SLFO-pool/gnutls
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
pull from: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

4 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
e42c8baedc Sync from SUSE:SLFO:1.1 gnutls revision b39b5672c002794d0d86d35fb0496048 2025-12-16 09:16:57 +01:00
Adrian Schröter
bb74ac5ca2 Sync from SUSE:SLFO:1.1 gnutls revision 4f8d70abb74e88a30c17fd8511a41412 2025-08-29 10:38:46 +02:00
Adrian Schröter
94fe0691bb Sync from SUSE:SLFO:1.1 gnutls revision 47594a15b2056d93254c57a2cdd3169f 2025-04-29 11:49:10 +02:00
Adrian Schröter
357b5af570 Sync from SUSE:SLFO:1.1 gnutls revision e89f7727b7e807fda4f4a9a13817915e 2025-04-15 19:14:32 +02:00
25 changed files with 5067 additions and 907 deletions
Expand all files Collapse all files

8
gnutls-3.5.11-skip-trust-store-tests.patch
View File

@@ -15,11 +15,11 @@ need ca-certificates-mozilla to run.
But this would create a build cycle. Skip test.
Index: gnutls-3.8.9/tests/trust-store.c
Index: gnutls-3.6.15/tests/trust-store.c
===================================================================
--- gnutls-3.8.9.orig/tests/trust-store.c
+++ gnutls-3.8.9/tests/trust-store.c
@@ -42,6 +42,9 @@ static void tls_log_func(int level, cons
--- gnutls-3.6.15.orig/tests/trust-store.c 2020-09-08 10:24:24.018094247 +0200
+++ gnutls-3.6.15/tests/trust-store.c 2020-09-08 10:24:25.534104346 +0200
@@ -44,6 +44,9 @@ static void tls_log_func(int level, cons
void doit(void)
{

BIN
gnutls-3.8.3.tar.xz LFS Normal file
View File

Binary file not shown.

BIN
gnutls-3.8.3.tar.xz.sig Normal file
View File

Binary file not shown.

BIN
gnutls-3.8.9.tar.xz LFS
View File

Binary file not shown.

BIN
gnutls-3.8.9.tar.xz.sig
View File

Binary file not shown.

