2naZY9Madh7WHazhbgjJmZOo2MoxHMUJVq+7Uktv
FgZHKMjkwbzEqwC9e9DIa6z4Yh8apDS8FCAkUhpbfQo3Cgtn9r+RYrBOLFkJaXLW
EHifW4CdielGY64dlfAuxdTDdwYj0T7W3GPohdAoZRV8eumURQgMn4pS8qq6DkXK
ISVKcsdUd3JKycykrF9uhaMQ530vERuxeBwrN4dSowA46jK7vCmw4cZIZoVYQJg/
ELFIxYWoq4up3mAwaIojZc8vrLRsjL0nfTwrjMXT5g+FFlZaALP7kpzInFHKlgLE
aD1TU4kCHAQTAQoABgUCUu/Q6wAKCRCpyGyN066NOiDKD/wPtMoGz3VJQABzU//3
8eR566SAJiZ215Ahq7OUODM7ovHdbYWS5J82jcQmEmm35slgMroZeicClyyPm5BD
3JNLXVuZsOfj/wl1Ip3qyO7AdX4wWf+IuYBOTbveUK3aodQwWIJbn6jsfnjHNGo+
Y4nxU5OYAefqOHyj+lvKRrpPTFOY+9bvKq8PLe9rAocsQnmirN4WSUP76XOMNmy0
AxKqo91D0+aX9N2g+xyH7NYEfFJ7G3R+4biyErnev2cEMzrnYFxj1J84Pf2TRWGs
KrGeeEnBttQZGic/3/82uhvmHJb9lj3roHEo7PWh7B1JkE/XcJmTYGd7WAD3W2bW
9KW2vBkOsYKsOtZNG9VcCupXU/iI8uXrusd5t17ojXdFVAfFIzaLQUGkDJIjG65k
zqFiWCS3cIqW6M71xq1izAUgojtA7SvOuDdLDcRkyYZDgxcGPAqAcYi5NOVMwZG8
u4BiJJiQ39p3d7F15z8bniXhFXyU3kFmi+n1LNYt3bf8kuqMlopOxl42egzX/S7J
OdY9GAl17/z0dKNEFgHF0cMEfR96oNtx8ohjMMTP7exGYf59gdOCXjFJtT1FRvZ7
VhVn+jtKD938wUoPjZBzT9s1ZXefX76JS77H+rPn/xGcDfFcfz+dHlYnxo9rjnI9
ppHYQkWKrYVcHGW6XxlEzci5NokCOwQTAQoAJQUCUwDoCR4aaHR0cDovL3d3dy5n
b3RoZ29vc2UubmV0L3BncC8ACgkQegaFQh6JkEJeHA/8DKGQ1LKDa6vCsiY5L5kD
jOjxJiDV0y4wu0/X5kGCIbDmj2ptm+PPLiTMH96wiGuAKPVyjh9IxG20v1pxe9El
3ROSlh8Ogv4kx+GX1CBkRO/ty6FM/1CpIJy7COTJXmLbdN2WgNicrcqitMl34Cvu
uLNHMNr9oxP5TwpAzhwTJVG8dOamEJ3u2f9soObvs1tppt6M2YjKq+B5CO9/f4//
otJXST7MPPUIy5BgsDSQtzc8hUHJo7xmFFmo94l5qhxmtTJZ2yIlvr8Jhi1HutFy
LFAay4ppoUkQ+M79uuRl+HZzUJ8dKd82SiJNG5Q36tbPr2w6XpNvwYU5+y2GKS8y
sH/bYTm5vgZPiOeZSjKVCC9ODo9AZarj5usfKYTLiQUARkGDrOHjk6rd0J3EQTAF
R8yK/iQ8DZwejrAQNRrDimHLujLROZCWgrMX3/O7BGu5s0rER5O0VSxBNXh3Oo6e
Qpolg6BgACZkQWJzbk8OEJyBk2OQYRYee/60lR02Ym4vj4c0OglZIQNjQna/K1sf
4dI7FQGupUaEsvT0xU/r9HntzE6fSxNZKV7Ut4qHm8X197R+jBtr3Gw2wY/21a+D
MrgYK9gieAAekJLOsBlicHnM1MkAMcXFvMcZXwEBA3XAAmXxirNqSUD3FDiB7S8w
vvWM7U967O1vqtyl4Elu4XSJAs4EEgEIALgFAlL2RqYFgwHhM4ByFIAAAAAAHgBL
