Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,3 +1,3 @@
|
|||||||
SOURCES/gmp-6.2.1.tar.xz
|
SOURCES/gnutls-3.6.16.tar.xz
|
||||||
SOURCES/gnutls-3.8.3.tar.xz
|
SOURCES/gnutls-3.6.16.tar.xz.sig
|
||||||
SOURCES/gnutls-3.8.3.tar.xz.sig
|
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz
|
6ba8fb898dcf4b4046b60662ba97df835593e687 SOURCES/gnutls-3.6.16.tar.xz
|
||||||
806156ac9563caab642d6274496b9cc5b2117612 SOURCES/gnutls-3.8.3.tar.xz
|
b41ac56ff6cca4539c8b084db2c84e8bc21d60ac SOURCES/gnutls-3.6.16.tar.xz.sig
|
||||||
dd7822b360953108a86dc3dbc7d07214563cc678 SOURCES/gnutls-3.8.3.tar.xz.sig
|
648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
File diff suppressed because it is too large
Load Diff
7849
SOURCES/gnutls-3.6.13-enable-intel-cet.patch
Normal file
7849
SOURCES/gnutls-3.6.13-enable-intel-cet.patch
Normal file
File diff suppressed because it is too large
Load Diff
204
SOURCES/gnutls-3.6.14-fips-dh-selftests.patch
Normal file
204
SOURCES/gnutls-3.6.14-fips-dh-selftests.patch
Normal file
@ -0,0 +1,204 @@
|
|||||||
|
From f09b7627a63defb1c55e9965fb05e0bbddb90247 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Tue, 6 Oct 2020 11:54:21 +0200
|
||||||
|
Subject: [PATCH] fips: use larger prime for DH self-tests
|
||||||
|
|
||||||
|
According to FIPS140-2 IG 7.5, the minimum key size of FFC through
|
||||||
|
2030 is defined as 2048 bits. This updates the relevant self-test
|
||||||
|
using ffdhe3072 defined in RFC 7919.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/crypto-selftests-pk.c | 142 ++++++++++++++++++++++++++++++++++----
|
||||||
|
lib/dh-primes.c | 4 --
|
||||||
|
2 files changed, 130 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
||||||
|
index 70b0f618f..9b7c692a8 100644
|
||||||
|
--- a/lib/crypto-selftests-pk.c
|
||||||
|
+++ b/lib/crypto-selftests-pk.c
|
||||||
|
@@ -620,32 +620,150 @@ static int test_dh(void)
|
||||||
|
gnutls_pk_params_st priv;
|
||||||
|
gnutls_pk_params_st pub;
|
||||||
|
gnutls_datum_t out = {NULL, 0};
|
||||||
|
+
|
||||||
|
+ /* FFDHE 3072 test vector provided by Stephan Mueller in:
|
||||||
|
+ * https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424430996
|
||||||
|
+ */
|
||||||
|
static const uint8_t known_dh_k[] = {
|
||||||
|
- 0x10, 0x25, 0x04, 0xb5, 0xc6, 0xc2, 0xcb,
|
||||||
|
- 0x0c, 0xe9, 0xc5, 0x58, 0x0d, 0x22, 0x62};
|
||||||
|
- static const uint8_t test_p[] = {
|
||||||
|
- 0x24, 0x85, 0xdd, 0x3a, 0x74, 0x42, 0xe4,
|
||||||
|
- 0xb3, 0xf1, 0x0b, 0x13, 0xf9, 0x17, 0x4d };
|
||||||
|
- static const uint8_t test_g[] = { 0x02 };
|
||||||
|
+ 0xec, 0xb3, 0x85, 0x0c, 0x72, 0x55, 0x55, 0xc2, 0x98, 0x36,
|
||||||
|
+ 0xbe, 0x75, 0x9e, 0xc9, 0x9d, 0x8b, 0x16, 0xa6, 0xe6, 0x84,
|
||||||
|
+ 0x33, 0x12, 0x80, 0x1d, 0xac, 0xde, 0x6a, 0xd7, 0x3b, 0x1e,
|
||||||
|
+ 0x15, 0xca, 0x5d, 0x26, 0xb3, 0x0a, 0x35, 0xf4, 0xbb, 0xad,
|
||||||
|
+ 0x71, 0xcb, 0x03, 0x1a, 0xcb, 0xfb, 0x83, 0xf0, 0xa8, 0xde,
|
||||||
|
+ 0xed, 0x5e, 0x3d, 0x98, 0xd2, 0xb0, 0xef, 0xad, 0xdf, 0x32,
|
||||||
|
+ 0xa0, 0x16, 0x7d, 0x0e, 0x29, 0xd8, 0x85, 0xca, 0x12, 0x97,
|
||||||
|
+ 0x56, 0xab, 0x6a, 0x26, 0xa4, 0x46, 0x3d, 0x87, 0xd7, 0xe0,
|
||||||
|
+ 0xb4, 0x3e, 0x28, 0x75, 0xac, 0x59, 0xc5, 0x71, 0x3a, 0x24,
|
||||||
|
+ 0x15, 0x76, 0x98, 0x72, 0x94, 0x2d, 0xd0, 0x0e, 0xbc, 0x9a,
|
||||||
|
+ 0x77, 0xd4, 0xe2, 0xb2, 0x76, 0x54, 0x4a, 0x56, 0xbe, 0x0b,
|
||||||
|
+ 0x43, 0xf8, 0x21, 0x6f, 0x54, 0x32, 0xde, 0xb7, 0xd5, 0xb7,
|
||||||
|
+ 0x08, 0x00, 0xd2, 0x57, 0x8c, 0x0b, 0x8b, 0x02, 0x3e, 0xdb,
|
||||||
|
+ 0x72, 0x54, 0x3a, 0xc0, 0x50, 0x66, 0xbc, 0xc9, 0x67, 0xf5,
|
||||||
|
+ 0x22, 0x28, 0xf2, 0x3c, 0x51, 0x94, 0x61, 0x26, 0x9a, 0xc6,
|
||||||
|
+ 0x42, 0x0e, 0x8b, 0x42, 0xad, 0x79, 0x40, 0xa9, 0x0b, 0xdc,
|
||||||
|
+ 0x84, 0xd5, 0x71, 0x83, 0x94, 0xd9, 0x83, 0x2f, 0x08, 0x74,
|
||||||
|
+ 0xbc, 0x37, 0x6a, 0x3e, 0x1e, 0xbc, 0xcc, 0x09, 0x23, 0x30,
|
||||||
|
+ 0x79, 0x01, 0x39, 0xf6, 0xe3, 0xa8, 0xc0, 0xfa, 0x7e, 0xdb,
|
||||||
|
+ 0x0b, 0x71, 0x3e, 0x4f, 0x1f, 0x69, 0x84, 0xa6, 0x58, 0x6c,
|
||||||
|
+ 0x36, 0x2c, 0xcc, 0xb4, 0x7c, 0x94, 0xec, 0x06, 0x0b, 0x11,
|
||||||
|
+ 0x53, 0x95, 0xe6, 0x05, 0x43, 0xa4, 0xe4, 0xea, 0x1d, 0x4f,
|
||||||
|
+ 0xdc, 0xd0, 0x38, 0x0e, 0x32, 0xa1, 0xde, 0xd9, 0x8d, 0xd8,
|
||||||
|
+ 0x20, 0xac, 0x04, 0x83, 0xf8, 0x1b, 0x55, 0x52, 0x16, 0x20,
|
||||||
|
+ 0xe3, 0x2e, 0x6d, 0x11, 0x15, 0x29, 0x2f, 0x3a, 0x7c, 0x80,
|
||||||
|
+ 0x0a, 0x71, 0x3d, 0x31, 0x9c, 0x1b, 0x73, 0x59, 0xe1, 0x0d,
|
||||||
|
+ 0x27, 0xc5, 0xc0, 0x6a, 0x72, 0x3a, 0x5b, 0xd6, 0xf6, 0x50,
|
||||||
|
+ 0xe6, 0x69, 0x48, 0x1e, 0xfd, 0xeb, 0x4a, 0x47, 0x73, 0xfb,
|
||||||
|
+ 0x88, 0x14, 0xea, 0x6d, 0x36, 0xe1, 0x4c, 0x2c, 0xf9, 0x04,
|
||||||
|
+ 0xc1, 0xb7, 0x29, 0xfc, 0x5d, 0x02, 0x5d, 0x1c, 0x4d, 0x31,
|
||||||
|
+ 0x4a, 0x51, 0x3f, 0xa4, 0x45, 0x19, 0x29, 0xc4, 0x32, 0xa6,
|
||||||
|
+ 0x45, 0xdb, 0x94, 0x3a, 0xbd, 0x76, 0x2c, 0xd6, 0x1a, 0xb1,
|
||||||
|
+ 0xff, 0xe7, 0x62, 0x75, 0x16, 0xe5, 0x0b, 0xa3, 0x3a, 0x93,
|
||||||
|
+ 0x84, 0xd6, 0xad, 0xc2, 0x24, 0x68, 0x3d, 0xd6, 0x07, 0xe4,
|
||||||
|
+ 0xbe, 0x5a, 0x49, 0x31, 0x06, 0xad, 0x3f, 0x31, 0x4a, 0x1c,
|
||||||
|
+ 0xf7, 0x58, 0xdf, 0x34, 0xcb, 0xc8, 0xa9, 0x07, 0x24, 0x42,
|
||||||
|
+ 0x63, 0xa5, 0x8e, 0xdd, 0x37, 0x78, 0x92, 0x68, 0x3f, 0xd8,
|
||||||
|
+ 0x2f, 0xea, 0x8c, 0xf1, 0x8e, 0xd4, 0x8b, 0xa7, 0x3f, 0xa0,
|
||||||
|
+ 0xfa, 0xaf, 0xf0, 0x35,
|
||||||
|
+ };
|
||||||
|
static const uint8_t test_x[] = {
|
||||||
|
- 0x06, 0x2c, 0x96, 0xae, 0x0e, 0x9e, 0x9b,
|
||||||
|
- 0xbb, 0x41, 0x51, 0x7a, 0xa7, 0xc5, 0xfe };
|
||||||
|
+ 0x16, 0x5c, 0xa6, 0xe0, 0x9b, 0x87, 0xfa, 0x2d, 0xbc, 0x13,
|
||||||
|
+ 0x20, 0xcd, 0xac, 0x4e, 0xcc, 0x60, 0x1e, 0x48, 0xec, 0xbe,
|
||||||
|
+ 0x73, 0x0c, 0xa8, 0x6b, 0x6e, 0x2a, 0xee, 0xdd, 0xd8, 0xf3,
|
||||||
|
+ 0x2d, 0x5f, 0x75, 0xf3, 0x07, 0x94, 0x88, 0x3d, 0xb1, 0x38,
|
||||||
|
+ 0xcf, 0xae, 0x4a, 0xcc, 0xcb, 0x6a, 0x80, 0xbc, 0xeb, 0x3b,
|
||||||
|
+ 0xaa, 0x0b, 0x18, 0x74, 0x58, 0x7c, 0x3e, 0x74, 0xef, 0xb6,
|
||||||
|
+ 0xd3, 0x15, 0xee, 0x73, 0x29, 0x88, 0x7b, 0x65, 0x02, 0x39,
|
||||||
|
+ 0x33, 0xec, 0x22, 0x06, 0x8c, 0x5b, 0xd6, 0x2f, 0x4c, 0xf7,
|
||||||
|
+ 0xe0, 0x97, 0x6d, 0x2a, 0x90, 0x36, 0xfe, 0x1a, 0x44, 0x4d,
|
||||||
|
+ 0x9d, 0x41, 0x4b, 0xcb, 0xec, 0x25, 0xf4, 0xc3, 0xa5, 0x91,
|
||||||
|
+ 0xd0, 0x90, 0xc9, 0x34, 0x7b, 0xba, 0x27, 0x30, 0x5a, 0xa2,
|
||||||
|
+ 0x21, 0x58, 0xce, 0x88, 0x25, 0x39, 0xaf, 0xf1, 0x17, 0x02,
|
||||||
|
+ 0x12, 0xf8, 0x55, 0xdc, 0xd2, 0x08, 0x5b, 0xd3, 0xc7, 0x8e,
|
||||||
|
+ 0xcf, 0x29, 0x85, 0x85, 0xdb, 0x5c, 0x08, 0xc2, 0xd7, 0xb0,
|
||||||
|
+ 0x33, 0x0e, 0xe3, 0xb9, 0x2c, 0x1a, 0x1d, 0x4b, 0xe5, 0x76,
|
||||||
|
+ 0x8f, 0xd3, 0x14, 0xb6, 0x8c, 0xdc, 0x9a, 0xe8, 0x15, 0x60,
|
||||||
|
+ 0x60, 0x5e, 0xaa, 0xf9, 0xfa, 0xa6, 0xb2, 0x4f, 0xff, 0x46,
|
||||||
|
+ 0xc1, 0x5e, 0x93, 0x50, 0x90, 0x7e, 0x4c, 0x26, 0xd7, 0xbb,
|
||||||
|
+ 0x21, 0x05, 0x3d, 0x27, 0xc5, 0x9b, 0x0d, 0x46, 0x69, 0xe4,
|
||||||
|
+ 0x74, 0x87, 0x74, 0x55, 0xee, 0x5f, 0xe5, 0x72, 0x04, 0x46,
|
||||||
|
+ 0x1f, 0x2e, 0x55, 0xc7, 0xcc, 0x2b, 0x2b, 0x39, 0x6d, 0x90,
|
||||||
|
+ 0x60, 0x31, 0x37, 0x5b, 0x44, 0xde, 0xfd, 0xf2, 0xd1, 0xc6,
|
||||||
|
+ 0x9c, 0x12, 0x82, 0xcc, 0x7c, 0xb1, 0x0e, 0xa9, 0x95, 0x9d,
|
||||||
|
+ 0xe0, 0xa8, 0x3e, 0xc1, 0xa3, 0x4a, 0x6a, 0x37, 0x59, 0x17,
|
||||||
|
+ 0x93, 0x63, 0x1e, 0xbf, 0x04, 0xa3, 0xaa, 0xc0, 0x1d, 0xc4,
|
||||||
|
+ 0x6d, 0x7a, 0xdc, 0x69, 0x9c, 0xb0, 0x22, 0x56, 0xd9, 0x76,
|
||||||
|
+ 0x92, 0x2d, 0x1e, 0x62, 0xae, 0xfd, 0xd6, 0x9b, 0xfd, 0x08,
|
||||||
|
+ 0x2c, 0x95, 0xec, 0xe7, 0x02, 0x43, 0x62, 0x68, 0x1a, 0xaf,
|
||||||
|
+ 0x46, 0x59, 0xb7, 0xce, 0x8e, 0x42, 0x24, 0xae, 0xf7, 0x0e,
|
||||||
|
+ 0x9a, 0x3b, 0xf8, 0x77, 0xdf, 0x26, 0x85, 0x9f, 0x45, 0xad,
|
||||||
|
+ 0x8c, 0xa9, 0x54, 0x9c, 0x46, 0x44, 0xd5, 0x8a, 0xe9, 0xcc,
|
||||||
|
+ 0x34, 0x5e, 0xc5, 0xd1, 0x42, 0x6f, 0x44, 0xf3, 0x0f, 0x90,
|
||||||
|
+ 0x3a, 0x32, 0x1a, 0x9c, 0x2a, 0x63, 0xec, 0x21, 0xb4, 0xfc,
|
||||||
|
+ 0xfa, 0xa5, 0xcf, 0xe7, 0x9e, 0x43, 0xc7, 0x49, 0x56, 0xbc,
|
||||||
|
+ 0x50, 0xc5, 0x84, 0xf0, 0x42, 0xc8, 0x6a, 0xf1, 0x78, 0xe4,
|
||||||
|
+ 0xaa, 0x06, 0x37, 0xe1, 0x30, 0xf7, 0x65, 0x97, 0xca, 0xfd,
|
||||||
|
+ 0x35, 0xfa, 0xeb, 0x48, 0x6d, 0xaa, 0x45, 0x46, 0x9d, 0xbc,
|
||||||
|
+ 0x1d, 0x98, 0x17, 0x45, 0xa3, 0xee, 0x21, 0xa0, 0x97, 0x38,
|
||||||
|
+ 0x80, 0xc5, 0x28, 0x1f,
|
||||||
|
+ };
|
||||||
|
static const uint8_t test_y[] = { /* y=g^x mod p */
|
||||||
|
- 0x1e, 0xca, 0x23, 0x2a, 0xfd, 0x34, 0xe1,
|
||||||
|
- 0x10, 0x7a, 0xff, 0xaf, 0x2d, 0xaa, 0x53 };
|
||||||
|
+ 0x93, 0xeb, 0x5c, 0x37, 0x1d, 0x3c, 0x06, 0x6f, 0xbf, 0xbe,
|
||||||
|
+ 0x96, 0x51, 0x26, 0x58, 0x81, 0x36, 0xc6, 0x4f, 0x9a, 0x34,
|
||||||
|
+ 0xc4, 0xc5, 0xa8, 0xa3, 0x2c, 0x41, 0x76, 0xa8, 0xc6, 0xc0,
|
||||||
|
+ 0xa0, 0xc8, 0x51, 0x36, 0xc4, 0x40, 0x4e, 0x2c, 0x69, 0xf7,
|
||||||
|
+ 0x51, 0xbb, 0xb0, 0xd6, 0xf5, 0xdb, 0x40, 0x29, 0x50, 0x3b,
|
||||||
|
+ 0x8a, 0xf9, 0xf3, 0x53, 0x78, 0xfc, 0x86, 0xe9, 0xf1, 0xe9,
|
||||||
|
+ 0xac, 0x85, 0x13, 0x65, 0x62, 0x22, 0x04, 0x1b, 0x14, 0x2a,
|
||||||
|
+ 0xf4, 0x8f, 0x2f, 0xf1, 0x2f, 0x81, 0xd6, 0x18, 0x0e, 0x76,
|
||||||
|
+ 0x91, 0x43, 0xb2, 0xfc, 0x7c, 0x6f, 0x0c, 0x45, 0x37, 0x31,
|
||||||
|
+ 0x31, 0x58, 0x5c, 0xdf, 0x42, 0x24, 0x7a, 0xba, 0x8b, 0x7f,
|
||||||
|
+ 0x79, 0x06, 0x07, 0xef, 0xd6, 0x06, 0xeb, 0xcb, 0x3c, 0xbd,
|
||||||
|
+ 0xbc, 0xe5, 0xff, 0xfd, 0x62, 0x15, 0x0c, 0x40, 0x46, 0x37,
|
||||||
|
+ 0xef, 0xd0, 0xa1, 0xde, 0x63, 0x4f, 0x20, 0x0b, 0x45, 0x7d,
|
||||||
|
+ 0x06, 0x77, 0xfd, 0x23, 0xc1, 0x32, 0x8a, 0x89, 0x65, 0x16,
|
||||||
|
+ 0xe8, 0x48, 0x12, 0x1c, 0x25, 0x33, 0x2d, 0xbd, 0xd8, 0x9f,
|
||||||
|
+ 0x1c, 0x9d, 0xbc, 0xe3, 0x08, 0x60, 0x87, 0x1a, 0xc6, 0x06,
|
||||||
|
+ 0x36, 0xd2, 0xac, 0x09, 0x6d, 0x99, 0x02, 0x89, 0xc6, 0x12,
|
||||||
|
+ 0x93, 0x8c, 0x4b, 0xd0, 0x7e, 0x36, 0x8a, 0xd6, 0xa0, 0x97,
|
||||||
|
+ 0x4f, 0x97, 0x3f, 0x97, 0x0b, 0xfe, 0x05, 0xfc, 0xc8, 0xef,
|
||||||
|
+ 0x21, 0x4d, 0x4a, 0x06, 0x6e, 0xb4, 0xa6, 0x4f, 0xe1, 0xdd,
|
||||||
|
+ 0x44, 0x06, 0xfa, 0xd5, 0x0e, 0x54, 0xf5, 0x54, 0x3e, 0x8c,
|
||||||
|
+ 0xb9, 0x85, 0x86, 0x00, 0x40, 0x98, 0xe7, 0x01, 0xdd, 0x93,
|
||||||
|
+ 0x9d, 0x95, 0xea, 0xf0, 0xd3, 0x99, 0x4b, 0xeb, 0xd5, 0x79,
|
||||||
|
+ 0x47, 0xa4, 0xad, 0x2a, 0xe0, 0x4d, 0x36, 0x3b, 0x46, 0x10,
|
||||||
|
+ 0x96, 0xbb, 0x48, 0xe9, 0xa1, 0x78, 0x01, 0x35, 0x0a, 0x5c,
|
||||||
|
+ 0x7b, 0x3f, 0xf5, 0xf7, 0xb1, 0xe3, 0x97, 0x17, 0x4d, 0x76,
|
||||||
|
+ 0x10, 0x8d, 0x68, 0x4c, 0x94, 0x7d, 0xee, 0x0e, 0x20, 0x8b,
|
||||||
|
+ 0xce, 0x7d, 0x0a, 0xa3, 0x51, 0xfb, 0xe6, 0xcf, 0xf0, 0x0e,
|
||||||
|
+ 0x7f, 0x3c, 0xd4, 0xef, 0x56, 0x31, 0xb2, 0x95, 0xf0, 0x5f,
|
||||||
|
+ 0x4b, 0x9c, 0x03, 0x9e, 0xae, 0xb1, 0xc1, 0x46, 0xd7, 0xc0,
|
||||||
|
+ 0x4f, 0xb0, 0xf6, 0x6c, 0xe1, 0xe9, 0x2a, 0x97, 0xe0, 0x3f,
|
||||||
|
+ 0x3a, 0x93, 0x04, 0xcd, 0x41, 0x7d, 0x45, 0x03, 0xb3, 0x40,
|
||||||
|
+ 0x20, 0xe6, 0xad, 0x2d, 0xd3, 0xf7, 0x32, 0x7b, 0xcc, 0x4f,
|
||||||
|
+ 0x81, 0x18, 0x4c, 0x50, 0x77, 0xc4, 0xb7, 0x6a, 0x4d, 0x05,
|
||||||
|
+ 0xd8, 0x6d, 0xbf, 0x6f, 0xba, 0x1d, 0x38, 0x78, 0x87, 0xd2,
|
||||||
|
+ 0x8e, 0xc2, 0x6d, 0xb6, 0xed, 0x66, 0x61, 0xa8, 0xb9, 0x19,
|
||||||
|
+ 0x0e, 0x93, 0xd1, 0xcd, 0x5b, 0xbe, 0x19, 0x05, 0x52, 0x43,
|
||||||
|
+ 0xd6, 0xc1, 0x07, 0x3c, 0x6a, 0x62, 0xbd, 0x33, 0x9b, 0x1b,
|
||||||
|
+ 0x02, 0x42, 0x61, 0x14,
|
||||||
|
+ };
|
||||||
|
|
||||||
|
gnutls_pk_params_init(&priv);
|
||||||
|
gnutls_pk_params_init(&pub);
|
||||||
|
|
||||||
|
priv.algo = pub.algo = GNUTLS_PK_DH;
|
||||||
|
|
||||||
|
- ret = _gnutls_mpi_init_scan(&priv.params[DH_P], test_p, sizeof(test_p));
|
||||||
|
+ ret = _gnutls_mpi_init_scan(&priv.params[DH_P],
|
||||||
|
+ gnutls_ffdhe_3072_group_prime.data,
|
||||||
|
+ gnutls_ffdhe_3072_group_prime.size);
|
||||||
|
if (ret < 0) {
|
||||||
|
gnutls_assert();
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret = _gnutls_mpi_init_scan(&priv.params[DH_G], test_g, sizeof(test_g));
|
||||||
|
+ ret = _gnutls_mpi_init_scan(&priv.params[DH_G],
|
||||||
|
+ gnutls_ffdhe_3072_group_generator.data,
|
||||||
|
+ gnutls_ffdhe_3072_group_generator.size);
|
||||||
|
if (ret < 0) {
|
||||||
|
gnutls_assert();
|
||||||
|
goto cleanup;
|
||||||
|
diff --git a/lib/dh-primes.c b/lib/dh-primes.c
|
||||||
|
index a440b5b98..94b69e345 100644
|
||||||
|
--- a/lib/dh-primes.c
|
||||||
|
+++ b/lib/dh-primes.c
|
||||||
|
@@ -23,8 +23,6 @@
|
||||||
|
#include "gnutls_int.h"
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
|
||||||
|
-#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
|
||||||
|
-
|
||||||
|
#include "dh.h"
|
||||||
|
|
||||||
|
static const unsigned char ffdhe_generator = 0x02;
|
||||||
|
@@ -1934,5 +1932,3 @@ _gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-#endif
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
713
SOURCES/gnutls-3.6.14-fips-kdf-selftests.patch
Normal file
713
SOURCES/gnutls-3.6.14-fips-kdf-selftests.patch
Normal file
@ -0,0 +1,713 @@
|
|||||||
|
From 93c0e3ba4d2cfee86b32f28f33303a2193c4133c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 5 Oct 2020 16:12:46 +0200
|
||||||
|
Subject: [PATCH 1/4] fips: add self-tests for HKDF
|
||||||
|
|
||||||
|
FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As
|
||||||
|
the guidance only requires running a single instance of each KDF
|
||||||
|
mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
|
||||||
|
with HMAC-SHA-256 as the underlying MAC.
|
||||||
|
|
||||||
|
Although HKDF is non-approved, it would be sensible to do that as it
|
||||||
|
will be approved in FIPS140-3.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
devel/libgnutls-latest-x86_64.abi | 1 +
|
||||||
|
lib/crypto-selftests.c | 159 ++++++++++++++++++++++++++++++
|
||||||
|
lib/fips.c | 7 ++
|
||||||
|
lib/includes/gnutls/self-test.h | 1 +
|
||||||
|
lib/libgnutls.map | 1 +
|
||||||
|
5 files changed, 169 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
|
||||||
|
index 7a1c7729c..bd148b6af 100644
|
||||||
|
--- a/lib/crypto-selftests.c
|
||||||
|
+++ b/lib/crypto-selftests.c
|
||||||
|
@@ -2917,3 +2917,162 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest)
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+struct hkdf_vectors_st {
|
||||||
|
+ const uint8_t *ikm;
|
||||||
|
+ unsigned int ikm_size;
|
||||||
|
+ const uint8_t *salt;
|
||||||
|
+ unsigned int salt_size;
|
||||||
|
+ const uint8_t *prk;
|
||||||
|
+ unsigned int prk_size;
|
||||||
|
+ const uint8_t *info;
|
||||||
|
+ unsigned int info_size;
|
||||||
|
+ const uint8_t *okm;
|
||||||
|
+ unsigned int okm_size;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+const struct hkdf_vectors_st hkdf_sha256_vectors[] = {
|
||||||
|
+ /* RFC 5869: A.1. Test Case 1: Basic test case with SHA-256 */
|
||||||
|
+ {
|
||||||
|
+ STR(ikm, ikm_size,
|
||||||
|
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
|
||||||
|
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
|
||||||
|
+ STR(salt, salt_size,
|
||||||
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"),
|
||||||
|
+ STR(prk, prk_size,
|
||||||
|
+ "\x07\x77\x09\x36\x2c\x2e\x32\xdf\x0d\xdc\x3f\x0d\xc4\x7b"
|
||||||
|
+ "\xba\x63\x90\xb6\xc7\x3b\xb5\x0f\x9c\x31\x22\xec\x84\x4a"
|
||||||
|
+ "\xd7\xc2\xb3\xe5"),
|
||||||
|
+ STR(info, info_size,
|
||||||
|
+ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9"),
|
||||||
|
+ STR(okm, okm_size,
|
||||||
|
+ "\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36"
|
||||||
|
+ "\x2f\x2a\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56"
|
||||||
|
+ "\xec\xc4\xc5\xbf\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65"),
|
||||||
|
+ },
|
||||||
|
+ /* RFC 5869: A.2. Test Case 2: Test with SHA-256 and longer inputs/outputs */
|
||||||
|
+ {
|
||||||
|
+ STR(ikm, ikm_size,
|
||||||
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
|
||||||
|
+ "\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b"
|
||||||
|
+ "\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29"
|
||||||
|
+ "\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37"
|
||||||
|
+ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45"
|
||||||
|
+ "\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"),
|
||||||
|
+ STR(salt, salt_size,
|
||||||
|
+ "\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d"
|
||||||
|
+ "\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b"
|
||||||
|
+ "\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89"
|
||||||
|
+ "\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97"
|
||||||
|
+ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5"
|
||||||
|
+ "\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"),
|
||||||
|
+ STR(prk, prk_size,
|
||||||
|
+ "\x06\xa6\xb8\x8c\x58\x53\x36\x1a\x06\x10\x4c\x9c\xeb\x35"
|
||||||
|
+ "\xb4\x5c\xef\x76\x00\x14\x90\x46\x71\x01\x4a\x19\x3f\x40"
|
||||||
|
+ "\xc1\x5f\xc2\x44"),
|
||||||
|
+ STR(info, info_size,
|
||||||
|
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd"
|
||||||
|
+ "\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb"
|
||||||
|
+ "\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9"
|
||||||
|
+ "\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
|
||||||
|
+ "\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5"
|
||||||
|
+ "\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"),
|
||||||
|
+ STR(okm, okm_size,
|
||||||
|
+ "\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a"
|
||||||
|
+ "\x49\x34\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c"
|
||||||
|
+ "\x19\xaf\xa9\x7c\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb"
|
||||||
|
+ "\x41\xc6\x5e\x59\x0e\x09\xda\x32\x75\x60\x0c\x2f\x09\xb8"
|
||||||
|
+ "\x36\x77\x93\xa9\xac\xa3\xdb\x71\xcc\x30\xc5\x81\x79\xec"
|
||||||
|
+ "\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f\x1d\x87"),
|
||||||
|
+ },
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static int test_hkdf(gnutls_mac_algorithm_t mac,
|
||||||
|
+ const struct hkdf_vectors_st *vectors,
|
||||||
|
+ size_t vectors_size, unsigned flags)
|
||||||
|
+{
|
||||||
|
+ unsigned int i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < vectors_size; i++) {
|
||||||
|
+ gnutls_datum_t ikm, prk, salt, info;
|
||||||
|
+ uint8_t output[4096];
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ ikm.data = (void *) vectors[i].ikm;
|
||||||
|
+ ikm.size = vectors[i].ikm_size;
|
||||||
|
+ salt.data = (void *) vectors[i].salt;
|
||||||
|
+ salt.size = vectors[i].salt_size;
|
||||||
|
+
|
||||||
|
+ ret = gnutls_hkdf_extract(mac, &ikm, &salt, output);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ _gnutls_debug_log("error extracting HKDF: MAC-%s\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (memcmp(output, vectors[i].prk, vectors[i].prk_size) != 0) {
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("HKDF extract: MAC-%s test vector failed!\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ prk.data = (void *) vectors[i].prk;
|
||||||
|
+ prk.size = vectors[i].prk_size;
|
||||||
|
+ info.data = (void *) vectors[i].info;
|
||||||
|
+ info.size = vectors[i].info_size;
|
||||||
|
+
|
||||||
|
+ ret = gnutls_hkdf_expand(mac, &prk, &info,
|
||||||
|
+ output, vectors[i].okm_size);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ _gnutls_debug_log("error extracting HKDF: MAC-%s\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (memcmp(output, vectors[i].okm, vectors[i].okm_size) != 0) {
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("HKDF expand: MAC-%s test vector failed!\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("HKDF: MAC-%s self check succeeded\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*-
|
||||||
|
+ * gnutls_hkdf_self_test:
|
||||||
|
+ * @flags: GNUTLS_SELF_TEST_FLAG flags
|
||||||
|
+ * @mac: the message authentication algorithm to use
|
||||||
|
+ *
|
||||||
|
+ * This function will run self tests on HKDF with the provided mac.
