SLFO-pool/gnutls
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main gnutls revision fd9267dc71bcb0d2bf242bde6c5a6847

Browse Source
This commit is contained in:
Adrian Schröter 2024-12-20 16:04:03 +01:00
parent 7700a6dcb2
commit df45cf341d
13 changed files with 540 additions and 1186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
gnutls-3.8.3.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
gnutls-3.8.3.tar.xz.sig
View File

Binary file not shown.

BIN
gnutls-3.8.8.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
gnutls-3.8.8.tar.xz.sig Normal file
View File

Binary file not shown.

418
gnutls-CVE-2024-28834.patch
View File

@ -1,418 +0,0 @@
From 1c4701ffc342259fc5965d5a0de90d87f780e3e5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jan 2024 17:56:58 +0900
Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA
This removes function calls that potentially leak bit-length of a
private key used to calculate a nonce in deterministic ECDSA. Namely:
- _gnutls_dsa_compute_k has been rewritten to work on always
zero-padded mp_limb_t arrays instead of mpz_t
- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
by a byte array instead of an mpz_t value
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/int/dsa-compute-k.c | 70 +++++++++++++++++++++----------
lib/nettle/int/dsa-compute-k.h | 23 +++++++++-
lib/nettle/int/ecdsa-compute-k.c | 28 +++----------
lib/nettle/int/ecdsa-compute-k.h | 4 +-
lib/nettle/pk.c | 65 +++++++++++++++++++++-------
tests/sign-verify-deterministic.c | 2 +-
6 files changed, 127 insertions(+), 65 deletions(-)
diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
index 8ff5739c2b..2fcb2bb80e 100644
--- a/lib/nettle/int/dsa-compute-k.c
+++ b/lib/nettle/int/dsa-compute-k.c
@@ -31,19 +31,30 @@
#include "mpn-base256.h"
#include <string.h>
-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+/* For mini-gmp */
+#ifndef GMP_LIMB_BITS
+#define GMP_LIMB_BITS GMP_NUMB_BITS
+#endif
-/* The maximum size of q, chosen from the fact that we support
- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
- * maximum. */
-#define MAX_Q_BITS 521
-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+static inline int is_zero_limb(mp_limb_t x)
+{
+ x |= (x << 1);
+ return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
+}
+
+static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
+{
+ volatile mp_limb_t w;
+ mp_size_t i;
-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+ for (i = 0, w = 0; i < n; i++)
+ w |= ap[i];
-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ return is_zero_limb(w);
+}
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
gnutls_mac_algorithm_t mac, const uint8_t *digest,
size_t length)
{
@@ -51,9 +62,6 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
uint8_t K[MAX_HASH_SIZE];
uint8_t xp[MAX_Q_SIZE];
uint8_t tp[MAX_Q_SIZE];
- mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)];
- mp_bitcnt_t q_bits = mpz_sizeinbase(q, 2);
- mp_size_t qn = mpz_size(q);
mp_bitcnt_t h_bits = length * 8;
mp_size_t hn = BITS_TO_LIMBS(h_bits);
size_t nbytes = (q_bits + 7) / 8;
@@ -62,6 +70,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
mp_limb_t cy;
gnutls_hmac_hd_t hd;
int ret = 0;
+ mp_limb_t scratch[MAX_Q_LIMBS];
if (unlikely(q_bits > MAX_Q_BITS))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -69,7 +78,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* int2octets(x) */
- mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
+ mpn_get_base256(xp, nbytes, x, qn);
/* bits2octets(h) */
mpn_set_base256(h, hn, digest, length);
@@ -93,12 +102,12 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
}
- cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
+ cy = mpn_sub_n(h, h, q, qn);
/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
#ifdef mpn_cnd_add_n
- mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
+ mpn_cnd_add_n(cy, h, h, q, qn);
#else
- mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
+ mpn_addmul_1(h, q, qn, cy != 0);
#endif
mpn_get_base256(tp, nbytes, h, qn);
@@ -174,12 +183,8 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
if (tlen * 8 > q_bits)
mpn_rshift(h, h, qn, tlen * 8 - q_bits);
/* Check if k is in [1,q-1] */
- if (!mpn_zero_p(h, qn) &&
- mpn_cmp(h, mpz_limbs_read(q), qn) < 0) {
- mpn_copyi(mpz_limbs_write(k, qn), h, qn);
- mpz_limbs_finish(k, qn);
+ if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
break;
- }
ret = gnutls_hmac_init(&hd, mac, K, length);
if (ret < 0)
@@ -203,3 +208,24 @@ out:
return ret;
}
+
+/* cancel-out dsa_sign's addition of 1 to random data */
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ /* Fall back to sub_1, if nettle is linked with mini-gmp. */
+#ifdef mpn_sec_sub_1
+ mp_limb_t t[MAX_Q_LIMBS];
+
+ mpn_sec_sub_1(h, h, n, 1, t);
+#else
+ mpn_sub_1(h, h, n, 1);
+#endif
+ mpn_get_base256(k, nbytes, h, n);
+}
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ mpn_get_base256(k, nbytes, h, n);
+}
diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
index 49d243acb4..2f0667a01e 100644
--- a/lib/nettle/int/dsa-compute-k.h
+++ b/lib/nettle/int/dsa-compute-k.h
@@ -26,8 +26,29 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+
+/* The maximum size of q, chosen from the fact that we support
+ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
+ * maximum. */
+#define MAX_Q_BITS 521
+#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
+#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+
+#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
+#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+
+#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
gnutls_mac_algorithm_t mac, const uint8_t *digest,
size_t length);
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
#endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
index 3b7f886160..4e25235c40 100644
--- a/lib/nettle/int/ecdsa-compute-k.c
+++ b/lib/nettle/int/ecdsa-compute-k.c
@@ -29,38 +29,38 @@
#include "dsa-compute-k.h"
#include "gnutls_int.h"
-static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)
{
switch (curve) {
#ifdef ENABLE_NON_SUITEB_CURVES
case GNUTLS_ECC_CURVE_SECP192R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
"146BC9B1B4D22831",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP224R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
"E0B8F03E13DD29455C5C2A3D",
16);
return 0;
#endif
case GNUTLS_ECC_CURVE_SECP256R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFF00000000FFFFFFFFFFFFFFFF"
"BCE6FAADA7179E84F3B9CAC2FC632551",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP384R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFC7634D81F4372DDF"
"581A0DB248B0A77AECEC196ACCC52973",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP521R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFA51868783BF2F966B7FCC0148F709A"
@@ -73,19 +73,3 @@ static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
}
-
-int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x,
- gnutls_mac_algorithm_t mac, const uint8_t *digest,
- size_t length)
-{
- mpz_t q;
- int ret;
-
- ret = _gnutls_ecc_curve_to_dsa_q(&q, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_dsa_compute_k(k, q, x, mac, digest, length);
- mpz_clear(q);
- return ret;
-}
diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h
index be8beddb5d..207685763f 100644
--- a/lib/nettle/int/ecdsa-compute-k.h
+++ b/lib/nettle/int/ecdsa-compute-k.h
@@ -26,8 +26,6 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x,
- gnutls_mac_algorithm_t mac, const uint8_t *digest,
- size_t length);
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve);
#endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 305548f4d1..dd6b9936a8 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -103,10 +103,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t *data)
}
}
-static void rnd_mpz_func(void *_ctx, size_t length, uint8_t *data)
+static void rnd_datum_func(void *ctx, size_t length, uint8_t *data)
{
- mpz_t *k = _ctx;
- nettle_mpz_get_str_256(length, data, *k);
+ gnutls_datum_t *d = ctx;
+
+ if (length > d->size) {
+ memset(data, 0, length - d->size);
+ memcpy(data + (length - d->size), d->data, d->size);
+ } else {
+ memcpy(data, d->data, length);
+ }
}
static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t *data)
@@ -1403,7 +1409,10 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_signature sig;
int curve_id = pk_params->curve;
const struct ecc_curve *curve;
- mpz_t k;
+ mpz_t q;
+ /* 521-bit elliptic curve generator at maximum */
+ uint8_t buf[(521 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1447,17 +1456,32 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
not_approved = true;
}
- mpz_init(k);
+ mpz_init(q);
+
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
- ret = _gnutls_ecdsa_compute_k(
- k, curve_id, pk_params->params[ECC_K],
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
+ ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id);
+ if (ret < 0)
+ goto ecdsa_cleanup;
+
+ ret = _gnutls_dsa_compute_k(
+ h, mpz_limbs_read(q), priv.p,
+ ecc_size(priv.ecc), ecc_bit_size(priv.ecc),
DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
vdata->size);
if (ret < 0)
goto ecdsa_cleanup;
+
+ k.data = buf;
+ k.size = (ecc_bit_size(priv.ecc) + 7) / 8;
+
+ _gnutls_ecdsa_compute_k_finish(k.data, k.size, h,
+ ecc_size(priv.ecc));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1476,7 +1500,7 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
ecdsa_cleanup:
dsa_signature_clear(&sig);
ecc_scalar_zclear(&priv);
- mpz_clear(k);
+ mpz_clear(q);
if (ret < 0) {
gnutls_assert();
@@ -1488,7 +1512,9 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_params pub;
bigint_t priv;
struct dsa_signature sig;
- mpz_t k;
+ /* 512-bit DSA subgroup at maximum */
+ uint8_t buf[(512 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1515,19 +1541,27 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
hash_len = vdata->size;
}
- mpz_init(k);
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
ret = _gnutls_dsa_compute_k(
- k, pub.q, TOMPZ(priv),
+ h, mpz_limbs_read(pub.q),
+ mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q),
+ mpz_sizeinbase(pub.q, 2),
DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
vdata->size);
if (ret < 0)
goto dsa_fail;
- /* cancel-out dsa_sign's addition of 1 to random data */
- mpz_sub_ui(k, k, 1);
+
+ k.data = buf;
+ k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8;
+
+ _gnutls_dsa_compute_k_finish(k.data, k.size, h,
+ mpz_size(pub.q));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1544,7 +1578,6 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
dsa_fail:
dsa_signature_clear(&sig);
- mpz_clear(k);
if (ret < 0) {
gnutls_assert();
diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c
index 6969b57a11..bdd5a49c7d 100644
--- a/tests/sign-verify-deterministic.c
+++ b/tests/sign-verify-deterministic.c
@@ -198,7 +198,7 @@ void doit(void)
&tests[i].msg, &signature);
if (ret < 0)
testfail("gnutls_pubkey_verify_data2\n");
- success(" - pass");
+ success(" - pass\n");
next:
gnutls_free(signature.data);
--
GitLab