b2NjYXNpb25AbmllbHMuZGVzdC11bnJlYWNoLmJlIlppbW1lcm1hbm7igJNTYXNz
YW1hbiBiYXNlZCBrZXkgc2lnbmluZyBwYXJ0eSBhdCBGT1NERU0yMDE0IG9uIDIw
MTQtMDItMDIiOBpodHRwOi8vbmllbHMuZGVzdC11bnJlYWNoLmJlL3BncC1rZXkt
c2lnbmluZy1wb2xpY3kudHh0AAoJECW/SE8Iq0hJ3YMP/2tUD1dHE96JkIRT9dv8
MC3aFZRGgv6HqvdmMWsurUvf8XEbf5MZvbBRl2rkQsDkEoqE6j1Q7Mu2odrOX3FQ
S5u9L1V2BcGSVLksTEody2FfbXIZWDrSF/HnQ39UORtp1sWB7SxdfPMK2Dz0ZFd+
4U5iw+4uzPynPI2n05Stn5kCJOUXEPhwO0sUliWb4BzOm4fP00BebKSPFsS97cM+
1mtoZp+qSZo3F08xOtrOXmj/idild0GhZhGlmpddxf4P7eleWNW0PaaO6GvRnu4c
Dd6/3vSLRGNkJYI1WHfNObwpnKjpJkoIHF4h7ylK83iiSSxh5ZNr1XAtbOSEzuJb
VIwcYoVegHjPRAlULnseuxIPCVdEaPHhaxSouihGOVysBtU/0TjEiuBa2u/RLrfD
T2vIeLvjCOkoRP+fiqmO1qJGhkGcJeponKqLlKXryzNZKc6ZWDC3zlyiTJiKphIi
6zTORqByAdW6xjHzKy9hYSZQIHUDBTB1dST7org8byhzMtKbV2SRGItebvfRpm/5
eg6nGBSdwzoyYCxO9nMeMsom8z6hyNWx5Oo5NZ9bWrEqTd/e7JjbnYWcsUpw6RFa
3HmzV+DS6HFd1E0QT806yAJoJUOlhfDbFaDtcT66jQbj71xv/cGgllr0nLx97med
oU4xeZ1dEVg2qhHLp5avpFN4iQOcBBABCAAGBQJS76FxAAoJEFmPlar2yZxfgrMc
ALuDba+PUFXbAP0dp5+W/H7ZAPf5TzoBmgo45s05dom05fbrKUYI83mZ19yGWcVV
ajrAtIp87TTFeGPmkrCEXqONKYa4vGJHGZA6S19EaLaseL0T3D+cT+1ycDi2/y9R
jqBHOPw3sB1IlGTXzRwLZ6QyaAl7du16zhZqlwVEJnoAK6+0YMTQJ6a2DJdURIl9
aLeC7Qwbofjzyzi9+JOg4tX0hrXzBnHYlyXJVZVcSzUuQZvD8J9oZZb1GNNwOl2S
7X4UZoEqshLpXXoxaG4ROcr8/pRmEYUR0QdWap5ZTeW31NyTYArRsCvrxyZu/4Zd
iumKElqThRWcXILozpfeqDhx0AZnn1wXTAELm1YGDNbhHtBUUQ9jcLOvhbPvgF4O
bpFvsTec7dI0opEh7A0AcRoLtMXSsHH+L8NAOAfxXi8FDXyA1M2tmOu0ePQC8xDz
8/bcDMw6NUBn2ls/P3m3irVznZoK83SjpkfvwvtEEjHieuLHp5TwxaiwO8P0S2Jy
AYz3gQYWqnzhaXMcvXr0aMuRMJ3wx84R3tKdRZrxi2/OsUkxsztRTUi0eEZBoqXT
/zcFs/g9UsS2t0qMxn8RyZygP4DN8623HMLpqzLQ7f3Jr+0ggUTzU4vOHdldvWBa
jC44yqTVgB1UO8SzMoKJIIwbbtkUzQG+IFxukIrkeX2kngx1R4ENo13eqM6Ma/hI
hCZdchSGcBw9T4QKVtbMClNr1JwWNBDLAGZHVKgtBeS7b51/1doz7yPmEJ+jghMK
rpt30/dgZDWRuIzPJ4k/Do2NrhyjDp2x3axuqdXEpQjNREhi0AZWLkc0ySZuXfUp