|
||||||
|
+ *
|
||||||
|
+ * Returns: Zero or a negative error code on error.
|
||||||
|
+ *
|
||||||
|
+ * Since: 3.3.0-FIPS140
|
||||||
|
+ -*/
|
||||||
|
+int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
|
||||||
|
+{
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
|
||||||
|
+ mac = GNUTLS_MAC_UNKNOWN;
|
||||||
|
+
|
||||||
|
+ switch (mac) {
|
||||||
|
+ case GNUTLS_MAC_UNKNOWN:
|
||||||
|
+ CASE(GNUTLS_MAC_SHA256, test_hkdf, hkdf_sha256_vectors);
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff --git a/lib/fips.c b/lib/fips.c
|
||||||
|
index f8b10f750..48891ed57 100644
|
||||||
|
--- a/lib/fips.c
|
||||||
|
+++ b/lib/fips.c
|
||||||
|
@@ -423,6 +423,13 @@ int _gnutls_fips_perform_self_checks2(void)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* HKDF */
|
||||||
|
+ ret = gnutls_hkdf_self_test(0, GNUTLS_MAC_SHA256);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (_gnutls_rnd_ops.self_test == NULL) {
|
||||||
|
gnutls_assert();
|
||||||
|
goto error;
|
||||||
|
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
|
||||||
|
index aacbe94ca..9b7be8159 100644
|
||||||
|
--- a/lib/includes/gnutls/self-test.h
|
||||||
|
+++ b/lib/includes/gnutls/self-test.h
|
||||||
|
@@ -34,5 +34,6 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher);
|
||||||
|
int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
|
||||||
|
int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
|
||||||
|
+int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
|
||||||
|
index 61276e534..386b66f83 100644
|
||||||
|
--- a/lib/libgnutls.map
|
||||||
|
+++ b/lib/libgnutls.map
|
||||||
|
@@ -1347,6 +1347,7 @@ GNUTLS_FIPS140_3_4 {
|
||||||
|
gnutls_pk_self_test;
|
||||||
|
gnutls_mac_self_test;
|
||||||
|
gnutls_digest_self_test;
|
||||||
|
+ gnutls_hkdf_self_test;
|
||||||
|
#for FIPS140-2 validation
|
||||||
|
drbg_aes_reseed;
|
||||||
|
drbg_aes_init;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
||||||
|
|
||||||
|
From 31cc94275cd267f4e0db60999cc932fd76d43d5a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 5 Oct 2020 16:59:50 +0200
|
||||||
|
Subject: [PATCH 2/4] fips: add self-tests for PBKDF2
|
||||||
|
|
||||||
|
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
|
||||||
|
the guidance only requires running a single instance of each KDF
|
||||||
|
mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the
|
||||||
|
underlying MAC algorithm.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
devel/libgnutls-latest-x86_64.abi | 1 +
|
||||||
|
lib/crypto-selftests.c | 107 ++++++++++++++++++++++++++++++
|
||||||
|
lib/fips.c | 7 ++
|
||||||
|
lib/includes/gnutls/self-test.h | 1 +
|
||||||
|
lib/libgnutls.map | 1 +
|
||||||
|
5 files changed, 117 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
|
||||||
|
index bd148b6af..c4b0bd207 100644
|
||||||
|
--- a/lib/crypto-selftests.c
|
||||||
|
+++ b/lib/crypto-selftests.c
|
||||||
|
@@ -3076,3 +3076,110 @@ int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+struct pbkdf2_vectors_st {
|
||||||
|
+ const uint8_t *key;
|
||||||
|
+ size_t key_size;
|
||||||
|
+ const uint8_t *salt;
|
||||||
|
+ size_t salt_size;
|
||||||
|
+ unsigned iter_count;
|
||||||
|
+ const uint8_t *output;
|
||||||
|
+ size_t output_size;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
|
||||||
|
+ /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size, "passwd"),
|
||||||
|
+ STR(salt, salt_size, "salt"),
|
||||||
|
+ .iter_count = 1,
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
|
||||||
|
+ "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
|
||||||
|
+ "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
|
||||||
|
+ "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
|
||||||
|
+ "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
|
||||||
|
+ },
|
||||||
|
+ /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size, "Password"),
|
||||||
|
+ STR(salt, salt_size, "NaCl"),
|
||||||
|
+ .iter_count = 80000,
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
|
||||||
|
+ "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
|
||||||
|
+ "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
|
||||||
|
+ "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
|
||||||
|
+ "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
|
||||||
|
+ },
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static int test_pbkdf2(gnutls_mac_algorithm_t mac,
|
||||||
|
+ const struct pbkdf2_vectors_st *vectors,
|
||||||
|
+ size_t vectors_size, unsigned flags)
|
||||||
|
+{
|
||||||
|
+ unsigned int i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < vectors_size; i++) {
|
||||||
|
+ gnutls_datum_t key, salt;
|
||||||
|
+ uint8_t output[4096];
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ key.data = (void *) vectors[i].key;
|
||||||
|
+ key.size = vectors[i].key_size;
|
||||||
|
+ salt.data = (void *) vectors[i].salt;
|
||||||
|
+ salt.size = vectors[i].salt_size;
|
||||||
|
+
|
||||||
|
+ ret = gnutls_pbkdf2(mac, &key, &salt, vectors[i].iter_count,
|
||||||
|
+ output, vectors[i].output_size);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ _gnutls_debug_log("error calculating PBKDF2: MAC-%s\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) {
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("PBKDF2: MAC-%s test vector failed!\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("PBKDF2: MAC-%s self check succeeded\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*-
|
||||||
|
+ * gnutls_pbkdf2_self_test:
|
||||||
|
+ * @flags: GNUTLS_SELF_TEST_FLAG flags
|
||||||
|
+ * @mac: the message authentication algorithm to use
|
||||||
|
+ *
|
||||||
|
+ * This function will run self tests on PBKDF2 with the provided mac.
|
||||||
|
+ *
|
||||||
|
+ * Returns: Zero or a negative error code on error.
|
||||||
|
+ *
|
||||||
|
+ * Since: 3.3.0-FIPS140
|
||||||
|
+ -*/
|
||||||
|
+int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
|
||||||
|
+{
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
|
||||||
|
+ mac = GNUTLS_MAC_UNKNOWN;
|
||||||
|
+
|
||||||
|
+ switch (mac) {
|
||||||
|
+ case GNUTLS_MAC_UNKNOWN:
|
||||||
|
+ CASE(GNUTLS_MAC_SHA256, test_pbkdf2, pbkdf2_sha256_vectors);
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff --git a/lib/fips.c b/lib/fips.c
|
||||||
|
index 48891ed57..7cfab1049 100644
|
||||||
|
--- a/lib/fips.c
|
||||||
|
+++ b/lib/fips.c
|
||||||
|
@@ -430,6 +430,13 @@ int _gnutls_fips_perform_self_checks2(void)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* PBKDF2 */
|
||||||
|
+ ret = gnutls_pbkdf2_self_test(0, GNUTLS_MAC_SHA256);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (_gnutls_rnd_ops.self_test == NULL) {
|
||||||
|
gnutls_assert();
|
||||||
|
goto error;
|
||||||
|
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
|
||||||
|
index 9b7be8159..958c0da8f 100644
|
||||||
|
--- a/lib/includes/gnutls/self-test.h
|
||||||
|
+++ b/lib/includes/gnutls/self-test.h
|
||||||
|
@@ -35,5 +35,6 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
|
||||||
|
int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
|
||||||
|
int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
+int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
|
||||||
|
index 386b66f83..f5537a386 100644
|
||||||
|
--- a/lib/libgnutls.map
|
||||||
|
+++ b/lib/libgnutls.map
|
||||||
|
@@ -1348,6 +1348,7 @@ GNUTLS_FIPS140_3_4 {
|
||||||
|
gnutls_mac_self_test;
|
||||||
|
gnutls_digest_self_test;
|
||||||
|
gnutls_hkdf_self_test;
|
||||||
|
+ gnutls_pbkdf2_self_test;
|
||||||
|
#for FIPS140-2 validation
|
||||||
|
drbg_aes_reseed;
|
||||||
|
drbg_aes_init;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
||||||
|
|
||||||
|
From d1a3235e8c829855969d00364d8b5456fce2c78c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 5 Oct 2020 17:44:30 +0200
|
||||||
|
Subject: [PATCH 3/4] fips: add self-tests for TLS-PRF
|
||||||
|
|
||||||
|
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
|
||||||
|
the guidance only requires to run a single instance of each KDF
|
||||||
|
mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the
|
||||||
|
underlying MAC algorithm.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
devel/libgnutls-latest-x86_64.abi | 1 +
|
||||||
|
lib/crypto-selftests.c | 196 ++++++++++++++++++++++++++++++
|
||||||
|
lib/fips.c | 7 ++
|
||||||
|
lib/includes/gnutls/self-test.h | 1 +
|
||||||
|
lib/libgnutls.map | 1 +
|
||||||
|
5 files changed, 206 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
|
||||||
|
index c4b0bd207..b740936d6 100644
|
||||||
|
--- a/lib/crypto-selftests.c
|
||||||
|
+++ b/lib/crypto-selftests.c
|
||||||
|
@@ -3183,3 +3183,199 @@ int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+struct tlsprf_vectors_st {
|
||||||
|
+ const uint8_t *key;
|
||||||
|
+ size_t key_size;
|
||||||
|
+ const uint8_t *label;
|
||||||
|
+ size_t label_size;
|
||||||
|
+ const uint8_t *seed;
|
||||||
|
+ size_t seed_size;
|
||||||
|
+ const uint8_t *output;
|
||||||
|
+ size_t output_size;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+const struct tlsprf_vectors_st tls10prf_vectors[] = {
|
||||||
|
+ /* tests/tls10-prf.c: test1 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size,
|
||||||
|
+ "\x26\x3b\xdb\xbb\x6f\x6d\x4c\x66\x4e\x05\x8d\x0a\xa9\xd3"
|
||||||
|
+ "\x21\xbe"),
|
||||||
|
+ STR(label, label_size,
|
||||||
|
+ "test label"),
|
||||||
|
+ STR(seed, seed_size,
|
||||||
|
+ "\xb9\x20\x57\x3b\x19\x96\x01\x02\x4f\x04\xd6\xdc\x61\x96"
|
||||||
|
+ "\x6e\x65"),
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\x66\x17\x99\x37\x65\xfa\x6c\xa7\x03\xd1\x9e\xc7\x0d\xd5"
|
||||||
|
+ "\xdd\x16\x0f\xfc\xc0\x77\x25\xfa\xfb\x71\x4a\x9f\x81\x5a"
|
||||||
|
+ "\x2a\x30\xbf\xb7\xe3\xbb\xfb\x7e\xee\x57\x4b\x3b\x61\x3e"
|
||||||
|
+ "\xb7\xfe\x80\xee\xc9\x69\x1d\x8c\x1b\x0e\x2d\x9b\x3c\x8b"
|
||||||
|
+ "\x4b\x02\xb6\xb6\xd6\xdb\x88\xe2\x09\x46\x23\xef\x62\x40"
|
||||||
|
+ "\x60\x7e\xda\x7a\xbe\x3c\x84\x6e\x82\xa3"),
|
||||||
|
+ },
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+const struct tlsprf_vectors_st tls12prf_sha256_vectors[] = {
|
||||||
|
+ /* tests/tls12-prf.c: sha256_test1 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size,
|
||||||
|
+ "\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8"
|
||||||
|
+ "\x6f\x4a"),
|
||||||
|
+ STR(label, label_size,
|
||||||
|
+ "test label"),
|
||||||
|
+ STR(seed, seed_size,
|
||||||
|
+ "\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60"
|
||||||
|
+ "\x1d\x8b"),
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97"
|
||||||
|
+ "\x9e\x1d"),
|
||||||
|
+ },
|
||||||
|
+ /* tests/tls12-prf.c: sha256_test2 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size,
|
||||||
|
+ "\x34\x20\x4a\x9d\xf0\xbe\x6e\xb4\xe9\x25\xa8\x02\x7c\xf6"
|
||||||
|
+ "\xc6\x02"),
|
||||||
|
+ STR(label, label_size,
|
||||||
|
+ "test label"),
|
||||||
|
+ STR(seed, seed_size,
|
||||||
|
+ "\x98\xb2\xc4\x0b\xcd\x66\x4c\x83\xbb\x92\x0c\x18\x20\x1a"
|
||||||
|
+ "\x63\x95"),
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\xaf\xa9\x31\x24\x53\xc2\x2f\xa8\x3d\x2b\x51\x1b\x37\x2d"
|
||||||
|
+ "\x73\xa4\x02\xa2\xa6\x28\x73\x23\x9a\x51\xfa\xde\x45\x08"
|
||||||
|
+ "\x2f\xaf\x3f\xd2\xbb\x7f\xfb\x3e\x9b\xf3\x6e\x28\xb3\x14"
|
||||||
|
+ "\x1a\xab\xa4\x84\x00\x53\x32\xa9\xf9\xe3\x88\xa4\xd3\x29"
|
||||||
|
+ "\xf1\x58\x7a\x4b\x31\x7d\xa0\x77\x08\xea\x1b\xa9\x5a\x53"
|
||||||
|
+ "\xf8\x78\x67\x24\xbd\x83\xce\x4b\x03\xaf"),
|
||||||
|
+ },
|
||||||
|
+ /* tests/tls12-prf.c: sha256_test3 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size,
|
||||||
|
+ "\xa3\x69\x1a\xa1\xf6\x81\x4b\x80\x59\x2b\xf1\xcf\x2a\xcf"
|
||||||
|
+ "\x16\x97"),
|
||||||
|
+ STR(label, label_size,
|
||||||
|
+ "test label"),
|
||||||
|
+ STR(seed, seed_size,
|
||||||
|
+ "\x55\x23\xd4\x1e\x32\x0e\x69\x4d\x0c\x1f\xf5\x73\x4d\x83"
|
||||||
|
+ "\x0b\x93\x3e\x46\x92\x70\x71\xc9\x26\x21"),
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\x6a\xd0\x98\x4f\xa0\x6f\x78\xfe\x16\x1b\xd4\x6d\x7c\x26"
|
||||||
|
+ "\x1d\xe4\x33\x40\xd7\x28\xdd\xdc\x3d\x0f\xf0\xdd\x7e\x0d"),
|
||||||
|
+ },
|
||||||
|
+ /* tests/tls12-prf.c: sha256_test4 */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size,
|
||||||
|
+ "\x21\x0e\xc9\x37\x06\x97\x07\xe5\x46\x5b\xc4\x6b\xf7\x79"
|
||||||
|
+ "\xe1\x04\x10\x8b\x18\xfd\xb7\x93\xbe\x7b\x21\x8d\xbf\x14"
|
||||||
|
+ "\x5c\x86\x41\xf3"),
|
||||||
|
+ STR(label, label_size,
|
||||||
|
+ "test label"),
|
||||||
|
+ STR(seed, seed_size,
|
||||||
|
+ "\x1e\x35\x1a\x0b\xaf\x35\xc7\x99\x45\x92\x43\x94\xb8\x81"
|
||||||
|
+ "\xcf\xe3\x1d\xae\x8f\x1c\x1e\xd5\x4d\x3b"),
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\x76\x53\xfa\x80\x9c\xde\x3b\x55\x3c\x4a\x17\xe2\xcd\xbc"
|
||||||
|
+ "\xc9\x18\xf3\x65\x27\xf2\x22\x19\xa7\xd7\xf9\x5d\x97\x24"
|
||||||
|
+ "\x3f\xf2\xd5\xde\xe8\x26\x5e\xf0\xaf\x03"),
|
||||||
|
+ },
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+const struct tlsprf_vectors_st tls12prf_sha384_vectors[] = {
|
||||||
|
+ /* tests/tls12-prf.c: sha384_test1
|
||||||
|
+ * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
|
||||||
|
+ */
|
||||||
|
+ {
|
||||||
|
+ STR(key, key_size,
|
||||||
|
+ "\xb8\x0b\x73\x3d\x6c\xee\xfc\xdc\x71\x56\x6e\xa4\x8e\x55"
|
||||||
|
+ "\x67\xdf"),
|
||||||
|
+ STR(label, label_size,
|
||||||
|
+ "test label"),
|
||||||
|
+ STR(seed, seed_size,
|
||||||
|
+ "\xcd\x66\x5c\xf6\xa8\x44\x7d\xd6\xff\x8b\x27\x55\x5e\xdb"
|
||||||
|
+ "\x74\x65"),
|
||||||
|
+ STR(output, output_size,
|
||||||
|
+ "\x7b\x0c\x18\xe9\xce\xd4\x10\xed\x18\x04\xf2\xcf\xa3\x4a"
|
||||||
|
+ "\x33\x6a\x1c\x14\xdf\xfb\x49\x00\xbb\x5f\xd7\x94\x21\x07"
|
||||||
|
+ "\xe8\x1c\x83\xcd\xe9\xca\x0f\xaa\x60\xbe\x9f\xe3\x4f\x82"
|
||||||
|
+ "\xb1\x23\x3c\x91\x46\xa0\xe5\x34\xcb\x40\x0f\xed\x27\x00"
|
||||||
|
+ "\x88\x4f\x9d\xc2\x36\xf8\x0e\xdd\x8b\xfa\x96\x11\x44\xc9"
|
||||||
|
+ "\xe8\xd7\x92\xec\xa7\x22\xa7\xb3\x2f\xc3\xd4\x16\xd4\x73"
|
||||||
|
+ "\xeb\xc2\xc5\xfd\x4a\xbf\xda\xd0\x5d\x91\x84\x25\x9b\x5b"
|
||||||
|
+ "\xf8\xcd\x4d\x90\xfa\x0d\x31\xe2\xde\xc4\x79\xe4\xf1\xa2"
|
||||||
|
+ "\x60\x66\xf2\xee\xa9\xa6\x92\x36\xa3\xe5\x26\x55\xc9\xe9"
|
||||||
|
+ "\xae\xe6\x91\xc8\xf3\xa2\x68\x54\x30\x8d\x5e\xaa\x3b\xe8"
|
||||||
|
+ "\x5e\x09\x90\x70\x3d\x73\xe5\x6f"),
|
||||||
|
+ },
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static int test_tlsprf(gnutls_mac_algorithm_t mac,
|
||||||
|
+ const struct tlsprf_vectors_st *vectors,
|
||||||
|
+ size_t vectors_size, unsigned flags)
|
||||||
|
+{
|
||||||
|
+ unsigned int i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < vectors_size; i++) {
|
||||||
|
+ char output[4096];
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ ret = _gnutls_prf_raw(mac,
|
||||||
|
+ vectors[i].key_size, vectors[i].key,
|
||||||
|
+ vectors[i].label_size, (const char *)vectors[i].label,
|
||||||
|
+ vectors[i].seed_size, vectors[i].seed,
|
||||||
|
+ vectors[i].output_size, output);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ _gnutls_debug_log("error calculating TLS-PRF: MAC-%s\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) {
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("TLS-PRF: MAC-%s test vector failed!\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ _gnutls_debug_log
|
||||||
|
+ ("TLS-PRF: MAC-%s self check succeeded\n",
|
||||||
|
+ gnutls_mac_get_name(mac));
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*-
|
||||||
|
+ * gnutls_tlsprf_self_test:
|
||||||
|
+ * @flags: GNUTLS_SELF_TEST_FLAG flags
|
||||||
|
+ * @mac: the message authentication algorithm to use
|
||||||
|
+ *
|
||||||
|
+ * This function will run self tests on TLS-PRF with the provided mac.
|
||||||
|
+ *
|
||||||
|
+ * Returns: Zero or a negative error code on error.
|
||||||
|
+ *
|
||||||
|
+ * Since: 3.3.0-FIPS140
|
||||||
|
+ -*/
|
||||||
|
+int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
|
||||||
|
+{
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ if (flags & GNUTLS_SELF_TEST_FLAG_ALL)
|
||||||
|
+ mac = GNUTLS_MAC_UNKNOWN;
|
||||||
|
+
|
||||||
|
+ switch (mac) {
|
||||||
|
+ case GNUTLS_MAC_UNKNOWN:
|
||||||
|
+ NON_FIPS_CASE(GNUTLS_MAC_MD5_SHA1, test_tlsprf, tls10prf_vectors);
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ CASE(GNUTLS_MAC_SHA256, test_tlsprf, tls12prf_sha256_vectors);
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ CASE(GNUTLS_MAC_SHA384, test_tlsprf, tls12prf_sha384_vectors);
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff --git a/lib/fips.c b/lib/fips.c
|
||||||
|
index 7cfab1049..30d396b2c 100644
|
||||||
|
--- a/lib/fips.c
|
||||||
|
+++ b/lib/fips.c
|
||||||
|
@@ -437,6 +437,13 @@ int _gnutls_fips_perform_self_checks2(void)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* TLS-PRF */
|
||||||
|
+ ret = gnutls_tlsprf_self_test(0, GNUTLS_MAC_SHA256);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (_gnutls_rnd_ops.self_test == NULL) {
|
||||||
|
gnutls_assert();
|
||||||
|
goto error;
|
||||||
|
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
|
||||||
|
index 958c0da8f..88b5a8dbf 100644
|
||||||
|
--- a/lib/includes/gnutls/self-test.h
|
||||||
|
+++ b/lib/includes/gnutls/self-test.h
|
||||||
|
@@ -36,5 +36,6 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
|
||||||
|
int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
|
||||||
|
int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
+int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
|
||||||
|
index f5537a386..643d400a1 100644
|
||||||
|
--- a/lib/libgnutls.map
|
||||||
|
+++ b/lib/libgnutls.map
|
||||||
|
@@ -1349,6 +1349,7 @@ GNUTLS_FIPS140_3_4 {
|
||||||
|
gnutls_digest_self_test;
|
||||||
|
gnutls_hkdf_self_test;
|
||||||
|
gnutls_pbkdf2_self_test;
|
||||||
|
+ gnutls_tlsprf_self_test;
|
||||||
|
#for FIPS140-2 validation
|
||||||
|
drbg_aes_reseed;
|
||||||
|
drbg_aes_init;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
||||||
|
|
||||||
|
From af3df0102fc377591a6de3112b034d4a492fc92c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 5 Oct 2020 17:59:46 +0200
|
||||||
|
Subject: [PATCH 4/4] fips: run CMAC self-tests
|
||||||
|
|
||||||
|
FIPS140-2 IG D.8 mandates self-tests on CMAC.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/fips.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/fips.c b/lib/fips.c
|
||||||
|
index 30d396b2c..51567953d 100644
|
||||||
|
--- a/lib/fips.c
|
||||||
|
+++ b/lib/fips.c
|
||||||
|
@@ -398,6 +398,12 @@ int _gnutls_fips_perform_self_checks2(void)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ ret = gnutls_mac_self_test(0, GNUTLS_MAC_AES_CMAC_256);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* PK */
|
||||||
|
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
|
||||||
|
if (ret < 0) {
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
247
SOURCES/gnutls-3.6.16-cpuid.patch
Normal file
247
SOURCES/gnutls-3.6.16-cpuid.patch
Normal file
@ -0,0 +1,247 @@
|
|||||||
|
From 300c6315d2e644ae81b43fa2dd7bbf68b3afb5b2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Thu, 18 Nov 2021 19:02:03 +0100
|
||||||
|
Subject: [PATCH 1/2] accelerated: fix CPU feature detection for Intel CPUs
|
||||||
|
|
||||||
|
This fixes read_cpuid_vals to correctly read the CPUID quadruple, as
|
||||||
|
well as to set the bit the ustream CRYPTOGAMS uses to identify Intel
|
||||||
|
CPUs.
|
||||||
|
|
||||||
|
Suggested by Rafael Gieschke in:
|
||||||
|
https://gitlab.com/gnutls/gnutls/-/issues/1282
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/accelerated/x86/x86-common.c | 91 +++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 71 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
|
||||||
|
index 3845c6b4c9..cf615ef24f 100644
|
||||||
|
--- a/lib/accelerated/x86/x86-common.c
|
||||||
|
+++ b/lib/accelerated/x86/x86-common.c
|
||||||
|
@@ -81,15 +81,38 @@ unsigned int _gnutls_x86_cpuid_s[4];
|
||||||
|
# define bit_AVX 0x10000000
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifndef OSXSAVE_MASK
|
||||||
|
-/* OSXSAVE|FMA|MOVBE */
|
||||||
|
-# define OSXSAVE_MASK (0x8000000|0x1000|0x400000)
|
||||||
|
+#ifndef bit_AVX2
|
||||||
|
+# define bit_AVX2 0x00000020
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef bit_AVX512F
|
||||||
|
+# define bit_AVX512F 0x00010000
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef bit_AVX512IFMA
|
||||||
|
+# define bit_AVX512IFMA 0x00200000
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef bit_AVX512BW
|
||||||
|
+# define bit_AVX512BW 0x40000000
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef bit_AVX512VL
|
||||||
|
+# define bit_AVX512VL 0x80000000
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef bit_OSXSAVE
|
||||||
|
+# define bit_OSXSAVE 0x8000000
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef bit_MOVBE
|
||||||
|
# define bit_MOVBE 0x00400000
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifndef OSXSAVE_MASK
|
||||||
|
+# define OSXSAVE_MASK (bit_OSXSAVE|bit_MOVBE)
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#define via_bit_PADLOCK (0x3 << 6)
|
||||||
|
#define via_bit_PADLOCK_PHE (0x3 << 10)
|
||||||
|
#define via_bit_PADLOCK_PHE_SHA512 (0x3 << 25)
|
||||||
|
@@ -127,7 +150,7 @@ static unsigned read_cpuid_vals(unsigned int vals[4])
|
||||||
|
unsigned t1, t2, t3;
|
||||||
|
vals[0] = vals[1] = vals[2] = vals[3] = 0;
|
||||||
|
|
||||||
|
- if (!__get_cpuid(1, &t1, &vals[0], &vals[1], &t2))
|
||||||
|
+ if (!__get_cpuid(1, &t1, &t2, &vals[1], &vals[0]))
|
||||||
|
return 0;
|
||||||
|
/* suppress AVX512; it works conditionally on certain CPUs on the original code */
|
||||||
|
vals[1] &= 0xfffff7ff;
|
||||||
|
@@ -145,7 +168,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx)
|
||||||
|
{
|
||||||
|
uint32_t xcr0;
|
||||||
|
|
||||||
|
- if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK)
|
||||||
|
+ if ((ecx & bit_OSXSAVE) != bit_OSXSAVE)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
#if defined(_MSC_VER) && !defined(__clang__)
|
||||||
|
@@ -233,10 +256,7 @@ static unsigned check_sha(void)
|
||||||
|
#ifdef ASM_X86_64
|
||||||
|
static unsigned check_avx_movbe(void)
|
||||||
|
{
|
||||||
|
- if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0)
|
||||||
|
- return 0;
|
||||||
|
-
|
||||||
|
- return ((_gnutls_x86_cpuid_s[1] & bit_AVX));
|
||||||
|
+ return (_gnutls_x86_cpuid_s[1] & bit_AVX);
|
||||||
|
}
|
||||||
|
|
||||||
|
static unsigned check_pclmul(void)
|
||||||
|
@@ -514,33 +534,47 @@ void register_x86_padlock_crypto(unsigned capabilities)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-static unsigned check_intel_or_amd(void)
|
||||||
|
+enum x86_cpu_vendor {
|
||||||
|
+ X86_CPU_VENDOR_OTHER,
|
||||||
|
+ X86_CPU_VENDOR_INTEL,
|
||||||
|
+ X86_CPU_VENDOR_AMD,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static enum x86_cpu_vendor check_x86_cpu_vendor(void)
|
||||||
|
{
|
||||||
|
unsigned int a, b, c, d;
|
||||||
|
|
||||||
|
- if (!__get_cpuid(0, &a, &b, &c, &d))
|
||||||
|
- return 0;
|
||||||
|
+ if (!__get_cpuid(0, &a, &b, &c, &d)) {
|
||||||
|
+ return X86_CPU_VENDOR_OTHER;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if ((memcmp(&b, "Genu", 4) == 0 &&
|
||||||
|
- memcmp(&d, "ineI", 4) == 0 &&
|
||||||
|
- memcmp(&c, "ntel", 4) == 0) ||
|
||||||
|
- (memcmp(&b, "Auth", 4) == 0 &&
|
||||||
|
- memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
|
||||||
|
- return 1;
|
||||||
|
+ if (memcmp(&b, "Genu", 4) == 0 &&
|
||||||
|
+ memcmp(&d, "ineI", 4) == 0 &&
|
||||||
|
+ memcmp(&c, "ntel", 4) == 0) {
|
||||||
|
+ return X86_CPU_VENDOR_INTEL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return 0;
|
||||||
|
+ if (memcmp(&b, "Auth", 4) == 0 &&
|
||||||
|
+ memcmp(&d, "enti", 4) == 0 &&
|
||||||
|
+ memcmp(&c, "cAMD", 4) == 0) {
|
||||||
|
+ return X86_CPU_VENDOR_AMD;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return X86_CPU_VENDOR_OTHER;
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
void register_x86_intel_crypto(unsigned capabilities)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
+ enum x86_cpu_vendor vendor;
|
||||||
|
|
||||||
|
memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
|
||||||
|
|
||||||
|
- if (check_intel_or_amd() == 0)
|
||||||
|
+ vendor = check_x86_cpu_vendor();
|
||||||
|
+ if (vendor == X86_CPU_VENDOR_OTHER) {
|
||||||
|
return;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (capabilities == 0) {
|
||||||
|
if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
|
||||||
|
@@ -549,6 +583,23 @@ void register_x86_intel_crypto(unsigned capabilities)
|
||||||
|
capabilities_to_intel_cpuid(capabilities);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* CRYPTOGAMS uses the (1 << 30) bit as an indicator of Intel CPUs */
|
||||||
|
+ if (vendor == X86_CPU_VENDOR_INTEL) {
|
||||||
|
+ _gnutls_x86_cpuid_s[0] |= 1 << 30;
|
||||||
|
+ } else {
|
||||||
|
+ _gnutls_x86_cpuid_s[0] &= ~(1 << 30);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
|
||||||
|
+ _gnutls_x86_cpuid_s[1] &= ~bit_AVX;
|
||||||
|
+
|
||||||
|
+ /* Clear AVX2 bits as well, according to what OpenSSL does.
