Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe

gnutls-3.5.11-skip-trust-store-tests.patch

@@ -15,11 +15,11 @@ need ca-certificates-mozilla to run.
 
 But this would create a build cycle. Skip test.
 
-Index: gnutls-3.6.15/tests/trust-store.c
+Index: gnutls-3.8.9/tests/trust-store.c
 ===================================================================
---- gnutls-3.6.15.orig/tests/trust-store.c	2020-09-08 10:24:24.018094247 +0200
-+++ gnutls-3.6.15/tests/trust-store.c	2020-09-08 10:24:25.534104346 +0200
-@@ -44,6 +44,9 @@ static void tls_log_func(int level, cons
+--- gnutls-3.8.9.orig/tests/trust-store.c
++++ gnutls-3.8.9/tests/trust-store.c
+@@ -42,6 +42,9 @@ static void tls_log_func(int level, cons
  
  void doit(void)
  {

gnutls-3.8.10-disable-ktls_test.patch

@@ -0,0 +1,24 @@
+Index: gnutls-3.8.10/tests/Makefile.am
+===================================================================
+--- gnutls-3.8.10.orig/tests/Makefile.am
++++ gnutls-3.8.10/tests/Makefile.am
+@@ -527,13 +527,13 @@ if !WINDOWS
+ #
+ 
+ if ENABLE_KTLS
+-indirect_tests += gnutls_ktls
+-dist_check_SCRIPTS += ktls.sh
++#indirect_tests += gnutls_ktls
++#dist_check_SCRIPTS += ktls.sh
+ 
+-indirect_tests += ktls_keyupdate
+-ktls_keyupdate_SOURCES = tls13/key_update.c
+-ktls_keyupdate_CFLAGS = -DUSE_KTLS
+-dist_check_SCRIPTS += ktls_keyupdate.sh
++#indirect_tests += ktls_keyupdate
++#ktls_keyupdate_SOURCES = tls13/key_update.c
++#ktls_keyupdate_CFLAGS = -DUSE_KTLS
++#dist_check_SCRIPTS += ktls_keyupdate.sh
+ endif
+ 
+ dist_check_SCRIPTS += dtls/dtls.sh #dtls/dtls-resume.sh #dtls/dtls-nb

gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

@@ -1,112 +1,120 @@
-Index: gnutls-3.8.0/lib/fips.c
+Index: gnutls-3.8.8/lib/fips.c
 ===================================================================
---- gnutls-3.8.0.orig/lib/fips.c
-+++ gnutls-3.8.0/lib/fips.c
-@@ -171,16 +171,28 @@ struct hmac_entry {
- struct hmac_file {
- 	int version;
- 	struct hmac_entry gnutls;
-+#if 0
-+	/* Disable nettle, hogweed and gpm HMAC verification as
-+	 * they are calculated during build of the respective
-+	 * packages and can differ from the ones listed here.
-+	 */
- 	struct hmac_entry nettle;
- 	struct hmac_entry hogweed;
- 	struct hmac_entry gmp;
-+#endif
- };
- 
- struct lib_paths {
- 	char gnutls[GNUTLS_PATH_MAX];
-+#if 0
-+	/* Disable nettle, hogweed and gpm HMAC verification as
-+	 * they are calculated during build of the respective
-+	 * packages and can differ from the ones listed here.
-+	 */
- 	char nettle[GNUTLS_PATH_MAX];
- 	char hogweed[GNUTLS_PATH_MAX];
- 	char gmp[GNUTLS_PATH_MAX];
-+#endif
- };
+--- gnutls-3.8.8.orig/lib/fips.c
++++ gnutls-3.8.8/lib/fips.c
+@@ -349,11 +349,90 @@ static int load_hmac_file(struct hmac_fi
+ }
  