410
gnutls-CVE-2024-28835.patch
View File

@ -1,410 +0,0 @@
From e369e67a62f44561d417cb233acc566cc696d82d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 29 Jan 2024 13:52:46 +0900
Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: remove length limit of
input
Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the
chain verification logic crashed with assertion failure. This patch
removes the restriction while keeping the maximum number of
retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/gnutls_int.h | 5 +-
lib/x509/common.c | 10 +-
lib/x509/verify-high.c | 51 ++++++----
tests/test-chains.h | 211 ++++++++++++++++++++++++++++++++++++++++-
4 files changed, 258 insertions(+), 19 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index d8561ebe3a..8cf9a87157 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -232,7 +232,10 @@ typedef enum record_send_state_t {
#define MAX_PK_PARAM_SIZE 2048
-/* defaults for verification functions
+/* Defaults for verification functions.
+ *
+ * update many_icas in tests/test-chains.h when increasing
+ * DEFAULT_MAX_VERIFY_DEPTH.
*/
#define DEFAULT_MAX_VERIFY_DEPTH 16
#define DEFAULT_MAX_VERIFY_BITS (MAX_PK_PARAM_SIZE * 8)
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 2cc83c9155..705aa868bc 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1725,7 +1725,15 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist,
bool insorted[DEFAULT_MAX_VERIFY_DEPTH]; /* non zero if clist[i] used in sorted list */
gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
- assert(clist_size <= DEFAULT_MAX_VERIFY_DEPTH);
+ /* Limit the number of certificates in the chain, to avoid DoS
+ * because of the O(n^2) sorting below. FIXME: Switch to a
+ * topological sort algorithm which should be linear to the
+ * number of certificates and subject-issuer relationships.
+ */
+ if (clist_size > DEFAULT_MAX_VERIFY_DEPTH) {
+ _gnutls_debug_log("too many certificates; skipping sorting\n");
+ return 1;
+ }
for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++) {
issuer[i] = -1;
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 4e7361eb63..aacc24a7d8 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -25,7 +25,7 @@
#include "errors.h"
#include <libtasn1.h>
#include "global.h"
-#include "num.h" /* MAX */
+#include "num.h" /* MIN */
#include "tls-sig.h"
#include "str.h"
#include "datum.h"
@@ -1361,7 +1361,8 @@ int gnutls_x509_trust_list_verify_crt2(
int ret = 0;
unsigned int i;
size_t hash;
- gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
+ gnutls_x509_crt_t *cert_list_copy = NULL;
+ unsigned int cert_list_max_size = 0;
gnutls_x509_crt_t retrieved[DEFAULT_MAX_VERIFY_DEPTH];
unsigned int retrieved_size = 0;
const char *hostname = NULL, *purpose = NULL, *email = NULL;
@@ -1421,16 +1422,28 @@ int gnutls_x509_trust_list_verify_crt2(
}
}
- memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t));
- cert_list = sorted;
+ /* Allocate extra for retrieved certificates. */
+ if (!INT_ADD_OK(cert_list_size, DEFAULT_MAX_VERIFY_DEPTH,
+ &cert_list_max_size))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ cert_list_copy = _gnutls_reallocarray(NULL, cert_list_max_size,
+ sizeof(gnutls_x509_crt_t));
+ if (!cert_list_copy)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(cert_list_copy, cert_list,
+ cert_list_size * sizeof(gnutls_x509_crt_t));
+ cert_list = cert_list_copy;
records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq,
cert_hashcode, NULL, false);
- if (records == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ if (records == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
- for (i = 0; i < cert_list_size &&
- cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) {
+ for (i = 0; i < cert_list_size;) {
unsigned int sorted_size = 1;
unsigned int j, k;
gnutls_x509_crt_t issuer;
@@ -1442,8 +1455,7 @@ int gnutls_x509_trust_list_verify_crt2(
assert(sorted_size > 0);
- /* Remove duplicates. Start with index 1, as the first element
- * may be re-checked after issuer retrieval. */
+ /* Remove duplicates. */
for (j = 0; j < sorted_size; j++) {
if (gl_list_search(records, cert_list[i + j])) {
if (i + j < cert_list_size - 1) {
@@ -1495,13 +1507,15 @@ int gnutls_x509_trust_list_verify_crt2(
ret = retrieve_issuers(
list, cert_list[i - 1], &retrieved[retrieved_size],
- DEFAULT_MAX_VERIFY_DEPTH -
- MAX(retrieved_size, cert_list_size));
+ MIN(DEFAULT_MAX_VERIFY_DEPTH - retrieved_size,
+ cert_list_max_size - cert_list_size));
if (ret < 0) {
break;
} else if (ret > 0) {
assert((unsigned int)ret <=
- DEFAULT_MAX_VERIFY_DEPTH - cert_list_size);
+ DEFAULT_MAX_VERIFY_DEPTH - retrieved_size);
+ assert((unsigned int)ret <=
+ cert_list_max_size - cert_list_size);
memmove(&cert_list[i + ret], &cert_list[i],
(cert_list_size - i) *
sizeof(gnutls_x509_crt_t));
@@ -1517,8 +1531,10 @@ int gnutls_x509_trust_list_verify_crt2(
}
cert_list_size = shorten_clist(list, cert_list, cert_list_size);
- if (cert_list_size <= 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ if (cert_list_size <= 0) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ goto cleanup;
+ }
hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data,
cert_list[cert_list_size - 1]->raw_issuer_dn.size);
@@ -1661,10 +1677,13 @@ int gnutls_x509_trust_list_verify_crt2(
}
cleanup:
+ gnutls_free(cert_list_copy);
for (i = 0; i < retrieved_size; i++) {
gnutls_x509_crt_deinit(retrieved[i]);
}
- gl_list_free(records);
+ if (records) {
+ gl_list_free(records);
+ }
return ret;
}
diff --git a/tests/test-chains.h b/tests/test-chains.h
index 3e559fecd5..a7fe1cdecc 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -23,7 +23,7 @@
#ifndef GNUTLS_TESTS_TEST_CHAINS_H
#define GNUTLS_TESTS_TEST_CHAINS_H
-#define MAX_CHAIN 10
+#define MAX_CHAIN 17
static const char *chain_with_no_subject_id_in_ca_ok[] = {
"-----BEGIN CERTIFICATE-----\n"
@@ -4383,6 +4383,213 @@ static const char *cross_signed_ca[] = {
NULL
};
+/* This assumes DEFAULT_MAX_VERIFY_DEPTH to be 16 */
+static const char *many_icas[] = {
+ /* Server */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBqzCCAV2gAwIBAgIUIK3+SD3GmqJlRLZ/ESyhTzkSDL8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYD\n"
+ "VQQDEw90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQAWGjx45NIJiKFsNBxxRRjm\n"
+ "NxUT5KYK7xXr5HPVywwgLaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGC\n"
+ "D3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8E\n"
+ "BAMCB4AwHQYDVR0OBBYEFKgNAQWZPx76/vXqQOdIi5mTftsaMB8GA1UdIwQYMBaA\n"
+ "FDaPsY6WAGuRtrhYJE6Gk/bg5qbdMAUGAytlcANBAMIDh8aGcIIFDTUrzfV7tnkX\n"
+ "hHrxyFKBH/cApf6xcJQTfDXm23po627Ibp+WgLaWMY08Fn9Y2V6Ev8ADfqXNbQ8=\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA16 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUSnE0PKdm/dsnZSWBh5Ct4pS6DcwwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAxq9SI8vp0QH1dDBBuZW+t+bLLROppQbjSQ4O1BEonDOjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2j7GOlgBrkba4\n"
+ "WCROhpP24Oam3TAfBgNVHSMEGDAWgBRvdUKX0aw3nfUIdvivXGSfRO7zyjAFBgMr\n"
+ "ZXADQQBsI2Hc7X5hXoHTvk01qMc5a1I27QHAFRARJnvIQ15wxNS2LVLzGk+AUmwr\n"
+ "sOhBKAcVfS55uWtYdjoWQ80h238H\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA15 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUQk4XkgQVImnp6OPZas7ctwgBza4wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAs3yVKLJd3sKbNVmj6Bxy2j1x025rksyQpZZWnCx5a+CjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRvdUKX0aw3nfUI\n"
+ "dvivXGSfRO7zyjAfBgNVHSMEGDAWgBRhGfUXYPh4YQsdtTWYUozLphGgfzAFBgMr\n"
+ "ZXADQQBXTtm56x6/pHXdW8dTvZLc/8RufNQrMlc23TCgX0apUnrZdTsNAb7OE4Uu\n"
+ "9PBuxK+CC9NL/BL2hXsKvAT+NWME\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA14 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUKfwz7UUYRvYlvqwmnLJlTOS9o1AwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAXbUetQ08t+F4+IcKL++HpeclqTxXZ7cG4mwqvHmTUEWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRhGfUXYPh4YQsd\n"