|
||||||
|
+ * Should we clear bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, and
|
||||||
|
+ * bit_AVX512CD? */
|
||||||
|
+ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|bit_AVX512F|bit_AVX512IFMA|
|
||||||
|
+ bit_AVX512BW|bit_AVX512BW);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (check_ssse3()) {
|
||||||
|
_gnutls_debug_log("Intel SSSE3 was detected\n");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
|
||||||
|
From cd509dac9e6d1bf76fd12c72c1fd61f1708c254a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 15 Aug 2022 09:39:18 +0900
|
||||||
|
Subject: [PATCH 2/2] accelerated: clear AVX bits if it cannot be queried
|
||||||
|
through XSAVE
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
|
||||||
|
Architectures Software Developer’s Manual".
|
||||||
|
|
||||||
|
GnuTLS previously only followed that algorithm when registering the
|
||||||
|
crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
|
||||||
|
that the extension bits are propagated to _gnutls_x86_cpuid_s.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/accelerated/x86/x86-common.c | 18 ++++++++++++++++--
|
||||||
|
1 file changed, 16 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
|
||||||
|
index cf615ef24f..655d0c65f2 100644
|
||||||
|
--- a/lib/accelerated/x86/x86-common.c
|
||||||
|
+++ b/lib/accelerated/x86/x86-common.c
|
||||||
|
@@ -210,7 +210,8 @@ static void capabilities_to_intel_cpuid(unsigned capabilities)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (capabilities & INTEL_AVX) {
|
||||||
|
- if ((a[1] & bit_AVX) && check_4th_gen_intel_features(a[1])) {
|
||||||
|
+ if ((a[1] & bit_AVX) && (a[1] & bit_MOVBE) &&
|
||||||
|
+ check_4th_gen_intel_features(a[1])) {
|
||||||
|
_gnutls_x86_cpuid_s[1] |= bit_AVX|bit_MOVBE;
|
||||||
|
} else {
|
||||||
|
_gnutls_debug_log
|
||||||
|
@@ -256,7 +257,7 @@ static unsigned check_sha(void)
|
||||||
|
#ifdef ASM_X86_64
|
||||||
|
static unsigned check_avx_movbe(void)
|
||||||
|
{
|
||||||
|
- return (_gnutls_x86_cpuid_s[1] & bit_AVX);
|
||||||
|
+ return (_gnutls_x86_cpuid_s[1] & (bit_AVX|bit_MOVBE)) == (bit_AVX|bit_MOVBE);
|
||||||
|
}
|
||||||
|
|
||||||
|
static unsigned check_pclmul(void)
|
||||||
|
@@ -579,6 +580,19 @@ void register_x86_intel_crypto(unsigned capabilities)
|
||||||
|
if (capabilities == 0) {
|
||||||
|
if (!read_cpuid_vals(_gnutls_x86_cpuid_s))
|
||||||
|
return;
|
||||||
|
+ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
|
||||||
|
+ _gnutls_x86_cpuid_s[1] &= ~bit_AVX;
|
||||||
|
+
|
||||||
|
+ /* Clear AVX2 bits as well, according to what
|
||||||
|
+ * OpenSSL does. Should we clear
|
||||||
|
+ * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER,
|
||||||
|
+ * and bit_AVX512CD? */
|
||||||
|
+ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|
|
||||||
|
+ bit_AVX512F|
|
||||||
|
+ bit_AVX512IFMA|
|
||||||
|
+ bit_AVX512BW|
|
||||||
|
+ bit_AVX512BW);
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
capabilities_to_intel_cpuid(capabilities);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
474
SOURCES/gnutls-3.6.16-deterministic-ecdsa-fixes.patch
Normal file
474
SOURCES/gnutls-3.6.16-deterministic-ecdsa-fixes.patch
Normal file
@ -0,0 +1,474 @@
|
|||||||
|
From 0d39e4120bc5ece53c86c5802c546259b8ca286a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Fri, 12 Jan 2024 17:56:58 +0900
|
||||||
|
Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA
|
||||||
|
|
||||||
|
This removes function calls that potentially leak bit-length of a
|
||||||
|
private key used to calculate a nonce in deterministic ECDSA. Namely:
|
||||||
|
|
||||||
|
- _gnutls_dsa_compute_k has been rewritten to work on always
|
||||||
|
zero-padded mp_limb_t arrays instead of mpz_t
|
||||||
|
- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
|
||||||
|
by a byte array instead of an mpz_t value
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/nettle/int/dsa-compute-k.c | 84 +++++++++++++++++++------------
|
||||||
|
lib/nettle/int/dsa-compute-k.h | 31 +++++++++---
|
||||||
|
lib/nettle/int/ecdsa-compute-k.c | 71 +++++++++-----------------
|
||||||
|
lib/nettle/int/ecdsa-compute-k.h | 8 +--
|
||||||
|
lib/nettle/pk.c | 79 ++++++++++++++++++++---------
|
||||||
|
tests/sign-verify-deterministic.c | 2 +-
|
||||||
|
6 files changed, 158 insertions(+), 117 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
|
||||||
|
index 17d63318c4..ddeb6f6d1e 100644
|
||||||
|
--- a/lib/nettle/int/dsa-compute-k.c
|
||||||
|
+++ b/lib/nettle/int/dsa-compute-k.c
|
||||||
|
@@ -31,33 +31,37 @@
|
||||||
|
#include "mpn-base256.h"
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
|
||||||
|
-
|
||||||
|
-/* The maximum size of q, choosen from the fact that we support
|
||||||
|
- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
|
||||||
|
- * maximum. */
|
||||||
|
-#define MAX_Q_BITS 521
|
||||||
|
-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
|
||||||
|
-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
|
||||||
|
-
|
||||||
|
-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
|
||||||
|
-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
|
||||||
|
-
|
||||||
|
-int
|
||||||
|
-_gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
- const mpz_t q,
|
||||||
|
- const mpz_t x,
|
||||||
|
- gnutls_mac_algorithm_t mac,
|
||||||
|
- const uint8_t *digest,
|
||||||
|
- size_t length)
|
||||||
|
+/* For mini-gmp */
|
||||||
|
+#ifndef GMP_LIMB_BITS
|
||||||
|
+#define GMP_LIMB_BITS GMP_NUMB_BITS
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+static inline int is_zero_limb(mp_limb_t x)
|
||||||
|
+{
|
||||||
|
+ x |= (x << 1);
|
||||||
|
+ return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
|
||||||
|
+{
|
||||||
|
+ volatile mp_limb_t w;
|
||||||
|
+ mp_size_t i;
|
||||||
|
+
|
||||||
|
+ for (i = 0, w = 0; i < n; i++)
|
||||||
|
+ w |= ap[i];
|
||||||
|
+
|
||||||
|
+ return is_zero_limb(w);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
|
||||||
|
+ mp_size_t qn, mp_bitcnt_t q_bits,
|
||||||
|
+ gnutls_mac_algorithm_t mac, const uint8_t *digest,
|
||||||
|
+ size_t length)
|
||||||
|
{
|
||||||
|
uint8_t V[MAX_HASH_SIZE];
|
||||||
|
uint8_t K[MAX_HASH_SIZE];
|
||||||
|
uint8_t xp[MAX_Q_SIZE];
|
||||||
|
uint8_t tp[MAX_Q_SIZE];
|
||||||
|
- mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)];
|
||||||
|
- mp_bitcnt_t q_bits = mpz_sizeinbase (q, 2);
|
||||||
|
- mp_size_t qn = mpz_size(q);
|
||||||
|
mp_bitcnt_t h_bits = length * 8;
|
||||||
|
mp_size_t hn = BITS_TO_LIMBS(h_bits);
|
||||||
|
size_t nbytes = (q_bits + 7) / 8;
|
||||||
|
@@ -66,6 +70,7 @@ _gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
mp_limb_t cy;
|
||||||
|
gnutls_hmac_hd_t hd;
|
||||||
|
int ret = 0;
|
||||||
|
+ mp_limb_t scratch[MAX_Q_LIMBS];
|
||||||
|
|
||||||
|
if (unlikely(q_bits > MAX_Q_BITS))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
@@ -73,7 +78,7 @@ _gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
|
||||||
|
/* int2octets(x) */
|
||||||
|
- mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
|
||||||
|
+ mpn_get_base256(xp, nbytes, x, qn);
|
||||||
|
|
||||||
|
/* bits2octets(h) */
|
||||||
|
mpn_set_base256(h, hn, digest, length);
|
||||||
|
@@ -97,12 +102,12 @@ _gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
|
||||||
|
}
|
||||||
|
|
||||||
|
- cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
|
||||||
|
+ cy = mpn_sub_n(h, h, q, qn);
|
||||||
|
/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
|
||||||
|
#ifdef mpn_cnd_add_n
|
||||||
|
- mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
|
||||||
|
+ mpn_cnd_add_n(cy, h, h, q, qn);
|
||||||
|
#else
|
||||||
|
- mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
|
||||||
|
+ mpn_addmul_1(h, q, qn, cy != 0);
|
||||||
|
#endif
|
||||||
|
mpn_get_base256(tp, nbytes, h, qn);
|
||||||
|
|
||||||
|
@@ -178,12 +183,8 @@ _gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
if (tlen * 8 > q_bits)
|
||||||
|
mpn_rshift (h, h, qn, tlen * 8 - q_bits);
|
||||||
|
/* Check if k is in [1,q-1] */
|
||||||
|
- if (!mpn_zero_p (h, qn) &&
|
||||||
|
- mpn_cmp (h, mpz_limbs_read(q), qn) < 0) {
|
||||||
|
- mpn_copyi(mpz_limbs_write(k, qn), h, qn);
|
||||||
|
- mpz_limbs_finish(k, qn);
|
||||||
|
+ if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
|
||||||
|
break;
|
||||||
|
- }
|
||||||
|
|
||||||
|
ret = gnutls_hmac_init(&hd, mac, K, length);
|
||||||
|
if (ret < 0)
|
||||||
|
@@ -207,3 +208,24 @@ _gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/* cancel-out dsa_sign's addition of 1 to random data */
|
||||||
|
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
|
||||||
|
+ mp_size_t n)
|
||||||
|
+{
|
||||||
|
+ /* Fall back to sub_1, if nettle is linked with mini-gmp. */
|
||||||
|
+#ifdef mpn_sec_sub_1
|
||||||
|
+ mp_limb_t t[MAX_Q_LIMBS];
|
||||||
|
+
|
||||||
|
+ mpn_sec_sub_1(h, h, n, 1, t);
|
||||||
|
+#else
|
||||||
|
+ mpn_sub_1(h, h, n, 1);
|
||||||
|
+#endif
|
||||||
|
+ mpn_get_base256(k, nbytes, h, n);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
|
||||||
|
+ mp_size_t n)
|
||||||
|
+{
|
||||||
|
+ mpn_get_base256(k, nbytes, h, n);
|
||||||
|
+}
|
||||||
|
diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
|
||||||
|
index 64e90e0ca2..e88fce0a6d 100644
|
||||||
|
--- a/lib/nettle/int/dsa-compute-k.h
|
||||||
|
+++ b/lib/nettle/int/dsa-compute-k.h
|
||||||
|
@@ -26,12 +26,29 @@
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <nettle/bignum.h> /* includes gmp.h */
|
||||||
|
|
||||||
|
-int
|
||||||
|
-_gnutls_dsa_compute_k(mpz_t k,
|
||||||
|
- const mpz_t q,
|
||||||
|
- const mpz_t x,
|
||||||
|
- gnutls_mac_algorithm_t mac,
|
||||||
|
- const uint8_t *digest,
|
||||||
|
- size_t length);
|
||||||
|
+#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
|
||||||
|
+
|
||||||
|
+/* The maximum size of q, chosen from the fact that we support
|
||||||
|
+ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
|
||||||
|
+ * maximum. */
|
||||||
|
+#define MAX_Q_BITS 521
|
||||||
|
+#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
|
||||||
|
+#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
|
||||||
|
+
|
||||||
|
+#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
|
||||||
|
+#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
|
||||||
|
+
|
||||||
|
+#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
|
||||||
|
+
|
||||||
|
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
|
||||||
|
+ mp_size_t qn, mp_bitcnt_t q_bits,
|
||||||
|
+ gnutls_mac_algorithm_t mac, const uint8_t *digest,
|
||||||
|
+ size_t length);
|
||||||
|
+
|
||||||
|
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
|
||||||
|
+ mp_size_t n);
|
||||||
|
+
|
||||||
|
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
|
||||||
|
+ mp_size_t n);
|
||||||
|
|
||||||
|
#endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
|
||||||
|
diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
|
||||||
|
index 94914ebdfa..819302c1c7 100644
|
||||||
|
--- a/lib/nettle/int/ecdsa-compute-k.c
|
||||||
|
+++ b/lib/nettle/int/ecdsa-compute-k.c
|
||||||
|
@@ -29,67 +29,46 @@
|
||||||
|
#include "dsa-compute-k.h"
|
||||||
|
#include "gnutls_int.h"
|
||||||
|
|
||||||
|
-static inline int
|
||||||
|
-_gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
|
||||||
|
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)
|
||||||
|
{
|
||||||
|
switch (curve) {
|
||||||
|
#ifdef ENABLE_NON_SUITEB_CURVES
|
||||||
|
case GNUTLS_ECC_CURVE_SECP192R1:
|
||||||
|
- mpz_init_set_str(*q,
|
||||||
|
- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
|
||||||
|
- "146BC9B1B4D22831",
|
||||||
|
- 16);
|
||||||
|
+ mpz_set_str(q,
|
||||||
|
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
|
||||||
|
+ "146BC9B1B4D22831",
|
||||||
|
+ 16);
|
||||||
|
return 0;
|
||||||
|
case GNUTLS_ECC_CURVE_SECP224R1:
|
||||||
|
- mpz_init_set_str(*q,
|
||||||
|
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
|
||||||
|
- "E0B8F03E13DD29455C5C2A3D",
|
||||||
|
- 16);
|
||||||
|
+ mpz_set_str(q,
|
||||||
|
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
|
||||||
|
+ "E0B8F03E13DD29455C5C2A3D",
|
||||||
|
+ 16);
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
case GNUTLS_ECC_CURVE_SECP256R1:
|
||||||
|
- mpz_init_set_str(*q,
|
||||||
|
- "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
|
||||||
|
- "BCE6FAADA7179E84F3B9CAC2FC632551",
|
||||||
|
- 16);
|
||||||
|
+ mpz_set_str(q,
|
||||||
|
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
|
||||||
|
+ "BCE6FAADA7179E84F3B9CAC2FC632551",
|
||||||
|
+ 16);
|
||||||
|
return 0;
|
||||||
|
case GNUTLS_ECC_CURVE_SECP384R1:
|
||||||
|
- mpz_init_set_str(*q,
|
||||||
|
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||||
|
- "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
|
||||||
|
- "581A0DB248B0A77AECEC196ACCC52973",
|
||||||
|
- 16);
|
||||||
|
+ mpz_set_str(q,
|
||||||
|
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||||
|
+ "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
|
||||||
|
+ "581A0DB248B0A77AECEC196ACCC52973",
|
||||||
|
+ 16);
|
||||||
|
return 0;
|
||||||
|
case GNUTLS_ECC_CURVE_SECP521R1:
|
||||||
|
- mpz_init_set_str(*q,
|
||||||
|
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||||
|
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||||
|
- "FFA51868783BF2F966B7FCC0148F709A"
|
||||||
|
- "5D03BB5C9B8899C47AEBB6FB71E91386"
|
||||||
|
- "409",
|
||||||
|
- 16);
|
||||||
|
+ mpz_set_str(q,
|
||||||
|
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||||
|
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||||
|
+ "FFA51868783BF2F966B7FCC0148F709A"
|
||||||
|
+ "5D03BB5C9B8899C47AEBB6FB71E91386"
|
||||||
|
+ "409",
|
||||||
|
+ 16);
|
||||||
|
return 0;
|
||||||
|
default:
|
||||||
|
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-int
|
||||||
|
-_gnutls_ecdsa_compute_k (mpz_t k,
|
||||||
|
- gnutls_ecc_curve_t curve,
|
||||||
|
- const mpz_t x,
|
||||||
|
- gnutls_mac_algorithm_t mac,
|
||||||
|
- const uint8_t *digest,
|
||||||
|
- size_t length)
|
||||||
|
-{
|
||||||
|
- mpz_t q;
|
||||||
|
- int ret;
|
||||||
|
-
|
||||||
|
- ret = _gnutls_ecc_curve_to_dsa_q(&q, curve);
|
||||||
|
- if (ret < 0)
|
||||||
|
- return gnutls_assert_val(ret);
|
||||||
|
-
|
||||||
|
- ret = _gnutls_dsa_compute_k (k, q, x, mac, digest, length);
|
||||||
|
- mpz_clear(q);
|
||||||
|
- return ret;
|
||||||
|
-}
|
||||||
|
diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h
|
||||||
|
index 7ca401d6e4..a7e612bcab 100644
|
||||||
|
--- a/lib/nettle/int/ecdsa-compute-k.h
|
||||||
|
+++ b/lib/nettle/int/ecdsa-compute-k.h
|
||||||
|
@@ -26,12 +26,6 @@
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <nettle/bignum.h> /* includes gmp.h */
|
||||||
|
|
||||||
|
-int
|
||||||
|
-_gnutls_ecdsa_compute_k (mpz_t k,
|
||||||
|
- gnutls_ecc_curve_t curve,
|
||||||
|
- const mpz_t x,
|
||||||
|
- gnutls_mac_algorithm_t mac,
|
||||||
|
- const uint8_t *digest,
|
||||||
|
- size_t length);
|
||||||
|
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve);
|
||||||
|
|
||||||
|
#endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */
|
||||||
|
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
||||||
|
index 588e9df502..b19fe3804a 100644
|
||||||
|
--- a/lib/nettle/pk.c
|
||||||
|
+++ b/lib/nettle/pk.c
|
||||||
|
@@ -102,10 +102,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t * data)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void rnd_mpz_func(void *_ctx, size_t length, uint8_t * data)
|
||||||
|
+static void rnd_datum_func(void *ctx, size_t length, uint8_t *data)
|
||||||
|
{
|
||||||
|
- mpz_t *k = _ctx;
|
||||||
|
- nettle_mpz_get_str_256 (length, data, *k);
|
||||||
|
+ gnutls_datum_t *d = ctx;
|
||||||
|
+
|
||||||
|
+ if (length > d->size) {
|
||||||
|
+ memset(data, 0, length - d->size);
|
||||||
|
+ memcpy(data + (length - d->size), d->data, d->size);
|
||||||
|
+ } else {
|
||||||
|
+ memcpy(data, d->data, length);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t * data)
|
||||||
|
@@ -976,7 +982,10 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||||
|
struct dsa_signature sig;
|
||||||
|
int curve_id = pk_params->curve;
|
||||||
|
const struct ecc_curve *curve;
|
||||||
|
- mpz_t k;
|
||||||
|
+ mpz_t q;
|
||||||
|
+ /* 521-bit elliptic curve generator at maximum */
|
||||||
|
+ uint8_t buf[(521 + 7) / 8];
|
||||||
|
+ gnutls_datum_t k = { NULL, 0 };
|
||||||
|
void *random_ctx;
|
||||||
|
nettle_random_func *random_func;
|
||||||
|
|
||||||
|
@@ -1005,19 +1014,32 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||||
|
hash_len = vdata->size;
|
||||||
|
}
|
||||||
|
|
||||||
|
- mpz_init(k);
|
||||||
|
+ mpz_init(q);
|
||||||
|
+
|
||||||
|
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
|
||||||
|
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
|
||||||
|
- ret = _gnutls_ecdsa_compute_k(k,
|
||||||
|
- curve_id,
|
||||||
|
- pk_params->params[ECC_K],
|
||||||
|
- DIG_TO_MAC(sign_params->dsa_dig),
|
||||||
|
- vdata->data,
|
||||||
|
- vdata->size);
|
||||||
|
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
|
||||||
|
+
|
||||||
|
+ ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id);
|
||||||
|
if (ret < 0)
|
||||||
|
goto ecdsa_cleanup;
|
||||||
|
+
|
||||||
|
+ ret = _gnutls_dsa_compute_k(
|
||||||
|
+ h, mpz_limbs_read(q), priv.p,
|
||||||
|
+ ecc_size(priv.ecc), ecc_bit_size(priv.ecc),
|
||||||
|
+ DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
|
||||||
|
+ vdata->size);
|
||||||
|
+ if (ret < 0)
|
||||||
|
+ goto ecdsa_cleanup;
|
||||||
|
+
|
||||||
|
+ k.data = buf;
|
||||||
|
+ k.size = (ecc_bit_size(priv.ecc) + 7) / 8;
|
||||||
|
+
|
||||||
|
+ _gnutls_ecdsa_compute_k_finish(k.data, k.size, h,
|
||||||
|
+ ecc_size(priv.ecc));
|
||||||
|
+
|
||||||
|
random_ctx = &k;
|
||||||
|
- random_func = rnd_mpz_func;
|
||||||
|
+ random_func = rnd_datum_func;
|
||||||
|
} else {
|
||||||
|
random_ctx = NULL;
|
||||||
|
random_func = rnd_nonce_func;
|
||||||
|
@@ -1038,7 +1060,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||||
|
ecdsa_cleanup:
|
||||||
|
dsa_signature_clear(&sig);
|
||||||
|
ecc_scalar_zclear(&priv);
|
||||||
|
- mpz_clear(k);
|
||||||
|
+ mpz_clear(q);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
gnutls_assert();
|
||||||
|
@@ -1051,7 +1073,9 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||||
|
struct dsa_params pub;
|
||||||
|
bigint_t priv;
|
||||||
|
struct dsa_signature sig;
|
||||||
|
- mpz_t k;
|
||||||
|
+ /* 512-bit DSA subgroup at maximum */
|
||||||
|
+ uint8_t buf[(512 + 7) / 8];
|
||||||
|
+ gnutls_datum_t k = { NULL, 0 };
|
||||||
|
void *random_ctx;
|
||||||
|
nettle_random_func *random_func;
|
||||||
|
|
||||||
|
@@ -1074,21 +1098,27 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||||
|
hash_len = vdata->size;
|
||||||
|
}
|
||||||
|
|
||||||
|
- mpz_init(k);
|
||||||
|
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
|
||||||
|
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
|
||||||
|
- ret = _gnutls_dsa_compute_k(k,
|
||||||
|
- pub.q,
|
||||||
|
- TOMPZ(priv),
|
||||||
|
- DIG_TO_MAC(sign_params->dsa_dig),
|
||||||
|
- vdata->data,
|
||||||
|
- vdata->size);
|
||||||
|
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
|
||||||
|
+
|
||||||
|
+ ret = _gnutls_dsa_compute_k(
|
||||||
|
+ h, mpz_limbs_read(pub.q),
|
||||||
|
+ mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q),
|
||||||
|
+ mpz_sizeinbase(pub.q, 2),
|
||||||
|
+ DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
|
||||||
|
+ vdata->size);
|
||||||
|
if (ret < 0)
|
||||||
|
goto dsa_fail;
|
||||||
|
- /* cancel-out dsa_sign's addition of 1 to random data */
|
||||||
|
- mpz_sub_ui (k, k, 1);
|
||||||
|
+
|
||||||
|
+ k.data = buf;
|
||||||
|
+ k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8;
|
||||||
|
+
|
||||||
|
+ _gnutls_dsa_compute_k_finish(k.data, k.size, h,
|
||||||
|
+ mpz_size(pub.q));
|
||||||
|
+
|
||||||
|
random_ctx = &k;
|
||||||
|
- random_func = rnd_mpz_func;
|
||||||
|
+ random_func = rnd_datum_func;
|
||||||
|
} else {
|
||||||
|
random_ctx = NULL;
|
||||||
|
random_func = rnd_nonce_func;
|
||||||
|
@@ -1108,7 +1138,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
|
||||||
|
|
||||||
|
dsa_fail:
|
||||||
|
dsa_signature_clear(&sig);
|
||||||
|
- mpz_clear(k);
|
||||||
|
|
||||||
|
if (ret < 0) {
|
||||||
|
gnutls_assert();
|
||||||
|
diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c
|
||||||
|
index 6e907288ee..25aa553a59 100644
|
||||||
|
--- a/tests/sign-verify-deterministic.c
|
||||||
|
+++ b/tests/sign-verify-deterministic.c
|
||||||
|
@@ -197,7 +197,7 @@ void doit(void)
|
||||||
|
&signature);
|
||||||
|
if (ret < 0)
|
||||||
|
testfail("gnutls_pubkey_verify_data2\n");
|
||||||
|
- success(" - pass");
|
||||||
|
+ success(" - pass\n");
|
||||||
|
|
||||||
|
next:
|
||||||
|
gnutls_free(signature.data);
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
14
SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch
Normal file
14
SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
--- gnutls-3.7.2/doc/manpages/p11tool.1 2021-05-29 10:15:22.000000000 +0200
|
||||||
|
+++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1 2021-06-28 09:35:23.000000000 +0200
|
||||||
|
@@ -230,8 +230,9 @@
|
||||||
|
.NOP \f\*[B-Font]\-\-write\f[]
|
||||||
|
Writes the loaded objects to a PKCS #11 token.
|
||||||
|
.sp
|
||||||
|
-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with
|
||||||
|
- one of \--load-privkey, \--load-pubkey, \--load-certificate option.
|
||||||
|
+It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option.
|
||||||
|
+.sp
|
||||||
|
+When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand.
|
||||||
|
.TP
|
||||||
|
.NOP \f\*[B-Font]\-\-delete\f[]
|
||||||
|
Deletes the objects matching the given PKCS #11 URL.
|
266
SOURCES/gnutls-3.6.16-pkcs7-verify.patch
Normal file
266
SOURCES/gnutls-3.6.16-pkcs7-verify.patch
Normal file
@ -0,0 +1,266 @@
|
|||||||
|
From e5dc27d1a457d1b3abc0582cd133910dff0fc309 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zoltan Fridrich <zfridric@redhat.com>
|
||||||
|
Date: Fri, 22 Jul 2022 12:00:11 +0200
|
||||||
|
Subject: [PATCH] Fix double free during gnutls_pkcs7_verify
|
||||||
|
|
||||||
|
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
||||||
|
---
|
||||||
|
.gitignore | 1 +
|
||||||
|
lib/x509/pkcs7.c | 3 +-
|
||||||
|
tests/Makefile.am | 3 +-
|
||||||
|
tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++
|
||||||
|
4 files changed, 220 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/pkcs7-verify-double-free.c
|
||||||
|
|
||||||
|
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
|
||||||
|
index 0ff55ba04b..878f867862 100644
|
||||||
|
--- a/lib/x509/pkcs7.c
|
||||||
|
+++ b/lib/x509/pkcs7.c
|
||||||
|
@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
|
||||||
|
issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags);
|
||||||
|
|
||||||
|
if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) {
|
||||||
|
- if (prev) gnutls_x509_crt_deinit(prev);
|
||||||
|
+ if (prev && prev != signer)
|
||||||
|
+ gnutls_x509_crt_deinit(prev);
|
||||||
|
prev = issuer;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index b04cb081b4..0563d3c754 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -220,7 +220,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
|
||||||
|
sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \
|
||||||
|
tls13-without-timeout-func buffer status-request-revoked \
|
||||||
|
set_x509_ocsp_multi_cli kdf-api keylog-func \
|
||||||
|
- dtls_hello_random_value tls_hello_random_value x509cert-dntypes
|
||||||
|
+ dtls_hello_random_value tls_hello_random_value x509cert-dntypes \
|
||||||
|
+ pkcs7-verify-double-free
|
||||||
|
|
||||||
|
if HAVE_SECCOMP_TESTS
|
||||||
|
ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
|
||||||
|
diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..fadf307829
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/pkcs7-verify-double-free.c
|
||||||
|
@@ -0,0 +1,215 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2022 Red Hat, Inc.
|
||||||
|
+ *
|
||||||
|
+ * Author: Zoltan Fridrich
|
||||||
|
+ *
|
||||||
|
+ * This file is part of GnuTLS.