  /*
-@@ -241,12 +253,18 @@ static int handler(void *user, const cha
- 		}
- 	} else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
- 		return lib_handler(&p->gnutls, section, name, value);
-+#if 0
-+	/* Disable nettle, hogweed and gpm HMAC verification as
-+	 * they are calculated during build of the respective
-+	 * packages and can differ from the ones listed here.
++ * check_dep_lib_hmac:
++ * @path: path to the library which hmac should be compared
++ *
++ * Verify that HMAC of a given library matches the hmac in the file
++ * provided by the library, named: .<libname>.so.<soname>.hmac.
++ *
++ * Returns: 0 on successful HMAC verification, a negative error code otherwise
 + */
- 	} else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
- 		return lib_handler(&p->nettle, section, name, value);
- 	} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
- 		return lib_handler(&p->hogweed, section, name, value);
- 	} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
- 		return lib_handler(&p->gmp, section, name, value);
-+#endif
- 	} else {
- 		return 0;
- 	}
-@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info
- 
- 	if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
- 		_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
-+#if 0
-+	/* Disable nettle, hogweed and gpm HMAC verification as
-+	 * they are calculated during build of the respective
-+	 * packages and can differ from the ones listed here.
-+	 */
- 	else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
- 		_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
- 	else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
- 		_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
- 	else if (!strcmp(soname, GMP_LIBRARY_SONAME))
- 		_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
-+#endif
- 	return 0;
- }
- 
-@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat
- 		_gnutls_debug_log("Gnutls library path was not found\n");
- 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- 	}
-+#if 0
-+	/* Disable nettle, hogweed and gpm HMAC verification as
-+	 * they are calculated during build of the respective
-+	 * packages and can differ from the ones listed here.
-+	 */
- 	if (paths->nettle[0] == '\0') {
- 		_gnutls_debug_log("Nettle library path was not found\n");
- 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
-@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat
- 		_gnutls_debug_log("Gmp library path was not found\n");
- 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- 	}
--
-+#endif
- 	return GNUTLS_E_SUCCESS;
- }
- 
-@@ -467,6 +496,11 @@ static int check_binary_integrity(void)
- 	ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
++static int check_dep_lib_hmac(const char *path)
++{
++	int ret;
++	unsigned prev;
++	uint8_t hmac[HMAC_SIZE];
++	gnutls_datum_t data;
++	char hmac_path[GNUTLS_PATH_MAX];
++	uint8_t lib_hmac[HMAC_SIZE];
++	size_t lib_hmac_size;
++
++	_gnutls_debug_log("Loading: %s\n", path);
++	ret = gnutls_load_file(path, &data);
++	if (ret < 0) {
++		_gnutls_debug_log("Could not load %s: %s\n", path,
++				  gnutls_strerror(ret));
++		return gnutls_assert_val(ret);
++	}
++
++	prev = _gnutls_get_lib_state();
++	_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
++	ret = gnutls_hmac_fast(HMAC_ALGO, FIPS_KEY, sizeof(FIPS_KEY) - 1,
++			       data.data, data.size, hmac);
++	_gnutls_switch_lib_state(prev);
++
++	gnutls_free(data.data);
++	if (ret < 0) {
++		_gnutls_debug_log("Could not calculate HMAC for %s: %s\n", path,
++				  gnutls_strerror(ret));
++		return gnutls_assert_val(ret);
++	}
++
++	/* Check now the integrity of the hmac provided by the library */
++	ret = get_hmac_path(hmac_path, sizeof(hmac_path), path);
++	if (ret < 0) {
++		_gnutls_debug_log("Could not get hmac file path: %s\n",
++							gnutls_strerror(ret));
++		return ret;
++	}
++	_gnutls_debug_log("Loading: %s\n", hmac_path);
++	ret = gnutls_load_file(hmac_path, &data);
++	if (ret < 0) {
++		_gnutls_debug_log("Could not load %s: %s\n", hmac_path,
++							gnutls_strerror(ret));
++		return gnutls_assert_val(ret);
++	}
++	lib_hmac_size = hex_data_size(data.size);
++	/* trim eventual newlines from the end of the data read from file */
++	while ((data.size > 0) && (data.data[data.size - 1] == '\n')) {
++		data.data[data.size - 1] = 0;
++		data.size--;
++	}
++	ret = gnutls_hex_decode(&data, lib_hmac, &lib_hmac_size);
++	gnutls_free(data.data);
++	if (ret < 0) {
++		_gnutls_debug_log("Could not hex decode hmac\n");
++		return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
++	}
++	ret = gnutls_memcmp(lib_hmac, hmac, HMAC_SIZE);
++	if (ret){
++		_gnutls_debug_log("Calculated MAC for %s does not match\n",
++							path);
++		gnutls_memset(hmac, 0, HMAC_SIZE);
++		gnutls_memset(lib_hmac, 0, HMAC_SIZE);
++		return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
++	}
++	_gnutls_debug_log("Successfully verified MAC for %s\n", path);
++	gnutls_memset(hmac, 0, HMAC_SIZE);
++	return 0;
++}
++
++/*
+  * check_lib_hmac:
+  * @entry: hmac file entry
+  * @path: path to the library which hmac should be compared
+  *
+- * Verify that HMAC from hmac file entry matches HMAC of given library.
++ * Verify that HMAC from hmac file entry matches HMAC of gnutls library.
+  *
+  * Returns: 0 on successful HMAC verification, a negative error code otherwise
+  */
+@@ -496,17 +575,20 @@ static int check_binary_integrity(void)
  	if (ret < 0)
  		return ret;
-+# if 0
-+	/* Disable nettle, hogweed and gpm HMAC verification as
-+	 * they are calculated during build of the respective
-+	 * packages and can differ from the ones listed here.
-+	 */
- 	ret = check_lib_hmac(&hmac.nettle, paths.nettle);
+ #ifdef NETTLE_LIBRARY_SONAME
+-	ret = check_lib_hmac(&hmac.nettle, paths.nettle);
++	//ret = check_lib_hmac(&hmac.nettle, paths.nettle);
++	ret = check_dep_lib_hmac(paths.nettle);
  	if (ret < 0)
  		return ret;
-@@ -476,6 +510,7 @@ static int check_binary_integrity(void)
- 	ret = check_lib_hmac(&hmac.gmp, paths.gmp);
+ #endif
+ #ifdef HOGWEED_LIBRARY_SONAME
+-	ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
++	//ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
++	ret = check_dep_lib_hmac(paths.hogweed);
  	if (ret < 0)
  		return ret;
-+# endif
- 
- 	return 0;
- }
+ #endif
+ #ifdef GMP_LIBRARY_SONAME
+-	ret = check_lib_hmac(&hmac.gmp, paths.gmp);
++	//ret = check_lib_hmac(&hmac.gmp, paths.gmp);
++	ret = check_dep_lib_hmac(paths.gmp);
+ 	if (ret < 0)
+ 		return ret;
+ #endif

gnutls-FIPS-HMAC-x86_64-v3-opt.patch

@@ -0,0 +1,47 @@
+Index: gnutls-3.8.9/lib/fips.c
+===================================================================
+--- gnutls-3.8.9.orig/lib/fips.c
++++ gnutls-3.8.9/lib/fips.c
+@@ -268,6 +268,28 @@ static int handler(void *user, const cha
+ 	return 1;
+ }
+ 
++
++/* In case of x86_64-v3 optmizations, names might differ in version numbers.
++ * @mac_file: buffer where the hmac file path will be written to
++ * @lib_path: path to the dependent library, used to deduce hmac file path
++ * @file_name: The file name of the library
++ */
++ static void get_hwcaps_lib_hmac_path(char *mac_file, const char *lib_path, char *file_name) {
++	// Cut name short if more than SOVER is present 
++	char *soname = strstr(file_name, ".so.");
++	char correct_ext[256];
++	memset(correct_ext, 0x0, 256);
++	soname += strlen(".so.");
++	for (uint32_t i = 0; i < strlen(soname); i++) {
++		if (soname[i] == '.') {
++			int proper_len = soname - file_name + i;
++			strncpy(correct_ext, file_name, proper_len);
++			snprintf(mac_file, 256, "%.*s/.%.*s.hmac",  (int)(file_name-lib_path),lib_path,proper_len,correct_ext);
++			break;	
++		}
++	}
++}
++
+ /*
+  * get_hmac_path:
+  * @mac_file: buffer where the hmac file path will be written to
+@@ -300,6 +322,13 @@ static int get_hmac_path(char *mac_file,
+ 	if (ret == 0)
+ 		return GNUTLS_E_SUCCESS;
+ 
++	if (strstr(gnutls_path, "glibc-hwcaps")) {
++		get_hwcaps_lib_hmac_path(mac_file, gnutls_path, p + 1);
++		ret = _gnutls_file_exists(mac_file);
++		if (ret == 0)
++			return GNUTLS_E_SUCCESS;
++	}
++		
+ 	if (p == NULL)
+ 		ret = snprintf(mac_file, mac_file_size, "fipscheck/.%s.hmac",
+ 			       gnutls_path);

gnutls-FIPS-TLS_KDF_selftest.patch

@@ -1,8 +1,8 @@
-Index: gnutls-3.7.7/lib/fips.c
+Index: gnutls-3.8.9/lib/fips.c
 ===================================================================
---- gnutls-3.7.7.orig/lib/fips.c
-+++ gnutls-3.7.7/lib/fips.c
-@@ -517,6 +517,26 @@ int _gnutls_fips_perform_self_checks2(vo
+--- gnutls-3.8.9.orig/lib/fips.c
++++ gnutls-3.8.9/lib/fips.c
+@@ -621,6 +621,26 @@ int _gnutls_fips_perform_self_checks2(vo
  		return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
  	}
  