+ "tTWYUozLphGgfzAfBgNVHSMEGDAWgBQYRQqO+V1kefF7QvNnFU1fX5H9+jAFBgMr\n"
+ "ZXADQQAiSHNMTLPFP3oa6q13Dj8jSxF9trQDJGM1ArWffFcPZUt2U4/ODHdcMTHx\n"
+ "kGwhIj+ghBlu6ykgu6J2wewCUooC\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA13 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUUKOs59gyCPAZzoC7zMZQSh6AnQgwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAmvqhj5GYqsXIpsr1BXBfD+2mTP/m/TEpKIYSZHM62dijYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQYRQqO+V1kefF7\n"
+ "QvNnFU1fX5H9+jAfBgNVHSMEGDAWgBQ27HzvP5hl2xR+LOzRcPfmY5ndXjAFBgMr\n"
+ "ZXADQQBrB3NkrYC7EQ74qgeesVOE71rW012dPOOKPAV0laR+JLEgsv9sfus+AdBF\n"
+ "WBNwR3KeYBTi/MFDuecxBHU2m5gD\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA12 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUUQooGfH21+sR7/pSgCWm13gg2H4wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAK2of/B4wMpk6k/KdugC5dMS+jo2fseUM7/PvXkE6HASjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ27HzvP5hl2xR+\n"
+ "LOzRcPfmY5ndXjAfBgNVHSMEGDAWgBSJDHU0Mj1Xr0e8ErCnRK24w7XwTTAFBgMr\n"
+ "ZXADQQDY8d2bAZpj7oGhdl2dBsCE48jEWj49da0PbgN12koAj3gf4hjMPd8G7p5z\n"
+ "8RsURAwQmCkE8ShvdNw/Qr2tDL0E\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA11 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUW9Dw0hU2pfjXhb5Stip+mk9SndIwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAn5ISjLVV6RBWsnxDWHDicpye7SjFwGOTwzF01/psiJ2jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSJDHU0Mj1Xr0e8\n"
+ "ErCnRK24w7XwTTAfBgNVHSMEGDAWgBSR9UU27RI0XohiEgHDxNo/9HP4djAFBgMr\n"
+ "ZXADQQCfQg6MDHk71vhyrEo4/5PcLb2Li5F/FKURyux7snv2TbkSdInloAqca9UR\n"
+ "DtqHSLCNLXCNdSPr5QwIt5p29rsE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA10 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUR4uTedG8e6MibKViQ3eX7QzXG1swBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAnslX04kSVOL5LAf1e+Ze3ggNnDJcEAxLDk8I/IhyjTyjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSR9UU27RI0Xohi\n"
+ "EgHDxNo/9HP4djAfBgNVHSMEGDAWgBRC7US5gJYnvd5F7EN+C4anMgd2NzAFBgMr\n"
+ "ZXADQQDo+jHt07Tvz3T5Lbz6apBrSln8xKYfJk2W1wP85XAnf7sZT9apM1bS4EyD\n"
+ "Kckw+KG+9x7myOZz6AXJgZB5OGAO\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA9 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUSIIIRjrNpE+kEPkiJMOqaNAazvQwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAZKy7p1Gn4W/reRxKJN99+QkHt2q9aELktCKe5PqrX5ejYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRC7US5gJYnvd5F\n"
+ "7EN+C4anMgd2NzAfBgNVHSMEGDAWgBSOhR7Ornis2x8g0J+bvTTwMnW60zAFBgMr\n"
+ "ZXADQQA0MEcC4FgKZEAfalVpApU2to0G158MVz/WTNcSc7fnl8ifJ/g56dVHL1jr\n"
+ "REvC/S28dn/CGAlbVXUAgxnHAbgE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA8 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUGGFSgD95vOTSj7iFxfXA5vq6vsYwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAg3W/bTdW0fR32NeZEVMXICpa30d7rSdddLOYDvqqUO+jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSOhR7Ornis2x8g\n"
+ "0J+bvTTwMnW60zAfBgNVHSMEGDAWgBT3zK8Hbn9aVTAOOFY6RSxJ2o5x2jAFBgMr\n"
+ "ZXADQQBl4gnzE463iMFg57gPvjHdVzA39sJBpiu0kUGfRcLnoRI/VOaLcx7WnJ9+\n"
+ "c3KxPZBec76EdIoQDkTmI6m2FIAM\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA7 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUGktMGXhNuaMhKyAlecymmLD+/GIwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEA/Z1oc76hOQ0Hi+2hePaGIntnMIDqBlb7RDMjRpYONP2jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT3zK8Hbn9aVTAO\n"
+ "OFY6RSxJ2o5x2jAfBgNVHSMEGDAWgBSPae3JUN3jP0NgUJqDV3eYxcaM3DAFBgMr\n"
+ "ZXADQQBMkwKaUZlvG/hax8rv3nnDv8kJOr6KVHBnxSx3hZ+8HIBT7GFm1+YDeYOB\n"
+ "jhNg66kyeFPGXXBCe+mvNQFFjCEE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA6 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUKn3gz5lAUpKqWlHKLKYDbOJ4rygwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAZ/eD4eTe91ddvHusm7YlLPxU4ByGFc6suAmlP1CxXkWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSPae3JUN3jP0Ng\n"
+ "UJqDV3eYxcaM3DAfBgNVHSMEGDAWgBT9f/qSI/jhxvGI7aMtkpraDcjBnjAFBgMr\n"
+ "ZXADQQAMRnkmRhnLGdmJaY8B42gfyaAsqCMyds/Tw4OHYy+N48XuAxRjKkhf3szC\n"
+ "0lY71oU043mNP1yx/dzAuCTrVSgI\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA5 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUEgEYbBXXEyGv3vOq10JQv1SBiUUwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAs2xEDPw8RVal53nX9GVwUd1blq1wjtVFC8S1V7up7MWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT9f/qSI/jhxvGI\n"
+ "7aMtkpraDcjBnjAfBgNVHSMEGDAWgBRBVkLu9BmCKz7HNI8md4vPpoE/7jAFBgMr\n"
+ "ZXADQQCCufAyLijtzzmeCuO3K50rBSbGvB3FQfep7g6kVsQKM3bw/olWK5/Ji0dD\n"
+ "ubJ0cFl1FmfAda7aVxLBtJOvO6MI\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA4 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIULj8GkaHw+92HuOTnXnXlxCy3VrEwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAiedxh4dvtwDellMAHc/pZH0MAOXobRenTUgF1yj5l12jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRBVkLu9BmCKz7H\n"
+ "NI8md4vPpoE/7jAfBgNVHSMEGDAWgBSDtNRgQ36KwW/ASaMyr6WeDt0STDAFBgMr\n"
+ "ZXADQQDL8U2ckzur7CktdrVUNvfLhVCOz33d/62F28vQFHUa8h/4h+Mi1MMbXOKT\n"
+ "1bL2TvpFpU7Fx/vcIPXDielVqr4C\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA3 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUQXl74TDDw6MQRMbQUSPa6Qrvba8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEA7l0jQ0f4fJRw7Qja/Hz2qn8y91SI7CokxhSf+FT+9M6jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSDtNRgQ36KwW/A\n"
+ "SaMyr6WeDt0STDAfBgNVHSMEGDAWgBQ2inEK4KH6ATftmybxKE1dZUzOozAFBgMr\n"
+ "ZXADQQCnP7Oqx1epGnFnO7TrTJwcUukXDEYsINve2GeUsi8HEIeKKlMcLZ2Cnaj7\n"
+ "5v9NGuWh3QJpmmSGpEemiv8dJc4A\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA2 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUP7Nmof8H2F1LyDkjqlYIUpGdXE8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAkW9Rod3CXAnha6nlaHkDbCOegq94lgmjqclA9sOIt3yjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2inEK4KH6ATft\n"
+ "mybxKE1dZUzOozAfBgNVHSMEGDAWgBRPq/CQlK/zuXkjZvTCibu+vejD+jAFBgMr\n"
+ "ZXADQQBU+A+uF0yrtO/yv9cRUdCoL3Y1NKM35INg8BQDnkv724cW9zk1x0q9Fuou\n"
+ "zvfSVb8S3vT8fF5ZDOxarQs6ZH0C\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA1 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBXTCCAQ+gAwIBAgIUfUWP+AQHpdFTRKTf21mMzjaJsp0wBQYDK2VwMBkxFzAV\n"
+ "BgNVBAMTDkdudVRMUyB0ZXN0IENBMCAXDTI0MDMxMjIyNTMzOVoYDzk5OTkxMjMx\n"
+ "MjM1OTU5WjAdMRswGQYDVQQDDBJHbnVUTFMgdGVzdCBJQ0EgJGkwKjAFBgMrZXAD\n"
+ "IQAVmfBAvLbT+pTD24pQrr6S0jEIFIV/qOv93yYvAUzpzKNjMGEwDwYDVR0TAQH/\n"
+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFE+r8JCUr/O5eSNm9MKJ\n"
+ "u7696MP6MB8GA1UdIwQYMBaAFAFpt5wrFsqCtHc4PpluPDvwcxQLMAUGAytlcANB\n"
+ "AC6+XZnthjlUD0TbBKRF3qT5if3Pp29Bgvutw8859unzUZW8FkHg5KeDBj9ncgJc\n"
+ "O2tFnNH2hV6LDPJzU0rtLQc=\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
+static const char *many_icas_ca[] = {
+ /* CA (self-signed) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBNzCB6qADAgECAhRjaokcQwcrtW8tjuVFz3A33F8POjAFBgMrZXAwGTEXMBUG\n"
+ "A1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjQwMzEyMjI1MzM5WhgPOTk5OTEyMzEy\n"
+ "MzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMCowBQYDK2VwAyEAvoxP\n"
+ "TNdbWktxA8qQNNH+25Cx9rzP+DxLGeI/7ODwrQGjQjBAMA8GA1UdEwEB/wQFMAMB\n"
+ "Af8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQBabecKxbKgrR3OD6Zbjw78HMU\n"
+ "CzAFBgMrZXADQQCP5IUD74M7WrUx20uqzrzuj+s2jnBVmLQfWf/Ucetx+oTRFeq4\n"
+ "xZB/adWhycSeJUAB1zKqYUV9hgT8FWHbnHII\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-variable"
@@ -4696,6 +4903,8 @@ static struct {
1620118136, 1 },
{ "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0,
1704955300 },
+ { "many intermediates - ok", many_icas, many_icas_ca, 0, 0, 0,
+ 1710284400 },
{ NULL, NULL, NULL, 0, 0 }
};
--
GitLab