|
||||||
|
+ *
|
||||||
|
+ * GnuTLS is free software: you can redistribute it and/or modify it
|
||||||
|
+ * under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation, either version 3 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * GnuTLS is distributed in the hope that it will be useful, but
|
||||||
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License
|
||||||
|
+ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_CONFIG_H
|
||||||
|
+#include <config.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <gnutls/pkcs7.h>
|
||||||
|
+#include <gnutls/x509.h>
|
||||||
|
+
|
||||||
|
+#include "utils.h"
|
||||||
|
+
|
||||||
|
+static char rca_pem[] =
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
|
||||||
|
+ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n"
|
||||||
|
+ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n"
|
||||||
|
+ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n"
|
||||||
|
+ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n"
|
||||||
|
+ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n"
|
||||||
|
+ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n"
|
||||||
|
+ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n"
|
||||||
|
+ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n"
|
||||||
|
+ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n"
|
||||||
|
+ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n"
|
||||||
|
+ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n"
|
||||||
|
+ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n"
|
||||||
|
+ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n"
|
||||||
|
+ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n"
|
||||||
|
+ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n"
|
||||||
|
+ "LirBWjg89RoAjFQ7bTE=\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n";
|
||||||
|
+
|
||||||
|
+static char ca_pem[] =
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
|
||||||
|
+ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n"
|
||||||
|
+ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n"
|
||||||
|
+ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n"
|
||||||
|
+ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n"
|
||||||
|
+ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n"
|
||||||
|
+ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n"
|
||||||
|
+ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n"
|
||||||
|
+ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n"
|
||||||
|
+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n"
|
||||||
|
+ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n"
|
||||||
|
+ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n"
|
||||||
|
+ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n"
|
||||||
|
+ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n"
|
||||||
|
+ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n"
|
||||||
|
+ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n"
|
||||||
|
+ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n";
|
||||||
|
+
|
||||||
|
+static char ee_pem[] =
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n"
|
||||||
|
+ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n"
|
||||||
|
+ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n"
|
||||||
|
+ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n"
|
||||||
|
+ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n"
|
||||||
|
+ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n"
|
||||||
|
+ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n"
|
||||||
|
+ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n"
|
||||||
|
+ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n"
|
||||||
|
+ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n"
|
||||||
|
+ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n"
|
||||||
|
+ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n"
|
||||||
|
+ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n"
|
||||||
|
+ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n"
|
||||||
|
+ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n"
|
||||||
|
+ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n"
|
||||||
|
+ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n";
|
||||||
|
+
|
||||||
|
+static char msg_pem[] =
|
||||||
|
+ "-----BEGIN PKCS7-----\n"
|
||||||
|
+ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n"
|
||||||
|
+ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n"
|
||||||
|
+ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n"
|
||||||
|
+ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n"
|
||||||
|
+ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n"
|
||||||
|
+ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n"
|
||||||
|
+ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n"
|
||||||
|
+ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n"
|
||||||
|
+ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n"
|
||||||
|
+ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n"
|
||||||
|
+ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n"
|
||||||
|
+ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n"
|
||||||
|
+ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n"
|
||||||
|
+ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n"
|
||||||
|
+ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n"
|
||||||
|
+ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n"
|
||||||
|
+ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n"
|
||||||
|
+ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n"
|
||||||
|
+ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n"
|
||||||
|
+ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n"
|
||||||
|
+ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n"
|
||||||
|
+ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n"
|
||||||
|
+ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n"
|
||||||
|
+ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n"
|
||||||
|
+ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n"
|
||||||
|
+ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n"
|
||||||
|
+ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n"
|
||||||
|
+ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n"
|
||||||
|
+ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n"
|
||||||
|
+ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n"
|
||||||
|
+ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n"
|
||||||
|
+ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n"
|
||||||
|
+ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n"
|
||||||
|
+ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n"
|
||||||
|
+ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n"
|
||||||
|
+ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n"
|
||||||
|
+ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n"
|
||||||
|
+ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n"
|
||||||
|
+ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n"
|
||||||
|
+ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n"
|
||||||
|
+ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n"
|
||||||
|
+ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n"
|
||||||
|
+ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n"
|
||||||
|
+ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n"
|
||||||
|
+ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n"
|
||||||
|
+ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n"
|
||||||
|
+ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n"
|
||||||
|
+ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n"
|
||||||
|
+ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n"
|
||||||
|
+ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n"
|
||||||
|
+ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n"
|
||||||
|
+ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n"
|
||||||
|
+ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n"
|
||||||
|
+ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n"
|
||||||
|
+ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n"
|
||||||
|
+ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n"
|
||||||
|
+ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n"
|
||||||
|
+ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n"
|
||||||
|
+ "-----END PKCS7-----\n";
|
||||||
|
+
|
||||||
|
+const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 };
|
||||||
|
+const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 };
|
||||||
|
+const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 };
|
||||||
|
+const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 };
|
||||||
|
+
|
||||||
|
+static void tls_log_func(int level, const char *str)
|
||||||
|
+{
|
||||||
|
+ fprintf(stderr, "%s |<%d>| %s", "err", level, str);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define CHECK(X)\
|
||||||
|
+{\
|
||||||
|
+ r = X;\
|
||||||
|
+ if (r < 0)\
|
||||||
|
+ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\
|
||||||
|
+}\
|
||||||
|
+
|
||||||
|
+void doit(void)
|
||||||
|
+{
|
||||||
|
+ int r;
|
||||||
|
+ gnutls_x509_crt_t rca_cert = NULL;
|
||||||
|
+ gnutls_x509_crt_t ca_cert = NULL;
|
||||||
|
+ gnutls_x509_crt_t ee_cert = NULL;
|
||||||
|
+ gnutls_x509_trust_list_t tlist = NULL;
|
||||||
|
+ gnutls_pkcs7_t pkcs7 = NULL;
|
||||||
|
+ gnutls_datum_t data = { (unsigned char *)"xxx", 3 };
|
||||||
|
+
|
||||||
|
+ if (debug) {
|
||||||
|
+ gnutls_global_set_log_function(tls_log_func);
|
||||||
|
+ gnutls_global_set_log_level(4711);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Import certificates
|
||||||
|
+ CHECK(gnutls_x509_crt_init(&rca_cert));
|
||||||
|
+ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM));
|
||||||
|
+ CHECK(gnutls_x509_crt_init(&ca_cert));
|
||||||
|
+ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM));
|
||||||
|
+ CHECK(gnutls_x509_crt_init(&ee_cert));
|
||||||
|
+ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM));
|
||||||
|
+
|
||||||
|
+ // Setup trust store
|
||||||
|
+ CHECK(gnutls_x509_trust_list_init(&tlist, 0));
|
||||||
|
+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0));
|
||||||
|
+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0));
|
||||||
|
+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0));
|
||||||
|
+
|
||||||
|
+ // Setup pkcs7 structure
|
||||||
|
+ CHECK(gnutls_pkcs7_init(&pkcs7));
|
||||||
|
+ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM));
|
||||||
|
+
|
||||||
|
+ // Signature verification
|
||||||
|
+ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0);
|
||||||
|
+
|
||||||
|
+ gnutls_x509_crt_deinit(rca_cert);
|
||||||
|
+ gnutls_x509_crt_deinit(ca_cert);
|
||||||
|
+ gnutls_x509_crt_deinit(ee_cert);
|
||||||
|
+ gnutls_x509_trust_list_deinit(tlist, 0);
|
||||||
|
+ gnutls_pkcs7_deinit(pkcs7);
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.37.2
|
||||||
|
|
242
SOURCES/gnutls-3.6.16-rehandshake-tickets.patch
Normal file
242
SOURCES/gnutls-3.6.16-rehandshake-tickets.patch
Normal file
@ -0,0 +1,242 @@
|
|||||||
|
From 9b50d94bf1c8e749d7dfc593c89e689a161444ae Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Mon, 26 Jun 2023 09:30:03 +0200
|
||||||
|
Subject: [PATCH] gnutls-3.6.16-rehandshake-tickets.patch
|
||||||
|
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
lib/ext/session_ticket.c | 6 ++
|
||||||
|
lib/ext/session_ticket.h | 1 +
|
||||||
|
lib/libgnutls.map | 2 +
|
||||||
|
lib/state.c | 1 +
|
||||||
|
tests/Makefile.am | 3 +-
|
||||||
|
tests/tls12-rehandshake-ticket.c | 152 +++++++++++++++++++++++++++++++
|
||||||
|
6 files changed, 164 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 tests/tls12-rehandshake-ticket.c
|
||||||
|
|
||||||
|
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
|
||||||
|
index 8f22462..8d83a6c 100644
|
||||||
|
--- a/lib/ext/session_ticket.c
|
||||||
|
+++ b/lib/ext/session_ticket.c
|
||||||
|
@@ -618,6 +618,12 @@ gnutls_session_ticket_enable_server(gnutls_session_t session,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+void
|
||||||
|
+_gnutls_session_ticket_disable_server(gnutls_session_t session)
|
||||||
|
+{
|
||||||
|
+ session->internals.flags |= GNUTLS_NO_TICKETS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Return zero if session tickets haven't been enabled.
|
||||||
|
*/
|
||||||
|
diff --git a/lib/ext/session_ticket.h b/lib/ext/session_ticket.h
|
||||||
|
index da804ec..660c9d3 100644
|
||||||
|
--- a/lib/ext/session_ticket.h
|
||||||
|
+++ b/lib/ext/session_ticket.h
|
||||||
|
@@ -36,5 +36,6 @@ int _gnutls_encrypt_session_ticket(gnutls_session_t session,
|
||||||
|
int _gnutls_decrypt_session_ticket(gnutls_session_t session,
|
||||||
|
const gnutls_datum_t *ticket_data,
|
||||||
|
gnutls_datum_t *state);
|
||||||
|
+void _gnutls_session_ticket_disable_server(gnutls_session_t session);
|
||||||
|
|
||||||
|
#endif /* GNUTLS_LIB_EXT_SESSION_TICKET_H */
|
||||||
|
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
|
||||||
|
index d2f7c0a..6748b3a 100644
|
||||||
|
--- a/lib/libgnutls.map
|
||||||
|
+++ b/lib/libgnutls.map
|
||||||
|
@@ -1432,4 +1432,6 @@ GNUTLS_PRIVATE_3_4 {
|
||||||
|
_gnutls_buffer_unescape;
|
||||||
|
_gnutls_buffer_pop_datum;
|
||||||
|
_gnutls_buffer_clear;
|
||||||
|
+ # needed by tests/tls12-rehandshake-cert-ticket
|
||||||
|
+ _gnutls_session_ticket_disable_server;
|
||||||
|
} GNUTLS_3_4;
|
||||||
|
diff --git a/lib/state.c b/lib/state.c
|
||||||
|
index 817a7b8..f1e9daa 100644
|
||||||
|
--- a/lib/state.c
|
||||||
|
+++ b/lib/state.c
|
||||||
|
@@ -452,6 +452,7 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
|
||||||
|
session->internals.tfo.connect_addrlen = 0;
|
||||||
|
session->internals.tfo.connect_only = 0;
|
||||||
|
session->internals.early_data_received = 0;
|
||||||
|
+ session->internals.session_ticket_renew = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 0563d3c..7c5f5c4 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -221,7 +221,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
|
||||||
|
tls13-without-timeout-func buffer status-request-revoked \
|
||||||
|
set_x509_ocsp_multi_cli kdf-api keylog-func \
|
||||||
|
dtls_hello_random_value tls_hello_random_value x509cert-dntypes \
|
||||||
|
- pkcs7-verify-double-free
|
||||||
|
+ pkcs7-verify-double-free \
|
||||||
|
+ tls12-rehandshake-ticket
|
||||||
|
|
||||||
|
if HAVE_SECCOMP_TESTS
|
||||||
|
ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
|
||||||
|
diff --git a/tests/tls12-rehandshake-ticket.c b/tests/tls12-rehandshake-ticket.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..f96e46e
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/tls12-rehandshake-ticket.c
|
||||||
|
@@ -0,0 +1,152 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2022 Red Hat, Inc.
|
||||||
|
+ *
|
||||||
|
+ * Author: Daiki Ueno
|
||||||
|
+ *
|
||||||
|
+ * This file is part of GnuTLS.
|
||||||
|
+ *
|
||||||
|
+ * GnuTLS is free software; you can redistribute it and/or modify it
|
||||||
|
+ * under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 3 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * GnuTLS is distributed in the hope that it will be useful, but
|
||||||
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU Lesser General Public License
|
||||||
|
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_CONFIG_H
|
||||||
|
+#include <config.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <assert.h>
|
||||||
|
+#include "cert-common.h"
|
||||||
|
+
|
||||||
|
+#include "utils.h"
|
||||||
|
+#include "eagain-common.h"
|
||||||
|
+
|
||||||
|
+const char *side = "";
|
||||||
|
+
|
||||||
|
+static void tls_log_func(int level, const char *str)
|
||||||
|
+{
|
||||||
|
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define MAX_BUF 1024
|
||||||
|
+
|
||||||
|
+void _gnutls_session_ticket_disable_server(gnutls_session_t session);
|
||||||
|
+
|
||||||
|
+static void run(void)
|
||||||
|
+{
|
||||||
|
+ char buffer[MAX_BUF + 1];
|
||||||
|
+ /* Server stuff. */
|
||||||
|
+ gnutls_certificate_credentials_t scred;
|
||||||
|
+ gnutls_session_t server;
|
||||||
|
+ gnutls_datum_t session_ticket_key = { NULL, 0 };
|
||||||
|
+ int sret;
|
||||||
|
+ /* Client stuff. */
|
||||||
|
+ gnutls_certificate_credentials_t ccred;
|
||||||
|
+ gnutls_session_t client;
|
||||||
|
+ int cret;
|
||||||
|
+
|
||||||
|
+ /* General init. */
|
||||||
|
+ global_init();
|
||||||
|
+ gnutls_global_set_log_function(tls_log_func);
|
||||||
|
+ if (debug)
|
||||||
|
+ gnutls_global_set_log_level(9);
|
||||||
|
+
|
||||||
|
+ /* Init server */
|
||||||
|
+ assert(gnutls_certificate_allocate_credentials(&scred) >= 0);
|
||||||
|
+ assert(gnutls_certificate_set_x509_key_mem(scred,
|
||||||
|
+ &server_ca3_localhost_cert,
|
||||||
|
+ &server_ca3_key,
|
||||||
|
+ GNUTLS_X509_FMT_PEM) >= 0);
|
||||||
|
+ assert(gnutls_certificate_set_x509_trust_mem(scred,
|
||||||
|
+ &ca3_cert,
|
||||||
|
+ GNUTLS_X509_FMT_PEM) >= 0);
|
||||||
|
+
|
||||||
|
+ assert(gnutls_init(&server, GNUTLS_SERVER) >= 0);
|
||||||
|
+ gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
|
||||||
|
+ assert(gnutls_priority_set_direct(server,
|
||||||
|
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2",
|
||||||
|
+ NULL) >= 0);
|
||||||
|
+
|
||||||
|
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred);
|
||||||
|
+ gnutls_transport_set_push_function(server, server_push);
|
||||||
|
+ gnutls_transport_set_pull_function(server, server_pull);
|
||||||
|
+ gnutls_transport_set_ptr(server, server);
|
||||||
|
+
|
||||||
|
+ gnutls_session_ticket_key_generate(&session_ticket_key);
|
||||||
|
+ gnutls_session_ticket_enable_server(server, &session_ticket_key);
|
||||||
|
+
|
||||||
|
+ /* Init client */
|
||||||
|
+ assert(gnutls_certificate_allocate_credentials(&ccred) >= 0);
|
||||||
|
+ assert(gnutls_certificate_set_x509_key_mem
|
||||||
|
+ (ccred, &cli_ca3_cert_chain, &cli_ca3_key, GNUTLS_X509_FMT_PEM) >= 0);
|
||||||
|
+ assert(gnutls_certificate_set_x509_trust_mem
|
||||||
|
+ (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0);
|
||||||
|
+
|
||||||
|
+ gnutls_init(&client, GNUTLS_CLIENT);
|
||||||
|
+ assert(gnutls_priority_set_direct(client,
|
||||||
|
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2",
|
||||||
|
+ NULL) >= 0);
|
||||||
|
+
|
||||||
|
+ assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred) >= 0);
|
||||||
|
+
|
||||||
|
+ gnutls_transport_set_push_function(client, client_push);
|
||||||
|
+ gnutls_transport_set_pull_function(client, client_pull);
|
||||||
|
+ gnutls_transport_set_ptr(client, client);
|
||||||
|
+
|
||||||
|
+ HANDSHAKE(client, server);
|
||||||
|
+
|
||||||
|
+ /* Server initiates rehandshake */
|
||||||
|
+ switch_side("server");
|
||||||
|
+ sret = gnutls_rehandshake(server);
|
||||||
|
+ if (sret < 0) {
|
||||||
|
+ fail("Error sending %d byte packet: %s\n",
|
||||||
|
+ (int)sizeof(buffer), gnutls_strerror(sret));
|
||||||
|
+ } else if (debug)
|
||||||
|
+ success("server: starting rehandshake\n");
|
||||||
|
+
|
||||||
|
+ /* Stop sending session ticket */
|
||||||
|
+ _gnutls_session_ticket_disable_server(server);
|
||||||
|
+
|
||||||
|
+ /* Client gets notified with rehandshake */
|
||||||
|
+ switch_side("client");
|
||||||
|
+ do {
|
||||||
|
+ do {
|
||||||
|
+ cret = gnutls_record_recv(client, buffer, MAX_BUF);
|
||||||
|
+ } while (cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_INTERRUPTED);
|
||||||
|
+ } while (cret > 0);
|
||||||
|
+
|
||||||
|
+ if (cret != GNUTLS_E_REHANDSHAKE) {
|
||||||
|
+ fail("client: Error receiving rehandshake: %s\n",
|
||||||
|
+ gnutls_strerror(cret));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ HANDSHAKE(client, server);
|
||||||
|
+
|
||||||
|
+ gnutls_bye(client, GNUTLS_SHUT_WR);
|
||||||
|
+ gnutls_bye(server, GNUTLS_SHUT_WR);
|
||||||
|
+
|
||||||
|
+ gnutls_deinit(client);
|
||||||
|
+ gnutls_deinit(server);
|
||||||
|
+
|
||||||
|
+ gnutls_certificate_free_credentials(scred);
|
||||||
|
+ gnutls_certificate_free_credentials(ccred);
|
||||||
|
+
|
||||||
|
+ gnutls_free(session_ticket_key.data);
|
||||||
|
+
|
||||||
|
+ gnutls_global_deinit();
|
||||||
|
+ reset_buffers();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void doit(void)
|
||||||
|
+{
|
||||||
|
+ run();
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
121
SOURCES/gnutls-3.6.16-rsa-psk-timing-followup.patch
Normal file
121
SOURCES/gnutls-3.6.16-rsa-psk-timing-followup.patch
Normal file
@ -0,0 +1,121 @@
|
|||||||
|
From fe912c5dba49dcecbd5c32bf8184e60a949af452 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Wed, 10 Jan 2024 19:13:17 +0900
|
||||||
|
Subject: [PATCH] rsa-psk: minimize branching after decryption
|
||||||
|
|
||||||
|
This moves any non-trivial code between gnutls_privkey_decrypt_data2
|
||||||
|
and the function return in _gnutls_proc_rsa_psk_client_kx up until the
|
||||||
|
decryption. This also avoids an extra memcpy to session->key.key.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/auth/rsa_psk.c | 68 ++++++++++++++++++++++++----------------------
|
||||||
|
1 file changed, 35 insertions(+), 33 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
|
||||||
|
index 93c2dc9998..8f3fe5a4bd 100644
|
||||||
|
--- a/lib/auth/rsa_psk.c
|
||||||
|
+++ b/lib/auth/rsa_psk.c
|
||||||
|
@@ -269,7 +269,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
int ret, dsize;
|
||||||
|
ssize_t data_size = _data_size;
|
||||||
|
gnutls_psk_server_credentials_t cred;
|
||||||
|
- gnutls_datum_t premaster_secret = { NULL, 0 };
|
||||||
|
volatile uint8_t ver_maj, ver_min;
|
||||||
|
|
||||||
|
cred = (gnutls_psk_server_credentials_t)
|
||||||
|
@@ -329,24 +328,48 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
ver_maj = _gnutls_get_adv_version_major(session);
|
||||||
|
ver_min = _gnutls_get_adv_version_minor(session);
|
||||||
|
|
||||||
|
- premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
|
||||||
|
- if (premaster_secret.data == NULL) {
|
||||||
|
+ /* Find the key of this username. A random value will be
|
||||||
|
+ * filled in if the key is not found.
|
||||||
|
+ */
|
||||||
|
+ ret =
|
||||||
|
+ _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
|
||||||
|
+ if (ret < 0)
|
||||||
|
+ return gnutls_assert_val(ret);
|
||||||
|
+
|
||||||
|
+ /* Allocate memory for premaster secret, and fill in the
|
||||||
|
+ * fields except the decryption result.
|
||||||
|
+ */
|
||||||
|
+ session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size;
|
||||||
|
+ session->key.key.data = gnutls_malloc(session->key.key.size);
|
||||||
|
+ if (session->key.key.data == NULL) {
|
||||||
|
gnutls_assert();
|
||||||
|
+ _gnutls_free_key_datum(&pwd_psk);
|
||||||
|
+ /* No need to zeroize, as the secret is not copied in yet */
|
||||||
|
+ _gnutls_free_datum(&session->key.key);
|
||||||
|
return GNUTLS_E_MEMORY_ERROR;
|
||||||
|
}
|
||||||
|
- premaster_secret.size = GNUTLS_MASTER_SIZE;
|
||||||
|
|
||||||
|
/* Fallback value when decryption fails. Needs to be unpredictable. */
|
||||||
|
- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
|
||||||
|
- premaster_secret.size);
|
||||||
|
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2,
|
||||||
|
+ GNUTLS_MASTER_SIZE);
|
||||||
|
if (ret < 0) {
|
||||||
|
gnutls_assert();
|
||||||
|
- goto cleanup;
|
||||||
|
+ _gnutls_free_key_datum(&pwd_psk);
|
||||||
|
+ /* No need to zeroize, as the secret is not copied in yet */
|
||||||
|
+ _gnutls_free_datum(&session->key.key);
|
||||||
|
+ return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ _gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data);
|
||||||
|
+ _gnutls_write_uint16(pwd_psk.size,
|
||||||
|
+ &session->key.key.data[2 + GNUTLS_MASTER_SIZE]);
|
||||||
|
+ memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2],
|
||||||
|
+ pwd_psk.data, pwd_psk.size);
|
||||||
|
+ _gnutls_free_key_datum(&pwd_psk);
|
||||||
|
+
|
||||||
|
gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
|
||||||
|
- &ciphertext, premaster_secret.data,
|
||||||
|
- premaster_secret.size);
|
||||||
|
+ &ciphertext, session->key.key.data + 2,
|
||||||
|
+ GNUTLS_MASTER_SIZE);
|
||||||
|
/* After this point, any conditional on failure that cause differences
|
||||||
|
* in execution may create a timing or cache access pattern side
|
||||||
|
* channel that can be used as an oracle, so tread carefully */
|
||||||
|
@@ -365,31 +388,10 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
/* This is here to avoid the version check attack
|
||||||
|
* discussed above.
|
||||||
|
*/
|
||||||
|
- premaster_secret.data[0] = ver_maj;
|
||||||
|
- premaster_secret.data[1] = ver_min;
|
||||||
|
-
|
||||||
|
- /* find the key of this username
|
||||||
|
- */
|
||||||
|
- ret =
|
||||||
|
- _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
|
||||||
|
- if (ret < 0) {
|
||||||
|
- gnutls_assert();
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- ret =
|
||||||
|
- set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
|
||||||
|
- if (ret < 0) {
|
||||||
|
- gnutls_assert();
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
+ session->key.key.data[2] = ver_maj;
|
||||||
|
+ session->key.key.data[3] = ver_min;
|
||||||
|
|
||||||
|
- ret = 0;
|
||||||
|
- cleanup:
|
||||||
|
- _gnutls_free_key_datum(&pwd_psk);
|
||||||
|
- _gnutls_free_temp_key_datum(&premaster_secret);
|
||||||
|
-
|
||||||
|
- return ret;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
202
SOURCES/gnutls-3.6.16-rsa-psk-timing.patch
Normal file
202
SOURCES/gnutls-3.6.16-rsa-psk-timing.patch
Normal file
@ -0,0 +1,202 @@
|
|||||||
|
From e007a54432c98618bde500649817d153225abf6b Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Thu, 7 Dec 2023 11:52:08 +0900
|
||||||
|
Subject: [PATCH] gnutls-3.6.16-rsa-psk-timing.patch
|
||||||
|
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
lib/auth/rsa.c | 2 +-
|
||||||
|
lib/auth/rsa_psk.c | 93 +++++++++++++++++-----------------------------
|
||||||
|
lib/gnutls_int.h | 4 --
|
||||||
|
lib/priority.c | 1 -
|
||||||
|
4 files changed, 35 insertions(+), 65 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
|
||||||
|
index 858701f..02b6a34 100644
|
||||||
|
--- a/lib/auth/rsa.c
|
||||||
|
+++ b/lib/auth/rsa.c
|
||||||
|
@@ -207,7 +207,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
session->key.key.size);
|
||||||
|
/* After this point, any conditional on failure that cause differences
|
||||||
|
* in execution may create a timing or cache access pattern side
|
||||||
|
- * channel that can be used as an oracle, so treat very carefully */
|
||||||
|
+ * channel that can be used as an oracle, so tread carefully */
|
||||||
|
|
||||||
|
/* Error handling logic:
|
||||||
|
* In case decryption fails then don't inform the peer. Just use the
|
||||||
|
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
|
||||||
|
index 1a9dab5..93c2dc9 100644
|
||||||
|
--- a/lib/auth/rsa_psk.c
|
||||||
|
+++ b/lib/auth/rsa_psk.c
|
||||||
|
@@ -264,14 +264,13 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
{
|
||||||
|
gnutls_datum_t username;
|
||||||
|
psk_auth_info_t info;
|
||||||
|
- gnutls_datum_t plaintext;
|
||||||
|
gnutls_datum_t ciphertext;
|
||||||
|
gnutls_datum_t pwd_psk = { NULL, 0 };
|
||||||
|
int ret, dsize;
|
||||||
|
- int randomize_key = 0;
|
||||||
|
ssize_t data_size = _data_size;
|
||||||
|
gnutls_psk_server_credentials_t cred;
|
||||||
|
gnutls_datum_t premaster_secret = { NULL, 0 };
|
||||||
|
+ volatile uint8_t ver_maj, ver_min;
|
||||||
|
|
||||||
|
cred = (gnutls_psk_server_credentials_t)
|
||||||
|
_gnutls_get_cred(session, GNUTLS_CRD_PSK);
|
||||||
|
@@ -327,71 +326,47 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
}
|
||||||
|
ciphertext.size = dsize;
|
||||||
|
|
||||||
|
- ret =
|
||||||
|
- gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
|
||||||
|
- &ciphertext, &plaintext);
|
||||||
|
- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
|
||||||
|
- /* In case decryption fails then don't inform
|
||||||
|
- * the peer. Just use a random key. (in order to avoid
|
||||||
|
- * attack against pkcs-1 formatting).
|
||||||
|
- */
|
||||||
|
+ ver_maj = _gnutls_get_adv_version_major(session);
|
||||||
|
+ ver_min = _gnutls_get_adv_version_minor(session);
|
||||||
|
+
|
||||||
|
+ premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
|
||||||
|
+ if (premaster_secret.data == NULL) {
|
||||||
|
gnutls_assert();
|
||||||
|
- _gnutls_debug_log
|
||||||
|
- ("auth_rsa_psk: Possible PKCS #1 format attack\n");
|
||||||
|
- if (ret >= 0) {
|
||||||
|
- gnutls_free(plaintext.data);
|
||||||
|
- }
|
||||||
|
- randomize_key = 1;
|
||||||
|
- } else {
|
||||||
|
- /* If the secret was properly formatted, then
|
||||||
|
- * check the version number.
|
||||||
|
- */
|
||||||
|
- if (_gnutls_get_adv_version_major(session) !=
|
||||||
|
- plaintext.data[0]
|
||||||
|
- || (session->internals.allow_wrong_pms == 0
|
||||||
|
- && _gnutls_get_adv_version_minor(session) !=
|
||||||
|
- plaintext.data[1])) {
|
||||||
|
- /* No error is returned here, if the version number check
|
||||||
|
- * fails. We proceed normally.
|
||||||
|
- * That is to defend against the attack described in the paper
|
||||||
|
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
|
||||||
|
- * Ondej Pokorny and Tomas Rosa.
|
||||||
|
- */
|
||||||
|
- gnutls_assert();
|
||||||
|
- _gnutls_debug_log
|
||||||
|
- ("auth_rsa: Possible PKCS #1 version check format attack\n");
|
||||||
|
- }
|
||||||
|
+ return GNUTLS_E_MEMORY_ERROR;
|
||||||
|
}
|
||||||
|
+ premaster_secret.size = GNUTLS_MASTER_SIZE;
|
||||||
|
|
||||||
|
-
|
||||||
|
- if (randomize_key != 0) {
|
||||||
|
- premaster_secret.size = GNUTLS_MASTER_SIZE;
|
||||||
|
- premaster_secret.data =
|
||||||
|
- gnutls_malloc(premaster_secret.size);
|
||||||
|
- if (premaster_secret.data == NULL) {
|
||||||
|
- gnutls_assert();
|
||||||
|
- return GNUTLS_E_MEMORY_ERROR;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* we do not need strong random numbers here.
|
||||||
|
- */
|
||||||
|
- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
|
||||||
|
- premaster_secret.size);
|
||||||
|
- if (ret < 0) {
|
||||||
|
- gnutls_assert();
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
- } else {
|
||||||
|
- premaster_secret.data = plaintext.data;
|
||||||
|
- premaster_secret.size = plaintext.size;
|
||||||
|
+ /* Fallback value when decryption fails. Needs to be unpredictable. */
|
||||||
|
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
|
||||||
|
+ premaster_secret.size);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
|
||||||
|
+ &ciphertext, premaster_secret.data,
|
||||||
|
+ premaster_secret.size);
|
||||||
|
+ /* After this point, any conditional on failure that cause differences
|
||||||
|
+ * in execution may create a timing or cache access pattern side
|
||||||
|
+ * channel that can be used as an oracle, so tread carefully */
|
||||||
|
+
|
||||||
|
+ /* Error handling logic:
|
||||||
|
+ * In case decryption fails then don't inform the peer. Just use the
|
||||||
|
+ * random key previously generated. (in order to avoid attack against
|
||||||
|
+ * pkcs-1 formatting).
|
||||||
|
+ *
|
||||||
|
+ * If we get version mismatches no error is returned either. We
|
||||||
|
+ * proceed normally. This is to defend against the attack described
|
||||||
|
+ * in the paper "Attacking RSA-based sessions in SSL/TLS" by
|
||||||
|
+ * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
/* This is here to avoid the version check attack
|
||||||
|
* discussed above.
|
||||||
|
*/
|
||||||
|
-
|
||||||
|
- premaster_secret.data[0] = _gnutls_get_adv_version_major(session);
|
||||||
|
- premaster_secret.data[1] = _gnutls_get_adv_version_minor(session);
|
||||||
|
+ premaster_secret.data[0] = ver_maj;
|
||||||
|
+ premaster_secret.data[1] = ver_min;
|
||||||
|
|
||||||
|
/* find the key of this username
|
||||||
|
*/
|
||||||
|
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
|
||||||
|
index 31cec5c..815f69b 100644
|
||||||
|
--- a/lib/gnutls_int.h
|
||||||
|
+++ b/lib/gnutls_int.h
|
||||||
|
@@ -971,7 +971,6 @@ struct gnutls_priority_st {
|
||||||
|
bool _no_etm;
|
||||||
|
bool _no_ext_master_secret;
|
||||||
|
bool _allow_key_usage_violation;
|
||||||
|
- bool _allow_wrong_pms;
|
||||||
|
bool _dumbfw;
|
||||||
|
unsigned int _dh_prime_bits; /* old (deprecated) variable */
|
||||||
|
|
||||||
|
@@ -989,7 +988,6 @@ struct gnutls_priority_st {
|
||||||
|
(x)->no_etm = 1; \
|
||||||
|
(x)->no_ext_master_secret = 1; \
|
||||||
|
(x)->allow_key_usage_violation = 1; \
|
||||||
|
- (x)->allow_wrong_pms = 1; \
|
||||||
|
(x)->dumbfw = 1
|
||||||
|
|
||||||
|
#define ENABLE_PRIO_COMPAT(x) \
|
||||||
|
@@ -998,7 +996,6 @@ struct gnutls_priority_st {
|
||||||
|
(x)->_no_etm = 1; \
|
||||||
|
(x)->_no_ext_master_secret = 1; \
|
||||||
|
(x)->_allow_key_usage_violation = 1; \
|
||||||
|
- (x)->_allow_wrong_pms = 1; \
|
||||||
|
(x)->_dumbfw = 1
|
||||||
|
|
||||||
|
/* DH and RSA parameters types.