OsKjKFY1jLKwyhNaji+VaT3xy9JmngLM15EkWfeCHe0Q00CXxBwPztbzhfCvuC0V
/cjxdwnVlhEKQjlEIqPCtnGBmm7j1jAwCWnl6uaVr9mI+rX5rL/YrMWpqRUGG395
sKbCf8mn9rwadLjCXFHEnViJsD/vzbKbJy6CEvBzh7BFWVnzG21COc4hQIAqk6yb
JgyPhnnV7pvSctCiId5FcrGPQhSacXBDpj2flx6zqHRldtv4ogvsX40dmm5NloA6
iGVwoq3vUOu3Dxk4Qy/TGQPWh3y6RO5VqYduswM8B6GyIVm9sM84AlV2XrSM+P7q
HsbfiRo+wBKpqcw9g5hQmjRh/IEOZgDdLDSHpfv1tpY8iQOcBBIBCAAGBQJS8Ct+
AAoJEFmPlar2yZxfS64cAMjdwU9Q7eGyBs/wDGU6Z+cTRdNdf2WxXQO27CsU+yEr
OdN2Di1Cq0SPoMvcmK8s/bRM40r7hBkPqPZDC8zZb13mh4f8k3mdZdyGOgnMhhyG
Ns7eeiebSVfEZpaJzmJozeeac5V8NPn6K5nEutQLsyIIhVEXbr9VTApw3l4eLjMY
UrOvhmOnqSjDnBrcS4jaBdIbj16pGmJTwyN9FRYH4lF5VPHIEL2c7PYv17i4H4WQ
Fy80nyNCNlv+2LQNfMGTq49XviB2RmZ+VoYvoJC8O4iaewGFCbtWM4t4jLBKD5I7
xGxOQnvVBjXj3si/ASsXR4tDM4mAZUpi0YPZeHM+DPIji67MDXIgwDVv4JRO9Cuu
gARL1d2fRarNE8vTuA8mKoCllcCgoli9CG3RcCf/ZrnibT3hLT939UGqt7siBtpc
iEKoYC+VtYTKEFf7fr6BYGA6DfJK/npYKjkkNiO1ptUO5d8Hzo/mdtIL74jorleX
KCLOXu2ryCMmnbwhjRvv4+KBRUHHWotlL5KokBvMNyYvuAxFDQG0FapuZDna0GI6
cGrGdlVRbpbjD/DvFzEXaEzKksI9VStcPeFPexGDCD8JbtWBWfwK7cPw/Y7mAdf6
TCock5xmotLdDu07xwlE4amGGfVy2YO+f4tOcNXRjh+LpvO9AC9BngzqnSCBMYO/
AIRdS0GUuXUqCGCdN0XXkWQJK5quEIALg4Qn4mivweHuw9QeBKqgKA9ku3AA1dJR
cACbVer3njqhFxUrqusn6KnbURYigdzOtEk3QaglAL8ALC13MwE//dRnbyT0J4gU
aMDs6yF5wc0Yyi8ur1VZj5Rk71SOetqaAHgm80myN4Y4pZWC35qPQdGcD+O12ECS
PMY0LsbRT0QNVoVcuv+dqroWLPC3ldrtj6wDC2/XdlblJyo3p67TFAlX59E6GE3N
n6k+AuodyA+ha18gXH0KS9Nbtvroxelp+DVn3lHEpkUbqE6CQs+nbj83TFmNyUp6
+sObs6ivaco8SbJBlsyhdg7irP08CS/w2YBCYsYAHc2Gthpa5dxCKkEVVM+P/vP9
MAu/VFsZs5b8gNRTynk7STW7DUHDoK1STQ0WOWonr3BUuBqaqab92LuJ7bHwM03r
gsTIVVMPrN9BvgphLfV4zBBfSdGPnF3KDqoTSpl+QPQq3sg3avBQAjzqhwu3JQRN
iQO8BDABCAAmBQJS8CtrHx0AU2NyZXdlZCB1cCBlbWFpbCB2ZXJpZmljYXRpb24A
CgkQWY+VqvbJnF9GxBv/QuxL5zlNM8jhzk5fuPpN9i++W88qfveAaBtxLTWe2UJl
1/10xHfjw1a7FjJ3osYnEv21yW/w+nfhnMUk2DugC40/zb/+EaPrAIPsvyXDRjJN