@@ -27,5 +27,5 @@ Index: gnutls-3.7.7/lib/fips.c
 +	}
 +
  	/* PK */
+ 	if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
  		ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
- 	if (ret < 0) {

gnutls-FIPS-disable-mac-sha1.patch

@@ -0,0 +1,181 @@
+commit c4eba74d4745e3a97b443abae1431658a826d2eb
+Author: Angel Yankov <angel.yankov@suse.com>
+Date:   Thu Nov 28 11:02:07 2024 +0200
+
+    SHA-1 is not allowed in FIPS-140-3 anymore after 2030. Mark it as
+    unapproved
+    
+    Signed-off-by: Angel Yankov <angel.yankov@suse.com>
+
+Index: gnutls-3.8.10/lib/crypto-api.c
+===================================================================
+--- gnutls-3.8.10.orig/lib/crypto-api.c
++++ gnutls-3.8.10/lib/crypto-api.c
+@@ -33,6 +33,7 @@
+ #include "crypto-api.h"
+ #include "iov.h"
+ #include "intprops.h"
++#include <gnutls/gnutls.h>
+ 
+ typedef struct api_cipher_hd_st {
+ 	cipher_hd_st ctx_enc;
+@@ -597,7 +598,9 @@ int gnutls_hmac_init(gnutls_hmac_hd_t *d
+ 	bool not_approved = false;
+ 
+ 	/* MD5 is only allowed internally for TLS */
+-	if (!is_mac_algo_allowed(algorithm)) {
++	if (algorithm == GNUTLS_MAC_SHA1) 
++		not_approved = true;
++	else if (!is_mac_algo_allowed(algorithm)) {
+ 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+ 	} else if (!is_mac_algo_approved_in_fips(algorithm)) {
+@@ -757,8 +760,9 @@ int gnutls_hmac_fast(gnutls_mac_algorith
+ {
+ 	int ret;
+ 	bool not_approved = false;
+-
+-	if (!is_mac_algo_allowed(algorithm)) {
++	if (algorithm == GNUTLS_MAC_SHA1) 
++		not_approved = true;
++	else if (!is_mac_algo_allowed(algorithm)) {
+ 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+ 	} else if (!is_mac_algo_approved_in_fips(algorithm)) {
+@@ -839,8 +843,9 @@ int gnutls_hash_init(gnutls_hash_hd_t *d
+ {
+ 	int ret;
+ 	bool not_approved = false;
+-
+-	if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
++	if (algorithm == GNUTLS_MAC_SHA1) 
++		not_approved = true;
++	else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
+ 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+ 	} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {
+@@ -957,8 +962,9 @@ int gnutls_hash_fast(gnutls_digest_algor
+ {
+ 	int ret;
+ 	bool not_approved = false;
+-
+-	if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
++	if (algorithm == GNUTLS_MAC_SHA1) 
++		not_approved = true;
++	else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
+ 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+ 	} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {
+@@ -2173,7 +2179,9 @@ int gnutls_pbkdf2(gnutls_mac_algorithm_t
+ 	bool not_approved = false;
+ 
+ 	/* MD5 is only allowed internally for TLS */
+-	if (!is_mac_algo_allowed(mac)) {
++	if (mac == GNUTLS_MAC_SHA1) 
++		not_approved = true;
++	else if (!is_mac_algo_allowed(mac)) {
+ 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+ 	} else if (!is_mac_algo_hmac_approved_in_fips(mac)) {
+Index: gnutls-3.8.10/lib/crypto-selftests.c
+===================================================================
+--- gnutls-3.8.10.orig/lib/crypto-selftests.c
++++ gnutls-3.8.10/lib/crypto-selftests.c
+@@ -2891,7 +2891,7 @@ int gnutls_mac_self_test(unsigned flags,
+ 	case GNUTLS_MAC_UNKNOWN:
+ 		NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors);
+ 		FALLTHROUGH;
+-		CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);
++		NON_FIPS_CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);
+ 		FALLTHROUGH;
+ 		CASE(GNUTLS_MAC_SHA224, test_mac, hmac_sha224_vectors);
+ 		FALLTHROUGH;
+Index: gnutls-3.8.10/lib/fips.h
+===================================================================
+--- gnutls-3.8.10.orig/lib/fips.h
++++ gnutls-3.8.10/lib/fips.h
+@@ -79,7 +79,6 @@ inline static bool
+ is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)
+ {
+ 	switch (algo) {
+-	case GNUTLS_MAC_SHA1:
+ 	case GNUTLS_MAC_SHA256:
+ 	case GNUTLS_MAC_SHA384:
+ 	case GNUTLS_MAC_SHA512:
+Index: gnutls-3.8.10/tests/fips-test.c
+===================================================================
+--- gnutls-3.8.10.orig/tests/fips-test.c
++++ gnutls-3.8.10/tests/fips-test.c
+@@ -397,11 +397,12 @@ void doit(void)
+ 	}
+ 	FIPS_POP_CONTEXT(ERROR);
+ 
++	FIPS_PUSH_CONTEXT();
+ 	ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
+ 	if (ret < 0) {
+-		fail("gnutls_hmac_init failed\n");
++		fail("gnutls_hmac_init failed for sha1\n");
+ 	}
+-	gnutls_hmac_deinit(mh, NULL);
++	FIPS_POP_CONTEXT(NOT_APPROVED);
+ 
+ 	ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size);
+ 	if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
+@@ -736,7 +737,7 @@ void doit(void)
+ 	}
+ 	hashed_data.data = hash;
+ 	hashed_data.size = 20;
+-	FIPS_POP_CONTEXT(APPROVED);
++	FIPS_POP_CONTEXT(NOT_APPROVED);
+ 
+ 	/* Create a signature with ECDSA and SHA1 (2-pass API); not-approved */
+ 	FIPS_PUSH_CONTEXT();
+Index: gnutls-3.8.10/tests/gnutls_hmac_fast.c
+===================================================================
+--- gnutls-3.8.10.orig/tests/gnutls_hmac_fast.c
++++ gnutls-3.8.10/tests/gnutls_hmac_fast.c
+@@ -42,6 +42,11 @@ void doit(void)
+ 	if (debug)
+ 		gnutls_global_set_log_level(4711);
+ 
++	/* enable MD5 and SHA1 usage  */
++	if (gnutls_fips140_mode_enabled()) {
++		gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);
++	}
++
+ 	err = gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
+ 			       digest);
+ 	if (err < 0)
+@@ -59,11 +64,6 @@ void doit(void)
+ 		}
+ 	}
+ 
+-	/* enable MD5 usage */
+-	if (gnutls_fips140_mode_enabled()) {
+-		gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);
+-	}
+-
+ 	err = gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8,
+ 			       digest);
+ 	if (err < 0)
+Index: gnutls-3.8.10/tests/kdf-api.c
+===================================================================
+--- gnutls-3.8.10.orig/tests/kdf-api.c
++++ gnutls-3.8.10/tests/kdf-api.c
+@@ -108,7 +108,6 @@ inline static bool
+ is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)
+ {
+ 	switch (algo) {
+-	case GNUTLS_MAC_SHA1:
+ 	case GNUTLS_MAC_SHA256:
+ 	case GNUTLS_MAC_SHA384:
+ 	case GNUTLS_MAC_SHA512:
+@@ -145,7 +144,7 @@ static void test_pbkdf2(gnutls_mac_algor
+ 	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
+ 
+ 	fips_push_context(fips_context);
+-	assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
++	gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length);
+ 	fips_pop_context(fips_context, expected_state);
+ 	gnutls_free(ikm.data);
+ 	gnutls_free(salt.data);