|
||||||
|
@@ -1123,7 +1120,6 @@ typedef struct {
|
||||||
|
bool no_etm;
|
||||||
|
bool no_ext_master_secret;
|
||||||
|
bool allow_key_usage_violation;
|
||||||
|
- bool allow_wrong_pms;
|
||||||
|
bool dumbfw;
|
||||||
|
|
||||||
|
/* old (deprecated) variable. This is used for both srp_prime_bits
|
||||||
|
diff --git a/lib/priority.c b/lib/priority.c
|
||||||
|
index 0a284ae..67ec887 100644
|
||||||
|
--- a/lib/priority.c
|
||||||
|
+++ b/lib/priority.c
|
||||||
|
@@ -681,7 +681,6 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
|
||||||
|
COPY_TO_INTERNALS(no_etm);
|
||||||
|
COPY_TO_INTERNALS(no_ext_master_secret);
|
||||||
|
COPY_TO_INTERNALS(allow_key_usage_violation);
|
||||||
|
- COPY_TO_INTERNALS(allow_wrong_pms);
|
||||||
|
COPY_TO_INTERNALS(dumbfw);
|
||||||
|
COPY_TO_INTERNALS(dh_prime_bits);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
125
SOURCES/gnutls-3.6.16-tls12-cert-type.patch
Normal file
125
SOURCES/gnutls-3.6.16-tls12-cert-type.patch
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Fri, 14 May 2021 15:59:37 +0200
|
||||||
|
Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR
|
||||||
|
|
||||||
|
When the server is advertising signature algorithms in TLS 1.2
|
||||||
|
CertificateRequest, it shouldn't send certificate_types not backed by
|
||||||
|
any of those algorithms.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/auth/cert.c | 76 +++++++++++++++++++++++--
|
||||||
|
tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++
|
||||||
|
2 files changed, 89 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
|
||||||
|
index 3073a33d3..0b0f04b2b 100644
|
||||||
|
--- a/lib/auth/cert.c
|
||||||
|
+++ b/lib/auth/cert.c
|
||||||
|
@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64,
|
||||||
|
#endif
|
||||||
|
} CertificateSigType;
|
||||||
|
|
||||||
|
+enum CertificateSigTypeFlags {
|
||||||
|
+ RSA_SIGN_FLAG = 1,
|
||||||
|
+ DSA_SIGN_FLAG = 1 << 1,
|
||||||
|
+ ECDSA_SIGN_FLAG = 1 << 2,
|
||||||
|
+#ifdef ENABLE_GOST
|
||||||
|
+ GOSTR34102012_256_SIGN_FLAG = 1 << 3,
|
||||||
|
+ GOSTR34102012_512_SIGN_FLAG = 1 << 4
|
||||||
|
+#endif
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
/* Moves data from an internal certificate struct (gnutls_pcert_st) to
|
||||||
|
* another internal certificate struct (cert_auth_info_t), and deinitializes
|
||||||
|
* the former.
|
||||||
|
@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
|
||||||
|
uint8_t tmp_data[CERTTYPE_SIZE];
|
||||||
|
const version_entry_st *ver = get_version(session);
|
||||||
|
unsigned init_pos = data->length;
|
||||||
|
+ enum CertificateSigTypeFlags flags;
|
||||||
|
|
||||||
|
if (unlikely(ver == NULL))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
||||||
|
@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
|
||||||
|
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
|
||||||
|
}
|
||||||
|
|
||||||
|
- i = 1;
|
||||||
|
+ if (_gnutls_version_has_selectable_sighash(ver)) {
|
||||||
|
+ size_t j;
|
||||||
|
+
|
||||||
|
+ flags = 0;
|
||||||
|
+ for (j = 0; j < session->internals.priorities->sigalg.size; j++) {
|
||||||
|
+ const gnutls_sign_entry_st *se =
|
||||||
|
+ session->internals.priorities->sigalg.entry[j];
|
||||||
|
+ switch (se->pk) {
|
||||||
|
+ case GNUTLS_PK_RSA:
|
||||||
|
+ case GNUTLS_PK_RSA_PSS:
|
||||||
|
+ flags |= RSA_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+ case GNUTLS_PK_DSA:
|
||||||
|
+ flags |= DSA_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+ case GNUTLS_PK_ECDSA:
|
||||||
|
+ flags |= ECDSA_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
#ifdef ENABLE_GOST
|
||||||
|
- if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) {
|
||||||
|
- tmp_data[i++] = GOSTR34102012_256_SIGN;
|
||||||
|
- tmp_data[i++] = GOSTR34102012_512_SIGN;
|
||||||
|
- } else
|
||||||
|
+ case GNUTLS_PK_GOST_12_256:
|
||||||
|
+ flags |= GOSTR34102012_256_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+ case GNUTLS_PK_GOST_12_512:
|
||||||
|
+ flags |= GOSTR34102012_512_SIGN_FLAG;
|
||||||
|
+ break;
|
||||||
|
+#endif
|
||||||
|
+ default:
|
||||||
|
+ gnutls_assert();
|
||||||
|
+ _gnutls_debug_log(
|
||||||
|
+ "%s is unsupported for cert request\n",
|
||||||
|
+ gnutls_pk_get_name(se->pk));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ } else {
|
||||||
|
+#ifdef ENABLE_GOST
|
||||||
|
+ if (_gnutls_kx_is_vko_gost(session->security_parameters.
|
||||||
|
+ cs->kx_algorithm)) {
|
||||||
|
+ flags = GOSTR34102012_256_SIGN_FLAG |
|
||||||
|
+ GOSTR34102012_512_SIGN_FLAG;
|
||||||
|
+ } else
|
||||||
|
#endif
|
||||||
|
- {
|
||||||
|
+ {
|
||||||
|
+ flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ i = 1;
|
||||||
|
+ if (flags & RSA_SIGN_FLAG) {
|
||||||
|
tmp_data[i++] = RSA_SIGN;
|
||||||
|
+ }
|
||||||
|
+ if (flags & DSA_SIGN_FLAG) {
|
||||||
|
tmp_data[i++] = DSA_SIGN;
|
||||||
|
+ }
|
||||||
|
+ if (flags & ECDSA_SIGN_FLAG) {
|
||||||
|
tmp_data[i++] = ECDSA_SIGN;
|
||||||
|
}
|
||||||
|
+#ifdef ENABLE_GOST
|
||||||
|
+ if (flags & GOSTR34102012_256_SIGN_FLAG) {
|
||||||
|
+ tmp_data[i++] = GOSTR34102012_256_SIGN;
|
||||||
|
+ }
|
||||||
|
+ if (flags & GOSTR34102012_512_SIGN_FLAG) {
|
||||||
|
+ tmp_data[i++] = GOSTR34102012_512_SIGN;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
tmp_data[0] = i - 1;
|
||||||
|
|
||||||
|
ret = _gnutls_buffer_append_data(data, tmp_data, i);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
283
SOURCES/gnutls-3.6.16-trust-ca-sha1.patch
Normal file
283
SOURCES/gnutls-3.6.16-trust-ca-sha1.patch
Normal file
@ -0,0 +1,283 @@
|
|||||||
|
From c2409e479df41620bceac314c76cabb1d35a4075 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 3 May 2021 16:35:43 +0200
|
||||||
|
Subject: [PATCH] x509/verify: treat SHA-1 signed CA in the trusted set
|
||||||
|
differently
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Suppose there is a certificate chain ending with an intermediate CA:
|
||||||
|
EE → ICA1 → ICA2. If the system trust store contains a root CA
|
||||||
|
generated with the same key as ICA2 but signed with a prohibited
|
||||||
|
algorithm, such as SHA-1, the library previously reported a
|
||||||
|
verification failure, though the situation is not uncommon during a
|
||||||
|
transition period of root CA.
|
||||||
|
|
||||||
|
This changes the library behavior such that the check on signature
|
||||||
|
algorithm will be skipped when examining the trusted root CA.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/x509/verify.c | 26 ++++---
|
||||||
|
tests/test-chains.h | 165 ++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 182 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
|
||||||
|
index fd7c6a164..a50b5ea44 100644
|
||||||
|
--- a/lib/x509/verify.c
|
||||||
|
+++ b/lib/x509/verify.c
|
||||||
|
@@ -415,14 +415,19 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
|
||||||
|
#define CASE_SEC_PARAM(profile, level) \
|
||||||
|
case profile: \
|
||||||
|
sym_bits = gnutls_sec_param_to_symmetric_bits(level); \
|
||||||
|
- hash = gnutls_sign_get_hash_algorithm(sigalg); \
|
||||||
|
- entry = mac_to_entry(hash); \
|
||||||
|
- if (hash <= 0 || entry == NULL) { \
|
||||||
|
+ se = _gnutls_sign_to_entry(sigalg); \
|
||||||
|
+ if (unlikely(se == NULL)) { \
|
||||||
|
+ _gnutls_cert_log("cert", crt); \
|
||||||
|
+ _gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \
|
||||||
|
+ return gnutls_assert_val(0); \
|
||||||
|
+ } \
|
||||||
|
+ if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \
|
||||||
|
_gnutls_cert_log("cert", crt); \
|
||||||
|
_gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \
|
||||||
|
return gnutls_assert_val(0); \
|
||||||
|
} \
|
||||||
|
- if (_gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
|
||||||
|
+ if (!trusted && \
|
||||||
|
+ _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \
|
||||||
|
_gnutls_cert_log("cert", crt); \
|
||||||
|
_gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \
|
||||||
|
return gnutls_assert_val(0); \
|
||||||
|
@@ -449,19 +454,22 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned
|
||||||
|
* @crt: a certificate
|
||||||
|
* @issuer: the certificates issuer (allowed to be NULL)
|
||||||
|
* @sigalg: the signature algorithm used
|
||||||
|
+ * @trusted: whether @crt is treated as trusted (e.g., present in the system
|
||||||
|
+ * trust list); if it is true, the check on signature algorithm will
|
||||||
|
+ * be skipped
|
||||||
|
* @flags: the specified verification flags
|
||||||
|
*/
|
||||||
|
static unsigned is_level_acceptable(
|
||||||
|
gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
|
||||||
|
- gnutls_sign_algorithm_t sigalg, unsigned flags)
|
||||||
|
+ gnutls_sign_algorithm_t sigalg, bool trusted,
|
||||||
|
+ unsigned flags)
|
||||||
|
{
|
||||||
|
gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags);
|
||||||
|
- const mac_entry_st *entry;
|
||||||
|
int issuer_pkalg = 0, pkalg, ret;
|
||||||
|
unsigned bits = 0, issuer_bits = 0, sym_bits = 0;
|
||||||
|
gnutls_pk_params_st params;
|
||||||
|
gnutls_sec_param_t sp;
|
||||||
|
- int hash;
|
||||||
|
+ const gnutls_sign_entry_st *se;
|
||||||
|
gnutls_certificate_verification_profiles_t min_profile;
|
||||||
|
|
||||||
|
min_profile = _gnutls_get_system_wide_verification_profile();
|
||||||
|
@@ -798,7 +806,7 @@ verify_crt(gnutls_x509_crt_t cert,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sigalg >= 0 && se) {
|
||||||
|
- if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) {
|
||||||
|
+ if (is_level_acceptable(cert, issuer, sigalg, false, flags) == 0) {
|
||||||
|
MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -893,7 +901,7 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer,
|
||||||
|
|
||||||
|
/* we explicitly allow CAs which we do not support their self-algorithms
|
||||||
|
* to pass. */
|
||||||
|
- if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, flags)) {
|
||||||
|
+ if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) {
|
||||||
|
status |= GNUTLS_CERT_INSECURE_ALGORITHM|GNUTLS_CERT_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/tests/test-chains.h b/tests/test-chains.h
|
||||||
|
index 9b06b85f5..64f50fabf 100644
|
||||||
|
--- a/tests/test-chains.h
|
||||||
|
+++ b/tests/test-chains.h
|
||||||
|
@@ -4106,6 +4106,163 @@ static const char *superseding_ca[] = {
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
+static const char *rsa_sha1_in_trusted[] = {
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n"
|
||||||
|
+ "MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
|
||||||
|
+ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
|
||||||
|
+ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
|
||||||
|
+ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
|
||||||
|
+ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
|
||||||
|
+ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
|
||||||
|
+ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
|
||||||
|
+ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
|
||||||
|
+ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
|
||||||
|
+ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
|
||||||
|
+ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
|
||||||
|
+ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
|
||||||
|
+ "AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n"
|
||||||
|
+ "eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n"
|
||||||
|
+ "flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n"
|
||||||
|
+ "x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n"
|
||||||
|
+ "PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n"
|
||||||
|
+ "CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n"
|
||||||
|
+ "W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n"
|
||||||
|
+ "MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
|
||||||
|
+ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
|
||||||
|
+ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
|
||||||
|
+ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
|
||||||
|
+ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
|
||||||
|
+ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
|
||||||
|
+ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
|
||||||
|
+ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
|
||||||
|
+ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
|
||||||
|
+ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
|
||||||
|
+ "GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n"
|
||||||
|
+ "EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n"
|
||||||
|
+ "arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n"
|
||||||
|
+ "AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n"
|
||||||
|
+ "3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n"
|
||||||
|
+ "zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n"
|
||||||
|
+ "b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n"
|
||||||
|
+ "vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n"
|
||||||
|
+ "sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char *rsa_sha1_in_trusted_ca[] = {
|
||||||
|
+ /* This CA is generated with the same key as rsa_sha1_in_trusted[1], but
|
||||||
|
+ * self-signed using SHA-1.
|
||||||
|
+ */
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n"
|
||||||
|
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n"
|
||||||
|
+ "MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n"
|
||||||
|
+ "KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n"
|
||||||
|
+ "Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n"
|
||||||
|
+ "b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n"
|
||||||
|
+ "rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n"
|
||||||
|
+ "fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n"
|
||||||
|
+ "4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n"
|
||||||
|
+ "UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n"
|
||||||
|
+ "MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n"
|
||||||
|
+ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n"
|
||||||
|
+ "S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n"
|
||||||
|
+ "Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n"
|
||||||
|
+ "gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n"
|
||||||
|
+ "Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n"
|
||||||
|
+ "9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n"
|
||||||
|
+ "wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n"
|
||||||
|
+ "w3SV1ZRcNg==\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char *rsa_sha1_not_in_trusted[] = {
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n"
|
||||||
|
+ "MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n"
|
||||||
|
+ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n"
|
||||||
|
+ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n"
|
||||||
|
+ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n"
|
||||||
|
+ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n"
|
||||||
|
+ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n"
|
||||||
|
+ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n"
|
||||||
|
+ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n"
|
||||||
|
+ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n"
|
||||||
|
+ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n"
|
||||||
|
+ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n"
|
||||||
|
+ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n"
|
||||||
|
+ "AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n"
|
||||||
|
+ "+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n"
|
||||||
|
+ "/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n"
|
||||||
|
+ "3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n"
|
||||||
|
+ "X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n"
|
||||||
|
+ "7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n"
|
||||||
|
+ "4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ /* ICA with SHA1 signature */
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n"
|
||||||
|
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n"
|
||||||
|
+ "NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n"
|
||||||
|
+ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n"
|
||||||
|
+ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n"
|
||||||
|
+ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n"
|
||||||
|
+ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n"
|
||||||
|
+ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n"
|
||||||
|
+ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n"
|
||||||
|
+ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n"
|
||||||
|
+ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n"
|
||||||
|
+ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n"
|
||||||
|
+ "GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n"
|
||||||
|
+ "muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n"
|
||||||
|
+ "2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n"
|
||||||
|
+ "cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n"
|
||||||
|
+ "dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n"
|
||||||
|
+ "qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n"
|
||||||
|
+ "VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n"
|
||||||
|
+ "5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n"
|
||||||
|
+ "PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char *rsa_sha1_not_in_trusted_ca[] = {
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n"
|
||||||
|
+ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n"
|
||||||
|
+ "MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n"
|
||||||
|
+ "Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n"
|
||||||
|
+ "OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n"
|
||||||
|
+ "K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n"
|
||||||
|
+ "lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n"
|
||||||
|
+ "fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n"
|
||||||
|
+ "pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n"
|
||||||
|
+ "1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n"
|
||||||
|
+ "aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n"
|
||||||
|
+ "kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n"
|
||||||
|
+ "VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n"
|
||||||
|
+ "S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n"
|
||||||
|
+ "WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n"
|
||||||
|
+ "C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n"
|
||||||
|
+ "o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n"
|
||||||
|
+ "7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n"
|
||||||
|
+ "Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n"
|
||||||
|
+ "nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n"
|
||||||
|
+ "6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n"
|
||||||
|
+ "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n"
|
||||||
|
+ "-----END CERTIFICATE-----\n",
|
||||||
|
+ NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
|
||||||
|
# pragma GCC diagnostic push
|
||||||
|
# pragma GCC diagnostic ignored "-Wunused-variable"
|
||||||
|
@@ -4275,6 +4432,14 @@ static struct
|
||||||
|
{ "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
|
||||||
|
0, NULL, 1584352960, 1},
|
||||||
|
{ "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
|
||||||
|
+ { "rsa-sha1 in trusted - ok",
|
||||||
|
+ rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca,
|
||||||
|
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
|
||||||
|
+ 0, NULL, 1620052390, 1},
|
||||||
|
+ { "rsa-sha1 not in trusted - not ok",
|
||||||
|
+ rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca,
|
||||||
|
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
|
||||||
|
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1},
|
||||||
|
{ NULL, NULL, NULL, 0, 0}
|
||||||
|
};
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
13
SOURCES/gnutls-3.6.4-no-now-guile.patch
Normal file
13
SOURCES/gnutls-3.6.4-no-now-guile.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in
|
||||||
|
index 95e1e9c..1dfc88e 100644
|
||||||
|
--- a/guile/src/Makefile.in
|
||||||
|
+++ b/guile/src/Makefile.in
|
||||||
|
@@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la
|
||||||
|
# Use '-module' to build a "dlopenable module", in Libtool terms.
|
||||||
|
# Use '-undefined' to placate Libtool on Windows; see
|
||||||
|
# <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
|
||||||
|
-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
|
||||||
|
+guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy
|
||||||
|
|
||||||
|
# Linking against GnuTLS.
|
||||||
|
GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la
|
File diff suppressed because it is too large
Load Diff
@ -1,33 +0,0 @@
|
|||||||
From c7f4ce40eaecafdefbf4db0ac2d3665bc0c41b33 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Tue, 21 Nov 2023 14:13:38 +0900
|
|
||||||
Subject: [PATCH] gnutls-3.7.2-no-explicit-init.patch
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
lib/global.c | 9 ---------
|
|
||||||
1 file changed, 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/global.c b/lib/global.c
|
|
||||||
index 924ec94..3baa202 100644
|
|
||||||
--- a/lib/global.c
|
|
||||||
+++ b/lib/global.c
|
|
||||||
@@ -510,15 +510,6 @@ static void _CONSTRUCTOR lib_init(void)
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
- e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT");
|
|
||||||
- if (e != NULL) {
|
|
||||||
- _gnutls_debug_log(
|
|
||||||
- "GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n");
|
|
||||||
- ret = atoi(e);
|
|
||||||
- if (ret == 1)
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
ret = _gnutls_global_init(1);
|
|
||||||
if (ret < 0) {
|
|
||||||
fprintf(stderr, "Error in GnuTLS initialization: %s\n",
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
diff --git a/lib/priority.c b/lib/priority.c
|
|
||||||
index 9feec47fe2..40511710fd 100644
|
|
||||||
--- a/lib/priority.c
|
|
||||||
+++ b/lib/priority.c
|
|
||||||
@@ -2001,13 +2001,14 @@ char *_gnutls_resolve_priorities(const char* priorities)
|
|
||||||
additional++;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* Always try to refresh the cached data, to allow it to be
|
|
||||||
- * updated without restarting all applications.
|
|
||||||
- */
|
|
||||||
- ret = _gnutls_update_system_priorities(false /* defer_system_wide */);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- _gnutls_debug_log("failed to update system priorities: %s\n",
|
|
||||||
- gnutls_strerror(ret));
|
|
||||||
+ /* If priority string is not constructed yet, construct and finalize */
|
|
||||||
+ if (!system_wide_config.priority_string) {
|
|
||||||
+ ret = _gnutls_update_system_priorities(false
|
|
||||||
+ /* defer_system_wide */);
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ _gnutls_debug_log("failed to update system priorities: "
|
|
||||||
+ " %s\n", gnutls_strerror(ret));
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
do {
|
|
@ -1,29 +0,0 @@
|
|||||||
From 0a29639ad24072afbd79b2ceede9976e51b9e2af Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Fri, 1 Jul 2022 16:46:07 +0900
|
|
||||||
Subject: [PATCH] fips: don't run POST for DSA
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <<rpm-build>>
|
|
||||||
---
|
|
||||||
lib/fips.c | 5 -----
|
|
||||||
1 file changed, 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/fips.c b/lib/fips.c
|
|
||||||
index 656d43e..c776690 100644
|
|
||||||
--- a/lib/fips.c
|
|
||||||
+++ b/lib/fips.c
|
|
||||||
@@ -523,11 +523,6 @@ int _gnutls_fips_perform_self_checks2(void)
|
|
||||||
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
||||||
}
|
|
||||||
|
|
||||||
- ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
|
|
||||||
if (ret < 0) {
|
|
||||||
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
|
||||||
--
|
|
||||||
2.36.1
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 968de8a9779788a853a4c0cd75beda779cb15f52 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Thu, 16 Nov 2023 17:09:58 +0900
|
|
||||||
Subject: [PATCH] gnutls-3.7.6-drbg-reseed.patch
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
lib/nettle/sysrng-linux.c | 10 +++++++++-
|
|
||||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/nettle/sysrng-linux.c b/lib/nettle/sysrng-linux.c
|
|
||||||
index 25d74fe..8b9cc46 100644
|
|
||||||
--- a/lib/nettle/sysrng-linux.c
|
|
||||||
+++ b/lib/nettle/sysrng-linux.c
|
|
||||||
@@ -31,6 +31,9 @@
|
|
||||||
#include "num.h"
|
|
||||||
#include <errno.h>
|
|
||||||
#include "rnd-common.h"
|
|
||||||
+#include "fips.h"
|
|
||||||
+#else
|
|
||||||
+#define _gnutls_fips_mode_enabled() 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <sys/types.h>
|
|
||||||
@@ -104,7 +107,12 @@ static int force_getrandom(void *buf, size_t buflen, unsigned int flags)
|
|
||||||
static int _rnd_get_system_entropy_getrandom(void *_rnd, size_t size)
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
- ret = force_getrandom(_rnd, size, 0);
|
|
||||||
+ unsigned int flags = 0;
|
|
||||||
+
|
|
||||||
+ if (_gnutls_fips_mode_enabled()) {
|
|
||||||
+ flags |= 2/*GRND_RANDOM*/;
|
|
||||||
+ }
|
|
||||||
+ ret = force_getrandom(_rnd, size, flags);
|
|
||||||
if (ret == -1) {
|
|
||||||
int e = errno;
|
|
||||||
gnutls_assert();
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,109 +0,0 @@
|
|||||||
From cc7473a9ea185e072ab1bae0903c77bd7d7cf5bc Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Mon, 20 Nov 2023 07:45:42 +0900
|
|
||||||
Subject: [PATCH] gnutls-3.7.6-fips-sha1-sigver.patch
|
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
|
||||||
---
|
|
||||||
lib/nettle/pk.c | 13 +++++--------
|
|
||||||
lib/pubkey.c | 3 ---
|
|
||||||
tests/fips-test.c | 8 ++++----
|
|
||||||
3 files changed, 9 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
|
||||||
index 4ddfcff..36a7c24 100644
|
|
||||||
--- a/lib/nettle/pk.c
|
|
||||||
+++ b/lib/nettle/pk.c
|
|
||||||
@@ -1609,10 +1609,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
|
||||||
if (hash_len > vdata->size)
|
|
||||||
hash_len = vdata->size;
|
|
||||||
|
|
||||||
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
|
|
||||||
- * mode */
|
|
||||||
switch (DIG_TO_MAC(sign_params->dsa_dig)) {
|
|
||||||
- case GNUTLS_MAC_SHA1:
|
|
||||||
case GNUTLS_MAC_SHA256:
|
|
||||||
case GNUTLS_MAC_SHA384:
|
|
||||||
case GNUTLS_MAC_SHA512:
|
|
||||||
@@ -1683,8 +1680,8 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
|
||||||
* 2048-bit or one of the known lengths (1024, 1280,
|
|
||||||
* 1536, 1792; i.e., multiple of 256-bits).
|
|
||||||
*
|
|
||||||
- * In addition to this, only SHA-1 and SHA-2 are allowed
|
|
||||||
- * for SigVer; it is checked in _pkcs1_rsa_verify_sig in
|
|
||||||
+ * In addition to this, only SHA-2 is allowed for
|
|
||||||
+ * SigVer; it is checked in _pkcs1_rsa_verify_sig in
|
|
||||||
* lib/pubkey.c.
|
|
||||||
*/
|
|
||||||
if (unlikely(bits < 2048 && bits != 1024 && bits != 1280 &&
|
|
||||||
@@ -1730,9 +1727,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
|
|
||||||
}
|
|
||||||
|
|
||||||
/* RSA modulus size should be 2048-bit or larger in FIPS
|
|
||||||
- * 140-3. In addition to this, only SHA-1 and SHA-2 are
|
|
||||||
- * allowed for SigVer, while Nettle only supports
|
|
||||||
- * SHA256, SHA384, and SHA512 for RSA-PSS (see
|
|
||||||
+ * 140-3. In addition to this, only SHA-2 is allowed
|
|
||||||
+ * for SigVer, while Nettle only supports SHA256,
|
|
||||||
+ * SHA384, and SHA512 for RSA-PSS (see
|
|
||||||
* _rsa_pss_verify_digest in this file for the details).
|
|
||||||
*/
|
|
||||||
if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) {
|
|
||||||
diff --git a/lib/pubkey.c b/lib/pubkey.c
|
|
||||||
index 1139ad9..714806a 100644
|
|
||||||
--- a/lib/pubkey.c
|
|
||||||
+++ b/lib/pubkey.c
|
|
||||||
@@ -2452,10 +2452,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
|
|
||||||
d.size = digest_size;
|
|
||||||
|
|
||||||
if (pk == GNUTLS_PK_RSA) {
|
|
||||||
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
|
|
||||||
- * mode */
|
|
||||||
switch (me->id) {
|
|
||||||
- case GNUTLS_MAC_SHA1:
|
|
||||||
case GNUTLS_MAC_SHA256:
|
|
||||||
case GNUTLS_MAC_SHA384:
|
|
||||||
case GNUTLS_MAC_SHA512:
|
|
||||||
diff --git a/tests/fips-test.c b/tests/fips-test.c
|
|
||||||
index 180da05..09120c1 100644
|
|
||||||
--- a/tests/fips-test.c
|
|
||||||
+++ b/tests/fips-test.c
|
|
||||||
@@ -596,7 +596,7 @@ void doit(void)
|
|
||||||
}
|
|
||||||
FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
||||||
|
|
||||||
- /* Verify a signature created with 2432-bit RSA and SHA-1; approved */
|
|
||||||
+ /* Verify a signature created with 2432-bit RSA and SHA-1; not approved */
|
|
||||||
FIPS_PUSH_CONTEXT();
|
|
||||||
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1,
|
|
||||||
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
|
|
||||||
@@ -604,7 +604,7 @@ void doit(void)
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("gnutls_pubkey_verify_data2 failed\n");
|
|
||||||
}
|
|
||||||
- FIPS_POP_CONTEXT(APPROVED);
|
|
||||||
+ FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
||||||
gnutls_free(signature.data);
|
|
||||||
gnutls_pubkey_deinit(pubkey);
|
|
||||||
gnutls_privkey_deinit(privkey);
|
|
||||||
@@ -708,7 +708,7 @@ void doit(void)
|
|
||||||
}
|
|
||||||
FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
||||||
|
|
||||||
- /* Verify a signature created with ECDSA and SHA-1; approved */
|
|
||||||
+ /* Verify a signature created with ECDSA and SHA-1; not approved */
|
|
||||||
FIPS_PUSH_CONTEXT();
|
|
||||||
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1,
|
|
||||||
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
|
|
||||||
@@ -716,7 +716,7 @@ void doit(void)
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("gnutls_pubkey_verify_data2 failed\n");
|
|
||||||
}
|
|
||||||
- FIPS_POP_CONTEXT(APPROVED);
|
|
||||||
+ FIPS_POP_CONTEXT(NOT_APPROVED);
|
|
||||||
gnutls_free(signature.data);
|
|
||||||
|
|
||||||
/* Create a signature with ECDSA and SHA-1 (old API); not approved */
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,189 +0,0 @@
|
|||||||
From 3c931abeb7e9bbf744cde83fbaaf3bb011107834 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 19 Aug 2022 12:32:27 +0900
|
|
||||||
Subject: [PATCH] build: allow GMP to be statically linked
|
|
||||||
|
|
||||||
Even though we set the custom allocator[1] to zeroize sensitive data,
|
|
||||||
it can be easily invalidated if the application sets its own custom
|
|
||||||
allocator. An approach to prevent that is to link against a static
|
|
||||||
library of GMP, so the use of GMP is privatized and the custom
|
|
||||||
allocator configuration is not shared with other applications.
|
|
||||||
|
|
||||||
This patch allows libgnutls to be linked with the static library of
|
|
||||||
GMP. Note that, to this work libgmp.a needs to be compiled with -fPIC
|
|
||||||
and libhogweed in Nettle is also linked to the static library of GMP.