436
gnutls-FIPS-140-3-references.patch
View File

@ -1,8 +1,8 @@
Index: gnutls-3.8.3/configure.ac
Index: gnutls-3.8.8/configure.ac
===================================================================
--- gnutls-3.8.3.orig/configure.ac
+++ gnutls-3.8.3/configure.ac
@@ -623,19 +623,19 @@ LT_INIT([disable-static,win32-dll,shared
--- gnutls-3.8.8.orig/configure.ac
+++ gnutls-3.8.8/configure.ac
@@ -624,19 +624,19 @@ LT_INIT([disable-static,win32-dll,shared
AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
AC_ARG_ENABLE(fips140-mode,
@ -25,10 +25,10 @@ Index: gnutls-3.8.3/configure.ac
AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
[specify the FIPS140 module name]),
Index: gnutls-3.8.3/doc/cha-gtls-app.texi
Index: gnutls-3.8.8/doc/cha-gtls-app.texi
===================================================================
--- gnutls-3.8.3.orig/doc/cha-gtls-app.texi
+++ gnutls-3.8.3/doc/cha-gtls-app.texi
--- gnutls-3.8.8.orig/doc/cha-gtls-app.texi
+++ gnutls-3.8.8/doc/cha-gtls-app.texi
@@ -222,7 +222,7 @@ CPU. The currently available options are
@end itemize
@ -38,10 +38,10 @@ Index: gnutls-3.8.3/doc/cha-gtls-app.texi
if set to one it will force the FIPS mode enablement.
@end multitable
Index: gnutls-3.8.3/doc/cha-internals.texi
Index: gnutls-3.8.8/doc/cha-internals.texi
===================================================================
--- gnutls-3.8.3.orig/doc/cha-internals.texi
+++ gnutls-3.8.3/doc/cha-internals.texi
--- gnutls-3.8.8.orig/doc/cha-internals.texi
+++ gnutls-3.8.8/doc/cha-internals.texi
@@ -14,7 +14,7 @@ happens inside the black box.
* TLS Hello Extension Handling::
* Cryptographic Backend::
@ -162,11 +162,11 @@ Index: gnutls-3.8.3/doc/cha-internals.texi
operation. It can be attached to the current execution thread with
@funcref{gnutls_fips140_push_context} and its internal state will be
updated until it is detached with
Index: gnutls-3.8.3/doc/enums.texi
Index: gnutls-3.8.8/doc/enums.texi
===================================================================
--- gnutls-3.8.3.orig/doc/enums.texi
+++ gnutls-3.8.3/doc/enums.texi
@@ -1188,7 +1188,7 @@ application traffic secret is installed
--- gnutls-3.8.8.orig/doc/enums.texi
+++ gnutls-3.8.8/doc/enums.texi
@@ -1210,7 +1210,7 @@ application traffic secret is installed
@c gnutls_fips_mode_t
@table @code
@item GNUTLS_@-FIPS140_@-DISABLED
@ -175,7 +175,7 @@ Index: gnutls-3.8.3/doc/enums.texi
@item GNUTLS_@-FIPS140_@-STRICT
The default mode; all forbidden operations will cause an
operation failure via error code.
@@ -1196,8 +1196,8 @@ operation failure via error code.
@@ -1218,8 +1218,8 @@ operation failure via error code.
A transient state during library initialization. That state
cannot be set or seen by applications.
@item GNUTLS_@-FIPS140_@-LAX
@ -186,10 +186,10 @@ Index: gnutls-3.8.3/doc/enums.texi
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.8.3/doc/functions/gnutls_fips140_set_mode
Index: gnutls-3.8.8/doc/functions/gnutls_fips140_set_mode
===================================================================
--- gnutls-3.8.3.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.3/doc/functions/gnutls_fips140_set_mode
--- gnutls-3.8.8.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.8/doc/functions/gnutls_fips140_set_mode
@@ -3,7 +3,7 @@
@ -215,11 +215,11 @@ Index: gnutls-3.8.3/doc/functions/gnutls_fips140_set_mode
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.8.3/doc/gnutls.html
Index: gnutls-3.8.8/doc/gnutls.html
===================================================================
--- gnutls-3.8.3.orig/doc/gnutls.html
+++ gnutls-3.8.3/doc/gnutls.html
@@ -484,7 +484,7 @@ Documentation License&rdquo;.
--- gnutls-3.8.8.orig/doc/gnutls.html
+++ gnutls-3.8.8/doc/gnutls.html
@@ -485,7 +485,7 @@ Documentation License&rdquo;.
<li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li>
<li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li>
<li><a id="toc-Random-Number-Generators" href="#Random-Number-Generators_002dinternals">11.6 Random Number Generators</a></li>
@ -228,7 +228,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
</ul></li>
<li><a id="toc-Upgrading-from-previous-versions-1" href="#Upgrading-from-previous-versions">Appendix A Upgrading from previous versions</a></li>
<li><a id="toc-Support-1" href="#Support">Appendix B Support</a>
@@ -9035,7 +9035,7 @@ CPU. The currently available options are
@@ -9028,7 +9028,7 @@ CPU. The currently available options are
</li><li>0x200000: Enable VIA PHE
</li><li>0x400000: Enable VIA PHE SHA512
</li></ul></td></tr>
@ -237,7 +237,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
if set to one it will force the FIPS mode enablement.</td></tr>
</tbody>
</table>
@@ -18446,7 +18446,7 @@ None:
@@ -18452,7 +18452,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
- file must pre-exist
@ -246,7 +246,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
@@ -19468,7 +19468,7 @@ happens inside the black box.
@@ -19472,7 +19472,7 @@ happens inside the black box.
<li><a href="#TLS-Hello-Extension-Handling" accesskey="4">TLS Extension Handling</a></li>
<li><a href="#Cryptographic-Backend" accesskey="5">Cryptographic Backend</a></li>
<li><a href="#Random-Number-Generators_002dinternals" accesskey="6">Random Number Generators</a></li>
@ -262,7 +262,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
-Next: <a href="#FIPS140_002d2-mode" accesskey="n" rel="next">FIPS140-2 mode</a>, Previous: <a href="#Cryptographic-Backend" accesskey="p" rel="prev">Cryptographic Backend</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
+Next: <a href="#FIPS140_002d2-mode" accesskey="n" rel="next">FIPS140-3 mode</a>, Previous: <a href="#Cryptographic-Backend" accesskey="p" rel="prev">Cryptographic Backend</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
<h3 class="section" id="Random-Number-Generators">11.6 Random Number Generators</h3>
<h3 class="section" id="Random-Number-Generators"><span>11.6 Random Number Generators<a class="copiable-link" href="#Random-Number-Generators"> &para;</a></span></h3>
@@ -20005,7 +20005,7 @@ Next: <a href="#FIPS140_002d2-mode" acce
@ -271,14 +271,14 @@ Index: gnutls-3.8.3/doc/gnutls.html
-FIPS140-2 and the system is in FIPS140-2 mode.
+FIPS140-3 and the system is in FIPS140-3 mode.
</p>
<h4 class="subheading" id="The-default-generator-_002d-inner-workings">The default generator - inner workings</h4>
<h4 class="subheading" id="The-default-generator-_002d-inner-workings"><span>The default generator - inner workings<a class="copiable-link" href="#The-default-generator-_002d-inner-workings"> &para;</a></span></h4>
@@ -20142,22 +20142,22 @@ on the above paragraph, all levels are i
<p>
Previous: <a href="#Random-Number-Generators_002dinternals" accesskey="p" rel="prev">Random Number Generators</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
-<h3 class="section" id="FIPS140_002d2-mode-1">11.7 FIPS140-2 mode</h3>
+<h3 class="section" id="FIPS140_002d2-mode-1">11.7 FIPS140-3 mode</h3>
-<h3 class="section" id="FIPS140_002d2-mode-1"><span>11.7 FIPS140-2 mode<a class="copiable-link" href="#FIPS140_002d2-mode-1"> &para;</a></span></h3>
+<h3 class="section" id="FIPS140_002d2-mode-1"><span>11.7 FIPS140-3 mode<a class="copiable-link" href="#FIPS140_002d2-mode-1"> &para;</a></span></h3>
-<p>GnuTLS can operate in a special mode for FIPS140-2. That mode of operation
-is for the conformance to NIST&rsquo;s FIPS140-2 publication, which consists of policies
@ -335,8 +335,8 @@ Index: gnutls-3.8.3/doc/gnutls.html
+<p>On runtime an application can verify whether the library is in FIPS140-3
mode using the <a class="ref" href="#gnutls_005ffips140_005fmode_005fenabled">gnutls_fips140_mode_enabled</a> function.
</p>
-<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements">Relaxing FIPS140-2 requirements</h4>
+<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements">Relaxing FIPS140-3 requirements</h4>
-<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements"><span>Relaxing FIPS140-2 requirements<a class="copiable-link" href="#Relaxing-FIPS140_002d2-requirements"> &para;</a></span></h4>
+<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements"><span>Relaxing FIPS140-3 requirements<a class="copiable-link" href="#Relaxing-FIPS140_002d2-requirements"> &para;</a></span></h4>
<p>The library by default operates in a strict enforcing mode, ensuring that
-all constraints imposed by the FIPS140-2 specification are enforced. However
@ -364,8 +364,8 @@ Index: gnutls-3.8.3/doc/gnutls.html
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
</p></dd>
@@ -20227,7 +20227,7 @@ to a message to the audit callback funct
@@ -20226,7 +20226,7 @@ to a message to the audit callback funct
</dl>
<div class="caption"><p><strong class="strong">Figure 11.5: </strong>The <code class="code">gnutls_fips_mode_t</code> enumeration.</p></div></div>
<p>The intention of this API is to be used by applications which may run in
-FIPS140-2 mode, while they utilize few algorithms not in the allowed set,
@ -373,7 +373,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
e.g., for non-security related purposes. In these cases applications should
wrap the non-compliant code within blocks like the following.
</p>
@@ -20256,9 +20256,9 @@ if (gnutls_fips140_mode_enabled())
@@ -20255,9 +20255,9 @@ if (gnutls_fips140_mode_enabled())
<p>The reason of the <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> flag in the
previous calls is to localize the change in the mode. Note also, that
such a block has no effect when the library is not operating
@ -385,7 +385,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
</p><div class="example">
<pre class="example-preformatted">gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
</pre></div>
@@ -20281,7 +20281,7 @@ performed within a given context.
@@ -20280,7 +20280,7 @@ performed within a given context.
<dt><code class="code"><var class="var">int</var> <a class="ref" href="#gnutls_005ffips140_005fpop_005fcontext">gnutls_fips140_pop_context</a> ( <var class="var">void</var>)</code></dt>
</dl>
@ -394,7 +394,7 @@ Index: gnutls-3.8.3/doc/gnutls.html
operation. It can be attached to the current execution thread with
<a class="ref" href="#gnutls_005ffips140_005fpush_005fcontext">gnutls_fips140_push_context</a> and its internal state will be
updated until it is detached with
@@ -20654,8 +20654,8 @@ Previous: <a href="#Contributing" access
@@ -20653,8 +20653,8 @@ Previous: <a href="#Contributing" access
to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives.
</p>
@ -405,16 +405,16 @@ Index: gnutls-3.8.3/doc/gnutls.html
</p>
<hr>
</div>
@@ -24569,7 +24569,7 @@ unusable. This function is not thread-s
<h4 class="subheading" id="gnutls_005ffips140_005fset_005fmode-1">gnutls_fips140_set_mode</h4>
@@ -24575,7 +24575,7 @@ unusable. This function is not thread-s
<h4 class="subheading" id="gnutls_005ffips140_005fset_005fmode-1"><span>gnutls_fips140_set_mode<a class="copiable-link" href="#gnutls_005ffips140_005fset_005fmode-1"> &para;</a></span></h4>
<a class="anchor" id="gnutls_005ffips140_005fset_005fmode"></a><dl class="first-deftypefn first-deftypefun-alias-first-deftypefn">
<dt class="deftypefn deftypefun-alias-deftypefn" id="index-gnutls_005ffips140_005fset_005fmode"><span class="category-def">Function: </span><span><code class="def-type">void</code> <strong class="def-name">gnutls_fips140_set_mode</strong> <code class="def-code-arguments">(gnutls_fips_mode_t <var class="var">mode</var>, unsigned <var class="var">flags</var>)</code><a class="copiable-link" href='#index-gnutls_005ffips140_005fset_005fmode'> &para;</a></span></dt>
<dt class="deftypefn deftypefun-alias-deftypefn" id="index-gnutls_005ffips140_005fset_005fmode"><span class="category-def">Function: </span><span><code class="def-type">void</code> <strong class="def-name">gnutls_fips140_set_mode</strong> <code class="def-code-arguments">(gnutls_fips_mode_t <var class="var">mode</var>, unsigned <var class="var">flags</var>)</code><a class="copiable-link" href="#index-gnutls_005ffips140_005fset_005fmode"> &para;</a></span></dt>
-<dd><p><var class="var">mode</var>: the FIPS140-2 mode to switch to
+<dd><p><var class="var">mode</var>: the FIPS140-3 mode to switch to
</p>
<p><var class="var">flags</var>: should be zero or <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code>
</p>
@@ -24578,13 +24578,13 @@ unusable. This function is not thread-s
@@ -24584,13 +24584,13 @@ unusable. This function is not thread-s
behavior with no flags after threads are created is undefined.
</p>
<p>When the flag <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> is specified
@ -430,20 +430,20 @@ Index: gnutls-3.8.3/doc/gnutls.html
values for <code class="code">mode</code> or to <code class="code">GNUTLS_FIPS140_SELFTESTS</code> mode, the library
switches to <code class="code">GNUTLS_FIPS140_STRICT</code> mode.
</p>
@@ -46927,7 +46927,7 @@ Next: <a href="#Concept-Index" accesskey
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
-<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-2 mode</a></td></tr>
+<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-3 mode</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.8.3/doc/gnutls.info-3
@@ -47011,7 +47011,7 @@ Next: <a href="#Concept-Index" accesskey
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
-<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a></td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-2 mode</a></td></tr>
+<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a></td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-3 mode</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.8.8/doc/gnutls.info-3
===================================================================
--- gnutls-3.8.3.orig/doc/gnutls.info-3
+++ gnutls-3.8.3/doc/gnutls.info-3
@@ -2247,7 +2247,7 @@ to more. Both will exit with a st
--- gnutls-3.8.8.orig/doc/gnutls.info-3
+++ gnutls-3.8.8/doc/gnutls.info-3
@@ -2108,7 +2108,7 @@ to more. Both will exit with a st
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
- file must pre-exist
@ -452,7 +452,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
@@ -3400,7 +3400,7 @@ to know what happens inside the black bo
@@ -3261,7 +3261,7 @@ to know what happens inside the black bo
* TLS Hello Extension Handling::
* Cryptographic Backend::
* Random Number Generators-internals::
@ -461,7 +461,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3

File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
@@ -3932,7 +3932,7 @@ and abstract key types::.
@@ -3789,7 +3789,7 @@ and abstract key types::.
kernel implementation of /dev/crypto.