1148
gnutls-CVE-2024-12243.patch Normal file
View File

File diff suppressed because it is too large Load Diff

418
gnutls-CVE-2024-28834.patch Normal file
View File

@@ -0,0 +1,418 @@
From 1c4701ffc342259fc5965d5a0de90d87f780e3e5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jan 2024 17:56:58 +0900
Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA
This removes function calls that potentially leak bit-length of a
private key used to calculate a nonce in deterministic ECDSA. Namely:
- _gnutls_dsa_compute_k has been rewritten to work on always
zero-padded mp_limb_t arrays instead of mpz_t
- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
by a byte array instead of an mpz_t value
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/int/dsa-compute-k.c | 70 +++++++++++++++++++++----------
lib/nettle/int/dsa-compute-k.h | 23 +++++++++-
lib/nettle/int/ecdsa-compute-k.c | 28 +++----------
lib/nettle/int/ecdsa-compute-k.h | 4 +-
lib/nettle/pk.c | 65 +++++++++++++++++++++-------
tests/sign-verify-deterministic.c | 2 +-
6 files changed, 127 insertions(+), 65 deletions(-)
diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
index 8ff5739c2b..2fcb2bb80e 100644
--- a/lib/nettle/int/dsa-compute-k.c
+++ b/lib/nettle/int/dsa-compute-k.c
@@ -31,19 +31,30 @@
#include "mpn-base256.h"
#include <string.h>
-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+/* For mini-gmp */
+#ifndef GMP_LIMB_BITS
+#define GMP_LIMB_BITS GMP_NUMB_BITS
+#endif
-/* The maximum size of q, chosen from the fact that we support
- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
- * maximum. */
-#define MAX_Q_BITS 521
-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+static inline int is_zero_limb(mp_limb_t x)
+{
+ x |= (x << 1);
+ return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
+}
+
+static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
+{
+ volatile mp_limb_t w;
+ mp_size_t i;
-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+ for (i = 0, w = 0; i < n; i++)
+ w |= ap[i];
-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ return is_zero_limb(w);
+}
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
gnutls_mac_algorithm_t mac, const uint8_t *digest,
size_t length)
{
@@ -51,9 +62,6 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
uint8_t K[MAX_HASH_SIZE];
uint8_t xp[MAX_Q_SIZE];
uint8_t tp[MAX_Q_SIZE];
- mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)];
- mp_bitcnt_t q_bits = mpz_sizeinbase(q, 2);
- mp_size_t qn = mpz_size(q);
mp_bitcnt_t h_bits = length * 8;
mp_size_t hn = BITS_TO_LIMBS(h_bits);
size_t nbytes = (q_bits + 7) / 8;
@@ -62,6 +70,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
mp_limb_t cy;
gnutls_hmac_hd_t hd;
int ret = 0;
+ mp_limb_t scratch[MAX_Q_LIMBS];
if (unlikely(q_bits > MAX_Q_BITS))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -69,7 +78,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* int2octets(x) */
- mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
+ mpn_get_base256(xp, nbytes, x, qn);
/* bits2octets(h) */
mpn_set_base256(h, hn, digest, length);
@@ -93,12 +102,12 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
}
- cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
+ cy = mpn_sub_n(h, h, q, qn);
/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
#ifdef mpn_cnd_add_n
- mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
+ mpn_cnd_add_n(cy, h, h, q, qn);
#else
- mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
+ mpn_addmul_1(h, q, qn, cy != 0);
#endif
mpn_get_base256(tp, nbytes, h, qn);
@@ -174,12 +183,8 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
if (tlen * 8 > q_bits)
mpn_rshift(h, h, qn, tlen * 8 - q_bits);
/* Check if k is in [1,q-1] */
- if (!mpn_zero_p(h, qn) &&
- mpn_cmp(h, mpz_limbs_read(q), qn) < 0) {
- mpn_copyi(mpz_limbs_write(k, qn), h, qn);
- mpz_limbs_finish(k, qn);
+ if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
break;
- }
ret = gnutls_hmac_init(&hd, mac, K, length);
if (ret < 0)
@@ -203,3 +208,24 @@ out:
return ret;
}
+
+/* cancel-out dsa_sign's addition of 1 to random data */
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ /* Fall back to sub_1, if nettle is linked with mini-gmp. */
+#ifdef mpn_sec_sub_1
+ mp_limb_t t[MAX_Q_LIMBS];
+
+ mpn_sec_sub_1(h, h, n, 1, t);
+#else
+ mpn_sub_1(h, h, n, 1);
+#endif
+ mpn_get_base256(k, nbytes, h, n);
+}
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n)
+{
+ mpn_get_base256(k, nbytes, h, n);
+}
diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
index 49d243acb4..2f0667a01e 100644
--- a/lib/nettle/int/dsa-compute-k.h
+++ b/lib/nettle/int/dsa-compute-k.h
@@ -26,8 +26,29 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+
+/* The maximum size of q, chosen from the fact that we support
+ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
+ * maximum. */
+#define MAX_Q_BITS 521
+#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
+#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
+
+#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
+#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
+
+#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
+
+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
+ mp_size_t qn, mp_bitcnt_t q_bits,
gnutls_mac_algorithm_t mac, const uint8_t *digest,
size_t length);
+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
+ mp_size_t n);
+
#endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
index 3b7f886160..4e25235c40 100644
--- a/lib/nettle/int/ecdsa-compute-k.c
+++ b/lib/nettle/int/ecdsa-compute-k.c