f89qYLqi4cagsPI5rzTy230iYk1kXrN3pyIY7feNd0dWpkCsDI5ug3hbezCGYLcg
0B+4msMkuAGOU1Ctus/L2sIpdY277QZqFarK0xgYSGTZt/ohGXo3NbUakbELxeTg
QSdLmeH6SchzES7Kv4Wanv3LRNAZHhV7wJSrAiuHpgDn6d/YWqFwW2PoSTWN1CgC
yZNOgn5cZTCTNnwo90USwyHid/x9oZlmMNALnWk93AOB1TByOBoSbjfiK0xQAmrQ
lik+eOSYEeIxGg+B/CKy7wLqy5DEbf3IeNAiI1UVDQZb4woXJ+Kx+gvcIOstK5AG
zLXowaXdWrqsrfRQEXi6qxewv7P5hFC/e1/7645lLHyivtTj4F5peuQYgopvxKbj
j/9ky6YgPsp77vdYCZRhU4xHyWH9zXZwVCdMe5GNKYcxMyJ9ATECmKxfGmXAiqFx
tzRHroblCVH4ad5h+/dShPH+LUwVJorzp0gBx9E+ZycukMPmEVzji6CT8na7ptNo
exCIt1TH2vwwFJwLPxlRGVEcj6aA7iq54Kwp/hpjYMbg11QvQpqw4Ug4tXs331IP
keYbKbaPudvfeBy3FucO5YSBFnKFIq77Q3ID500L7e9ttnvtn/s3ZIZqY5/87jv3
0x39o0SoAInsco3hViAYRGZrLKk4jAyM/q88YCa6r7kcPSLpYmfI+7OxFYuS/NvN
46UL2ozm3NQzmXJKiAeCQiAVys89eI5V+QOotMz/hMRb96OEM/AAtrZLGXXxlRC0
aJJYXXPYELWC0qMxvrR6Z/0LYyKssICH5Qgv7VbrFRLlVw64VV/MZjI/grBXP5yH
arUPBruCOHe35bl0r7Sc+WAyqFgmiP8EXq8vwTQvBouEG3Tl7sScHgKNQ6+2Bhy3
F/deh4afN+21xZ35I4HS8MZNaFSnQXktdKqSMxnpUhp8oFoshQZ1mz5Muq+Rdgk8
4LK1B+HxXqMaXz4pcF7SuvU8ZoeMlkbLBdLCAzgHUiL1PZ9uYa8BxOcKErg46Sak
kkwbX90jEo2W2yv7zRuuKySPZaJ8VTHKQtzwuB+S5OmfE5WDzY/SHfQVGPZoKGOJ
BBwEEgECAAYFAlMuylIACgkQ/UqR/oGOsfEG7SAAiSHuPmBO/FE20YKiYK58kKJh
kfBe7g0W7rwjlXUbBDs2Nz0Fn2gyYJIJ7+BKD45bHxyL3zgCiltZ2wmVYLmTm7Hi
LoBJlcusy+0aq8xF2t/am0PFIZQZsDMCs1KpTuRAvMIhQaLZ5/24/qE9RCOWvOkj
OI/jDoxp+yMl78y6vk1te/4yl+TXp2W/y0QobJNDwFTDqFVaxEjJs8LJK7JbqtxF
6plHOtk874AabUAhdvTtX3xNMNoZANoOWMcQKpVJyMuVCIsMohEuc4aGsGE4yKNv
AnGwIG09QIRPva/HiGVl+BgJQgmfJ99iswjM83to9c+KBXlmBeIzrwB4YiNIepJi
3uH5EtQ4v7txtyX8J7XsFZV1+s0UkYP/r8ioCYv2ym3O4Ki/6KcIdSiKWdkuuqLx
DDrVMDBmlMaZyk2dkR107dJUg3CFkXcqi6oDk89y+FkVNf8wI4OUJYGzDUBYRfUT
d95zJ/6IBrTC97xaaFVC0pBjem5XNog6TaCCj6fmiUOcVqLxpB0eaFBXj70t5j3C
9Z0gVXCt2KJFXPLrwIpT41RNWalqRfT0ZHHOel17lxEWwvuBTLU1tx70DwQkV1U9
qIwBm9uanjnkIfM1s451b662lee8kHXgx+qapYwK5fwTW0SodtuyrYg69bgK7Yls