@ -470,7 +470,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3
11.6 Random Number Generators
=============================
@@ -3942,7 +3942,7 @@ About the generators
@@ -3799,7 +3799,7 @@ About the generators
GnuTLS provides two random generators. The default, and the AES-DRBG
random generator which is only used when the library is compiled with
@ -479,7 +479,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3
The default generator - inner workings
--------------------------------------
@@ -4174,7 +4174,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
@@ -4030,7 +4030,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
Figure 11.5: The gnutls_fips_mode_t enumeration.
The intention of this API is to be used by applications which may run in
@ -488,7 +488,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3
set, e.g., for non-security related purposes. In these cases
applications should wrap the non-compliant code within blocks like the
following.
@@ -4198,10 +4198,10 @@ are macros to simplify the following seq
@@ -4054,10 +4054,10 @@ are macros to simplify the following seq
The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous
calls is to localize the change in the mode. Note also, that such a
@ -501,7 +501,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3
gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
Service indicator
@@ -4683,8 +4683,8 @@ There are certifications from national o
@@ -4539,8 +4539,8 @@ There are certifications from national o
practices, such as unit testing and reliance on well known crypto
primitives.
@ -512,7 +512,7 @@ Index: gnutls-3.8.3/doc/gnutls.info-3

File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top
@@ -9151,7 +9151,7 @@ gnutls_fips140_set_mode
@@ -9015,7 +9015,7 @@ gnutls_fips140_set_mode
-- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE,
unsigned FLAGS)
@ -521,10 +521,10 @@ Index: gnutls-3.8.3/doc/gnutls.info-3
FLAGS: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD
Index: gnutls-3.8.3/doc/invoke-gnutls-cli.texi
Index: gnutls-3.8.8/doc/invoke-gnutls-cli.texi
===================================================================
--- gnutls-3.8.3.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.3/doc/invoke-gnutls-cli.texi
--- gnutls-3.8.8.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.8/doc/invoke-gnutls-cli.texi
@@ -102,7 +102,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
@ -534,10 +534,10 @@ Index: gnutls-3.8.3/doc/invoke-gnutls-cli.texi
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
Index: gnutls-3.8.3/doc/manpages/gnutls-cli.1
Index: gnutls-3.8.8/doc/manpages/gnutls-cli.1
===================================================================
--- gnutls-3.8.3.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.3/doc/manpages/gnutls-cli.1
--- gnutls-3.8.8.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.8/doc/manpages/gnutls-cli.1
@@ -398,7 +398,7 @@ Specify the PKCS #11 provider library.
This will override the default options in /etc/gnutls/pkcs11.conf
.TP
@ -547,11 +547,11 @@ Index: gnutls-3.8.3/doc/manpages/gnutls-cli.1
.sp
.TP
.NOP \f\*[B-Font]\-\-list\-config\f[]
Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
Index: gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html
===================================================================
--- gnutls-3.8.3.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
@@ -20866,12 +20866,12 @@ gnutls_fips140_set_mode (<em class="para
--- gnutls-3.8.8.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html
@@ -20874,12 +20874,12 @@ gnutls_fips140_set_mode (<em class="para
(globally), and should be called prior to creating any threads. Its
behavior with no flags after threads are created is undefined.</p>
<p>When the flag <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SET-MODE-THREAD:CAPS" title="GNUTLS_FIPS140_SET_MODE_THREAD"><code class="literal">GNUTLS_FIPS140_SET_MODE_THREAD</code></a> is specified
@ -566,7 +566,7 @@ Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
values for <em class="parameter"><code>mode</code></em>
or to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SELFTESTS:CAPS"><code class="literal">GNUTLS_FIPS140_SELFTESTS</code></a> mode, the library
switches to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-STRICT:CAPS"><code class="literal">GNUTLS_FIPS140_STRICT</code></a> mode.</p>
@@ -20886,7 +20886,7 @@ switches to <a class="link" href="gnutls
@@ -20894,7 +20894,7 @@ switches to <a class="link" href="gnutls
<tbody>
<tr>
<td class="parameter_name"><p>mode</p></td>
@ -575,7 +575,7 @@ Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
<td class="parameter_annotations"> </td>
</tr>
<tr>
@@ -25904,7 +25904,7 @@ encryption</p>
@@ -25969,7 +25969,7 @@ encryption</p>
<hr>
<div class="refsect2">
<a name="gnutls-fips-mode-t"></a><h3>enum gnutls_fips_mode_t</h3>
@ -584,7 +584,7 @@ Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
<div class="refsect3">
<a name="gnutls-fips-mode-t.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
@@ -25917,7 +25917,7 @@ encryption</p>
@@ -25982,7 +25982,7 @@ encryption</p>
<tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-DISABLED:CAPS"></a>GNUTLS_FIPS140_DISABLED</p></td>
<td class="enum_member_description">
@ -593,7 +593,7 @@ Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
</td>
<td class="enum_member_annotations"> </td>
</tr>
@@ -25940,8 +25940,8 @@ operation failure via error code.</p>
@@ -26005,8 +26005,8 @@ operation failure via error code.</p>
<tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-LAX:CAPS"></a>GNUTLS_FIPS140_LAX</p></td>
<td class="enum_member_description">
@ -604,17 +604,17 @@ Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).</p>
</td>
@@ -27575,4 +27575,4 @@ This is used by <a class="link" href="gn
@@ -27646,4 +27646,4 @@ This is used by <a class="link" href="gn
<div class="footer">
<hr>Generated by GTK-Doc V1.33.1</div>
<hr>Generated by GTK-Doc V1.34.0</div>
</body>
-</html>
\ No newline at end of file
+</html>
Index: gnutls-3.8.3/lib/fips.c
Index: gnutls-3.8.8/lib/fips.c
===================================================================
--- gnutls-3.8.3.orig/lib/fips.c
+++ gnutls-3.8.3/lib/fips.c
--- gnutls-3.8.8.orig/lib/fips.c
+++ gnutls-3.8.8/lib/fips.c
@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void)
}
@ -633,7 +633,7 @@ Index: gnutls-3.8.3/lib/fips.c
ret = GNUTLS_FIPS140_SELFTESTS;
goto exit;
}
@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -740,7 +740,7 @@ unsigned gnutls_fips140_mode_enabled(voi
/**
* gnutls_fips140_set_mode:
@ -642,7 +642,7 @@ Index: gnutls-3.8.3/lib/fips.c
* @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD
*
* That function is not thread-safe when changing the mode with no flags
@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -748,13 +748,13 @@ unsigned gnutls_fips140_mode_enabled(voi
* behavior with no flags after threads are created is undefined.
*
* When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified
@ -658,7 +658,7 @@ Index: gnutls-3.8.3/lib/fips.c
* values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library
* switches to %GNUTLS_FIPS140_STRICT mode.
*
@@ -720,10 +720,10 @@ void gnutls_fips140_set_mode(gnutls_fips
@@ -766,10 +766,10 @@ void gnutls_fips140_set_mode(gnutls_fips
gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled();
if (prev == GNUTLS_FIPS140_DISABLED ||
prev == GNUTLS_FIPS140_SELFTESTS) {
@ -671,7 +671,7 @@ Index: gnutls-3.8.3/lib/fips.c
return;
}
@@ -736,7 +736,7 @@ void gnutls_fips140_set_mode(gnutls_fips
@@ -782,7 +782,7 @@ void gnutls_fips140_set_mode(gnutls_fips
case GNUTLS_FIPS140_SELFTESTS:
_gnutls_audit_log(
NULL,
@ -680,7 +680,7 @@ Index: gnutls-3.8.3/lib/fips.c
mode = GNUTLS_FIPS140_STRICT;
break;
default:
@@ -912,7 +912,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -958,7 +958,7 @@ void _gnutls_switch_fips_state(gnutls_fi
}
if (!_tfips_context) {
@ -689,7 +689,7 @@ Index: gnutls-3.8.3/lib/fips.c
return;
}
@@ -926,7 +926,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -972,7 +972,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (mode != GNUTLS_FIPS140_LAX) {
_gnutls_audit_log(
NULL,
@ -698,7 +698,7 @@ Index: gnutls-3.8.3/lib/fips.c
operation_state_to_string(state));
}
_tfips_context->state = state;
@@ -937,7 +937,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -983,7 +983,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (mode != GNUTLS_FIPS140_LAX) {
_gnutls_audit_log(
NULL,
@ -707,7 +707,7 @@ Index: gnutls-3.8.3/lib/fips.c
operation_state_to_string(state));
}
_tfips_context->state = state;
@@ -949,7 +949,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -995,7 +995,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (mode != GNUTLS_FIPS140_LAX) {
_gnutls_audit_log(
NULL,
@ -716,7 +716,7 @@ Index: gnutls-3.8.3/lib/fips.c
operation_state_to_string(
_tfips_context->state),
operation_state_to_string(state));
@@ -1011,7 +1011,7 @@ int gnutls_fips140_run_self_tests(void)
@@ -1057,7 +1057,7 @@ int gnutls_fips140_run_self_tests(void)
ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(NULL,
@ -725,7 +725,7 @@ Index: gnutls-3.8.3/lib/fips.c
} else {
/* Restore the previous library state */
_gnutls_switch_lib_state(prev_lib_state);
@@ -1023,7 +1023,7 @@ int gnutls_fips140_run_self_tests(void)
@@ -1069,7 +1069,7 @@ int gnutls_fips140_run_self_tests(void)
if (gnutls_fips140_pop_context() < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(
@ -734,11 +734,11 @@ Index: gnutls-3.8.3/lib/fips.c
}
gnutls_fips140_context_deinit(fips_context);
}
Index: gnutls-3.8.3/lib/fips.h
Index: gnutls-3.8.8/lib/fips.h
===================================================================
--- gnutls-3.8.3.orig/lib/fips.h
+++ gnutls-3.8.3/lib/fips.h
@@ -160,7 +160,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
--- gnutls-3.8.8.orig/lib/fips.h
+++ gnutls-3.8.8/lib/fips.h
@@ -163,7 +163,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
}
#ifdef ENABLE_FIPS140
@ -747,7 +747,7 @@ Index: gnutls-3.8.3/lib/fips.h
* and return an error if necessary or ignore */
#define FIPS_RULE(condition, ret_error, ...) \
{ \
@@ -170,10 +170,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
@@ -173,10 +173,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
if (_mode == GNUTLS_FIPS140_LOG) { \
_gnutls_audit_log( \
NULL, \
@ -760,7 +760,7 @@ Index: gnutls-3.8.3/lib/fips.h
return ret_error; \
} \
} \
@@ -188,7 +188,7 @@ inline static bool is_mac_algo_allowed(g
@@ -191,7 +191,7 @@ inline static bool is_mac_algo_allowed(g
switch (mode) {
case GNUTLS_FIPS140_LOG:
_gnutls_audit_log(NULL,
@ -769,7 +769,7 @@ Index: gnutls-3.8.3/lib/fips.h
gnutls_mac_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
@@ -210,7 +210,7 @@ inline static bool is_cipher_algo_allowe
@@ -213,7 +213,7 @@ inline static bool is_cipher_algo_allowe
switch (mode) {
case GNUTLS_FIPS140_LOG:
_gnutls_audit_log(NULL,
@ -778,11 +778,11 @@ Index: gnutls-3.8.3/lib/fips.h
gnutls_cipher_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
Index: gnutls-3.8.3/lib/global.c
Index: gnutls-3.8.8/lib/global.c
===================================================================
--- gnutls-3.8.3.orig/lib/global.c
+++ gnutls-3.8.3/lib/global.c
@@ -337,12 +337,12 @@ static int _gnutls_global_init(unsigned
--- gnutls-3.8.8.orig/lib/global.c
+++ gnutls-3.8.8/lib/global.c
@@ -339,12 +339,12 @@ static int _gnutls_global_init(unsigned
#ifdef ENABLE_FIPS140
res = _gnutls_fips_mode_enabled();
@ -797,7 +797,7 @@ Index: gnutls-3.8.3/lib/global.c
_gnutls_priority_update_fips();
/* first round of self checks, these are done on the
@@ -352,7 +352,7 @@ static int _gnutls_global_init(unsigned
@@ -354,7 +354,7 @@ static int _gnutls_global_init(unsigned
if (ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(
@ -806,7 +806,7 @@ Index: gnutls-3.8.3/lib/global.c
if (res != 2) {
gnutls_assert();
goto out;
@@ -375,7 +375,7 @@ static int _gnutls_global_init(unsigned
@@ -377,7 +377,7 @@ static int _gnutls_global_init(unsigned
if (ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(
@ -815,11 +815,11 @@ Index: gnutls-3.8.3/lib/global.c
if (res != 2) {
gnutls_assert();
goto out;
Index: gnutls-3.8.3/lib/includes/gnutls/gnutls.h.in
Index: gnutls-3.8.8/lib/includes/gnutls/gnutls.h.in
===================================================================
--- gnutls-3.8.3.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.3/lib/includes/gnutls/gnutls.h.in
@@ -3199,16 +3199,16 @@ typedef int (*gnutls_alert_read_func)(gn
--- gnutls-3.8.8.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.8/lib/includes/gnutls/gnutls.h.in
@@ -3216,16 +3216,16 @@ typedef int (*gnutls_alert_read_func)(gn
void gnutls_alert_set_read_function(gnutls_session_t session,
gnutls_alert_read_func func);
@ -840,7 +840,7 @@ Index: gnutls-3.8.3/lib/includes/gnutls/gnutls.h.in
* application is aware of the followed security policy, and needs
* to utilize disallowed operations for other reasons (e.g., compatibility).
* @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results
@@ -3216,7 +3216,7 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -3233,7 +3233,7 @@ unsigned gnutls_fips140_mode_enabled(voi
* @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state
* cannot be set or seen by applications.
*
@ -849,10 +849,10 @@ Index: gnutls-3.8.3/lib/includes/gnutls/gnutls.h.in
*/
typedef enum gnutls_fips_mode_t {
GNUTLS_FIPS140_DISABLED = 0,
Index: gnutls-3.8.3/src/cli.c
Index: gnutls-3.8.8/src/cli.c
===================================================================
--- gnutls-3.8.3.orig/src/cli.c
+++ gnutls-3.8.3/src/cli.c
--- gnutls-3.8.8.orig/src/cli.c
+++ gnutls-3.8.8/src/cli.c
@@ -1635,10 +1635,10 @@ static void cmd_parser(int argc, char **
if (HAVE_OPT(FIPS140_MODE)) {
@ -866,11 +866,11 @@ Index: gnutls-3.8.3/src/cli.c
exit(1);
}
Index: gnutls-3.8.3/src/gnutls-cli-options.c
Index: gnutls-3.8.8/src/gnutls-cli-options.c