gnutls-FIPS-jitterentropy-deinit-threads.patch

@@ -0,0 +1,34 @@
+Index: gnutls-3.8.4/lib/state.c
+===================================================================
+--- gnutls-3.8.4.orig/lib/state.c
++++ gnutls-3.8.4/lib/state.c
+@@ -830,6 +830,12 @@ void gnutls_deinit(gnutls_session_t sess
+ 	gnutls_mutex_deinit(&session->internals.post_negotiation_lock);
+ 	gnutls_mutex_deinit(&session->internals.epoch_lock);
+ 
++#if defined(__linux__)
++# if defined(ENABLE_FIPS140)
++	_rnd_system_entropy_deinit();
++# endif
++#endif
++
+ 	gnutls_free(session);
+ }
+ 
+Index: gnutls-3.8.4/lib/nettle/rnd.c
+===================================================================
+--- gnutls-3.8.4.orig/lib/nettle/rnd.c
++++ gnutls-3.8.4/lib/nettle/rnd.c
+@@ -79,6 +79,12 @@ struct generators_ctx_st {
+ 
+ static void wrap_nettle_rnd_deinit(void *_ctx)
+ {
++#if defined(__linux__)
++# if defined(ENABLE_FIPS140)
++	_rnd_system_entropy_deinit();
++# endif
++#endif
++
+ 	gnutls_free(_ctx);
+ }
+ 

gnutls-FIPS-jitterentropy.patch

@@ -1,7 +1,7 @@
-Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c
+Index: gnutls-3.8.9/lib/nettle/sysrng-linux.c
 ===================================================================
---- gnutls-3.8.1.orig/lib/nettle/sysrng-linux.c
-+++ gnutls-3.8.1/lib/nettle/sysrng-linux.c
+--- gnutls-3.8.9.orig/lib/nettle/sysrng-linux.c
++++ gnutls-3.8.9/lib/nettle/sysrng-linux.c
 @@ -49,6 +49,15 @@
  get_entropy_func _rnd_get_system_entropy = NULL;
  
@@ -158,11 +158,11 @@ Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c
 +#endif
  	return;
  }
-Index: gnutls-3.8.1/lib/nettle/Makefile.in
+Index: gnutls-3.8.9/lib/nettle/Makefile.in
 ===================================================================
---- gnutls-3.8.1.orig/lib/nettle/Makefile.in
-+++ gnutls-3.8.1/lib/nettle/Makefile.in
-@@ -402,7 +402,7 @@ am__v_CC_1 =
+--- gnutls-3.8.9.orig/lib/nettle/Makefile.in
++++ gnutls-3.8.9/lib/nettle/Makefile.in
+@@ -521,7 +521,7 @@ am__v_CC_1 =
  CCLD = $(CC)
  LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
  	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -171,10 +171,10 @@ Index: gnutls-3.8.1/lib/nettle/Makefile.in
  AM_V_CCLD = $(am__v_CCLD_@AM_V@)
  am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
  am__v_CCLD_0 = @echo "  CCLD    " $@;
-Index: gnutls-3.8.1/lib/nettle/Makefile.am
+Index: gnutls-3.8.9/lib/nettle/Makefile.am
 ===================================================================
---- gnutls-3.8.1.orig/lib/nettle/Makefile.am
-+++ gnutls-3.8.1/lib/nettle/Makefile.am
+--- gnutls-3.8.9.orig/lib/nettle/Makefile.am
++++ gnutls-3.8.9/lib/nettle/Makefile.am
 @@ -20,7 +20,7 @@
  
  include $(top_srcdir)/lib/common.mk
@@ -182,12 +182,12 @@ Index: gnutls-3.8.1/lib/nettle/Makefile.am
 -AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS)
 +AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS) -ljitterentropy
  
- AM_CPPFLAGS = \
+ AM_CPPFLAGS += \
  	-I$(srcdir)/int		\
-Index: gnutls-3.8.1/lib/nettle/rnd-fips.c
+Index: gnutls-3.8.9/lib/nettle/rnd-fips.c
 ===================================================================
---- gnutls-3.8.1.orig/lib/nettle/rnd-fips.c
-+++ gnutls-3.8.1/lib/nettle/rnd-fips.c
+--- gnutls-3.8.9.orig/lib/nettle/rnd-fips.c
++++ gnutls-3.8.9/lib/nettle/rnd-fips.c
 @@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc
  	uint8_t buffer[DRBG_AES_SEED_SIZE];
  	int ret;
@@ -210,16 +210,16 @@ Index: gnutls-3.8.1/lib/nettle/rnd-fips.c
  	ret = get_entropy(fctx, buffer, sizeof(buffer));
  	if (ret < 0) {
  		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
-Index: gnutls-3.8.1/tests/Makefile.am
+Index: gnutls-3.8.9/tests/Makefile.am
 ===================================================================
---- gnutls-3.8.1.orig/tests/Makefile.am
-+++ gnutls-3.8.1/tests/Makefile.am
-@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
+--- gnutls-3.8.9.orig/tests/Makefile.am
++++ gnutls-3.8.9/tests/Makefile.am
+@@ -212,7 +212,7 @@ ctests += mini-record-2 simple gnutls_hm
  	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
  	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
  	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
--	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
-+	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
+-	 set_x509_key_file_ocsp client-fastopen rng-sigint srp \
++	 set_x509_key_file_ocsp client-fastopen srp \
  	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
  	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
  	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \

gnutls-disable-flaky-test-dtls-resume.patch

@@ -1,10 +1,10 @@
-Index: gnutls-3.7.8/tests/Makefile.am
+Index: gnutls-3.8.10/tests/Makefile.am
 ===================================================================
---- gnutls-3.7.8.orig/tests/Makefile.am
-+++ gnutls-3.7.8/tests/Makefile.am
-@@ -508,7 +508,7 @@ if !WINDOWS
- # List of tests not available/functional under windows
- #
+--- gnutls-3.8.10.orig/tests/Makefile.am
++++ gnutls-3.8.10/tests/Makefile.am
+@@ -536,7 +536,7 @@ ktls_keyupdate_CFLAGS = -DUSE_KTLS
+ dist_check_SCRIPTS += ktls_keyupdate.sh
+ endif
  