xUJ7okkdyrkPsgT3aFaW9Ep9A3UXCkw8K8BLH2n4cMwqhR634U30MT37rP6nyFES
vZKzvo1d3CXoOPqiY8JxDCnSpTldt3t3Bdrc771cRzdx64S271TIwJYdXngsV+4i
aSjJj5XkJFiwlGQPiZ6uCrGHvq61GL6+JAgkIvdlPWpWMFOEHpwzHKNBXuKYX/Yn
8NLJHxUNySwOiUxBVLdOrQnFlu6psZUBuqpS6h+YHZzM3zb2Eo6eoZYl96i1ea/M
rvhBGWR2j3CuNwoueZy94ovEhTFWlplC7C93CyjOwXAz4ExhbjekQ4dT0ooFx2aO
OVOMElqbW0E5exwocZcAb5OPZOzYzt0YtM2NhNFIubiU5I9Pf7r1kf1yDlWLkFZ/
twN51AvAFpNqmi3czFMBU/uEp9g0xmZ76w/g7h9qhja1hgnxEE8VCBCb2ZF5vXYL
YLDx3OMHe4hBAgrcMnWS22TfHUJtM4DmsHMztmVj1e5/nf4XdBebf5wpzTOHNo2a
nFf4XDbGr6dMf6/s/fFMbgmLypkVndrcypgTvSiBYr7nj/phiO/+5jqtC3ikhHZd
+z4L24rj8HqdL16Oz4LprE3iB/8kwgN0Gie+PvzLIe38JO1HmS2l46RTsSLtkT5X
ucbLvowrLax3yhaz5/zgRQFRymve0kpB83e0Wt1wdpLBbeUSrK3qen4PvCQWC4kB
lQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQQ0PC/w++5ewu2+
85nzWZ/4KMZymAUCXiHrCwUJFpzLKAAKCRDzWZ/4KMZymOhLCgCaihPZmNPfMD+S
b2In2kMRmi+A7JWVNJl2iEpannG0jwLn25m7G4dX2ImKDI1acgFUGvwWMvpnHmlo
1DX1KWUTVtjEvgnSPDmPQE/Sh1PmM5GQizKVwoeZH55KomJIy8cax3zbVRNqBhwm
7p6Zq34pzCcMeQo+NsShGaLjqflTMgQb64e/SwZlSNZmyFMJBlUGcmPiwM0mX6QJ
thOlSzR/YAQ+MofqkGTnq8goE/9s1azZDaz5V0Dv+DkDU3RKRo+3f/6o2yW7zipF
0gVypzniy2ZH/9BrcLUQHGutPY/cTPOmQdbE7vaNoaXC43q61f7ti417kLLmWz8F
KO6AoyJGoEQBi8WadspXZ4lLVupNJH6pPMuf5VLzzK926YAc004+wnIyYo/EkPTy
ZowKyo47KzdMyXkn5jPltI8lABnua7kBTQRQ6yFjAQoAypTjSPuQanLuvfu9n5i2
T4s8xFLCEQNmNMNkRO/rieRLPf2E6eT51gDaT0+xkvCSZ3OjSSXoehpDJBhsKuTq
ewg7I1vaUGdLwFvdF458p4g2vVtFvpufl/yzzs4fp4rPWXH9ez/dbaaywi4vkzjm
9+cbd/eqWfkvj8LldHS4iGHVWFd3uizQldC44RKqed00cE6y0zT0FZ7dAz2E4fyp
9ceneczktDCuEMmyjdViVOp2CEEV8lipIsY27Pvo3IFf47nJPelXtG5b5+g36n6R
vGM25qkQrny6OvNy7ZQVGdHPs56w9Z6Lql9hG/wspRvEPGVB14pgifoOkXx/ZDpr
VR/9tPLv5w6H1S/0NHbwF31OTF+PXO12Muwdq05ZPuJ7jXmhzNGlNmNePkkMvrEe
s8nbu3hi3ao81dAl/3pIK40AEQEAAYkBZQQYAQIADwUCUOshYwIbDAUJEswDAAAK
CRDzWZ/4KMZymBlHCf4/i9P7s38AkdWkwWehQU/TnTcmrVY5s9tGobJBdwckppE9