===================================================================
--- gnutls-3.8.3.orig/src/gnutls-cli-options.c
+++ gnutls-3.8.3/src/gnutls-cli-options.c
@@ -810,7 +810,7 @@ usage (FILE *out, int status)
--- gnutls-3.8.8.orig/src/gnutls-cli-options.c
+++ gnutls-3.8.8/src/gnutls-cli-options.c
@@ -843,7 +843,7 @@ usage (FILE *out, int status)
" --inline-commands-prefix=str Change the default delimiter for inline commands\n"
" --provider=file Specify the PKCS #11 provider library\n"
" - file must pre-exist\n"
@ -879,10 +879,10 @@ Index: gnutls-3.8.3/src/gnutls-cli-options.c
" --list-config Reports the configuration of the library\n"
" --logfile=str Redirect informational messages to a specific file\n"
" --keymatexport=str Label used for exporting keying material\n"
Index: gnutls-3.8.3/tests/cert-tests/gost.sh
Index: gnutls-3.8.8/tests/cert-tests/gost.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/gost.sh
+++ gnutls-3.8.3/tests/cert-tests/gost.sh
--- gnutls-3.8.8.orig/tests/cert-tests/gost.sh
+++ gnutls-3.8.8/tests/cert-tests/gost.sh
@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -892,10 +892,10 @@ Index: gnutls-3.8.3/tests/cert-tests/gost.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs12-corner-cases.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs12-corner-cases.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12-corner-cases.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs12-corner-cases.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -905,10 +905,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs12-corner-cases.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs12-encode.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs12-encode.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12-encode.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs12-encode.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -918,10 +918,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs12-encode.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs12-gost.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs12-gost.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12-gost.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs12-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -931,10 +931,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs12-gost.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs12.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs12.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs12.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -944,10 +944,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs12.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs8-decode.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs8-decode.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8-decode.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs8-decode.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -957,10 +957,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs8-decode.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs8-eddsa.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs8-eddsa.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8-eddsa.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs8-eddsa.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -970,10 +970,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs8-eddsa.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs8-gost.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs8-gost.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8-gost.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs8-gost.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -983,10 +983,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs8-gost.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cert-tests/pkcs8.sh
Index: gnutls-3.8.8/tests/cert-tests/pkcs8.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8.sh
--- gnutls-3.8.8.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.8.8/tests/cert-tests/pkcs8.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -996,10 +996,10 @@ Index: gnutls-3.8.3/tests/cert-tests/pkcs8.sh
exit 77
fi
Index: gnutls-3.8.3/tests/cipher-listings.sh
Index: gnutls-3.8.8/tests/cipher-listings.sh
===================================================================
--- gnutls-3.8.3.orig/tests/cipher-listings.sh
+++ gnutls-3.8.3/tests/cipher-listings.sh
--- gnutls-3.8.8.orig/tests/cipher-listings.sh
+++ gnutls-3.8.8/tests/cipher-listings.sh
@@ -63,7 +63,7 @@ check()
${CLI} --fips140-mode
@ -1009,10 +1009,10 @@ Index: gnutls-3.8.3/tests/cipher-listings.sh
exit 77
fi
Index: gnutls-3.8.3/tests/testpkcs11.sh
Index: gnutls-3.8.8/tests/testpkcs11.sh
===================================================================
--- gnutls-3.8.3.orig/tests/testpkcs11.sh
+++ gnutls-3.8.3/tests/testpkcs11.sh
--- gnutls-3.8.8.orig/tests/testpkcs11.sh
+++ gnutls-3.8.8/tests/testpkcs11.sh
@@ -26,7 +26,7 @@
RETCODE=0
@ -1022,10 +1022,10 @@ Index: gnutls-3.8.3/tests/testpkcs11.sh
exit 77
fi
Index: gnutls-3.8.3/doc/enums/gnutls_fips_mode_t
Index: gnutls-3.8.8/doc/enums/gnutls_fips_mode_t
===================================================================
--- gnutls-3.8.3.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.3/doc/enums/gnutls_fips_mode_t
--- gnutls-3.8.8.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.8/doc/enums/gnutls_fips_mode_t
@@ -3,7 +3,7 @@
@c gnutls_fips_mode_t
@table @code
@ -1046,11 +1046,11 @@ Index: gnutls-3.8.3/doc/enums/gnutls_fips_mode_t
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.8.3/doc/gnutls-api.texi
Index: gnutls-3.8.8/doc/gnutls-api.texi
===================================================================
--- gnutls-3.8.3.orig/doc/gnutls-api.texi
+++ gnutls-3.8.3/doc/gnutls-api.texi
@@ -3275,7 +3275,7 @@ unusable. This function is not thread-s
--- gnutls-3.8.8.orig/doc/gnutls-api.texi
+++ gnutls-3.8.8/doc/gnutls-api.texi
@@ -3279,7 +3279,7 @@ unusable. This function is not thread-s
@subheading gnutls_fips140_set_mode
@anchor{gnutls_fips140_set_mode}
@deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags})
@ -1059,7 +1059,7 @@ Index: gnutls-3.8.3/doc/gnutls-api.texi
@var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD}
@@ -3284,13 +3284,13 @@ That function is not thread-safe when ch
@@ -3288,13 +3288,13 @@ That function is not thread-safe when ch
behavior with no flags after threads are created is undefined.
When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified
@ -1075,10 +1075,10 @@ Index: gnutls-3.8.3/doc/gnutls-api.texi
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.8.3/lib/ext/session_ticket.c
Index: gnutls-3.8.8/lib/ext/session_ticket.c
===================================================================
--- gnutls-3.8.3.orig/lib/ext/session_ticket.c
+++ gnutls-3.8.3/lib/ext/session_ticket.c
--- gnutls-3.8.8.orig/lib/ext/session_ticket.c
+++ gnutls-3.8.8/lib/ext/session_ticket.c
@@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g
{
if (_gnutls_fips_mode_enabled()) {
@ -1088,11 +1088,11 @@ Index: gnutls-3.8.3/lib/ext/session_ticket.c
* some limits on allowed key size, thus it is not
* used. These limits do not affect this function as
* it does not generate a "key" but rather key material
Index: gnutls-3.8.3/lib/libgnutls.map
Index: gnutls-3.8.8/lib/libgnutls.map
===================================================================
--- gnutls-3.8.3.orig/lib/libgnutls.map
+++ gnutls-3.8.3/lib/libgnutls.map
@@ -1441,7 +1441,7 @@ GNUTLS_FIPS140_3_4 {
--- gnutls-3.8.8.orig/lib/libgnutls.map
+++ gnutls-3.8.8/lib/libgnutls.map
@@ -1459,7 +1459,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_hkdf_self_test;
gnutls_pbkdf2_self_test;
gnutls_tlsprf_self_test;
@ -1101,11 +1101,11 @@ Index: gnutls-3.8.3/lib/libgnutls.map
drbg_aes_reseed;
drbg_aes_init;
drbg_aes_generate;
Index: gnutls-3.8.3/lib/nettle/mac.c
Index: gnutls-3.8.8/lib/nettle/mac.c
===================================================================
--- gnutls-3.8.3.orig/lib/nettle/mac.c
+++ gnutls-3.8.3/lib/nettle/mac.c
@@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx
--- gnutls-3.8.8.orig/lib/nettle/mac.c
+++ gnutls-3.8.8/lib/nettle/mac.c
@@ -292,7 +292,7 @@ static void _wrap_gmac_digest(void *_ctx
static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
struct nettle_mac_ctx *ctx)
{
@ -1114,20 +1114,20 @@ Index: gnutls-3.8.3/lib/nettle/mac.c
* gnutls_hash_init() and gnutls_hmac_init() */
ctx->set_nonce = NULL;
@@ -648,7 +648,7 @@ static void _md5_sha1_digest(void *_ctx,
@@ -688,7 +688,7 @@ static void _md5_sha1_init(void *_ctx)
static int _ctx_init(gnutls_digest_algorithm_t algo,
struct nettle_hash_ctx *ctx)
{
- /* Any FIPS140-2 related enforcement is performed on
+ /* Any FIPS140-3 related enforcement is performed on
* gnutls_hash_init() and gnutls_hmac_init() */
switch (algo) {
case GNUTLS_DIG_MD5:
Index: gnutls-3.8.3/config.h.in
ctx->finished = NULL;
Index: gnutls-3.8.8/config.h.in
===================================================================
--- gnutls-3.8.3.orig/config.h.in
+++ gnutls-3.8.3/config.h.in
@@ -82,7 +82,7 @@
--- gnutls-3.8.8.orig/config.h.in
+++ gnutls-3.8.8/config.h.in
@@ -104,7 +104,7 @@
/* enable DHE */
#undef ENABLE_ECDHE
@ -1136,7 +1136,7 @@ Index: gnutls-3.8.3/config.h.in
#undef ENABLE_FIPS140
/* enable GOST */
@@ -125,7 +125,7 @@
@@ -147,7 +147,7 @@
/* Define this to 1 if F_DUPFD behavior does not match POSIX */
#undef FCNTL_DUPFD_BUGGY
@ -1145,11 +1145,11 @@ Index: gnutls-3.8.3/config.h.in
#undef FIPS_KEY
/* The FIPS140 module name */
Index: gnutls-3.8.3/configure
Index: gnutls-3.8.8/configure
===================================================================
--- gnutls-3.8.3.orig/configure
+++ gnutls-3.8.3/configure
@@ -3830,7 +3830,7 @@ Optional Features:
--- gnutls-3.8.8.orig/configure
+++ gnutls-3.8.8/configure
@@ -4455,7 +4455,7 @@ Optional Features:
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
@ -1158,10 +1158,10 @@ Index: gnutls-3.8.3/configure
--enable-strict-x509 enable stricter sanity checks for x509 certificates
--disable-non-suiteb-curves
disable curves not in SuiteB
Index: gnutls-3.8.3/doc/cha-support.texi
Index: gnutls-3.8.8/doc/cha-support.texi
===================================================================
--- gnutls-3.8.3.orig/doc/cha-support.texi
+++ gnutls-3.8.3/doc/cha-support.texi
--- gnutls-3.8.8.orig/doc/cha-support.texi
+++ gnutls-3.8.8/doc/cha-support.texi
@@ -134,5 +134,5 @@ There are certifications from national o
to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives.
@ -1170,23 +1170,10 @@ Index: gnutls-3.8.3/doc/cha-support.texi
-See @ref{FIPS140-2 mode} for more information.
+GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux.
+See @ref{FIPS140-3 mode} for more information.
Index: gnutls-3.8.3/doc/gnutls.info
Index: gnutls-3.8.8/src/gnutls-cli-options.json
===================================================================
--- gnutls-3.8.3.orig/doc/gnutls.info
+++ gnutls-3.8.3/doc/gnutls.info
@@ -618,7 +618,7 @@ Ref: fig-crypto-layers744471
Ref: Cryptographic Backend-Footnote-1747783
Ref: Cryptographic Backend-Footnote-2747868
Node: Random Number Generators-internals747980
-Node: FIPS140-2 mode755450
+Node: FIPS140-3 mode755450
Ref: gnutls_fips_mode_t758148
Node: Upgrading from previous versions761817
Node: Support776059
Index: gnutls-3.8.3/src/gnutls-cli-options.json
===================================================================
--- gnutls-3.8.3.orig/src/gnutls-cli-options.json
+++ gnutls-3.8.3/src/gnutls-cli-options.json
--- gnutls-3.8.8.orig/src/gnutls-cli-options.json
+++ gnutls-3.8.8/src/gnutls-cli-options.json
@@ -384,7 +384,7 @@
},
{
@ -1196,3 +1183,58 @@ Index: gnutls-3.8.3/src/gnutls-cli-options.json
},
{
"long-option": "list-config",
Index: gnutls-3.8.8/tests/pkcs11-tool.sh
===================================================================
--- gnutls-3.8.8.orig/tests/pkcs11-tool.sh
+++ gnutls-3.8.8/tests/pkcs11-tool.sh
@@ -30,7 +30,7 @@ set -x
: ${DIFF=diff}
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.8.8/doc/manpages/gnutls_fips140_set_mode.3
===================================================================
--- gnutls-3.8.8.orig/doc/manpages/gnutls_fips140_set_mode.3
+++ gnutls-3.8.8/doc/manpages/gnutls_fips140_set_mode.3
@@ -8,7 +8,7 @@ gnutls_fips140_set_mode \- API function
.BI "void gnutls_fips140_set_mode(gnutls_fips_mode_t " mode ", unsigned " flags ");"
.SH ARGUMENTS
.IP "gnutls_fips_mode_t mode" 12
-the FIPS140\-2 mode to switch to
+the FIPS140\-3 mode to switch to
.IP "unsigned flags" 12
should be zero or \fBGNUTLS_FIPS140_SET_MODE_THREAD\fP
.SH "DESCRIPTION"
@@ -17,13 +17,13 @@ That function is not thread\-safe when c
behavior with no flags after threads are created is undefined.
When the flag \fBGNUTLS_FIPS140_SET_MODE_THREAD\fP is specified
-then this call will change the FIPS140\-2 mode for this particular
+then this call will change the FIPS140\-3 mode for this particular
thread and not for the whole process. That way an application
can utilize this function to set and reset mode for specific
operations.
This function never fails but will be a no\-op if used when
-the library is not in FIPS140\-2 mode. When asked to switch to unknown
+the library is not in FIPS140\-3 mode. When asked to switch to unknown
values for \fImode\fP or to \fBGNUTLS_FIPS140_SELFTESTS\fP mode, the library
switches to \fBGNUTLS_FIPS140_STRICT\fP mode.
.SH "SINCE"
Index: gnutls-3.8.8/doc/gnutls.info
===================================================================
--- gnutls-3.8.8.orig/doc/gnutls.info
+++ gnutls-3.8.8/doc/gnutls.info
@@ -619,7 +619,7 @@ Ref: fig-crypto-layers743655
Ref: Cryptographic Backend-Footnote-1746962
Ref: Cryptographic Backend-Footnote-2747047
Node: Random Number Generators-internals747159
-Node: FIPS140-2 mode754615
+Node: FIPS140-3 mode754615
Ref: gnutls_fips_mode_t757279
Node: Upgrading from previous versions760947
Node: Support775185