 -dist_check_SCRIPTS += dtls/dtls.sh dtls/dtls-resume.sh #dtls/dtls-nb
 +dist_check_SCRIPTS += dtls/dtls.sh #dtls/dtls-resume.sh #dtls/dtls-nb

gnutls-fips-sonames-check.patch

@@ -0,0 +1,27 @@
+Index: gnutls-3.8.9/lib/fips.c
+===================================================================
+--- gnutls-3.8.9.orig/lib/fips.c
++++ gnutls-3.8.9/lib/fips.c
+@@ -484,18 +484,18 @@ static int callback(struct dl_phdr_info
+ 	const char *soname = last_component(path);
+ 	struct lib_paths *paths = (struct lib_paths *)data;
+ 
+-	if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
++	if (!strncmp(soname, GNUTLS_LIBRARY_SONAME, strlen(GNUTLS_LIBRARY_SONAME)))
+ 		_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+ #ifdef NETTLE_LIBRARY_SONAME
+-	else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
++	else if (!strncmp(soname, NETTLE_LIBRARY_SONAME, strlen(NETTLE_LIBRARY_SONAME)))
+ 		_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
+ #endif
+ #ifdef HOGWEED_LIBRARY_SONAME
+-	else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
++	else if (!strncmp(soname, HOGWEED_LIBRARY_SONAME, strlen(HOGWEED_LIBRARY_SONAME)))
+ 		_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
+ #endif
+ #ifdef GMP_LIBRARY_SONAME
+-	else if (!strcmp(soname, GMP_LIBRARY_SONAME))
++	else if (!strncmp(soname, GMP_LIBRARY_SONAME, strlen(GMP_LIBRARY_SONAME)))
+ 		_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+ #endif
+ 	return 0;

gnutls-set-cligen-python-interp.patch

@@ -0,0 +1,10 @@
+Index: gnutls-3.8.9/cligen/cli-docgen.py
+===================================================================
+--- gnutls-3.8.9.orig/cligen/cli-docgen.py
++++ gnutls-3.8.9/cligen/cli-docgen.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ # Copyright (C) 2021-2022 Daiki Ueno
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+ 

gnutls-skip-pqx-test.patch

@@ -0,0 +1,34 @@
+Index: gnutls-3.8.10/tests/Makefile.am
+===================================================================
+--- gnutls-3.8.10.orig/tests/Makefile.am
++++ gnutls-3.8.10/tests/Makefile.am
+@@ -628,8 +628,6 @@ ctests += win32-certopenstore
+ 
+ endif
+ 
+-dist_check_SCRIPTS += pqc-hybrid-kx.sh
+-
+ cpptests =
+ if ENABLE_CXX
+ if HAVE_CMOCKA
+Index: gnutls-3.8.10/tests/Makefile.in
+===================================================================
+--- gnutls-3.8.10.orig/tests/Makefile.in
++++ gnutls-3.8.10/tests/Makefile.in
+@@ -3293,7 +3293,7 @@ am__dist_check_SCRIPTS_DIST = rfc2253-es
+ 	gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh \
+ 	gnutls-cli-rawpk.sh dh-fips-approved.sh p11-kit-trust.sh \
+ 	testpkcs11.sh certtool-pkcs11.sh pkcs11-tool.sh \
+-	p11-kit-load.sh danetool.sh tpmtool_test.sh pqc-hybrid-kx.sh
++	p11-kit-load.sh danetool.sh tpmtool_test.sh 
+ AM_V_P = $(am__v_P_@AM_V@)
+ am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+ am__v_P_0 = false
+@@ -7178,7 +7178,6 @@ dist_check_SCRIPTS = rfc2253-escape-test
+ 	$(am__append_18) $(am__append_20) $(am__append_21) \
+ 	$(am__append_23) $(am__append_25) $(am__append_26) \
+ 	$(am__append_27) $(am__append_29) $(am__append_30) \
+-	pqc-hybrid-kx.sh
+ @ENABLE_KTLS_TRUE@@WINDOWS_FALSE@ktls_keyupdate_SOURCES = tls13/key_update.c
+ @ENABLE_KTLS_TRUE@@WINDOWS_FALSE@ktls_keyupdate_CFLAGS = -DUSE_KTLS
+ @WINDOWS_FALSE@dtls_stress_SOURCES = dtls/dtls-stress.c

gnutls-srp-test-SIGPIPE.patch

@@ -1,8 +1,8 @@
-Index: gnutls-3.8.1/tests/srp.c
+Index: gnutls-3.8.9/tests/srp.c
 ===================================================================
---- gnutls-3.8.1.orig/tests/srp.c
-+++ gnutls-3.8.1/tests/srp.c
-@@ -287,7 +289,7 @@ static void start(const char *name, cons
+--- gnutls-3.8.9.orig/tests/srp.c
++++ gnutls-3.8.9/tests/srp.c
+@@ -290,7 +290,7 @@ static void start(const char *name, cons
  	if (child) {
  		int status;
  		/* parent */
@@ -11,7 +11,7 @@ Index: gnutls-3.8.1/tests/srp.c
  		client(fd[1], prio, user, pass, exp_err);
  		if (exp_err < 0) {
  			kill(child, SIGTERM);
-@@ -297,7 +299,7 @@ static void start(const char *name, cons
+@@ -300,7 +300,7 @@ static void start(const char *name, cons
  			check_wait_status(status);
  		}
  	} else {