@@ -29,38 +29,38 @@
#include "dsa-compute-k.h"
#include "gnutls_int.h"
-static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)
{
switch (curve) {
#ifdef ENABLE_NON_SUITEB_CURVES
case GNUTLS_ECC_CURVE_SECP192R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836"
"146BC9B1B4D22831",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP224R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2"
"E0B8F03E13DD29455C5C2A3D",
16);
return 0;
#endif
case GNUTLS_ECC_CURVE_SECP256R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFF00000000FFFFFFFFFFFFFFFF"
"BCE6FAADA7179E84F3B9CAC2FC632551",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP384R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFC7634D81F4372DDF"
"581A0DB248B0A77AECEC196ACCC52973",
16);
return 0;
case GNUTLS_ECC_CURVE_SECP521R1:
- mpz_init_set_str(*q,
+ mpz_init_set_str(q,
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFA51868783BF2F966B7FCC0148F709A"
@@ -73,19 +73,3 @@ static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
}
-
-int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x,
- gnutls_mac_algorithm_t mac, const uint8_t *digest,
- size_t length)
-{
- mpz_t q;
- int ret;
-
- ret = _gnutls_ecc_curve_to_dsa_q(&q, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_dsa_compute_k(k, q, x, mac, digest, length);
- mpz_clear(q);
- return ret;
-}
diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h
index be8beddb5d..207685763f 100644
--- a/lib/nettle/int/ecdsa-compute-k.h
+++ b/lib/nettle/int/ecdsa-compute-k.h
@@ -26,8 +26,6 @@
#include <gnutls/gnutls.h>
#include <nettle/bignum.h> /* includes gmp.h */
-int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x,
- gnutls_mac_algorithm_t mac, const uint8_t *digest,
- size_t length);
+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve);
#endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 305548f4d1..dd6b9936a8 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -103,10 +103,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t *data)
}
}
-static void rnd_mpz_func(void *_ctx, size_t length, uint8_t *data)
+static void rnd_datum_func(void *ctx, size_t length, uint8_t *data)
{
- mpz_t *k = _ctx;
- nettle_mpz_get_str_256(length, data, *k);
+ gnutls_datum_t *d = ctx;
+
+ if (length > d->size) {
+ memset(data, 0, length - d->size);
+ memcpy(data + (length - d->size), d->data, d->size);
+ } else {
+ memcpy(data, d->data, length);
+ }
}
static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t *data)
@@ -1403,7 +1409,10 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_signature sig;
int curve_id = pk_params->curve;
const struct ecc_curve *curve;
- mpz_t k;
+ mpz_t q;
+ /* 521-bit elliptic curve generator at maximum */
+ uint8_t buf[(521 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1447,17 +1456,32 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
not_approved = true;
}
- mpz_init(k);
+ mpz_init(q);
+
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
- ret = _gnutls_ecdsa_compute_k(
- k, curve_id, pk_params->params[ECC_K],
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
+ ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id);
+ if (ret < 0)
+ goto ecdsa_cleanup;
+
+ ret = _gnutls_dsa_compute_k(
+ h, mpz_limbs_read(q), priv.p,
+ ecc_size(priv.ecc), ecc_bit_size(priv.ecc),
DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
vdata->size);
if (ret < 0)
goto ecdsa_cleanup;
+
+ k.data = buf;
+ k.size = (ecc_bit_size(priv.ecc) + 7) / 8;
+
+ _gnutls_ecdsa_compute_k_finish(k.data, k.size, h,
+ ecc_size(priv.ecc));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1476,7 +1500,7 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
ecdsa_cleanup:
dsa_signature_clear(&sig);
ecc_scalar_zclear(&priv);
- mpz_clear(k);
+ mpz_clear(q);
if (ret < 0) {
gnutls_assert();
@@ -1488,7 +1512,9 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
struct dsa_params pub;
bigint_t priv;
struct dsa_signature sig;
- mpz_t k;
+ /* 512-bit DSA subgroup at maximum */
+ uint8_t buf[(512 + 7) / 8];
+ gnutls_datum_t k = { NULL, 0 };
void *random_ctx;
nettle_random_func *random_func;
@@ -1515,19 +1541,27 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
hash_len = vdata->size;
}
- mpz_init(k);
if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST ||
(sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) {
+ mp_limb_t h[DSA_COMPUTE_K_ITCH];
+
ret = _gnutls_dsa_compute_k(
- k, pub.q, TOMPZ(priv),
+ h, mpz_limbs_read(pub.q),
+ mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q),
+ mpz_sizeinbase(pub.q, 2),
DIG_TO_MAC(sign_params->dsa_dig), vdata->data,
vdata->size);
if (ret < 0)
goto dsa_fail;
- /* cancel-out dsa_sign's addition of 1 to random data */
- mpz_sub_ui(k, k, 1);
+
+ k.data = buf;
+ k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8;
+
+ _gnutls_dsa_compute_k_finish(k.data, k.size, h,
+ mpz_size(pub.q));
+
random_ctx = &k;
- random_func = rnd_mpz_func;
+ random_func = rnd_datum_func;
} else {
random_ctx = NULL;
random_func = rnd_nonce_func;
@@ -1544,7 +1578,6 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
dsa_fail:
dsa_signature_clear(&sig);
- mpz_clear(k);
if (ret < 0) {
gnutls_assert();
diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c
index 6969b57a11..bdd5a49c7d 100644
--- a/tests/sign-verify-deterministic.c
+++ b/tests/sign-verify-deterministic.c
@@ -198,7 +198,7 @@ void doit(void)
&tests[i].msg, &signature);
if (ret < 0)
testfail("gnutls_pubkey_verify_data2\n");
- success(" - pass");
+ success(" - pass\n");
next:
gnutls_free(signature.data);
--
GitLab