214
gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
View File

@ -1,112 +1,120 @@
Index: gnutls-3.8.0/lib/fips.c
Index: gnutls-3.8.8/lib/fips.c
===================================================================
--- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
@@ -171,16 +171,28 @@ struct hmac_entry {
struct hmac_file {
int version;
struct hmac_entry gnutls;
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
struct hmac_entry nettle;
struct hmac_entry hogweed;
struct hmac_entry gmp;
+#endif
};
struct lib_paths {
char gnutls[GNUTLS_PATH_MAX];
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
char nettle[GNUTLS_PATH_MAX];
char hogweed[GNUTLS_PATH_MAX];
char gmp[GNUTLS_PATH_MAX];
+#endif
};
--- gnutls-3.8.8.orig/lib/fips.c
+++ gnutls-3.8.8/lib/fips.c
@@ -349,11 +349,90 @@ static int load_hmac_file(struct hmac_fi
}
/*
@@ -241,12 +253,18 @@ static int handler(void *user, const cha
}
} else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
return lib_handler(&p->gnutls, section, name, value);
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
} else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
return lib_handler(&p->nettle, section, name, value);
} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
return lib_handler(&p->hogweed, section, name, value);
} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
return lib_handler(&p->gmp, section, name, value);
+#endif
} else {
return 0;
}
@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info
if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+#endif
return 0;
}
@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gnutls library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
if (paths->nettle[0] == '\0') {
_gnutls_debug_log("Nettle library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gmp library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
-
+#endif
return GNUTLS_E_SUCCESS;
}
@@ -467,6 +496,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
+ * check_dep_lib_hmac:
+ * @path: path to the library which hmac should be compared
+ *
+ * Verify that HMAC of a given library matches the hmac in the file
+ * provided by the library, named: .<libname>.so.<soname>.hmac.
+ *
+ * Returns: 0 on successful HMAC verification, a negative error code otherwise
+ */
+static int check_dep_lib_hmac(const char *path)
+{
+ int ret;
+ unsigned prev;
+ uint8_t hmac[HMAC_SIZE];
+ gnutls_datum_t data;
+ char hmac_path[GNUTLS_PATH_MAX];
+ uint8_t lib_hmac[HMAC_SIZE];
+ size_t lib_hmac_size;
+
+ _gnutls_debug_log("Loading: %s\n", path);
+ ret = gnutls_load_file(path, &data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not load %s: %s\n", path,
+ gnutls_strerror(ret));
+ return gnutls_assert_val(ret);
+ }
+
+ prev = _gnutls_get_lib_state();
+ _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
+ ret = gnutls_hmac_fast(HMAC_ALGO, FIPS_KEY, sizeof(FIPS_KEY) - 1,
+ data.data, data.size, hmac);
+ _gnutls_switch_lib_state(prev);
+
+ gnutls_free(data.data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not calculate HMAC for %s: %s\n", path,
+ gnutls_strerror(ret));
+ return gnutls_assert_val(ret);
+ }
+
+ /* Check now the integrity of the hmac provided by the library */
+ ret = get_hmac_path(hmac_path, sizeof(hmac_path), path);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not get hmac file path: %s\n",
+ gnutls_strerror(ret));
+ return ret;
+ }
+ _gnutls_debug_log("Loading: %s\n", hmac_path);
+ ret = gnutls_load_file(hmac_path, &data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not load %s: %s\n", hmac_path,
+ gnutls_strerror(ret));
+ return gnutls_assert_val(ret);
+ }
+ lib_hmac_size = hex_data_size(data.size);
+ /* trim eventual newlines from the end of the data read from file */
+ while ((data.size > 0) && (data.data[data.size - 1] == '\n')) {
+ data.data[data.size - 1] = 0;
+ data.size--;
+ }
+ ret = gnutls_hex_decode(&data, lib_hmac, &lib_hmac_size);
+ gnutls_free(data.data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not hex decode hmac\n");
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+ ret = gnutls_memcmp(lib_hmac, hmac, HMAC_SIZE);
+ if (ret){
+ _gnutls_debug_log("Calculated MAC for %s does not match\n",
+ path);
+ gnutls_memset(hmac, 0, HMAC_SIZE);
+ gnutls_memset(lib_hmac, 0, HMAC_SIZE);
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+ _gnutls_debug_log("Successfully verified MAC for %s\n", path);
+ gnutls_memset(hmac, 0, HMAC_SIZE);
+ return 0;
+}
+
+/*
* check_lib_hmac:
* @entry: hmac file entry
* @path: path to the library which hmac should be compared
*
- * Verify that HMAC from hmac file entry matches HMAC of given library.
+ * Verify that HMAC from hmac file entry matches HMAC of gnutls library.
*
* Returns: 0 on successful HMAC verification, a negative error code otherwise
*/
@@ -496,17 +575,20 @@ static int check_binary_integrity(void)
if (ret < 0)
return ret;
+# if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
ret = check_lib_hmac(&hmac.nettle, paths.nettle);
#ifdef NETTLE_LIBRARY_SONAME
- ret = check_lib_hmac(&hmac.nettle, paths.nettle);
+ //ret = check_lib_hmac(&hmac.nettle, paths.nettle);
+ ret = check_dep_lib_hmac(paths.nettle);
if (ret < 0)
return ret;
@@ -476,6 +510,7 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gmp, paths.gmp);
#endif
#ifdef HOGWEED_LIBRARY_SONAME
- ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
+ //ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
+ ret = check_dep_lib_hmac(paths.hogweed);
if (ret < 0)
return ret;
+# endif
return 0;
}
#endif
#ifdef GMP_LIBRARY_SONAME
- ret = check_lib_hmac(&hmac.gmp, paths.gmp);
+ //ret = check_lib_hmac(&hmac.gmp, paths.gmp);
+ ret = check_dep_lib_hmac(paths.gmp);
if (ret < 0)
return ret;
#endif

12
gnutls-FIPS-TLS_KDF_selftest.patch
View File

@ -1,8 +1,8 @@
Index: gnutls-3.7.7/lib/fips.c
Index: gnutls-3.8.5/lib/fips.c
===================================================================
--- gnutls-3.7.7.orig/lib/fips.c
+++ gnutls-3.7.7/lib/fips.c
@@ -517,6 +517,26 @@ int _gnutls_fips_perform_self_checks2(vo
--- gnutls-3.8.5.orig/lib/fips.c
+++ gnutls-3.8.5/lib/fips.c
@@ -593,6 +593,26 @@ int _gnutls_fips_perform_self_checks2(vo
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
}
@ -27,5 +27,5 @@ Index: gnutls-3.7.7/lib/fips.c
+ }
+
/* PK */
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
if (ret < 0) {
if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);

16
gnutls-FIPS-jitterentropy-deinit-threads.patch
View File

@ -1,8 +1,8 @@
Index: gnutls-3.7.3/lib/state.c
Index: gnutls-3.8.4/lib/state.c
===================================================================
--- gnutls-3.7.3.orig/lib/state.c
+++ gnutls-3.7.3/lib/state.c
@@ -794,6 +794,12 @@ void gnutls_deinit(gnutls_session_t sess
--- gnutls-3.8.4.orig/lib/state.c
+++ gnutls-3.8.4/lib/state.c
@@ -830,6 +830,12 @@ void gnutls_deinit(gnutls_session_t sess
gnutls_mutex_deinit(&session->internals.post_negotiation_lock);
gnutls_mutex_deinit(&session->internals.epoch_lock);
@ -15,11 +15,11 @@ Index: gnutls-3.7.3/lib/state.c
gnutls_free(session);
}
Index: gnutls-3.7.3/lib/nettle/rnd.c
Index: gnutls-3.8.4/lib/nettle/rnd.c
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/rnd.c
+++ gnutls-3.7.3/lib/nettle/rnd.c
@@ -75,6 +75,12 @@ struct generators_ctx_st {
--- gnutls-3.8.4.orig/lib/nettle/rnd.c
+++ gnutls-3.8.4/lib/nettle/rnd.c
@@ -79,6 +79,12 @@ struct generators_ctx_st {
static void wrap_nettle_rnd_deinit(void *_ctx)
{