|
|
||||||
|
|
||||||
1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
configure.ac | 14 +++++++++++++-
|
|
||||||
lib/fips.c | 18 +++++++++++++++++-
|
|
||||||
lib/fipshmac.c | 2 ++
|
|
||||||
lib/global.c | 2 ++
|
|
||||||
4 files changed, 34 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index f81d93edc0..b38583c554 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -786,6 +786,8 @@ LIBS=$save_LIBS
|
|
||||||
AM_CONDITIONAL([NEED_SIV_GCM], [test "$ac_cv_func_nettle_siv_gcm_encrypt_message" != yes])
|
|
||||||
|
|
||||||
# Check sonames of the linked libraries needed for FIPS selftests.
|
|
||||||
+save_CFLAGS=$CFLAGS
|
|
||||||
+CFLAGS="$CFLAGS $GMP_CFLAGS"
|
|
||||||
save_LIBS=$LIBS
|
|
||||||
LIBS="$LIBS $GMP_LIBS"
|
|
||||||
AC_MSG_CHECKING([gmp soname])
|
|
||||||
@@ -799,9 +801,14 @@ if test -z "$gmp_so"; then
|
|
||||||
gmp_so=none
|
|
||||||
fi
|
|
||||||
AC_MSG_RESULT($gmp_so)
|
|
||||||
-AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
|
|
||||||
+if test "$gmp_so" != none; then
|
|
||||||
+ AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
|
|
||||||
+fi
|
|
||||||
LIBS=$save_LIBS
|
|
||||||
+CFLAGS=$save_CFLAGS
|
|
||||||
|
|
||||||
+save_CFLAGS=$CFLAGS
|
|
||||||
+CFLAGS="$CFLAGS $NETTLE_CFLAGS"
|
|
||||||
save_LIBS=$LIBS
|
|
||||||
LIBS="$LIBS $NETTLE_LIBS"
|
|
||||||
AC_MSG_CHECKING([nettle soname])
|
|
||||||
@@ -817,7 +824,11 @@ fi
|
|
||||||
AC_MSG_RESULT($nettle_so)
|
|
||||||
AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library])
|
|
||||||
LIBS=$save_LIBS
|
|
||||||
+CFLAGS=$save_CFLAGS
|
|
||||||
|
|
||||||
+save_CFLAGS=$CFLAGS
|
|
||||||
+# <nettle/bignum.h> includes <gmp.h>
|
|
||||||
+CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS"
|
|
||||||
save_LIBS=$LIBS
|
|
||||||
LIBS="$LIBS $HOGWEED_LIBS"
|
|
||||||
AC_MSG_CHECKING([hogweed soname])
|
|
||||||
@@ -833,6 +844,7 @@ fi
|
|
||||||
AC_MSG_RESULT($hogweed_so)
|
|
||||||
AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library])
|
|
||||||
LIBS=$save_LIBS
|
|
||||||
+CFLAGS=$save_CFLAGS
|
|
||||||
|
|
||||||
gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"`
|
|
||||||
AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library])
|
|
||||||
diff --git a/lib/fips.c b/lib/fips.c
|
|
||||||
index e337221267..c1859709da 100644
|
|
||||||
--- a/lib/fips.c
|
|
||||||
+++ b/lib/fips.c
|
|
||||||
@@ -157,7 +157,11 @@ void _gnutls_fips_mode_reset_zombie(void)
|
|
||||||
#define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME
|
|
||||||
#define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME
|
|
||||||
#define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME
|
|
||||||
+
|
|
||||||
+/* GMP can be statically linked. */
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
#define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#define HMAC_SIZE 32
|
|
||||||
#define HMAC_ALGO GNUTLS_MAC_SHA256
|
|
||||||
@@ -173,14 +177,18 @@ struct hmac_file {
|
|
||||||
struct hmac_entry gnutls;
|
|
||||||
struct hmac_entry nettle;
|
|
||||||
struct hmac_entry hogweed;
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
struct hmac_entry gmp;
|
|
||||||
+#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
struct lib_paths {
|
|
||||||
char gnutls[GNUTLS_PATH_MAX];
|
|
||||||
char nettle[GNUTLS_PATH_MAX];
|
|
||||||
char hogweed[GNUTLS_PATH_MAX];
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
char gmp[GNUTLS_PATH_MAX];
|
|
||||||
+#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -244,8 +252,10 @@ static int handler(void *user, const char *section, const char *name,
|
|
||||||
return lib_handler(&p->nettle, section, name, value);
|
|
||||||
} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
|
|
||||||
return lib_handler(&p->hogweed, section, name, value);
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
|
|
||||||
return lib_handler(&p->gmp, section, name, value);
|
|
||||||
+#endif
|
|
||||||
} else {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -393,8 +403,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
|
|
||||||
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
|
|
||||||
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
|
|
||||||
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
|
|
||||||
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
|
|
||||||
+#endif
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -415,10 +427,12 @@ static int load_lib_paths(struct lib_paths *paths)
|
|
||||||
_gnutls_debug_log("Hogweed library path was not found\n");
|
|
||||||
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
|
|
||||||
}
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
if (paths->gmp[0] == '\0') {
|
|
||||||
_gnutls_debug_log("Gmp library path was not found\n");
|
|
||||||
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
return GNUTLS_E_SUCCESS;
|
|
||||||
}
|
|
||||||
@@ -471,9 +485,11 @@ static int check_binary_integrity(void)
|
|
||||||
ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
|
|
||||||
if (ret < 0)
|
|
||||||
return ret;
|
|
||||||
- ret = check_lib_hmac(&hmac.gmp, paths.gmp);
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
+ ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
|
|
||||||
if (ret < 0)
|
|
||||||
return ret;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/lib/fipshmac.c b/lib/fipshmac.c
|
|
||||||
index 51f38f18e5..6a4883a131 100644
|
|
||||||
--- a/lib/fipshmac.c
|
|
||||||
+++ b/lib/fipshmac.c
|
|
||||||
@@ -107,8 +107,10 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
|
|
||||||
return print_lib(path, soname);
|
|
||||||
if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
|
|
||||||
return print_lib(path, soname);
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
if (!strcmp(soname, GMP_LIBRARY_SONAME))
|
|
||||||
return print_lib(path, soname);
|
|
||||||
+#endif
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/lib/global.c b/lib/global.c
|
|
||||||
index 924ec945de..c197fd0e5f 100644
|
|
||||||
--- a/lib/global.c
|
|
||||||
+++ b/lib/global.c
|
|
||||||
@@ -564,7 +564,9 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
|
|
||||||
{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
|
|
||||||
{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
|
|
||||||
{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
|
|
||||||
+#ifdef GMP_LIBRARY_SONAME
|
|
||||||
{ "libgmp-soname", GMP_LIBRARY_SONAME },
|
|
||||||
+#endif
|
|
||||||
{ "hardware-features", HW_FEATURES },
|
|
||||||
{ "tls-features", TLS_FEATURES },
|
|
||||||
{ "default-system-config", SYSTEM_PRIORITY_FILE },
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
From 7d98e7768f3e4e1f981f76e27338ae7118ee2c39 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Mon, 22 Jan 2024 15:17:04 +0900
|
|
||||||
Subject: [PATCH] gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
|
||||||
|
|
||||||
---
|
|
||||||
tests/gnutls_ktls.c | 2 --
|
|
||||||
1 file changed, 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
|
|
||||||
index ccbe566..8b8992d 100644
|
|
||||||
--- a/tests/gnutls_ktls.c
|
|
||||||
+++ b/tests/gnutls_ktls.c
|
|
||||||
@@ -347,10 +347,8 @@ void doit(void)
|
|
||||||
{
|
|
||||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
|
|
||||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
|
|
||||||
- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
|
|
||||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
|
|
||||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
|
|
||||||
- run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305");
|
|
||||||
#if defined(__linux__)
|
|
||||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CCM");
|
|
||||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-CCM");
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
114
SOURCES/gnutls-3.7.8-rsa-kx-timing.patch
Normal file
114
SOURCES/gnutls-3.7.8-rsa-kx-timing.patch
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
From c149dd0767f32789e391280cb1eb06b7eb7c6bce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Sosedkin <asosedkin@redhat.com>
|
||||||
|
Date: Tue, 9 Aug 2022 16:05:53 +0200
|
||||||
|
Subject: [PATCH 1/2] auth/rsa: side-step potential side-channel
|
||||||
|
|
||||||
|
Remove branching that depends on secret data.
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
||||||
|
Signed-off-by: Hubert Kario <hkario@redhat.com>
|
||||||
|
Tested-by: Hubert Kario <hkario@redhat.com>
|
||||||
|
---
|
||||||
|
lib/auth/rsa.c | 10 ----------
|
||||||
|
1 file changed, 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
|
||||||
|
index 8108ee841d..6b158bacb2 100644
|
||||||
|
--- a/lib/auth/rsa.c
|
||||||
|
+++ b/lib/auth/rsa.c
|
||||||
|
@@ -155,7 +155,6 @@ static int
|
||||||
|
proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
size_t _data_size)
|
||||||
|
{
|
||||||
|
- const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
|
||||||
|
gnutls_datum_t ciphertext;
|
||||||
|
int ret, dsize;
|
||||||
|
ssize_t data_size = _data_size;
|
||||||
|
@@ -235,15 +234,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
|
||||||
|
CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
|
||||||
|
|
||||||
|
- if (ok) {
|
||||||
|
- /* call logging function unconditionally so all branches are
|
||||||
|
- * indistinguishable for timing and cache access when debug
|
||||||
|
- * logging is disabled */
|
||||||
|
- _gnutls_no_log("%s", attack_error);
|
||||||
|
- } else {
|
||||||
|
- _gnutls_debug_log("%s", attack_error);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/* This is here to avoid the version check attack
|
||||||
|
* discussed above.
|
||||||
|
*/
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
|
||||||
|
From 7c963102ec2119eecc1789b993aabe5edfd75f3b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hubert Kario <hkario@redhat.com>
|
||||||
|
Date: Wed, 8 Feb 2023 14:32:09 +0100
|
||||||
|
Subject: [PATCH 2/2] rsa: remove dead code
|
||||||
|
|
||||||
|
since the `ok` variable isn't used any more, we can remove all code
|
||||||
|
used to calculate it
|
||||||
|
|
||||||
|
Signed-off-by: Hubert Kario <hkario@redhat.com>
|
||||||
|
---
|
||||||
|
lib/auth/rsa.c | 20 +++-----------------
|
||||||
|
1 file changed, 3 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
|
||||||
|
index 6b158bacb2..858701fe6e 100644
|
||||||
|
--- a/lib/auth/rsa.c
|
||||||
|
+++ b/lib/auth/rsa.c
|
||||||
|
@@ -159,8 +159,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
int ret, dsize;
|
||||||
|
ssize_t data_size = _data_size;
|
||||||
|
volatile uint8_t ver_maj, ver_min;
|
||||||
|
- volatile uint8_t check_ver_min;
|
||||||
|
- volatile uint32_t ok;
|
||||||
|
|
||||||
|
#ifdef ENABLE_SSL3
|
||||||
|
if (get_num_version(session) == GNUTLS_SSL3) {
|
||||||
|
@@ -186,7 +184,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
|
||||||
|
ver_maj = _gnutls_get_adv_version_major(session);
|
||||||
|
ver_min = _gnutls_get_adv_version_minor(session);
|
||||||
|
- check_ver_min = (session->internals.allow_wrong_pms == 0);
|
||||||
|
|
||||||
|
session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
|
||||||
|
if (session->key.key.data == NULL) {
|
||||||
|
@@ -205,10 +202,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret =
|
||||||
|
- gnutls_privkey_decrypt_data2(session->internals.selected_key,
|
||||||
|
- 0, &ciphertext, session->key.key.data,
|
||||||
|
- session->key.key.size);
|
||||||
|
+ gnutls_privkey_decrypt_data2(session->internals.selected_key,
|
||||||
|
+ 0, &ciphertext, session->key.key.data,
|
||||||
|
+ session->key.key.size);
|
||||||
|
/* After this point, any conditional on failure that cause differences
|
||||||
|
* in execution may create a timing or cache access pattern side
|
||||||
|
* channel that can be used as an oracle, so treat very carefully */
|
||||||
|
@@ -224,16 +220,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
||||||
|
* Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
|
||||||
|
*/
|
||||||
|
|
||||||
|
- /* ok is 0 in case of error and 1 in case of success. */
|
||||||
|
-
|
||||||
|
- /* if ret < 0 */
|
||||||
|
- ok = CONSTCHECK_EQUAL(ret, 0);
|
||||||
|
- /* session->key.key.data[0] must equal ver_maj */
|
||||||
|
- ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj);
|
||||||
|
- /* if check_ver_min then session->key.key.data[1] must equal ver_min */
|
||||||
|
- ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
|
||||||
|
- CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
|
||||||
|
-
|
||||||
|
/* This is here to avoid the version check attack
|
||||||
|
* discussed above.
|
||||||
|
*/
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -1,36 +0,0 @@
|
|||||||
From 945c2f10eeda441f32404d1328761e311915add0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Tue, 23 Jan 2024 11:54:32 +0900
|
|
||||||
Subject: [PATCH] ktls: fix kernel version checking using utsname
|
|
||||||
|
|
||||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
||||||
---
|
|
||||||
lib/system/ktls.c | 5 ++++-
|
|
||||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
|
||||||
index 8efb913cda..432c70c5a2 100644
|
|
||||||
--- a/lib/system/ktls.c
|
|
||||||
+++ b/lib/system/ktls.c
|
|
||||||
@@ -482,7 +482,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
|
|
||||||
return GNUTLS_E_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (strcmp(utsname.sysname, "Linux") == 0) {
|
|
||||||
+ if (strcmp(utsname.sysname, "Linux") != 0) {
|
|
||||||
return GNUTLS_E_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -495,6 +495,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
|
|
||||||
return GNUTLS_E_INTERNAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ _gnutls_debug_log("Linux kernel version %lu.%lu has been detected\n",
|
|
||||||
+ major, minor);
|
|
||||||
+
|
|
||||||
/* setsockopt(SOL_TLS, TLS_RX) support added in 5.10 */
|
|
||||||
if (major < 5 || (major == 5 && minor < 10)) {
|
|
||||||
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -1,226 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mDMEYcRaoxYJKwYBBAHaRw8BAQdA5U8Cb4ZMYCjuAa6tqNKbRxXzycS2iLvNzWki
|
|
||||||
bGD2fe60JVpvbHRhbiBGcmlkcmljaCA8emZyaWRyaWNAcmVkaGF0LmNvbT6ImgQT
|
|
||||||
FgoAQgIbAwULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AWIQRdRssPdjQFpwU1
|
|
||||||
VvR6daZIs/kiDAUCZZQM4wUJCXNMwAAKCRB6daZIs/kiDBq0AQD4kutiBvEtpeI5
|
|
||||||
oHE5am/JgQUbUNQ8hGiHeJ+epRc5NQEA0xzJPYCIlvZ4jgf7K7RiKkqjzozOLwun
|
|
||||||
GummhMd1vQ24OARhxFqjEgorBgEEAZdVAQUBAQdAxKg6y4A69qT7doTni8/zKuKy
|
|
||||||
QKXEORZTCNxkcnz3dXoDAQgHiH4EGBYKACYCGwwWIQRdRssPdjQFpwU1VvR6daZI
|
|
||||||
s/kiDAUCZZQL3wUJCXNLvAAKCRB6daZIs/kiDCtdAQC6p+B26g72CLXjq6xmaLqs
|
|
||||||
1fi1auyPW/SnNRbbaW9UlwD/Up5lkp+r2n5d74vj4Y43nORpipb4kR3mP5g4SZak
|
|
||||||
IQKZAg0ESmfuLgEQAKHTAV7YHndSUjFY5DfCsrdMjIembP3PIwKR0g/vHVvvhn9L
|
|
||||||
FkDs3y46TkFCHcYsGdhOEmXcxJY4CClui7IjkSH1/7JnbsCgGRBx3wl4dyRsu9cL
|
|
||||||
EbwY86fVypIFSy6z7q24bzosjeu50lIqwVna4fRqZF8lIEGfJuuizLl1OfnkYgnc
|
|
||||||
FupZ1pM/u40VZEzOLoMDj2bzzSEnaq6eS4A5f+ryS8ql9G4kJ2Z72RdlzWXzwWoZ
|
|
||||||
QSV0JVikb5KN0IU/0KZklFiEXpS5EdJlfIlPDVYyainuBiPYXdBOyh2d/V714OO7
|
|
||||||
/JanOY8HhYAK2us7vDM+W5+x6UU0isfDHq3KS/N+VphODZuuf2imZlMAzt5heEGT
|
|
||||||
wAS85cKDWrhReJIa0WmjAFRW2g4ZAeVILbXw6dDJowSwLsJqBvURCpk1tee9wxXM
|
|
||||||
whxdwocVIBCuTn4h81NA6iTwUhZdabxNhUOpUilYQoOAePQ/Bw9a2mSGOWAg/TVr
|
|
||||||
m6+u+/TDVOrY1yMumnJjKegS8RsZaiOS7iXIJRZ1YAv2fmHcgKXIEKp0fw4y10vd
|
|
||||||
aJsYiWRs5xZd+xH4VREK/l6zAxECVkq7Mt/pjIPOllVbI6h75Bz5LgOXwn5Z5js+
|
|
||||||
q40nAZ20uSVKLTjfpVgq6niSChPeIAdhU4G3QrTecO2CeybZTGIRH57X3RhXABEB
|
|
||||||
AAG0HkRhaWtpIFVlbm8gPHVlbm9AdW5peHVzZXIub3JnPokCVAQTAQIAPgIbAwIe
|
|
||||||
AQIXgAULCQgHAwUVCgkICwUWAgMBABYhBEYiJcO0bzSHn8hJbNYFhI7X5phxBQJb
|
|
||||||
qxq7BQkaqS4NAAoJENYFhI7X5phx7qYP/R0/oCwNjM0treJEL7U1CAaPD8VMOrzl
|
|
||||||
Fvc4Kx5pJq5VLoMTpl1ikgyk/LAbNleWdgxCEtAGf4NbI9nxyV6Jh2EwGSwLf/HV
|
|
||||||
Kh5x6kWwRMqpSY5NcgJsQeAIojJT0ui3HANwNxvqcIHCsPlCjSbKidgEkl/PGiSJ
|
|
||||||
j/UiP/OJ5Z0DqKg7hrd29XgVuBMIKcFQXysiHfy+N+9UQbHtb6qjkriRZAZ4Jb6Q
|
|
||||||
LrwIzMqKOINj2NNKtxH1AaosxLQ+pcsmRA3OQPPKk5ptQE70+R+OiGbFbfkL4Uui
|
|
||||||
gjhMAf9qmppiMnxq9gkt/lLteCpTFZZ2FeL9mSKu9eN0jewweVVcZdgm0vVmub4m
|
|
||||||
rrkciJGl8Le3dZG3sZ1KYink6gSbYY8bJCfYo36+JqQx9KmyAQKLV8YwgQGlHyy/
|
|
||||||
6vHZdsPRsugmR0dbZEXxr0VE/CI26Ed68u2ZxtscVdurWeNhsFnJpY8Dljah8QYn
|
|
||||||
kObRp7DyEMUqD9cDC7Jlmgdq8fe9IIPxVNfDgHub6gh15dA7XdRWB2Fd1rtSQ0xM
|
|
||||||
/so3rfMDrssJ25RTkbA6gLNy54NO1Pz2xpsuL3MLlVF0xFdCIf7LD95vikfcXY6R
|
|
||||||
iaJwniDS6bm1UOkaRzgG/o5FERS7Ea9cowsxoxypybDHefH0Qn74J6B4BtgEB3cg
|
|
||||||
fiJHjFjSzTcetBlEYWlraSBVZW5vIDx1ZW5vQGdudS5vcmc+iQJVBBMBCAA/AhsD
|
|
||||||
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBEYiJcO0bzSHn8hJbNYFhI7X5phx
|
|
||||||
BQJknpE0BQkf2j2GAAoJENYFhI7X5phxAzUP/2WLxI23iiF12lVVlxj84g3F/XyE
|
|
||||||
u7oi5nVHY9wtmw0PoM3/sHHDO4H2LXH9Beb4Nitpvzy3WkMMOiAGdoDad0CC8gD8
|
|
||||||
TChjAd4vh5arT9PGgTHNUdp33m80j5xl0TuDEvfbXaoL2ZTyW4TApmpiPX+a024L
|
|
||||||
mx+Xf+WBj8PlEjXSjh21mXQs+L3gZGwZFXc2VoQNg/rBGt9rmv2JcaO4q+BbVhY6
|
|
||||||
o1PYL0C7RBWfz/sdIhWazYMa8L243a4LQU6CkILwum0yJ37ERJ2jkGc8NaHsqXCi
|
|
||||||
zbmFFp3If6u7F7iFrIN0W76hUL69nwszGlz4OyLHJsDLDnp1fJbOBk2gZZCMoFIS
|
|
||||||
OXqxTZPUdxbjWaVNRz1/ze5LcGF5yB52lgqOxykZCIIGs9mn11Q1kWPoB2BovoXd
|
|
||||||
fqTgMwx68qvQXWUzHj8fVemA3kCwqK9udjFok62GVKBy7uxBes+Le74aMg17Pp3R
|
|
||||||
siMuL4jpTppEuBpc5/gMQDJSv53niGWLyrUCa+9lDGqxpHiV+SRrEXekQlFCi+cG
|
|
||||||
FS36mT/Vnvsnss4ioKjEPWv4OuASkC78GvGMSXZrFMHrILgRrLhErbO/g8d2/+X9
|
|
||||||
3p02A5R9vbhdOSOAgjvvGLPzR7LidOoBOZYaTq28HB7cNmBkpAp4cM59pQwTVZYm
|
|
||||||
ryZF066njjn5TEoVuQINBEtrT7wBEACjRnNKXpiD/tbVSiF3bicZpf4C1JFIDvvJ
|
|
||||||
HQZEuK35SqeAe/tUpMAwbBfgW5sExUoB3Cy1lEK2Bi1kO7GU+tkdCHhi6jrcLYiM
|
|
||||||
g7QXavYZ/ebYHVfhVY2vGhOJVz4qm0/WvQYT3OpJSqrD1jT+AbRpDxFk9h2CBPw1
|
|
||||||
roBrh8TqYKyIOBPSswLwP05IKk9h7SwQnl/stXRchLMVaMrKL33V2bpZSI4NtYhJ
|
|
||||||
QGzX7PHVsv4JYBCXCeFRhAJwLLySfGM3DXdAChsOjtGob/sW84Kv5YM65sHxmhit
|
|
||||||
4NC5o5IxVQntvYaOsTafF9KOC8egostPsARxUNNihGYvJ5WL8NS2wQVMWsiRMK+/
|
|
||||||
QsK6PEMXny4q9+lMPGBZpuGicUX68RIIJynAaHatdorA0hFSDQIVxbhDTQdrBnmt
|
|
||||||
fSx33Yd9LlaW+oFz3oNtsUP57JQMvn7/RYMSheRqtlhSOOHQV/DdORo2B1uhd2Dl
|
|
||||||
uZOzsVz88o/2eZ9dhO8ArNhQRpWgcx7dq+kI7FyUH0Idrw29qD3IT/PnEOTF84ro
|
|
||||||
l0HEagP1ozVB32krJIDRQleTmdTogtT69FYLHnK9fYrk1m3Pcc3TWb/1PCcccN0D
|
|
||||||
2RJCl2kry5wJdx6g2bi7wg4twpRJshi5jREPJAAGNy5MKA+oon6D6gbwwNP3xuz/
|
|
||||||
/9BU0AUDYQARAQABiQJ+BBgBCAByBYJkorMiCRDWBYSO1+aYcUcUAAAAAAAeACBz
|
|
||||||
YWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeZgZGsUjuRusvhjME6v0SyZCTB
|
|
||||||
ZHc9vQ5i7qV5OPZtLgIbDBYhBEYiJcO0bzSHn8hJbNYFhI7X5phxAADssg/9G6Sj
|
|
||||||
nPi7yLDgXwmdQnZS20afRXa+T/YrsupbcKtXz+9As/QeZjnwuWI+LMDEjQSGnbQ4
|
|
||||||
w4Uyz5hnpRnWYDq62hsFml1eJr5xwImscJMUYkVdBVTxvrYn9Dxr+C+FkeJfBIkO
|
|
||||||
qZpFfe03VNwNU7zm6lg2BzKzBY3MY0nm/J/fWhmIXGOvUXHmRC6NnRkiTQcLsPU5
|
|
||||||
TrJoDXP3qI2shr77IE3TFZ60xD1mdoaZol+CQEXjoAzd+PuWBltdkMVSqtLFkyEy
|
|
||||||
L0kup+u/JdBrZxDNKRYwvoIi+cpzefq6Cp52L4WOhKxYQxrGPaFXzuOjf5uA6YHj
|
|
||||||
nikhvtm2W1C4FxEJ9OaDgP5EtdUmwnAOdPc+uNwpmChpFZmno26pqZfl7st6hjWK
|
|
||||||
qc9bEGncemxqregsCZPz8S/xHtFIKG7tGu7bmXVqnlkbz40t+1dQSN7jM6/pEIKr
|
|
||||||
2xWiZOnQ9/1cwuS84ZIQiwvOT4tGlLxnhdPjrCdgjtse2rf0Z1e29D36VKvxEQvh
|
|
||||||
lyAkqu4/8polwDVjHA3e3wlM8oCIoV4QvWWiqwaYmcFIk67TeTFx/rADZdDk/1w6
|
|
||||||
Ym+aOkPah1KLj7ERikSi3L3WJsrqZl7ij7fW8UrU5hz1Ncwc5cshFtdICAHA2ZpT
|
|
||||||
vELN+aCng2VkpPsR3NGa4ihB2Rbyq2SsGJdkf1OZAg0EV+o2lwEQAKWMXF8xc4hs
|
|
||||||
2nI+Tl6s/QTiw1X8gGJCztuEpLgVUqfL8bmQx91t1F7bpfVBN/wmrxXcWDZCTnlZ
|
|
||||||
NFJ81F/5AyMr1d8CBCuFaBHNx5KIl0Mo96wlFlYt2ANIjs2duM70fNgQPx0NgV9U
|
|
||||||
ZrvuXtW7hH7G+bQE83NvEjBg/OC16JaImRK9IV3FMsv4V7H5QrUwe9dAkN/EnaKk
|
|
||||||
I6B4jTd2DBq4JPfK+0FmEj/09Fv8N9EPgUm/TQePzOedMRhON9qX7vTczHsslmqD
|
|
||||||
d5DSXbCgYamiuI0e3Xw48i07R6Bz5h0/gm6PKzS7effIKopZJitF4/ry5m2/ryf9
|
|
||||||
piv0koeaC+ygYTALnWmqlS2PeFUbxfqvllz0nUk2wGsHVIeBKAkMeWyvluqFPLey
|
|
||||||
zouexNl99s86fMhvMKCUbYNN1CvwMJtXCmabaviN1sbMrWa8UdW4h5RNxs4ot/9M
|
|
||||||
uZOtTTJNtRbESXiyB8VTQuBZAh+eUTkuSa2AC4O6M1UEnc+a5pzRVy99MF335Kat
|
|
||||||
S42S50THIshZvCehjZNL/BHXnyd1Acqf9VBJZXJYLuvw3wlH2qYl2GGS7fR6V4ii
|
|
||||||
94dp/EE/kOZyzx5DJSNd6evYLwgJsFQvkGGqsCy8myXfDjK5Y+gx5kxBinikAigk
|
|
||||||
OcnwYBlAlXBs2mxmG0qiCO2ooMl8/g0rABEBAAG0J0FsZXhhbmRlciBTb3NlZGtp
|
|
||||||
biA8bW9ua0B1bmJvaWxlZC5pbmZvPokCTgQTAQgAIQIbAwIeAQIXgAUCV+o3dAUL
|
|
||||||
CQgHAwUVCgkICwUWAgMBAAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCy
|
|
||||||
nxQyflAP/1o4u6QvvBqAA4SK8eDgCaDjfKltjDn52jx4JfxBWlfS/zdnz8qPDTXX
|
|
||||||
iEh2JKpitlG+bmRnSngOqPH+sfFQvUz7czidUfF+Tlt0jO3Q/Zt5/OiGh3vgmOre
|
|
||||||
B4I5cObNGQmT/Ma5si6NfTQU0+okvd3j6fRNswsNP26TF+m7gSd27/S1/WkGLe+D
|
|
||||||
Ukq+fYXjCNn4qCg9KthAULJkZWiCP2rok/m2xCHmAq0ALVyDTE/IKRbDEqc04qsI
|
|
||||||
/XqGPavLdHmG8On1g8sek7QvJKkRgN29BUzdS6KBYfZGSLJ9KLGST7BPegyFLXvD
|
|
||||||
SMxUx4KrJRxgytMcmzI5SYTA6u6RdA1t5AY6Jw17YgP4Ba/yPPTbrTxJb7qM4NOA
|
|
||||||
1c/xc+j3+A6bWjLUbHMESlldcZae3s9cFjmOfDW9jn0WcmV2e4W1u2kTF0um1kfV
|
|
||||||
8kriiHKKT0RJ8iVLfpJpnJ0/7hgsyUE4O8BH1J+Pho0zVfTE1TBp1FwRZJQ3ls9X
|
|
||||||
3f5Zpn/KZy7gjseQSPx6r7pra7U5gSv/0Y1qDRrNvtULt1+0SobAmzp84iqn3GRd
|
|
||||||
/NybJz5jB526fm16WIE3MLoEB2yj+T+4AQ5Va1NHLqRR5oXa/anIzzFrmoUe8dRY
|
|
||||||
le/PhIvHEjzRrMzLFrmXX6eQZH1Gle59KbCFJus0bfSE0PL0xmKsuQINBGEgbmMB
|
|
||||||
EAC6sAEM9vo0ocfnyAlhmG+clkdNIH0J8NLzZIbnHOAfTnnLzUeWOT14JR7Q//kT
|
|
||||||
CdorjbX0dWD/+TRIwFHdXtLQngqaqSc77+1nRkx/4R5tbzJrd/FYA/4zk+sPpDHD
|
|
||||||
idcntJQ5chduyiuESn3L0H0OT0muck0g92BAkGATaswNWLLnu/TC1486krkG0aQx
|
|
||||||
DDFIYggzJR6v/saCrTGtMVMOhoMcWKGGQpFCYznB+3scYucTc4o9CGY/hpYeukZZ
|
|
||||||
72xmaYWZqIQnCm7pfLyJWNkw70EO1r1EBStuhYWEUqgTfgfu6KQHRpRiMPWf0Oss
|
|
||||||
44DQR5fIkY/VTCBeIWOdX2TC6qVfgMKASfIyYzPMorDtAcrXhRb4aEZqh9p7AjLs
|
|
||||||
8izfFR8/GSdoxIda3b+cfFPZ5dk05oOS3wkMQOy5ZeGv/jp8WZds7MC9+xNMhdZ9
|
|
||||||
4hRU6dN7S6yq+btrgPLWXk96yl4VZkwRz9fxk7PqZZ8riz9VAfKE2llkC5pEXx09
|
|
||||||
B0oUxu9DXzGZI9acOG3YAtXlezhCaS6AcvQZbQ7CXKHd/sGXrf9T+sqYX9k4FnLm
|
|
||||||
7eoWHH0rEMC3QVPGbIs4rGZbjBBybVrgSL8ShFpmhw9F1PyD6ug2t41NBIbZr9e2
|
|
||||||