410
gnutls-CVE-2024-28835.patch Normal file
View File

@@ -0,0 +1,410 @@
From e369e67a62f44561d417cb233acc566cc696d82d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 29 Jan 2024 13:52:46 +0900
Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: remove length limit of
input
Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the
chain verification logic crashed with assertion failure. This patch
removes the restriction while keeping the maximum number of
retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/gnutls_int.h | 5 +-
lib/x509/common.c | 10 +-
lib/x509/verify-high.c | 51 ++++++----
tests/test-chains.h | 211 ++++++++++++++++++++++++++++++++++++++++-
4 files changed, 258 insertions(+), 19 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index d8561ebe3a..8cf9a87157 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -232,7 +232,10 @@ typedef enum record_send_state_t {
#define MAX_PK_PARAM_SIZE 2048
-/* defaults for verification functions
+/* Defaults for verification functions.
+ *
+ * update many_icas in tests/test-chains.h when increasing
+ * DEFAULT_MAX_VERIFY_DEPTH.
*/
#define DEFAULT_MAX_VERIFY_DEPTH 16
#define DEFAULT_MAX_VERIFY_BITS (MAX_PK_PARAM_SIZE * 8)
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 2cc83c9155..705aa868bc 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1725,7 +1725,15 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist,
bool insorted[DEFAULT_MAX_VERIFY_DEPTH]; /* non zero if clist[i] used in sorted list */
gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
- assert(clist_size <= DEFAULT_MAX_VERIFY_DEPTH);
+ /* Limit the number of certificates in the chain, to avoid DoS
+ * because of the O(n^2) sorting below. FIXME: Switch to a
+ * topological sort algorithm which should be linear to the
+ * number of certificates and subject-issuer relationships.
+ */
+ if (clist_size > DEFAULT_MAX_VERIFY_DEPTH) {
+ _gnutls_debug_log("too many certificates; skipping sorting\n");
+ return 1;
+ }
for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++) {
issuer[i] = -1;
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 4e7361eb63..aacc24a7d8 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -25,7 +25,7 @@
#include "errors.h"
#include <libtasn1.h>
#include "global.h"
-#include "num.h" /* MAX */
+#include "num.h" /* MIN */
#include "tls-sig.h"
#include "str.h"
#include "datum.h"
@@ -1361,7 +1361,8 @@ int gnutls_x509_trust_list_verify_crt2(
int ret = 0;
unsigned int i;
size_t hash;
- gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
+ gnutls_x509_crt_t *cert_list_copy = NULL;
+ unsigned int cert_list_max_size = 0;
gnutls_x509_crt_t retrieved[DEFAULT_MAX_VERIFY_DEPTH];
unsigned int retrieved_size = 0;
const char *hostname = NULL, *purpose = NULL, *email = NULL;
@@ -1421,16 +1422,28 @@ int gnutls_x509_trust_list_verify_crt2(
}
}
- memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t));
- cert_list = sorted;
+ /* Allocate extra for retrieved certificates. */
+ if (!INT_ADD_OK(cert_list_size, DEFAULT_MAX_VERIFY_DEPTH,
+ &cert_list_max_size))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ cert_list_copy = _gnutls_reallocarray(NULL, cert_list_max_size,
+ sizeof(gnutls_x509_crt_t));
+ if (!cert_list_copy)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(cert_list_copy, cert_list,
+ cert_list_size * sizeof(gnutls_x509_crt_t));
+ cert_list = cert_list_copy;
records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq,
cert_hashcode, NULL, false);
- if (records == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ if (records == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
- for (i = 0; i < cert_list_size &&
- cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) {
+ for (i = 0; i < cert_list_size;) {
unsigned int sorted_size = 1;
unsigned int j, k;
gnutls_x509_crt_t issuer;
@@ -1442,8 +1455,7 @@ int gnutls_x509_trust_list_verify_crt2(
assert(sorted_size > 0);
- /* Remove duplicates. Start with index 1, as the first element