38
gnutls-FIPS-jitterentropy.patch
View File

@ -1,7 +1,7 @@
Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c
Index: gnutls-3.8.6/lib/nettle/sysrng-linux.c
===================================================================
--- gnutls-3.8.1.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.1/lib/nettle/sysrng-linux.c
--- gnutls-3.8.6.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.6/lib/nettle/sysrng-linux.c
@@ -49,6 +49,15 @@
get_entropy_func _rnd_get_system_entropy = NULL;
@ -158,11 +158,11 @@ Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c
+#endif
return;
}
Index: gnutls-3.8.1/lib/nettle/Makefile.in
Index: gnutls-3.8.6/lib/nettle/Makefile.in
===================================================================
--- gnutls-3.8.1.orig/lib/nettle/Makefile.in
+++ gnutls-3.8.1/lib/nettle/Makefile.in
@@ -402,7 +402,7 @@ am__v_CC_1 =
--- gnutls-3.8.6.orig/lib/nettle/Makefile.in
+++ gnutls-3.8.6/lib/nettle/Makefile.in
@@ -497,7 +497,7 @@ am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@ -171,10 +171,10 @@ Index: gnutls-3.8.1/lib/nettle/Makefile.in
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
Index: gnutls-3.8.1/lib/nettle/Makefile.am
Index: gnutls-3.8.6/lib/nettle/Makefile.am
===================================================================
--- gnutls-3.8.1.orig/lib/nettle/Makefile.am
+++ gnutls-3.8.1/lib/nettle/Makefile.am
--- gnutls-3.8.6.orig/lib/nettle/Makefile.am
+++ gnutls-3.8.6/lib/nettle/Makefile.am
@@ -20,7 +20,7 @@
include $(top_srcdir)/lib/common.mk
@ -184,10 +184,10 @@ Index: gnutls-3.8.1/lib/nettle/Makefile.am
AM_CPPFLAGS = \
-I$(srcdir)/int \
Index: gnutls-3.8.1/lib/nettle/rnd-fips.c
Index: gnutls-3.8.6/lib/nettle/rnd-fips.c
===================================================================
--- gnutls-3.8.1.orig/lib/nettle/rnd-fips.c
+++ gnutls-3.8.1/lib/nettle/rnd-fips.c
--- gnutls-3.8.6.orig/lib/nettle/rnd-fips.c
+++ gnutls-3.8.6/lib/nettle/rnd-fips.c
@@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc
uint8_t buffer[DRBG_AES_SEED_SIZE];
int ret;
@ -210,16 +210,16 @@ Index: gnutls-3.8.1/lib/nettle/rnd-fips.c
ret = get_entropy(fctx, buffer, sizeof(buffer));
if (ret < 0) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
Index: gnutls-3.8.1/tests/Makefile.am
Index: gnutls-3.8.6/tests/Makefile.am
===================================================================
--- gnutls-3.8.1.orig/tests/Makefile.am
+++ gnutls-3.8.1/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
--- gnutls-3.8.6.orig/tests/Makefile.am
+++ gnutls-3.8.6/tests/Makefile.am
@@ -209,7 +209,7 @@ ctests += mini-record-2 simple gnutls_hm
dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
+ set_x509_key_file_ocsp client-fastopen srp rng-pthread \
- set_x509_key_file_ocsp client-fastopen rng-sigint srp \
+ set_x509_key_file_ocsp client-fastopen srp \
safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \

142
gnutls.changes
View File

@ -1,16 +1,103 @@
-------------------------------------------------------------------
Mon Apr 8 09:11:16 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
Mon Nov 11 10:04:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Security fix: [bsc#1221747, CVE-2024-28835]
* gnutls: certtool crash when verifying a certificate chain
* Add gnutls-CVE-2024-28835.patch
- Update to 3.8.8:
- libgnutls: Experimental support for X25519MLKEM768 and
SecP256r1MLKEM768 key exchange in TLS 1.3: The support for
post-quantum key exchanges has been extended to cover the final
standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem.
The minimum supported version of liboqs is bumped to 0.11.0.
- libgnutls: All records included in an OCSP response are now checked
in TLS: Previously, when multiple records are provided in a single
OCSP response, only the first record was considered; now all those
records are examined until the server certificate matches.
- libgnutls: Handling of malformed compress_certificate extension is
now more standard compliant: The server behavior of receiving a
malformed compress_certificate extension now more strictly follows
RFC 8879; return illegal_parameter alert instead of bad_certificate,
as well as overlong extension data is properly rejected.
- build: More flexible library linking options for compression
libraries, TPM, and liboqs support: The configure options,
--with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs
now take 4 states: yes/link/dlopen/no, to specify how the libraries
are linked or loaded.
* Rebase gnutls-FIPS-140-3-references.patch
-------------------------------------------------------------------
Mon Apr 8 08:31:25 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
Fri Sep 27 08:02:09 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
- Security fix: [bsc#1221746, CVE-2024-28834]
* gnutls: side-channel in the deterministic ECDSA
* Add gnutls-CVE-2024-28834.patch
- Build with liboqs to support the X25519Kyber768 post-quantum key
exchange algorithm.
-------------------------------------------------------------------
Thu Sep 5 07:57:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Allow to perform the integrity check with the hmac provided
by each library [bsc#1226724]
* Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
-------------------------------------------------------------------
Mon Sep 2 10:09:23 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.7:
* libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely
disable DSA algorithm support.
* libgnutls: Experimental support for X25519Kyber768Draft00 key
exchange in TLS. For testing purposes, the hybrid post-quantum
key exchange defined in draft-tls-westerbaan-xyber768d00 has been
implemented using liboqs. Since the algorithm is still not finalized,
the support of this key exchange is disabled by default and can be
enabled with the --with-liboqs configure option.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
-------------------------------------------------------------------
Thu Jul 25 08:51:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.6:
* libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
* libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
* API and ABI modifications:
- gnutls_pkcs12_generate_mac3: New function
- gnutls_pkcs12_flags_t: New enum
- gnutls_hash_squeeze: New function
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-jitterentropy.patch
-------------------------------------------------------------------
Fri Apr 5 07:28:14 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.5:
* libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option 'allow-rsa-pkcs1-encrypt'
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
* libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
* libgnutls: A couple of memory related issues have been fixed in
RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA
with earlier versions of GMP. These were a regression introduced
in the 3.8.4 release. See #1535 and !1827.
* build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
* API and ABI modifications:
- GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of
gnutls_pkcs_encrypt_flags_t
* Rebase patches:
- gnutls-FIPS-TLS_KDF_selftest.patch
- gnutls-FIPS-140-3-references.patch
-------------------------------------------------------------------
Wed Mar 20 12:08:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
@ -20,6 +107,45 @@ Wed Mar 20 12:08:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
pre-intitization done in the main thread. [bsc#1221242]
* Add gnutls-FIPS-jitterentropy-deinit-threads.patch
-------------------------------------------------------------------
Wed Mar 20 09:26:32 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.4:
* libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a gnutls_x509_spki_t object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
* libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [bsc#1221746, CVE-2024-28834]
* libgnutls: Fixed a bug where certtool crashed when verifying a
certificate chain with more than 16 certificates. Reported by
William Woodruff (#1525) and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [bsc#1221747, CVE-2024-28835]
* libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
* build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
* API and ABI modifications:
- gnutls_x509_spki_get_rsa_oaep_params: New function.
- gnutls_x509_spki_set_rsa_oaep_params: New function.
- GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
-------------------------------------------------------------------
Wed Feb 21 18:04:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Remove some if..endif that do not affect any result
- Split documentation (some 1100 files) to separate subpackage
-------------------------------------------------------------------
Wed Jan 17 08:41:07 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

34
gnutls.spec
View File

@ -35,12 +35,14 @@
# disable for now, as our OBS builds do not work with it. Marcus 20220511
#bcond_without kcapi
%bcond_with kcapi
%bcond_without liboqs
%else
%bcond_with kcapi
%bcond_with liboqs
%endif
%bcond_with tpm
Name: gnutls
Version: 3.8.3
Version: 3.8.8
Release: 0
Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later
@ -69,10 +71,6 @@ Patch102: gnutls-FIPS-jitterentropy.patch
#PATCH-FIX-SUSE bsc#1221242 Fix memleak in gnutls' jitterentropy collector
Patch103: gnutls-FIPS-jitterentropy-deinit-threads.patch
%endif
#PATCH-FIX-UPSTREAM bsc#1221746 CVE-2024-28834: gnutls: side-channel in the deterministic ECDSA
Patch200: gnutls-CVE-2024-28834.patch
#PATCH-FIX-UPSTREAM bsc#1221747 CVE-2024-28835: gnutls: certtool crash when verifying a certificate chain
Patch201: gnutls-CVE-2024-28835.patch
BuildRequires: autogen
BuildRequires: automake
BuildRequires: datefudge
@ -95,6 +93,9 @@ BuildRequires: pkgconfig(zlib)
%if %{with kcapi}
BuildRequires: pkgconfig(libkcapi)
%endif
%if %{with liboqs}
BuildRequires: pkgconfig(liboqs)
%endif
%if 0%{?suse_version} <= 1320
BuildRequires: net-tools
%else
@ -138,7 +139,6 @@ The GnuTLS library provides a secure layer over a reliable transport
layer. Currently the GnuTLS library implements the proposed standards
of the IETF's TLS working group.
%if %{with dane}
%package -n libgnutls-dane%{gnutls_dane_sover}
Summary: DANE support for the GNU Transport Layer Security Library
License: LGPL-2.1-or-later
@ -148,7 +148,6 @@ Group: System/Libraries
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer.
This package contains the "DANE" part of gnutls.
%endif
%package -n libgnutlsxx%{gnutlsxx_sover}
Summary: C++ API for the GNU Transport Layer Security Library
@ -178,7 +177,6 @@ Requires: crypto-policies
%description -n libgnutls-devel
Files needed for software development using gnutls.
%if %{with dane}
%package -n libgnutls-dane-devel
Summary: Development package for GnuTLS DANE component
License: LGPL-2.1-or-later
@ -187,7 +185,14 @@ Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
%description -n libgnutls-dane-devel
Files needed for software development using gnutls.
%endif
%package -n libgnutls-devel-doc
Summary: Manual and Info pages for libgnutls
License: LGPL-2.1-or-later
BuildArch: noarch
%description -n libgnutls-devel-doc
Manpages (troff) and GNU Info pages for libgnutls.
%package -n libgnutlsxx-devel
Summary: Development package for the GnuTLS C++ API
@ -235,6 +240,9 @@ autoreconf -fiv
%if %{with srp}
--enable-srp-authentication \
%endif
%if %{with liboqs}
--with-liboqs \
%endif
%ifarch %{ix86} %{arm}
--disable-year2038 \
%endif
@ -304,12 +312,8 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%if %{with dane}
%post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
%postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
%endif
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
@ -371,9 +375,11 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%{_includedir}/%{name}/urls.h
%{_libdir}/libgnutls.so
%{_libdir}/pkgconfig/gnutls.pc
%files -n libgnutls-devel-doc
%{_mandir}/man3/*
%{_infodir}/*%{ext_info}
%doc %{_docdir}/libgnutls-devel
%{_docdir}/libgnutls-devel
%if %{with dane}
%files -n libgnutls-dane-devel