gnutls.changes

@@ -1,3 +1,283 @@
+-------------------------------------------------------------------
+Tue Jul 15 08:12:29 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Build with leancrypto. The liboqs support for post-quantum
+  cryptography (PQC) has been removed and is only provided through
+  leancrypto.
+
+-------------------------------------------------------------------
+Tue Jul 15 07:40:21 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Build with TPM 2.0 support via tpm2-0-tss.
+
+-------------------------------------------------------------------
+Mon Jul 14 17:00:21 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 3.8.10:
+  * libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
+    Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
+    [bsc#1246299, CVE-2025-6395]
+  * libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
+    Spotted by oss-fuzz and reported by OpenAI Security Research Team,
+    and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
+    CVSS: medium] [bsc#1246233, CVE-2025-32989]
+  * libgnutls: Fix double-free upon error when exporting otherName in SAN
+    Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
+    CVSS: low] [bsc#1246232, CVE-2025-32988]
+  * certtool: Fix 1-byte write buffer overrun when parsing template
+    Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
+    CVSS: low] [bsc#1246267, CVE-2025-32990]
+  * libgnutls: PKCS#11 modules can now be used to override the default
+    cryptographic backend. Use the [provider] section in the system-wide config
+    to specify path and pin to the module (see system-wide config Documentation).
+  * libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update
+    support. The library running on the aforementioned version now utilizes the
+    kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
+    TLS session. The --enable-ktls configure option as well as the system-wide
+    kTLS configuration(see GnuTLS Documentation) are still required to enable
+    this feature.
+  * libgnutls: liboqs support for PQC has been removed
+    For maintenance purposes, support for post-quantum cryptography
+    (PQC) is now only provided through leancrypto. The experimental key
+    exchange algorithm, X25519Kyber768Draft00, which is based on the
+    round 3 candidate of Kyber and only supported through liboqs has
+    also been removed altogether.
+  * libgnutls: TLS certificate compression methods can now be set with
+    cert-compression-alg configuration option in the gnutls priority file.
+  * libgnutls: All variants of ML-DSA private key formats are supported
+    While the previous implementation of ML-DSA was based on
+    draft-ietf-lamps-dilithium-certificates-04, this updates it to
+    draft-ietf-lamps-dilithium-certificates-12 with support for all 3
+    variants of private key formats: "seed", "expandedKey", and "both".
+  * libgnutls: ML-DSA signatures can now be used in TLS
+    The ML-DSA signature algorithms, ML-DSA-44, ML-DSA-65, and
+    ML-DSA-87, can now be used to digitally sign TLS handshake
+    messages.
+  * API and ABI modifications:
+    - GNUTLS_PKCS_MLDSA_SEED: New enum member of gnutls_pkcs_encrypt_flags_t
+    - GNUTLS_PKCS_MLDSA_EXPANDED: New enum member of gnutls_pkcs_encrypt_flags_t
+- Add patch gnutls-3.8.10-disable-ktls_test.patch
+- Rebased patches:
+  * gnutls-FIPS-140-3-references.patch
+  * gnutls-FIPS-disable-mac-sha1.patch
+  * gnutls-disable-flaky-test-dtls-resume.patch
+  * gnutls-skip-pqx-test.patch
+
+-------------------------------------------------------------------
+Sun Jul 13 18:54:51 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- enable ktls support
+- enable brotli and zstd compression support
+
+-------------------------------------------------------------------
+Mon Apr 28 12:49:45 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
+
+- Fix FIPS mode running on Tumbleweed [bsc#1237101]
+  * When nettle or libhogweed are installed with glbic-hwcaps for x86_64-v3,
+    some paths differ and we are unable to match the hmac file for the lib.
+  * Add gnutls-FIPS-HMAC-x86_64-v3-opt.patch
+
+-------------------------------------------------------------------
+Thu Apr  3 10:19:59 UTC 2025 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Disable liboqs on armv6
+
+-------------------------------------------------------------------
+Mon Mar 24 15:53:48 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
+
+- FIPS: Mark SHA-1 as non-approved in the SLI for all operations. [jsc#PED-12224]
+  * Add gnutls-FIPS-disable-mac-sha1.patch
+
+-------------------------------------------------------------------
+Tue Mar 18 07:56:18 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
+
+- bsc#1237101, FIPS selfcheck fails on tumbleweed
+  * Match dependent library names ( nettle, gmp, hogweed ) even when they include full verison in soname
+  * Add gnutls-fips-sonames-check.patch
+
+-------------------------------------------------------------------
+Mon Feb 24 11:15:52 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
+
+- Update to 3.8.9:
+  - libgnutls: leancrypto was added as an interim option for PQC
+    The library can now be built with leancrypto instead of liboqs for
+    post-quantum cryptography (PQC), when configured with
+    --with-leancrypto option instead of --with-liboqs.
+  - libgnutls: Experimental support for ML-DSA signature algorithm
+    The library and certtool now support ML-DSA signature algorithm as
+    defined in FIPS 204 and based on
+    draft-ietf-lamps-dilithium-certificates-04. This feature is
+    currently marked as experimental and can only be enabled when
+    compiled with --with-leancrypto or --with-liboqs.
+    Contributed by David Dudas.
+  - libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
+    The support for ML-KEM post-quantum key encapsulation mechanisms
+    has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
+    MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
+    draft-kwiatkowski-tls-ecdhe-mlkem-03.
+  - libgnutls: Fix potential DoS in handling certificates with numerous name
+    constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
+    bundled copy of libtasn1 has also been updated to the latest 4.20.0
+    release to complete the fix.  Reported by Bing Shi (#1553).
+    [GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243
+  - Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2
+  * Rebased gnutls-FIPS-140-3-references.patch
+  * Rebased gnutls-FIPS-TLS_KDF_selftest.patch
+  * Rebased gnutls-FIPS-jitterentropy.patch
+  * Rebased gnutls-disable-flaky-test-dtls-resume.patch
+  * Rebased gnutls-srp-test-SIGPIPE.patch
+  * Rebased gnutls-3.5.11-skip-trust-store-tests.patch
+  * Add gnutls-set-cligen-python-interp.patch
+  * Add gnutls-skip-pqx-test.patch
+
+-------------------------------------------------------------------
+Mon Nov 11 10:04:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.8.8:
+  - libgnutls: Experimental support for X25519MLKEM768 and
+    SecP256r1MLKEM768 key exchange in TLS 1.3:  The support for
+    post-quantum key exchanges has been extended to cover the final
+    standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem.