eFaVO2LaPpZPoKFGZoILrtB/vW32BmQV20Ibr7cK2dPcbQARAQABiQI2BBgBCAAg
|
|
||||||
FiEE6Yerf36JZnd20Fs7sOndILKfFDIFAmEgbmMCGyAACgkQsOndILKfFDKCmw/7
|
|
||||||
BUinZ7uO+ax1hV25Emdg9qJsbtW32FLMypecexEK/CrOM+fadQe+xzPOoSlHw5tS
|
|
||||||
1ZB4rdKUT0jIingmmgaBWFd0FQPSsxHlERvhTfgDBlzAl7CkFisOPYY/ErL+lCjM
|
|
||||||
4t8VgsHsQZQZ7Nx7wMuIbT99n1lt79lt3YXgkZfIerDmb5mWuGP10b1/GDFv0s2R
|
|
||||||
T2dyNfdTNFtfzpehA4ea7Qgcz1ayqeyjWqDpoIXP+KCC368vv7kukBrdSpn7RLS2
|
|
||||||
xYeP8zB8ovfe+TzYc7ZSt9UdjbW7U7qzU49Kq5C4n/qvj7R5kcAm+UDSLVrvnbAf
|
|
||||||
nLVWWfgo0sOmtD5/EoMhlgKtN6DrVTSgf6xW6oWsf+8Pz1NROhqLwkcDvpET6zuT
|
|
||||||
YEWOK9vFik3XEtdaSlONvaBPN8aYfjoPze28MgEEcf3dw/+QIczw8+kXWXjmAHth
|
|
||||||
L8RpC1fiMmdOXlB1d7gkUPQkJmc4NeRM53fgE097IbXbEFhMtDSu8yzKltG70ahO
|
|
||||||
WoNKwdArrQhbiFKc4hoCx/caRy8jK0kFb5ZaNkljbtyQWFXm75lEDpaa2RFvE0T7
|
|
||||||
pFrMnrOEts0tlJwEf5s/SxWpFniXW7mCov3eYFnrE8Lgq173z7NmjmMTms29bro8
|
|
||||||
UW8eHMflRchZsrEUAQOtlA3k159Wt/2MTK9LnIz1I7a5Ag0EV+o3eQEQAL7E7DWm
|
|
||||||
gc1YdUV35LU1JCYqu8LScbyPtnilMYjgYORLc2DqXLIBWuIdP7hQ8lkQosQmn+oj
|
|
||||||
EfIEBpwbU+q5fsyxK31nReXxQQgDGwobjdGsZykjf6Dj1Jd9y2LDsBpZnvpFVhqp
|
|
||||||
YAv3bmyaGpIh+9y5xyLRsCTloVL1R+JyHuOromVllR25+zFwvoFhjfq27VK9QjTF
|
|
||||||
DYzqhdr3e0sx1LKb0DaiDHc8PT2LBjmND7KMGUKOjDwiFY6Uxd1eTB6Y+FkkwfMa
|
|
||||||
bk1JRgF+rGA9pvy0sjJcWkbTvW8erBJhhWNN4V7rtSHMMRdzFvqzhgWeO7r3TarK
|
|
||||||
js7pQCM8t+rnT7YFm1n0rHLfW7ECV6WBvWyk1N7a0C4Q5ekJ+fls4U+Iy20bOmhs
|
|
||||||
3vRxNA0XaGdp/NH1ldi5KExYbTpQpNQ0XK6j1KwE+TdM24v7su6qWGgmWUJKWFfC
|
|
||||||
ms+/zwAVGypTXa7rDi9X/+Ubb8nLLkQbf4W4/OrXBWffkbG+4J2EDRxF1UeHrHu5
|
|
||||||
NpnFP8J7sWYKV45Vh3pK5le2zYbDPF84Ge6BY2wiYvvWnPEqg7pLPZfaRSMJkqxT
|
|
||||||
QLSwnHf8vBvVXHAmp0WpYwOYBE+onFcZX3/t8d2uiEKuhElNfxdC1O4UolaBBEpz
|
|
||||||
FC9hN1IXWIpTgRLo+G4ket8FlTugwe+l1HN9ABEBAAGJBFUEGAEIAAkFAlfqN3kC
|
|
||||||
GwICQAkQsOndILKfFDLBXSAEGQEIAAYFAlfqN3kACgkQQSdIpAr8wvsH/hAAlSnz
|
|
||||||
UTzOU+x7/P4fPxl9M7dLWcOIKaaGrjNExz9bVCGXGnHZR3f4gRl/bowRFjGi++vh
|
|
||||||
nlCz2Hj18lFRXG3HjlSOwdzJYSa6ZMqdA2AW4167kJtQNEXpfV//C5mXhfe3U68O
|
|
||||||
33+acvqU5cG4/+QNvun81j8SQlOyYJlsQwW6W1EH2wxfuvpid3SNn5yDZ7GFhfZh
|
|
||||||
oxBwzITWRiWifcy8r3xufAVrFZKwAMvWrG5LRJD6pgyW/1oMsWUIH0U+QD0vgBoa
|
|
||||||
RCAW/gqLRf2836n7PeZaLuqiHMQgYOUs41KJ9jy6rYiHLuZsZPJ4luFbFuUylJxj
|
|
||||||
KUfnjVuAoBhm9XouywKckE3oXUf2Sa504MQlo+pNvtf4LK8RALpkTe8joq5olEnV
|
|
||||||
NNIq+UBxK0ZEG6SaCnf4wtYcL4uUVgLj/QYm9fob3gakVlfEVZx2SnCqrB2NAtMO
|
|
||||||
RUo1iOm//EwAnaFP4XaqPEQLZaEnKF454n05xFvt21UGgM81z2q9DrAbAolrpf3Y
|
|
||||||
8LtC42TQTMlGmyVmxUzgqyVcDc8Pjj0VP+9twp8za31bPXs88/o3E+tYIN46pxYV
|
|
||||||
9fWxdns+eNupVm8ZeZ+sblhkQGb2yyOPM7SEsP4MKzITPHheBxSzniYo0D6jrX4A
|
|
||||||
lDza7Gjw4YsOxus2NlhzBsWxmTpYat1QSW8cEQgWIQTph6t/folmd3bQWzuw6d0g
|
|
||||||
sp8UMpnkEACd4nfSJZIVX/jGtbR9kwOhnchAEkW9nwCxwgujJxvkPSqgMLbwtGhv
|
|
||||||
KMunhOOU10JWWT2pZ6JvYTzRRPJwl8snXwNlv9HKa/XUlbo7SGuliAya0J3UKxtG
|
|
||||||
Jd9+yOj81BznQjlZF18yqjERP1cyewmuGIUEqU1ODVE5SVajZSSOpe9EnT0TENZ3
|
|
||||||
SJcodwtg8rd1V4pqUecx5cpG01szohDuqXJ1NbvoRIYXbxwyx9b7JK3YuoDhRylG
|
|
||||||
rmCyP5n5Sb0J+5yfcOL33CPVK7SLladTlopCcaeieIIMSqMdUSHpLKqvOrRt3Cz7
|
|
||||||
9A777L9MHND1yf2Mm/IQlih/1d6JblNSJ2znD7hfpo1ReYmzYtG35a3m6FZt4QT1
|
|
||||||
5gGLQ0QC9a4s4LpqY9zPxaW9jpQPsyodoiCk/j2ZkwHLIa580V3Kh6dxjI+LwXlZ
|
|
||||||
/9T+Q/C3L5Has5yBijtCdekyrsD6XVfEn5gg+yFkDc6TKYCGhsro0yA9J+BOGRD2
|
|
||||||
HDxVbH3njCiP5wDvxIgOQLN06LQLDX+Qq++MRnJe4e0i1CQA+ow7ROSGUEPX7k3p
|
|
||||||
qoxJcQ2i2SCKz1PooV/ii/iN1PfU/IK3GAJEO2ktpQM9APKP//tvc00CAbarnlc9
|
|
||||||
G22yWAxW3R5JN7SfeX+lqC+Mok1cS7WGCQOOOC+B0EelTaj6Zcb7wbkCDQRX6jaX
|
|
||||||
ARAAxAQjAzi2kzXnWnX6yAkijTQk0j5raWb7+2Qprqr+I4ZbjEFiQFodw7Ei8eFt
|
|
||||||
sY5LSSvFWe8WXl0Ahvmfi+/9TPFwgEtLWTOqguCjJQN0VkOfjhEDWLuAFHoa3IzV
|
|
||||||
ySoZhDgIDQ/LY7cRg+Ryi0AaInesYx0cxdYkt93X1tPtcV4q7KiTIWZWBsWlBZF3
|
|
||||||
qHgneIfq6lBObjd/QfKhaFGleXi4UhJfcwnVj01h6dCKWUSNPRr6/sbdQztsnDYn
|
|
||||||
ghka+pdUAmVqpj+Cpb0ppUuzO78tW0lImybRUGOomhivQbw2/TcYcgwQmdUi7+Ie
|
|
||||||
Td/8H9Msff2P9u54vFbhUt1XlNk4KWyOi2Xu9CvidXqNcg6wpdAPthIjeZ3tRT3H
|
|
||||||
nFt9N5cPlhaQwV7SuGx9eaiMk2Oj2dBPvV4M18guwfA98iyNJ4tBmmiFLagfaDuN
|
|
||||||
aMgyt5cQA0tORt5d8AUoF3OrYQ/wdiToa6IJ7RO2WaSlFaYOHFJzMUDLNSUzKbVI
|
|
||||||
OR7No7QIOvKYJR4njnHBgIK5AeQNu5ucBxbFDOqnmu0E75pHOrVn8l5OOuHN/EiO
|
|
||||||
SGzRTdSh/iVftUgZC3vj+XnIlen1RBU63DRkFn97knlQGtmJgi6yIJhWHYk9LvDG
|
|
||||||
rUAdtPgrIr4844O3E5ZNTDW0YTmWtkfqnmfgEVBUdMWjj1sAEQEAAYkCNgQYAQgA
|
|
||||||
CQUCV+o2lwIbDAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCynxQy0eUP
|
|
||||||
/RLpSjdHZzZxJ0gorRbNkUZ+hJL4eCZC+V+JGBvTgLd58lN8ah/vqQafn3vUXwB4
|
|
||||||
3tW/if/Oz9ZRrLhfPtfROEQjxroo4xNRY9PPrEO1yQ5O6i81CcZGRKpZ391Q2fPl
|
|
||||||
2+lWT4VKXpn+XbF33FXAox9Rdfc/H5bXF+EiT00EnuxKWv6yyC48lNgKGBmSdhRE
|
|
||||||
iXTzzRzGxBxN3GWQV+2rIrHMy3Bp2DgKb2kHLhA2sLg8oCoszhWcW1+le34ioqNB
|
|
||||||
Yt/HLvM+nVzxgrD6RMQg0aiFQJvIw68Z48g5oD44xIjJT6YWXLbZA0XaXLn+m1CR
|
|
||||||
6xqxSeXsXSCnvbF5KQs6MsxKFs07T2GDEMuHJO35IfEfg1JWWgzqJfGe8bKBeQ2U
|
|
||||||
wFaZrYlmOYpq4VIdWwgDHlzuXynb/7MLe6NyxJPun57Ex7NsS//sfrR5nPunk43e
|
|
||||||
0W0lqmT50WJxRhBHhxXmkQ0fH6tzra8GJxo99+MJzaSfENvdRz39BQXM56nv0/1w
|
|
||||||
lRdfqJJcqYqVav/gKvKaB5eH3dXHKGZK5YSiQbtvqKBOwsOhHxtvsE18lu5LwiYd
|
|
||||||
nTaI0DmUcl2o4iC0+cpSFSesGSGd2XIIid0E4yre89Cf4kfuCQhvUkBrgYwU3mFM
|
|
||||||
/MhgH9hH7MKAmRVfm+pwNOk3owA/vBcSuRRLeeVGDGeqmQINBFOsE5ABEADD/k0t
|
|
||||||
8to+R0kPhr2k7d0P/p1SYgxkwSaYgdv4/MgO/yEbQDMsqs1mw88mWnFKKdbH4QUS
|
|
||||||
qCj21SiiJVrcoY7dNNapkKNiaMNCylAxkLtDw9/up0AVdkJ/7iHvrKlwIb3SBQV1
|
|
||||||
oJYBrXF9rzFBtkW9NhLc+DzloeHfPtABCIi0XoIOGSDn+RQvppe/13phBj+2fd5I
|
|
||||||
LNWiHfKIrr6228TynSPqy7H4z5DYcnYIJ7f7FO+MgaZjj28GFCyCFz7DMJsR/JX8
|
|
||||||
CDsaOHvBsBRtBIKSQ7ce9KtAnemsmyGVkaHpGvxo3gaWj8pROIiQRbDYfXXvMbpT
|
|
||||||
Yh/OTxbbx3SgBNjk3fH6ZjYZXuz+1kjJ9aajRKWvhZbMCjKEGjm3n+PrYdd2o9W6
|
|
||||||
j5+aOhSWDs54z7froPmt291NdykF4kHb3W3SwGaIACV3/ZorrwG8wHhnV8dEwqTr
|
|
||||||
E6xcTIwr2+C07yFDKrSgTbZsjEb6RbZA9SKsj6+ct8TrAxVPAigj7eMdWcF8yxxQ
|
|
||||||
CCZci8UIx9hyHAfr4fKCYl0KlG3SoZ8kTKiB0AvjsK+QowE7gKuHeKOvEn8cb2Di
|
|
||||||
BWjDfJoTO19xhzm51jxcDneIkVoeSg5QJqtiQZybyhf7vP9vl1fS9O8I9y1uR2lC
|
|
||||||
x7UkWAGTTVTtzs+O47125jsj/BjLMECT/Ub33QARAQABtCBUaW0gUsO8aHNlbiA8
|
|
||||||
dGltLnJ1ZWhzZW5AZ214LmRlPokCTgQTAQoAOAIbAwULCQgHAwUVCgkICwUWAgMB
|
|
||||||
AAIeAQIXgBYhBByyfbyYYUstWEFkbQgwLbaiZwQoBQJgRRE9AAoJEAgwLbaiZwQo
|
|
||||||
1nQP/igf0pGcHlUqHSGmaapDoqRJfHcwUMfC3FjK4fmV94D3KUVU9txWbb02qX5n
|
|
||||||
1yQXcpweHEAQEY7YVUbZLND2kMqq/unyi6TqdXK6wtz1t6tO2IsPXceAzI5pC6hX
|
|
||||||
QbN/sQIBD+ytdUVpvuOGDLUfbn95PYqNx/2t3GzW2hSglt6MUFDHVvQpglkQnCGI
|
|
||||||
1C2ulqPOarKcxggH4pTWQ2PR9JOJMS4iUGEyZeVUA8m21V+KZS3CZjaEuq+/3dLW
|
|
||||||
WzC1vtl7WMa3JahCGaJHL7kauVa0qgEkG1FENDxNhjb9m7nXh7+DRSOQM8oT4EbC
|
|
||||||
kSt5mLAwPl6JoAiRa3l+oVy6SldpdkMl6ycCnYEWki5K5xTUeJugw95Hm5mkD6Dt
|
|
||||||
li7tTtIlqcQ8i2kQB+BmtD2HSKBWrFONE4DQaBv8GcqzoDMFmw72sOStbnbAGEtz
|
|
||||||
IU41pmOaV6AnfN/hVqNNH3P8vzrSJifU0WCR9TEZoZoN0Rxbt4vYbLrArgiGE94K
|
|
||||||
rUEJ08c7Q4VOAdbQcENgzu+MnQC7jWk471eJ05hWMtqvW2PKh/2bF/LgIYJuBcNX
|
|
||||||
CKFBkDNTBNibJ8MnVn0uBZ3X9G6Kx9wU5e89Qvj7V6MM4SoTiOmhlbxH8GxXXSYf
|
|
||||||
AWosuWUSOFyXzG5yhurvUmYW+OIFPRZ6Wb5gKSgoLdgB+DhfuQINBFOsE5ABEADr
|
|
||||||
LQL3bP7+M6PTCjuVbqqHBDhBAKEEuxKffwDz1AJKfRhvqTYIKQqgZwaIzXdbOkmP
|
|
||||||
rTEgWHJKbwssaRmdBVRSYkE2DXLEcnuxqAgNyc5RMoVHWIE4jFNkxmrN6ZcVWel2
|
|
||||||
OwCo9A6bzUftKKYJRPAYou4nmv87+CdKT16JV40dMG/phLyPINByy9wThIodpJQX
|
|
||||||
/H1O6OCsMM/ZQJQ8zJCXbCCCe/c5gcg6+RJLsNa1CjIjQH0F1XZuncxz3nvKLxXL
|
|
||||||
uQG8HCcU5GxW/z2byjEkoJrlakmcwUzuih7IuFrvSaexb8so2N6u5H8vm+SBkCwU
|
|
||||||
c28lBsKECOJUeH28CBcMmFuRKFgF/fBpRiXDKI8Fl3IRm5vFIfL6oIBJBSDfunfZ
|
|
||||||
5FPXup5fVGT9k0dhBlD48zDQ22kVVmRkpctxGwd3yE4BM9/sQ3nK4HwrB9+9X2Rq
|
|
||||||
xbAzwz8LGvRE7/rusBg9HaO8kIOO/7NjutCvJkHGPfJSF7i9XvBcoQpkTIJFPaxu
|
|
||||||
pk7TCFOVDAzUYh82MzNq89SVe49017/nuXzKJ3SAtok7xDYVsXXriYgnmouL7f+c
|
|
||||||
DXdXmLIxPZN6LKkwKb9/rU0/9xPuvxS25zCSgjig8/SFEdSt6wvs94npSn6RcmVx
|
|
||||||
i5VN1Ni4IMRgQn7hXpGKATlM6CQ32V7QBJN24mFECQARAQABiQI2BBgBCgAgAhsM
|
|
||||||
FiEEHLJ9vJhhSy1YQWRtCDAttqJnBCgFAmBFEU0ACgkQCDAttqJnBCh3ahAAo9lG
|
|
||||||
UYfbbuQd6XRb7bkXWsoPoTI+o2S9wQOvZQLb/sANCkK0HqwAWdNeBKWF3o9NUG5y
|
|
||||||
/gQ3wNJv7WBGzCBL/N87K0doq6s9MiwXFIykr/yIlN7la3lCQvOUDn1OmO9zHGq4
|
|
||||||
t4arfCiInm5Hc6NhStV3aKtgIJoGWDMu9aIcy9canuAO+oO8l1ayV1kPDKWskVEX
|
|
||||||
ZsdvnxY0rhInvUfgw27uY2ziPLO3iTfPJLJ8wx2V3cyxkVWgk+08DHKQz0gwObJA
|
|
||||||
iAFtWJXSd8kO7mzcNVPgDAgje/7Lf2wlP4GQYO6Ht5RnhzbzIcgHxcK6pJeIS5oA
|
|
||||||
vDySWASwD66dkdYQUAjYHE2OQnwTjxU907uf1Foaa6yiOFBcQku4NQNdoUDfv+HW
|
|
||||||
0C5TR2XVcO9UBPTlEGMjMeqhTHs3E3HXKGiFWT7WYtdG9fBhVNoLvZ39eYnWEM8N
|
|
||||||
svcRUmOKzvoAJbmbZAlH3necl20MeJnfkTx9Nu3D9afYnaw9IJ9BetTON3gXzTtG
|
|
||||||
wAJjMZ346k9MLvnSLFpD8of15R/jl+RbZ732stOJkbcM5cUj2Lgi7DE44y7BeBT5
|
|
||||||
XD5LAUwop30sm4Kxwv9oEyVjzoQPkB24l9YGeEOEIqESZLszZ44Jsh703+9n3Dq9
|
|
||||||
wNTn8cXhFYi0Of02Vt4nNiXryBL/zneXgb37qiI=
|
|
||||||
=8Avy
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -1,34 +1,20 @@
|
|||||||
%define srpmhash() %{lua:
|
Version: 3.6.16
|
||||||
local files = rpm.expand("%_specdir/gnutls.spec")
|
Release: 8%{?dist}.3
|
||||||
for i, p in ipairs(patches) do
|
Patch1: gnutls-3.2.7-rpath.patch
|
||||||
files = files.." "..p
|
Patch2: gnutls-3.6.4-no-now-guile.patch
|
||||||
end
|
Patch3: gnutls-3.6.13-enable-intel-cet.patch
|
||||||
for i, p in ipairs(sources) do
|
Patch10: gnutls-3.6.14-fips-dh-selftests.patch
|
||||||
files = files.." "..p
|
Patch11: gnutls-3.6.14-fips-kdf-selftests.patch
|
||||||
end
|
Patch12: gnutls-3.6.16-tls12-cert-type.patch
|
||||||
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
|
Patch13: gnutls-3.6.16-trust-ca-sha1.patch
|
||||||
local hash = sha256sum:read("*a")
|
Patch14: gnutls-3.6.16-doc-p11tool-ckaid.patch
|
||||||
sha256sum:close()
|
Patch15: gnutls-3.6.16-pkcs7-verify.patch
|
||||||
print(string.sub(hash, 0, 16))
|
Patch16: gnutls-3.6.16-cpuid.patch
|
||||||
}
|
Patch17: gnutls-3.7.8-rsa-kx-timing.patch
|
||||||
|
Patch18: gnutls-3.6.16-rehandshake-tickets.patch
|
||||||
Version: 3.8.3
|
Patch19: gnutls-3.6.16-rsa-psk-timing.patch
|
||||||
Release: 1%{?dist}
|
Patch20: gnutls-3.6.16-rsa-psk-timing-followup.patch
|
||||||
# not upstreamed
|
Patch21: gnutls-3.6.16-deterministic-ecdsa-fixes.patch
|
||||||
Patch: gnutls-3.2.7-rpath.patch
|
|
||||||
Patch: gnutls-3.7.2-enable-intel-cet.patch
|
|
||||||
Patch: gnutls-3.7.2-no-explicit-init.patch
|
|
||||||
Patch: gnutls-3.7.3-disable-config-reload.patch
|
|
||||||
Patch: gnutls-3.7.3-fips-dsa-post.patch
|
|
||||||
Patch: gnutls-3.7.6-drbg-reseed.patch
|
|
||||||
Patch: gnutls-3.7.6-fips-sha1-sigver.patch
|
|
||||||
Patch: gnutls-3.7.6-gmp-static.patch
|
|
||||||
Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
|
||||||
|
|
||||||
# upstreamed
|
|
||||||
Patch: gnutls-3.8.3-ktls-utsname.patch
|
|
||||||
|
|
||||||
%bcond_without bootstrap
|
|
||||||
%bcond_without dane
|
%bcond_without dane
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
%bcond_with guile
|
%bcond_with guile
|
||||||
@ -37,65 +23,44 @@ Patch: gnutls-3.8.3-ktls-utsname.patch
|
|||||||
%bcond_without guile
|
%bcond_without guile
|
||||||
%bcond_without fips
|
%bcond_without fips
|
||||||
%endif
|
%endif
|
||||||
%bcond_with tpm12
|
|
||||||
%bcond_without tpm2
|
|
||||||
%bcond_with gost
|
|
||||||
%bcond_with certificate_compression
|
|
||||||
%bcond_without tests
|
|
||||||
%bcond_without srp
|
|
||||||
%bcond_without heartbeat
|
|
||||||
|
|
||||||
Summary: A TLS protocol implementation
|
Summary: A TLS protocol implementation
|
||||||
Name: gnutls
|
Name: gnutls
|
||||||
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
||||||
License: GPLv3+ and LGPLv2+
|
License: GPLv3+ and LGPLv2+
|
||||||
|
Group: System Environment/Libraries
|
||||||
BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
|
BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
|
||||||
BuildRequires: readline-devel, libtasn1-devel >= 4.3
|
BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3
|
||||||
%if %{with certificate_compression}
|
BuildRequires: libtool, automake, autoconf, texinfo
|
||||||
BuildRequires: zlib-devel, brotli-devel, libzstd-devel
|
BuildRequires: autogen-libopts-devel >= 5.18 autogen
|
||||||
%endif
|
BuildRequires: nettle-devel >= 3.4.1
|
||||||
%if %{with bootstrap}
|
|
||||||
BuildRequires: automake, autoconf, gperf, libtool
|
|
||||||
%endif
|
|
||||||
BuildRequires: texinfo
|
|
||||||
BuildRequires: nettle-devel >= 3.9.1
|
|
||||||
%if %{with tpm12}
|
|
||||||
BuildRequires: trousers-devel >= 0.3.11.2
|
BuildRequires: trousers-devel >= 0.3.11.2
|
||||||
%endif
|
|
||||||
%if %{with tpm2}
|
|
||||||
BuildRequires: tpm2-tss-devel >= 3.0.3
|
|
||||||
%endif
|
|
||||||
BuildRequires: libidn2-devel
|
BuildRequires: libidn2-devel
|
||||||
BuildRequires: libunistring-devel
|
BuildRequires: libunistring-devel
|
||||||
BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++
|
BuildRequires: gperf, net-tools, datefudge, softhsm, gcc, gcc-c++
|
||||||
BuildRequires: gnupg2
|
BuildRequires: gnupg2
|
||||||
BuildRequires: git-core
|
%if %{with fips}
|
||||||
|
BuildRequires: fipscheck
|
||||||
|
%endif
|
||||||
|
|
||||||
# for a sanity check on cert loading
|
# for a sanity check on cert loading
|
||||||
BuildRequires: p11-kit-trust, ca-certificates
|
BuildRequires: p11-kit-trust, ca-certificates
|
||||||
Requires: crypto-policies
|
Requires: crypto-policies
|
||||||
Requires: p11-kit-trust
|
Requires: p11-kit-trust
|
||||||
Requires: libtasn1 >= 4.3
|
Requires: libtasn1 >= 4.3
|
||||||
Requires: nettle >= 3.9.1
|
Requires: nettle >= 3.4.1
|
||||||
%if %{with tpm12}
|
|
||||||
Recommends: trousers >= 0.3.11.2
|
Recommends: trousers >= 0.3.11.2
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with dane}
|
%if %{with dane}
|
||||||
BuildRequires: unbound-devel unbound-libs
|
BuildRequires: unbound-devel unbound-libs
|
||||||
%endif
|
%endif
|
||||||
%if %{with guile}
|
%if %{with guile}
|
||||||
BuildRequires: guile22-devel
|
BuildRequires: guile-devel
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: make
|
|
||||||
URL: http://www.gnutls.org/
|
URL: http://www.gnutls.org/
|
||||||
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
|
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
|
||||||
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig
|
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig
|
||||||
Source2: gnutls-release-keyring.pgp
|
Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
|
||||||
Source100: gmp-6.2.1.tar.xz
|
|
||||||
# Taken from the main gmp package
|
|
||||||
Source101: gmp-6.2.1-intel-cet.patch
|
|
||||||
|
|
||||||
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
||||||
Provides: bundled(gnulib) = 20130424
|
Provides: bundled(gnulib) = 20130424
|
||||||
@ -106,16 +71,20 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for the %{name} package
|
Summary: Development files for the %{name} package
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-c++%{?_isa} = %{version}-%{release}
|
Requires: %{name}-c++%{?_isa} = %{version}-%{release}
|
||||||
%if %{with dane}
|
%if %{with dane}
|
||||||
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
|
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
|
||||||
%endif
|
%endif
|
||||||
Requires: pkgconfig
|
Requires: pkgconfig
|
||||||
|
Requires(post): /sbin/install-info
|
||||||
|
Requires(preun): /sbin/install-info
|
||||||
|
|
||||||
%package utils
|
%package utils
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
Summary: Command line tools for TLS protocol
|
Summary: Command line tools for TLS protocol
|
||||||
|
Group: Applications/System
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
%if %{with dane}
|
%if %{with dane}
|
||||||
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
|
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
|
||||||
@ -130,8 +99,9 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||||||
%if %{with guile}
|
%if %{with guile}
|
||||||
%package guile
|
%package guile
|
||||||
Summary: Guile bindings for the GNUTLS library
|
Summary: Guile bindings for the GNUTLS library
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires: guile22
|
Requires: guile
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -188,181 +158,91 @@ This package contains Guile bindings for the library.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||||
|
|
||||||
%autosetup -p1 -S git
|
%autosetup -p1 -S git
|
||||||
|
|
||||||
%if %{with fips}
|
|
||||||
mkdir -p bundled_gmp
|
|
||||||
pushd bundled_gmp
|
|
||||||
tar --strip-components=1 -xf %{SOURCE100}
|
|
||||||
patch -p1 < %{SOURCE101}
|
|
||||||
popd
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%build
|
|
||||||
%ifarch aarch64 ppc64le
|
|
||||||
%define _lto_cflags %{nil}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with fips}
|
|
||||||
pushd bundled_gmp
|
|
||||||
autoreconf -ifv
|
|
||||||
%configure --disable-cxx --disable-shared --enable-fat --with-pic
|
|
||||||
%make_build
|
|
||||||
popd
|
|
||||||
|
|
||||||
export GMP_CFLAGS="-I$PWD/bundled_gmp"
|
|
||||||
export GMP_LIBS="$PWD/bundled_gmp/.libs/libgmp.a"
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with bootstrap}
|
|
||||||
autoreconf -fi
|
|
||||||
%endif
|
|
||||||
|
|
||||||
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
|
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
|
||||||
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
||||||
|
rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h
|
||||||
|
|
||||||
echo "SYSTEM=NORMAL" >> tests/system.prio
|
echo "SYSTEM=NORMAL" >> tests/system.prio
|
||||||
|
|
||||||
%if %{with guile}
|
# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
|
||||||
# These should be checked by m4/guile.m4 instead of configure.ac
|
# via the crypto policies
|
||||||
# taking into account of _guile_suffix
|
|
||||||
guile_snarf=%{_bindir}/guile-snarf2.2
|
|
||||||
export guile_snarf
|
|
||||||
GUILD=%{_bindir}/guild2.2
|
|
||||||
export GUILD
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with fips}
|
%build
|
||||||
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
|
autoreconf -fi
|
||||||
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
|
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
|
||||||
%endif
|
export CCASFLAGS
|
||||||
|
%configure --with-libtasn1-prefix=%{_prefix} \
|
||||||
%configure \
|
|
||||||
%if %{with fips}
|
%if %{with fips}
|
||||||
--enable-fips140-mode \
|
--enable-fips140-mode \
|
||||||
--with-fips140-module-name="$FIPS_MODULE_NAME" \
|
|
||||||
--with-fips140-module-version=%{version}-%{srpmhash} \
|
|
||||||
%endif
|
|
||||||
%if %{with gost}
|
|
||||||
--enable-gost \
|
|
||||||
%else
|
|
||||||
--disable-gost \
|
|
||||||
%endif
|
|
||||||
%if %{with srp}
|
|
||||||
--enable-srp-authentication \
|
|
||||||
%else
|
|
||||||
--disable-srp-authentication \
|
|
||||||
%endif
|
|
||||||
%if %{with heartbeat}
|
|
||||||
--enable-heartbeat-support \
|
|
||||||
%else
|
|
||||||
--disable-heartbeat-support \
|
|
||||||
%endif
|
%endif
|
||||||
|
--enable-tls13-support \
|
||||||
--enable-sha1-support \
|
--enable-sha1-support \
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--disable-openssl-compatibility \
|
--disable-openssl-compatibility \
|
||||||
--disable-non-suiteb-curves \
|
--disable-non-suiteb-curves \
|
||||||
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
|
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
|
||||||
--with-default-trust-store-pkcs11="pkcs11:" \
|
--with-default-trust-store-pkcs11="pkcs11:" \
|
||||||
%if %{with tpm12}
|
|
||||||
--with-trousers-lib=%{_libdir}/libtspi.so.1 \
|
--with-trousers-lib=%{_libdir}/libtspi.so.1 \
|
||||||
%else
|
|
||||||
--without-tpm \
|
|
||||||
%endif
|
|
||||||
%if %{with tpm2}
|
|
||||||
--with-tpm2 \
|
|
||||||
%else
|
|
||||||
--without-tpm2 \
|
|
||||||
%endif
|
|
||||||
--enable-ktls \
|
|
||||||
--htmldir=%{_docdir}/manual \
|
--htmldir=%{_docdir}/manual \
|
||||||
%if %{with guile}
|
%if %{with guile}
|
||||||
--enable-guile \
|
--enable-guile \
|
||||||
--with-guile-extension-dir=%{_libdir}/guile/2.2 \
|
|
||||||
%else
|
%else
|
||||||
--disable-guile \
|
--disable-guile \
|
||||||
%endif
|
%endif
|
||||||
%if %{with dane}
|
%if %{with dane}
|
||||||
--with-unbound-root-key-file=/var/lib/unbound/root.key \
|
--with-unbound-root-key-file=/var/lib/unbound/root.key \
|
||||||
--enable-libdane \
|
--enable-dane \
|
||||||
%else
|
%else
|
||||||
--disable-libdane \
|
--disable-dane \
|
||||||
%endif
|
|
||||||
%if %{with certificate_compression}
|
|
||||||
--with-zlib --with-brotli --with-zstd \
|
|
||||||
%else
|
|
||||||
--without-zlib --without-brotli --without-zstd \
|
|
||||||
%endif
|
%endif
|
||||||
--disable-rpath \
|
--disable-rpath \
|
||||||
--with-default-priority-string="@SYSTEM"
|
--with-default-priority-string="@SYSTEM"
|
||||||
|
|
||||||
# build libgnutlsxx.so with older SONAME
|
|
||||||
make %{?_smp_mflags} V=1 CXX_LT_CURRENT=29 CXX_LT_REVISION=0 CXX_LT_AGE=1
|
|
||||||
|
|
||||||
%install
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
# build libgnutlsxx.so with newer SONAME
|
|
||||||
pushd lib
|
|
||||||
rm -f libgnutlsxx.la
|
|
||||||
make %{?_smp_mflags} V=1
|
make %{?_smp_mflags} V=1
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
|
||||||
popd
|
|
||||||
touch doc/examples/ex-cxx
|
|
||||||
|
|
||||||
make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.a
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.la
|
|
||||||
%if %{without dane}
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with fips}
|
|
||||||
# doing it twice should be a no-op the second time,
|
|
||||||
# and this way we avoid redefining it and missing a future change
|
|
||||||
%{__spec_install_post}
|
|
||||||
fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*`
|
|
||||||
./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
|
|
||||||
sed -i "s^$RPM_BUILD_ROOT/usr^^" "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
|
|
||||||
ln -s ".$fname.hmac" "$RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac"