UdOitPGDhif/yz2o49HiqlPFioMTHO6VouUhvsjBZ9nW+R5yQxokpkowl1vwc7Er
de/Oi7TtJtHoWrY/ZJeia8UDV2szpESdsMNdz+v/dUQWlekdPAZhU61HKNj+sPnY
wheDZZ5Di2u3zOkLTWTPsgfhM2j40gRY2RudgVVmZHFxFTdHBIz7s57kDpsfA58u
5UIpKePTbpq22pmsWRIpcdgYvYEm6LzWigbp3CovV26IhIjWwGqxsT+NEL5ZNgLl
1r6vn4gZ1NXtZ1NqFe/+5wFh+5I/1a/ycXAXjqbDQxpFu2K3d5pCQq4RvozLNVdq
jW/VIa+WSzgONLCM9jx3w60foHPEx5tqeTrwlhAHrpGCdtl01CLel6DztBEWA4kB
fAQYAQgAJgIbDBYhBDQ8L/D77l7C7b7zmfNZn/goxnKYBQJeIe0PBQkWnM0sAAoJ
EPNZn/goxnKYUl4KAIgdXi/Q+ExT3ZtE5Z5lFQ+wwgmRKLnc0yrvO2d4MJNt+Sy/
EZK3dbzIRFWPZukYRg26Y4ySilv8g3Fq5bai2afv+Wo3322hL1RavbpItIYbDQ47
gj9AlWyY8IN4ux3AOI6m4Di29itG5h9G8nY/vzf2S1MxnngKPVcm12zgtSoQ9Vbx
4UZfwhyqs/VqIsPNiC59Asuaj45PGEX2JBUHNGBzc8xXfJWv/Jeh3iZAkZZTS+3U
3S19/p29ChDBRCzAyjlQPPkFLBtJCyn8nt8pGZrJBJbyDTk3GW6FcOiI+Hqvn1eA
JGC+/y5zRTcG+7w+o3Z1nGIDBBo0QvhYSp9mrOjOOUpqiwLa9utimVoLYgc8BFyY
ObGKgo8l0WMMp0M6itctN6Od1Ww8rY1bqwH5uHdqQ23eUhdoyIu8B82gU2da
=hpmd
-----END PGP PUBLIC KEY BLOCK-----

6
sources Normal file
View File

@ -0,0 +1,6 @@
SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
SHA512 (gnutls-3.8.10.tar.xz) = d453bd4527af95cb3905ce8753ceafd969e3f442ad1d148544a233ebf13285b999930553a805a0511293cc25390bb6a040260df5544a7c55019640f920ad3d92
SHA512 (gnutls-3.8.10.tar.xz.sig) = 72d6dd2c23f768f5041c3dca0f49b3f60cd01fc960ce77f097094a2aae6d76fddeb6295c425e3750c711d5f700957a62268aecc4873e53c31abb60eecf0fd4a8
SHA512 (leancrypto-1.5.0.tar.gz) = 1170a502f58c9bce424578cece64a3ebf856620adc02f390b8877981bccf0c2bf35e64b1628094a06c069ec38a3be5889be22516d45d85f4e75b40085d9001c9
SHA512 (nettle-3.10.1.tar.gz) = e8673bbcde9cde859ccae75ed6c9c30591e68a995a7c6d724106cfd67a5a5bd45b3468d742443b6565628849d0fd29505a28ca5ee4e89dd13197cdb51429f96c
SHA512 (nettle-3.10.1.tar.gz.sig) = d074a921df31070a6e6562a9f7e213e67b8e6ce331e2683e8180f387aca92058a5fe8610800817a0aa5098b47176dfcb42b52d617648c84cc6262a09ef557eb8