+    The minimum supported version of liboqs is bumped to 0.11.0.
+  - libgnutls: All records included in an OCSP response are now checked
+    in TLS: Previously, when multiple records are provided in a single
+    OCSP response, only the first record was considered; now all those
+    records are examined until the server certificate matches.
+  - libgnutls: Handling of malformed compress_certificate extension is
+    now more standard compliant: The server behavior of receiving a
+    malformed compress_certificate extension now more strictly follows
+    RFC 8879; return illegal_parameter alert instead of bad_certificate,
+    as well as overlong extension data is properly rejected.
+  - build: More flexible library linking options for compression
+    libraries, TPM, and liboqs support: The configure options,
+    --with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs
+    now take 4 states: yes/link/dlopen/no, to specify how the libraries
+    are linked or loaded.
+  * Rebase gnutls-FIPS-140-3-references.patch
+
+-------------------------------------------------------------------
+Fri Sep 27 08:02:09 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Build with liboqs to support the X25519Kyber768 post-quantum key
+  exchange algorithm.
+
+-------------------------------------------------------------------
+Thu Sep  5 07:57:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- FIPS: Allow to perform the integrity check with the hmac provided
+  by each library [bsc#1226724]
+  * Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
+
+-------------------------------------------------------------------
+Mon Sep  2 10:09:23 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.8.7:
+  * libgnutls: New configure option to compile out DSA support
+    The --disable-dsa configure option has been added to completely
+    disable DSA algorithm support.
+  * libgnutls: Experimental support for X25519Kyber768Draft00 key
+    exchange in TLS. For testing purposes, the hybrid post-quantum
+    key exchange defined in draft-tls-westerbaan-xyber768d00 has been
+    implemented using liboqs. Since the algorithm is still not finalized,
+    the support of this key exchange is disabled by default and can be
+    enabled with the --with-liboqs configure option.
+  * Rebase patches:
+    - gnutls-FIPS-140-3-references.patch
+    - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
+
+-------------------------------------------------------------------
+Thu Jul 25 08:51:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.8.6:
+  * libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
+    To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
+    PBKDF2 (PBMAC1) is now supported, according to the specification
+    proposed in draft-ietf-lamps-pkcs12-pbmac1.
+  * libgnutls: SHA3 extendable output functions (XOF) are now supported
+    SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
+    public API gnutls_hash_squeeze.
+  * API and ABI modifications:
+    - gnutls_pkcs12_generate_mac3: New function
+    - gnutls_pkcs12_flags_t: New enum
+    - gnutls_hash_squeeze: New function
+  * Rebase patches:
+    - gnutls-FIPS-140-3-references.patch
+    - gnutls-FIPS-jitterentropy.patch
+
+-------------------------------------------------------------------
+Fri Apr  5 07:28:14 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.8.5:
+  * libgnutls: Due to majority of usages and implementations of
+    RSA decryption with PKCS#1 v1.5 padding being incorrect,
+    leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
+    is being deprecated (encryption and decryption) and will be
+    disabled in the future. A new option 'allow-rsa-pkcs1-encrypt'
+    has been added into the system-wide library configuration which
+    allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
+    RSAES-PKCS1-v1_5 is enabled by default.
+  * libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
+    backward compatibility with GCR.
+  * libgnutls: A couple of memory related issues have been fixed in
+    RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA
+    with earlier versions of GMP. These were a regression introduced
+    in the 3.8.4 release. See #1535 and !1827.
+  * build: Fixed a bug where building gnutls statically failed due
+    to a duplicate definition of nettle_rsa_compute_root_tr().
+  * API and ABI modifications:
+    - GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of
+      gnutls_pkcs_encrypt_flags_t
+  * Rebase patches:
+    - gnutls-FIPS-TLS_KDF_selftest.patch
+    - gnutls-FIPS-140-3-references.patch
+
+-------------------------------------------------------------------
+Wed Mar 20 12:08:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- jitterentropy: Release the memory of the entropy collector when
+  using jitterentropy with phtreads as there is also a
+  pre-intitization done in the main thread. [bsc#1221242]
+  * Add gnutls-FIPS-jitterentropy-deinit-threads.patch
+
+-------------------------------------------------------------------
+Wed Mar 20 09:26:32 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.8.4:
+  * libgnutls: RSA-OAEP encryption scheme is now supported
+    To use it with an unrestricted RSA private key, one would need to
+    initialize a gnutls_x509_spki_t object with necessary parameters
+    for RSA-OAEP and attach it to the private key. It is also possible
+    to import restricted private keys if they are stored in PKCS#8
+    format.
+  * libgnutls: Fix side-channel in the deterministic ECDSA.
+    Reported by George Pantelakis (#1516).
+    [GNUTLS-SA-2023-12-04, CVSS: medium] [bsc#1221746, CVE-2024-28834]
+  * libgnutls: Fixed a bug where certtool crashed when verifying a
+    certificate chain with more than 16 certificates. Reported by
+    William Woodruff (#1525) and yixiangzhike (#1527).
+    [GNUTLS-SA-2024-01-23, CVSS: medium] [bsc#1221747, CVE-2024-28835]
+  * libgnutls: Compression libraries are now loaded dynamically as needed
+    instead of all being loaded during gnutls library initialization.
+    As a result, the library initialization should be faster.
+  * build: The gnutls library can now be linked with the static library
+    of GMP.  Note that in order for this to work libgmp.a needs to be
+    compiled with -fPIC and libhogweed in Nettle also has to be linked
+    to the static library of GMP.  This can be used to prevent custom
+    memory allocators from being overriden by other applications.
+  * API and ABI modifications:
+    - gnutls_x509_spki_get_rsa_oaep_params: New function.
+    - gnutls_x509_spki_set_rsa_oaep_params: New function.
+    - GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.
+  * Rebase patches:
+    - gnutls-FIPS-140-3-references.patch
+    - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
+
+-------------------------------------------------------------------
+Wed Feb 21 18:04:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Remove some if..endif that do not affect any result
+- Split documentation (some 1100 files) to separate subpackage
+
 -------------------------------------------------------------------
 Wed Jan 17 08:41:07 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 