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with fips}
|
%if %{with fips}
|
||||||
%define __spec_install_post \
|
%define __spec_install_post \
|
||||||
%{?__debug_package:%{__debug_install_post}} \
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
%{__arch_install_post} \
|
%{__arch_install_post} \
|
||||||
%{__os_install_post} \
|
%{__os_install_post} \
|
||||||
|
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \
|
||||||
|
file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \
|
||||||
%{nil}
|
%{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%install
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.a
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.la
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.*
|
||||||
|
%if %{without dane}
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
|
||||||
|
%endif
|
||||||
|
|
||||||
%find_lang gnutls
|
%find_lang gnutls
|
||||||
|
|
||||||
%check
|
%check
|
||||||
%if %{with tests}
|
make check %{?_smp_mflags}
|
||||||
|
|
||||||
# This test shouldn't work until the kernel gets support for KeyUpdate
|
%post devel
|
||||||
xfail_tests=ktls_keyupdate.sh
|
if [ -f %{_infodir}/gnutls.info.gz ]; then
|
||||||
|
/sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
|
||||||
|
fi
|
||||||
|
|
||||||
# The ktls.sh test currently only supports kernel 5.11+. This needs to
|
%preun devel
|
||||||
# be checked at run time, as the koji builder might be using a different
|
if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then
|
||||||
# version of kernel on the host than the one indicated by the
|
/sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
|
||||||
# kernel-devel package.
|
fi
|
||||||
|
|
||||||
case "$(uname -r)" in
|
|
||||||
4.* | 5.[0-9].* | 5.10.* )
|
|
||||||
xfail_tests="$xfail_tests ktls.sh"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$xfail_tests"
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%files -f gnutls.lang
|
%files -f gnutls.lang
|
||||||
|
%defattr(-,root,root,-)
|
||||||
%{_libdir}/libgnutls.so.30*
|
%{_libdir}/libgnutls.so.30*
|
||||||
%if %{with fips}
|
%if %{with fips}
|
||||||
%{_libdir}/.libgnutls.so.30*.hmac
|
%{_libdir}/.libgnutls.so.30*.hmac
|
||||||
@ -374,8 +254,13 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
|
|||||||
%{_libdir}/libgnutlsxx.so.*
|
%{_libdir}/libgnutlsxx.so.*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
|
%defattr(-,root,root,-)
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
%{_libdir}/libgnutls*.so
|
%{_libdir}/libgnutls*.so
|
||||||
|
%if %{with fips}
|
||||||
|
%{_libdir}/.libgnutls.so.*.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
%{_libdir}/pkgconfig/*.pc
|
%{_libdir}/pkgconfig/*.pc
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
%{_infodir}/gnutls*
|
%{_infodir}/gnutls*
|
||||||
@ -383,10 +268,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
|
|||||||
%{_docdir}/manual/*
|
%{_docdir}/manual/*
|
||||||
|
|
||||||
%files utils
|
%files utils
|
||||||
|
%defattr(-,root,root,-)
|
||||||
%{_bindir}/certtool
|
%{_bindir}/certtool
|
||||||
%if %{with tpm12}
|
|
||||||
%{_bindir}/tpmtool
|
%{_bindir}/tpmtool
|
||||||
%endif
|
|
||||||
%{_bindir}/ocsptool
|
%{_bindir}/ocsptool
|
||||||
%{_bindir}/psktool
|
%{_bindir}/psktool
|
||||||
%{_bindir}/p11tool
|
%{_bindir}/p11tool
|
||||||
@ -400,377 +284,184 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
|
|||||||
|
|
||||||
%if %{with dane}
|
%if %{with dane}
|
||||||
%files dane
|
%files dane
|
||||||
|
%defattr(-,root,root,-)
|
||||||
%{_libdir}/libgnutls-dane.so.*
|
%{_libdir}/libgnutls-dane.so.*
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with guile}
|
%if %{with guile}
|
||||||
%files guile
|
%files guile
|
||||||
%{_libdir}/guile/2.2/guile-gnutls*.so*
|
%defattr(-,root,root,-)
|
||||||
%{_libdir}/guile/2.2/site-ccache/gnutls.go
|
%{_libdir}/guile/2.0/guile-gnutls*.so*
|
||||||
%{_libdir}/guile/2.2/site-ccache/gnutls/extra.go
|
%{_libdir}/guile/2.0/site-ccache/gnutls.go
|
||||||
%{_datadir}/guile/site/2.2/gnutls.scm
|
%{_libdir}/guile/2.0/site-ccache/gnutls/extra.go
|
||||||
%{_datadir}/guile/site/2.2/gnutls/extra.scm
|
%{_datadir}/guile/site/2.0/gnutls.scm
|
||||||
|
%{_datadir}/guile/site/2.0/gnutls/extra.scm
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jan 23 2024 Daiki Ueno <dueno@redhat.com> - 3.8.3-1
|
* Tue Mar 26 2024 Daiki Ueno <dueno@redhat.com> - 3.6.16-8.3
|
||||||
- Update to gnutls 3.8.3 (RHEL-14891)
|
- Fix memleak with older GMP (RHEL-28957)
|
||||||
|
|
||||||
* Mon Jan 22 2024 Daiki Ueno <dueno@redhat.com> - 3.8.2-3
|
* Mon Mar 25 2024 Daiki Ueno <dueno@redhat.com> - 3.6.16-8.2
|
||||||
- Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well (RHEL-18498)
|
- Fix timing side-channel in deterministic ECDSA (RHEL-28957)
|
||||||
|
|
||||||
* Fri Dec 8 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-2
|
* Thu Jan 18 2024 Daiki Ueno <dueno@redhat.com> - 3.6.16-8.1
|
||||||
- Bump nettle dependency to 3.9.1
|
- auth/rsa-psk: minimize branching after decryption (RHEL-21586)
|
||||||
- Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 (RHEL-18498)
|
|
||||||
|
|
||||||
* Thu Nov 16 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-1
|
* Wed Dec 6 2023 Daiki Ueno <dueno@redhat.com> - 3.6.16-8
|
||||||
- Update to gnutls 3.8.2 (RHEL-14891)
|
- auth/rsa_psk: side-step potential side-channel (RHEL-16753)
|
||||||
|
|
||||||
* Sat Jul 29 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-23
|
* Mon Jun 26 2023 Daiki Ueno <dueno@redhat.com> - 3.6.16-7
|
||||||
- Mark SHA-1 signature verification non-approved in FIPS (#2102751)
|
- Clear server's session ticket indication at rehandshake (#2089817)
|
||||||
|
|
||||||
* Tue Jul 18 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-22
|
* Thu Feb 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 3.6.16-6
|
||||||
- Skip KTLS test on old kernel if host and target arches are different
|
- Fix x86_64 CPU feature detection when AVX is not available (#2131152)
|
||||||
|
- Fix timing side-channel in TLS RSA key exchange (#2162598)
|
||||||
|
|
||||||
* Thu Jul 13 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-21
|
* Mon Aug 29 2022 Daiki Ueno <dueno@redhat.com> - 3.6.16-5
|
||||||
- Require use of extended master secret in FIPS mode by default (#2157953)
|
- Fix double-free in gnutls_pkcs7_verify (#2109788)
|
||||||
|
|
||||||
* Tue Mar 14 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-20
|
* Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-4
|
||||||
- Fix the previous change (#2175214)
|
- p11tool: Document ID reuse behavior when importing certs (#1776250)
|
||||||
|
|
||||||
* Fri Mar 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-19
|
* Mon Jun 7 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-3
|
||||||
- Bump release to ensure el9 package is greater than el9_* packages (#2175214)
|
- Treat SHA-1 signed CA in the trusted set differently (#1965445)
|
||||||
|
|
||||||
* Tue Feb 28 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-18
|
* Wed May 26 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-2
|
||||||
- Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168143)
|
- Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216)
|
||||||
|
|
||||||
* Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-17
|
* Mon May 24 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-1
|
||||||
- Fix timing side-channel in TLS RSA key exchange (#2162601)
|
- Update to upstream 3.6.16 release (#1956783)
|
||||||
|
- Fix potential use-after-free in key_share handling (#1927597)
|
||||||
|
- Fix potential use-after-free in pre_shared_key handling (#1927593)
|
||||||
|
- Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334)
|
||||||
|
- Fix cert expiration issue in tests (#1908110)
|
||||||
|
|
||||||
* Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-16
|
* Thu Apr 1 2021 Daiki Ueno <dueno@redhat.com> - 3.6.14-10
|
||||||
- fips: extend PCT to DH key generation (#2168143)
|
- Port fixes for potential miscalculation in ecdsa_verify (#1942931)
|
||||||
|
|
||||||
* Thu Dec 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-15
|
* Tue Nov 24 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-9
|
||||||
- fips: rename hmac file to its previous name (#2148269)
|
- Revert the previous change
|
||||||
|
|
||||||
* Tue Nov 22 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-14
|
* Wed Nov 11 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-8
|
||||||
- cipher: add restriction on CCM tag length under FIPS mode (#2137807)
|
- Depend on specific NVR of gmp and nettle (#1812933)
|
||||||
- nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2143266)
|
|
||||||
|
|
||||||
* Tue Nov 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-13
|
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-7
|
||||||
- fips: make XTS key check failure not fatal (#2130971)
|
- Increase DH key bits to >= 2048 in self-tests (#1879506)
|
||||||
- enable source archive verification again (#2127094)
|
- Implement self-tests for KDF and CMAC (#1890870)
|
||||||
- clear server's session ticket indication at rehandshake (#2136072)
|
- Fix CVE-2020-24659: heap buffer-overflow when "no_renegotiation" alert is received (#1873959)
|
||||||
- crypto-api: add block cipher API with automatic padding (#2084161)
|
|
||||||
- fips: remove library path checking from FIPS integrity check (#2140908)
|
|
||||||
|
|
||||||
* Tue Sep 27 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-12
|
* Mon Aug 24 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
|
||||||
- fips: mark PBKDF2 with short key and output sizes non-approved
|
- Fix memory leak when serializing iovec_t (#1844112)
|
||||||
- fips: only mark HMAC as approved in PBKDF2
|
|
||||||
- fips: mark gnutls_key_generate with short key sizes non-approved
|
|
||||||
- fips: fix checking on hash algorithm used in ECDSA
|
|
||||||
- fips: preserve operation context around FIPS selftests API
|
|
||||||
|
|
||||||
* Fri Aug 26 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-11
|
* Sat Jul 18 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-5
|
||||||
- Supply --with{,out}-{zlib,brotli,zstd} explicitly
|
- Perform validation checks on (EC)DH public keys and share secrets (#1855803)
|
||||||
|
|
||||||
* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-10
|
* Mon Jun 29 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-4
|
||||||
- Revert nettle version pinning as it doesn't work well in side-tag
|
- Tighten FIPS DH primes check according to SP800-56A (rev 3) (#1849079)
|
||||||
|
|
||||||
* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-9
|
* Fri Jun 5 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-3
|
||||||
- Pin nettle version in Requires when compiled with FIPS
|
- Update gnutls-3.6.14-fips-mode-check.patch
|
||||||
|
|
||||||
* Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-8
|
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-2
|
||||||
- Bundle GMP to privatize memory functions
|
- Return false from gnutls_fips140_mode_enabled() if selftests failed (#1827687)
|
||||||
- Disable certificate compression support by default
|
|
||||||
|
|
||||||
* Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-7
|
|
||||||
- Update gnutls-3.7.6-cpuid-fixes.patch
|
|
||||||
|
|
||||||
* Sat Aug 20 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-6
|
|
||||||
- Mark RSA SigVer operation approved for known modulus sizes (#2091903)
|
|
||||||
- accelerated: clear AVX bits if it cannot be queried through XSAVE
|
|
||||||
|
|
||||||
* Thu Aug 4 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-5
|
|
||||||
- Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115244)
|
|
||||||
- sysrng: reseed source DRBG for prediction resistance
|
|
||||||
|
|
||||||
* Fri Jul 29 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-4
|
|
||||||
- Make gnutls-cli work with KTLS for testing
|
|
||||||
- Fix double-free in gnutls_pkcs7_verify (#2109790)
|
|
||||||
|
|
||||||
* Mon Jul 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-3
|
|
||||||
- Limit input size for AES-GCM according to SP800-38D (#2095251)
|
|
||||||
- Do not treat GPG verification errors as fatal
|
|
||||||
- Remove gnutls-3.7.6-libgnutlsxx-const.patch
|
|
||||||
|
|
||||||
* Tue Jul 19 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-2
|
|
||||||
- Allow enabling KTLS with config file (#2042009)
|
|
||||||
|
|
||||||
* Fri Jul 1 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-1
|
|
||||||
- Update to gnutls 3.7.6 (#2097327)
|
|
||||||
|
|
||||||
* Thu Mar 31 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-10
|
|
||||||
- Use only the first component of VERSION from /etc/os-release (#2070249)
|
|
||||||
- Don't run power-on self-tests on DSA (#2061325)
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-9
|
|
||||||
- Stop using typeof keyword for tss2 function prototypes (#2057490)
|
|
||||||
- Ensure allowlist API is called before priority string construction (#1975421)
|
|
||||||
|
|
||||||
* Thu Feb 24 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-8
|
|
||||||
- Fix previous change for loading libtss2* (#2057490)
|
|
||||||
|
|
||||||
* Wed Feb 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-7
|
|
||||||
- Increase GNUTLS_MAX_ALGORITHM_NUM for allowlisting (#2033220)
|
|
||||||
- Ensure allowlisting API is called before priority string is constructed (#2042532)
|
|
||||||
- Use dlopen for loading libtss2* to avoid OpenSSL dependency (#2057490)
|
|
||||||
|
|
||||||
* Tue Feb 22 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-6
|
|
||||||
- Compile out GOST algorithm IDs (#1945292)
|
|
||||||
|
|
||||||
* Thu Feb 17 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.3-5
|
|
||||||
- Fix upstream testsuite in fips mode (#2051637)
|
|
||||||
|
|
||||||
* Wed Feb 16 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-4
|
|
||||||
- Specify FIPS140-3 module name and version
|
|
||||||
- fips: allow a few more primes in RSA key generation
|
|
||||||
- fips: tighten PKCS#12 algorithm checks
|
|
||||||
- Correct return value of KTLS stub API
|
|
||||||
|
|
||||||
* Tue Feb 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.3-3
|
|
||||||
- Disable config reload in order to not break allowlisting (#2042532)
|
|
||||||
|
|
||||||
* Wed Feb 2 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-2
|
|
||||||
- Build with TPM2 support, patch from Alexander Sosedkin (#2033220)
|
|
||||||
|
|
||||||
* Tue Jan 18 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
|
|
||||||
- Update to gnutls 3.7.3 (#2033220)
|
|
||||||
|
|
||||||
* Wed Dec 22 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-10
|
|
||||||
- Update gnutls_{hash,hmac}_copy man-pages as well (#1999639)
|
|
||||||
|
|
||||||
* Wed Dec 22 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-9
|
|
||||||
- Drop support for GNUTLS_NO_EXPLICIT_INIT envvar in favor of
|
|
||||||
GNUTLS_NO_IMPLICIT_INIT (#1999639)
|
|
||||||
- Expand documentation of gnutls_{hash,hmac}_copy, mentioning that
|
|
||||||
those do not always work (#1999639)
|
|
||||||
|
|
||||||
* Tue Dec 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-9
|
|
||||||
- Fix race condition when resolving SYSTEM priority in allowlisting mode (#2012249)
|
|
||||||
|
|
||||||
* Thu Oct 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-8
|
|
||||||
- Fix issues in bundled libopts, spotted by covscan (#1938730)
|
|
||||||
|
|
||||||
* Tue Oct 12 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-7
|
|
||||||
- Enable Intel CET
|
|
||||||
- Remove unnecessary CCASFLAGS setting for annocheck
|
|
||||||
|
|
||||||
* Thu Aug 19 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-6
|
|
||||||
- Reorder doc/invoke-*.texi generation (#1975482)
|
|
||||||
- Temporarily disable LTO for aarch64 and ppc64le
|
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.2-5
|
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
||||||
Related: rhbz#1991688
|
|
||||||
|
|
||||||
* Mon Aug 2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-4
|
|
||||||
- Disable GOST cryptography by default (#1945292)
|
|
||||||
- Tighten timestamp adjustment when not bootstrapping (#1975482)
|
|
||||||
- Re-enable LTO (#1986143)
|
|
||||||
|
|
||||||
* Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-3
|
|
||||||
- Enable allowlisting configuration mode (#1975421)
|
|
||||||
|
|
||||||
* Sat Jun 26 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-2
|
|
||||||
- Remove %%defattr invocations which are no longer necessary
|
|
||||||
- libpkcs11mock1.* is not installed anymore
|
|
||||||
- hobble-gnutls: Remove SRP removal
|
|
||||||
- Use correct source URL
|
|
||||||
- Switch to using %%gpgverify macro
|
|
||||||
|
|
||||||
* Fri Jun 25 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1
|
|
||||||
- Update to upstream 3.7.2 release (#1966479)
|
|
||||||
|
|
||||||
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.1-6
|
|
||||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
||||||
Related: rhbz#1971065
|
|
||||||
|
|
||||||
* Thu Jun 3 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-5
|
|
||||||
- Fix typo in TPM 1.2 disablement (#1927370)
|
|
||||||
|
|
||||||
* Thu May 27 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-4
|
|
||||||
- Disable TPM support by default (#1927370)
|
|
||||||
|
|
||||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.1-3
|
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
||||||
|
|
||||||
* Tue Mar 16 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-2
|
|
||||||
- Restore fipscheck dependency
|
|
||||||
|
|
||||||
* Sat Mar 13 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-1
|
|
||||||
- Update to upstream 3.7.1 release
|
|
||||||
- Remove fipscheck dependency, as it is now calculated with an
|
|
||||||
internal tool
|
|
||||||
|
|
||||||
* Fri Mar 5 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-4
|
|
||||||
- Tolerate duplicate certs in the chain also with PKCS #11 trust store
|
|
||||||
|
|
||||||
* Tue Mar 2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-3
|
|
||||||
- Reduce BRs for non-bootstrapping build
|
|
||||||
|
|
||||||
* Wed Feb 10 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-2
|
|
||||||
- Tolerate duplicate certs in the chain
|
|
||||||
|
|
||||||
* Mon Feb 8 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-1
|
|
||||||
- Update to upstream 3.7.0 release
|
|
||||||
- Temporarily disable LTO
|
|
||||||
|
|
||||||
* Tue Jan 26 2021 Daiki Ueno <dueno@redhat.com> - 3.6.15-4
|
|
||||||
- Fix broken tests on rawhide (#1908110)
|
|
||||||
- Add BuildRequires: make (by Tom Stellard)
|
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.15-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Sep 28 2020 Jeff Law <law@redhat.com> - 3.6.15-2
|
|
||||||
- Re-enable LTO now that upstream GCC bugs have been fixed
|
|
||||||
|
|
||||||
* Fri Sep 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1
|
|
||||||
- Update to upstream 3.6.15 release
|
|
||||||
|
|
||||||
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 3.6.14-7
|
|
||||||
- Disable LTO on ppc64le
|
|
||||||
|
|
||||||
* Tue Aug 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
|
|
||||||
- Fix underlinking of libpthread
|
|
||||||
|
|
||||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.14-5
|
|
||||||
- Second attempt - Rebuilt for
|
|
||||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.14-4
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jul 02 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-3
|
|
||||||
- Rebuild with autogen built with guile-2.2 (#1852706)
|
|
||||||
|
|
||||||
* Tue Jun 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-2
|
|
||||||
- Fix memory leak when serializing iovec_t (#1845083)
|
|
||||||
- Fix automatic libraries sonames detection (#1845806)
|
|
||||||
|
|
||||||
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-1
|
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-1
|
||||||
- Update to upstream 3.6.14 release
|
- Update to upstream 3.6.14 release
|
||||||
|
|
||||||
* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-6
|
* Mon May 25 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-3
|
||||||
- Update gnutls-3.6.13-superseding-chain.patch
|
- Add an option to gnutls-cli to wait for resumption under TLS 1.3 (#1677754)
|
||||||
|
|
||||||
* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-5
|
* Wed May 20 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-2
|
||||||
- Fix cert chain validation behavior if the last cert has expired (#1842178)
|
- Enable Intel CET (#1838476)
|
||||||
|
|
||||||
* Mon May 25 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-4
|
* Tue May 5 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-1
|
||||||
- Add option to gnutls-cli to wait for resumption under TLS 1.3
|
|
||||||
|
|
||||||
* Tue May 19 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-3
|
|
||||||
- Disable RSA blinding during FIPS self-tests
|
|
||||||
|
|
||||||
* Thu May 14 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-2
|
|
||||||
- Bump linked libraries soname to fix FIPS selftests (#1835265)
|
|
||||||
|
|
||||||
* Tue Mar 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-1
|
|
||||||
- Update to upstream 3.6.13 release
|
- Update to upstream 3.6.13 release
|
||||||
|
|
||||||
* Thu Mar 26 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.12-2
|
* Tue Apr 21 2020 Daiki Ueno <dueno@redhat.com> - 3.6.8-10
|
||||||
- Fix FIPS POST (#1813384)
|
- Fix CVE-2020-11501 (#1822005)
|
||||||
- Fix gnutls-serv --echo to not exit when a message is received (#1816583)
|
|
||||||
|
|
||||||
* Sun Feb 02 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 3.6.12-1
|
* Wed Nov 6 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-9
|
||||||
- Update to upstream 3.6.12 release
|
- Fix CFB8 decryption when repeatedly called (#1757848)
|
||||||
|
- Fix gnutls_aead_cipher_{en,de}cryptv2 with input not multiple of block size (#1757856)
|
||||||
|
|
||||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.11-2
|
* Fri Aug 16 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-8
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Use fallback random function for RSA blinding in FIPS selftests
|
||||||
|
|
||||||
* Mon Dec 02 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.11-1
|
* Fri Aug 16 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-7
|
||||||
- Update to upstream 3.6.11 release
|
- Fix deterministic signature creation in selftests
|
||||||
|
|
||||||
* Sun Sep 29 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.10-1
|
* Fri Aug 16 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-6
|
||||||
- Update to upstream 3.6.10 release
|
- Treat login error more gracefully when enumerating PKCS#11 tokens (#1705478)
|
||||||
|
- Use deterministic ECDSA/DSA in FIPS selftests (#1716560)
|
||||||
|
- Add gnutls_aead_cipher_{encrypt,decrypt}v2 functions (#1684461)
|
||||||
|
|
||||||
* Fri Jul 26 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.9-1
|
* Fri Aug 9 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-5
|
||||||
- Update to upstream 3.6.9 release
|
- Avoid UB when encrypting session tickets
|
||||||
|
|
||||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.8-3
|
* Tue Jul 2 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
- Add RNG continuous test under FIPS
|
||||||
|
|
||||||
* Mon Jul 15 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.8-2
|
* Fri Jun 14 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-3
|
||||||
- Rebuilt with guile-2.2
|
- Follow-up fix on multiple key updates handling (#1673975)
|
||||||
|
|
||||||
* Tue May 28 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.8-1
|
* Thu Jun 13 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-2
|
||||||
|
- Run FIPS AES self-tests over overridden algorithms
|
||||||
|
|
||||||
|
* Wed May 29 2019 Daiki Ueno <dueno@redhat.com> - 3.6.8-1
|
||||||
- Update to upstream 3.6.8 release
|
- Update to upstream 3.6.8 release
|
||||||
|
|
||||||
* Wed Mar 27 2019 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.7-1
|
* Fri May 24 2019 Anderson Sasaki <ansasaki@redhat.com> - 3.6.5-4
|
||||||
- Update to upstream 3.6.7 release
|
- Fixed FIPS signatures self tests (#1680509)
|
||||||
- Fixed CVE-2019-3836 (#1693214)
|
|
||||||
- Fixed CVE-2019-3829 (#1693210)
|
|
||||||
|
|
||||||
* Fri Feb 1 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.6-1
|
* Wed Mar 27 2019 Anderson Sasaki <ansasaki@redhat.com> - 3.6.5-3
|
||||||
- Update to upstream 3.6.6 release
|
- Fixed CVE-2019-3829 (#1693285)
|
||||||
|
- Fixed CVE-2019-3836 (#1693288)
|
||||||
|
- Added explicit BuildRequires for nettle-devel >= 3.4.1
|
||||||
|
|
||||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.5-3
|
* Fri Jan 11 2019 Anderson Sasaki <ansasaki@redhat.com> - 3.6.5-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
- Fixed FIPS integrity self tests (#1665061)
|
||||||
|
|
||||||
* Fri Jan 11 2019 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.5-2
|
* Mon Dec 17 2018 Anderson Sasaki <ansasaki@redhat.com> - 3.6.5-1
|
||||||
|
- Update to upstream 3.6.5 release
|
||||||
|
- Fixes CVE-2018-16868 (#1655395)
|
||||||
|
- Removed ldconfig scriptlet
|
||||||
- Added explicit Requires for nettle >= 3.4.1
|
- Added explicit Requires for nettle >= 3.4.1
|
||||||
|
|
||||||
* Tue Dec 11 2018 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.5-1
|
* Mon Nov 26 2018 Anderson Sasaki <ansasaki@redhat.com> - 3.6.4-7
|
||||||
- Update to upstream 3.6.5 release
|
- Fix incorrect certificate type returned in TLS1.3 resumption (#1649786)
|
||||||
|
|
||||||
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 3.6.4-5
|
* Mon Nov 12 2018 Anderson Sasaki <ansasaki@redhat.com> - 3.6.4-6
|
||||||
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc.
|
- Add support for record_size_limit extension in TLS1.2 (#1644850)
|
||||||
|
|
||||||
* Wed Oct 17 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-4
|
* Tue Oct 30 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-5
|
||||||
- Fix issue with rehandshake affecting glib-networking (#1634736)
|
- Fix issue with GOST ciphers (#1644193)
|
||||||
|
- Made gnutls-serv use the default priorities if none is specified (#1644243)
|
||||||
|
|
||||||
* Tue Oct 16 2018 Tomáš Mráz <tmraz@redhat.com> - 3.6.4-3
|
* Wed Oct 24 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-3
|
||||||
|
- Fix issue with rehandshake affecting glib-networking (#1641072)
|
||||||
|
|
||||||
|
* Tue Oct 16 2018 Tomáš Mráz <tmraz@redhat.com> - 3.6.4-2
|
||||||
- Add missing annobin notes for assembler sources
|
- Add missing annobin notes for assembler sources
|
||||||
|
|
||||||
* Tue Oct 09 2018 Petr Menšík <pemensik@redhat.com> - 3.6.4-2
|
|
||||||
- Rebuilt for unbound 1.8
|
|
||||||
|
|
||||||
* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-1
|
* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-1
|
||||||
- Updated to upstream 3.6.4 release
|
- Updated to upstream 3.6.4 release
|
||||||
- Added support for the latest version of the TLS1.3 protocol
|
- Added support for the latest version of the TLS1.3 protocol
|
||||||
- Enabled SHA1 support as SHA1 deprecation is handled via the
|
|
||||||
fedora crypto policies.
|
|
||||||
|
|
||||||
* Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
|
* Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
|
||||||
- Fixed gnutls-cli input reading
|
- Fixed support for ECDSA public keys (backported from Fedora)
|
||||||
- Ensure that we do not cause issues with version rollback detection
|
- Ensure that we do not cause issues with version rollback detection
|
||||||
and TLS1.3.
|
and TLS1.3.
|
||||||
|
|
||||||
* Tue Aug 07 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-3
|
* Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
|
||||||
- Fixed ECDSA public key import (#1612803)
|
- Updated to upstream 3.6.3 release
|
||||||
|
|
||||||
* Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-2
|
|
||||||
- Backported regression fixes from 3.6.2
|
|
||||||
|
|
||||||
* Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1
|
|
||||||
- Update to upstream 3.6.3 release
|
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.2-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jun 13 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-4
|
|
||||||
- Enable FIPS140-2 mode in Fedora
|
|
||||||
|
|
||||||
* Wed Jun 06 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-3
|
* Wed Jun 06 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-3
|
||||||
- Update to upstream 3.6.2 release
|
- Include FIPS mode
|
||||||
|
|
||||||
* Fri May 25 2018 David Abdurachmanov <david.abdurachmanov@gmail.com> - 3.6.2-2
|
|
||||||
- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep
|
- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep
|
||||||
|
|
||||||
* Fri Feb 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-1
|
* Fri Feb 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-1
|
||||||
- Update to upstream 3.6.2 release
|
- Updated to upstream 3.6.2 release
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.1-5
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.1-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
Loading…
Reference in New Issue
Block a user