gnutls.spec

@@ -1,7 +1,8 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -39,8 +40,10 @@
 %bcond_with kcapi
 %endif
 %bcond_with tpm
+%bcond_without tpm2
+%bcond_without leancrypto
 Name:           gnutls
-Version:        3.8.3
+Version:        3.8.10
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        GPL-3.0-or-later AND LGPL-2.1-or-later
@@ -66,7 +69,18 @@ Patch101:       gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
 Patch102:       gnutls-FIPS-jitterentropy.patch
+#PATCH-FIX-SUSE bsc#1221242 Fix memleak in gnutls' jitterentropy collector
+Patch103:       gnutls-FIPS-jitterentropy-deinit-threads.patch
 %endif
+Patch104:       gnutls-set-cligen-python-interp.patch
+Patch105:       gnutls-skip-pqx-test.patch
+Patch106:       gnutls-fips-sonames-check.patch
+# PATCH-FIX-SUSE jsc#jsc#PED-12224 FIPS: Mark SHA1 as unapproved in the SLI
+Patch107:       gnutls-FIPS-disable-mac-sha1.patch
+# PATCH-FIX-SUSE bsc#1237101 GNUTLS FIPS selfcheck is failing again on tumbleweed
+Patch108:       gnutls-FIPS-HMAC-x86_64-v3-opt.patch
+# PATCH-FIX-SUSE Disable test
+Patch109:       gnutls-3.8.10-disable-ktls_test.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -85,10 +99,16 @@ BuildRequires:  p11-kit-devel >= 0.23.1
 BuildRequires:  pkgconfig
 BuildRequires:  xz
 BuildRequires:  pkgconfig(autoopts)
+BuildRequires:  pkgconfig(libbrotlidec)
+BuildRequires:  pkgconfig(libbrotlienc)
+BuildRequires:  pkgconfig(libzstd)
 BuildRequires:  pkgconfig(zlib)
 %if %{with kcapi}
 BuildRequires:  pkgconfig(libkcapi)
 %endif
+%if %{with leancrypto}
+BuildRequires:  pkgconfig(leancrypto)
+%endif
 %if 0%{?suse_version} <= 1320
 BuildRequires:  net-tools
 %else
@@ -97,6 +117,9 @@ BuildRequires:  net-tools-deprecated
 %if %{with tpm}
 BuildRequires:  trousers-devel
 %endif
+%if %{with tpm2}
+BuildRequires:  tpm2-0-tss-devel >= 3.0.3
+%endif
 %if %{with dane}
 Requires:       libgnutls-dane%{gnutls_dane_sover} = %{version}
 %if 0%{?suse_version} <= 1320
@@ -107,10 +130,13 @@ BuildRequires:  libunbound-devel
 %endif
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 BuildRequires:  crypto-policies
-Requires:       crypto-policies
 BuildRequires:  jitterentropy-devel >= 3.4.0
+Requires:       crypto-policies
 Requires:       libjitterentropy3 >= 3.4.0
 %endif
+%if %{with tpm}
+Recommends:     trousers
+%endif
 
 %description
 The GnuTLS library provides a secure layer over a reliable transport
@@ -132,7 +158,6 @@ The GnuTLS library provides a secure layer over a reliable transport
 layer. Currently the GnuTLS library implements the proposed standards
 of the IETF's TLS working group.
 
-%if %{with dane}
 %package -n libgnutls-dane%{gnutls_dane_sover}
 Summary:        DANE support for the GNU Transport Layer Security Library
 License:        LGPL-2.1-or-later
@@ -142,7 +167,6 @@ Group:          System/Libraries
 The GnuTLS project aims to develop a library that provides a secure
 layer over a reliable transport layer.
 This package contains the "DANE" part of gnutls.
-%endif
 
 %package -n libgnutlsxx%{gnutlsxx_sover}
 Summary:        C++ API for the GNU Transport Layer Security Library
@@ -172,7 +196,6 @@ Requires:       crypto-policies
 %description -n libgnutls-devel
 Files needed for software development using gnutls.
 
-%if %{with dane}
 %package -n libgnutls-dane-devel
 Summary:        Development package for GnuTLS DANE component
 License:        LGPL-2.1-or-later
@@ -181,7 +204,14 @@ Requires:       libgnutls-dane%{gnutls_dane_sover} = %{version}
 
 %description -n libgnutls-dane-devel
 Files needed for software development using gnutls.
-%endif
+
+%package -n libgnutls-devel-doc
+Summary:        Manual and Info pages for libgnutls
+License:        LGPL-2.1-or-later
+BuildArch:      noarch
+
+%description -n libgnutls-devel-doc
+Manpages (troff) and GNU Info pages for libgnutls.
 
 %package -n libgnutlsxx-devel
 Summary:        Development package for the GnuTLS C++ API
@@ -221,6 +251,11 @@ autoreconf -fiv
 %if %{without tpm}
         --without-tpm \
 %endif
+%if %{with tpm2}
+        --with-tpm2 \
+%else
+        --without-tpm2 \
+%endif
 %if %{with dane}
         --with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
 %else
@@ -229,6 +264,11 @@ autoreconf -fiv
 %if %{with srp}
         --enable-srp-authentication \
 %endif
+%if %{with leancrypto}
+        --with-leancrypto \
+%else
+        --without-leancrypto \
+%endif
 %ifarch %{ix86} %{arm}
         --disable-year2038 \
 %endif
@@ -236,6 +276,7 @@ autoreconf -fiv
         --enable-fips140-mode \
         --with-fips140-module-name="GnuTLS version" \
         --with-fips140-module-version="%{version}-%{release}" \
+        --enable-ktls \
         %{nil}
 
 %make_build
@@ -296,19 +337,12 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 }
 %endif
 
-%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
-%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
-
-%if %{with dane}
-%post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
-%postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
-%endif
-
-%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
-%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
+%ldconfig_scriptlets -n libgnutls%{gnutls_sover}
+%ldconfig_scriptlets -n libgnutls-dane%{gnutls_dane_sover}
+%ldconfig_scriptlets -n libgnutlsxx%{gnutlsxx_sover}
 
 %files -f libgnutls.lang
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
 %{_bindir}/certtool
 %{_bindir}/gnutls-cli
@@ -329,22 +363,22 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %{_mandir}/man1/*
 
 %files -n libgnutls%{gnutls_sover}
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %{_libdir}/libgnutls.so.%{gnutls_sover}*
 %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
 
 %if %{with dane}
 %files -n libgnutls-dane%{gnutls_dane_sover}
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}*
 %endif
 
 %files -n libgnutlsxx%{gnutlsxx_sover}
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}*
 
 %files -n libgnutls-devel
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %dir %{_includedir}/%{name}
 %{_includedir}/%{name}/abstract.h
 %{_includedir}/%{name}/crypto.h
@@ -365,13 +399,15 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %{_includedir}/%{name}/urls.h
 %{_libdir}/libgnutls.so
 %{_libdir}/pkgconfig/gnutls.pc
+
+%files -n libgnutls-devel-doc
 %{_mandir}/man3/*
 %{_infodir}/*%{ext_info}
-%doc %{_docdir}/libgnutls-devel
+%{_docdir}/libgnutls-devel
 
 %if %{with dane}
 %files -n libgnutls-dane-devel
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %dir %{_includedir}/%{name}
 %{_includedir}/%{name}/dane.h
 %{_libdir}/pkgconfig/gnutls-dane.pc
@@ -379,7 +415,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %endif
 
 %files -n libgnutlsxx-devel
-%license LICENSE
+%license COPYING COPYING.LESSERv2
 %{_libdir}/libgnutlsxx.so
 %dir %{_includedir}/%{name}
 %{_includedir}/%{name}/gnutlsxx.h