- * may be re-checked after issuer retrieval. */
+ /* Remove duplicates. */
for (j = 0; j < sorted_size; j++) {
if (gl_list_search(records, cert_list[i + j])) {
if (i + j < cert_list_size - 1) {
@@ -1495,13 +1507,15 @@ int gnutls_x509_trust_list_verify_crt2(
ret = retrieve_issuers(
list, cert_list[i - 1], &retrieved[retrieved_size],
- DEFAULT_MAX_VERIFY_DEPTH -
- MAX(retrieved_size, cert_list_size));
+ MIN(DEFAULT_MAX_VERIFY_DEPTH - retrieved_size,
+ cert_list_max_size - cert_list_size));
if (ret < 0) {
break;
} else if (ret > 0) {
assert((unsigned int)ret <=
- DEFAULT_MAX_VERIFY_DEPTH - cert_list_size);
+ DEFAULT_MAX_VERIFY_DEPTH - retrieved_size);
+ assert((unsigned int)ret <=
+ cert_list_max_size - cert_list_size);
memmove(&cert_list[i + ret], &cert_list[i],
(cert_list_size - i) *
sizeof(gnutls_x509_crt_t));
@@ -1517,8 +1531,10 @@ int gnutls_x509_trust_list_verify_crt2(
}
cert_list_size = shorten_clist(list, cert_list, cert_list_size);
- if (cert_list_size <= 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ if (cert_list_size <= 0) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ goto cleanup;
+ }
hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data,
cert_list[cert_list_size - 1]->raw_issuer_dn.size);
@@ -1661,10 +1677,13 @@ int gnutls_x509_trust_list_verify_crt2(
}
cleanup:
+ gnutls_free(cert_list_copy);
for (i = 0; i < retrieved_size; i++) {
gnutls_x509_crt_deinit(retrieved[i]);
}
- gl_list_free(records);
+ if (records) {
+ gl_list_free(records);
+ }
return ret;
}
diff --git a/tests/test-chains.h b/tests/test-chains.h
index 3e559fecd5..a7fe1cdecc 100644
--- a/tests/test-chains.h
+++ b/tests/test-chains.h
@@ -23,7 +23,7 @@
#ifndef GNUTLS_TESTS_TEST_CHAINS_H
#define GNUTLS_TESTS_TEST_CHAINS_H
-#define MAX_CHAIN 10
+#define MAX_CHAIN 17
static const char *chain_with_no_subject_id_in_ca_ok[] = {
"-----BEGIN CERTIFICATE-----\n"
@@ -4383,6 +4383,213 @@ static const char *cross_signed_ca[] = {
NULL
};
+/* This assumes DEFAULT_MAX_VERIFY_DEPTH to be 16 */
+static const char *many_icas[] = {
+ /* Server */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBqzCCAV2gAwIBAgIUIK3+SD3GmqJlRLZ/ESyhTzkSDL8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYD\n"
+ "VQQDEw90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQAWGjx45NIJiKFsNBxxRRjm\n"
+ "NxUT5KYK7xXr5HPVywwgLaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGC\n"
+ "D3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8E\n"
+ "BAMCB4AwHQYDVR0OBBYEFKgNAQWZPx76/vXqQOdIi5mTftsaMB8GA1UdIwQYMBaA\n"
+ "FDaPsY6WAGuRtrhYJE6Gk/bg5qbdMAUGAytlcANBAMIDh8aGcIIFDTUrzfV7tnkX\n"
+ "hHrxyFKBH/cApf6xcJQTfDXm23po627Ibp+WgLaWMY08Fn9Y2V6Ev8ADfqXNbQ8=\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA16 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUSnE0PKdm/dsnZSWBh5Ct4pS6DcwwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAxq9SI8vp0QH1dDBBuZW+t+bLLROppQbjSQ4O1BEonDOjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2j7GOlgBrkba4\n"
+ "WCROhpP24Oam3TAfBgNVHSMEGDAWgBRvdUKX0aw3nfUIdvivXGSfRO7zyjAFBgMr\n"
+ "ZXADQQBsI2Hc7X5hXoHTvk01qMc5a1I27QHAFRARJnvIQ15wxNS2LVLzGk+AUmwr\n"
+ "sOhBKAcVfS55uWtYdjoWQ80h238H\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA15 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUQk4XkgQVImnp6OPZas7ctwgBza4wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAs3yVKLJd3sKbNVmj6Bxy2j1x025rksyQpZZWnCx5a+CjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRvdUKX0aw3nfUI\n"
+ "dvivXGSfRO7zyjAfBgNVHSMEGDAWgBRhGfUXYPh4YQsdtTWYUozLphGgfzAFBgMr\n"
+ "ZXADQQBXTtm56x6/pHXdW8dTvZLc/8RufNQrMlc23TCgX0apUnrZdTsNAb7OE4Uu\n"
+ "9PBuxK+CC9NL/BL2hXsKvAT+NWME\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA14 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUKfwz7UUYRvYlvqwmnLJlTOS9o1AwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAXbUetQ08t+F4+IcKL++HpeclqTxXZ7cG4mwqvHmTUEWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRhGfUXYPh4YQsd\n"
+ "tTWYUozLphGgfzAfBgNVHSMEGDAWgBQYRQqO+V1kefF7QvNnFU1fX5H9+jAFBgMr\n"
+ "ZXADQQAiSHNMTLPFP3oa6q13Dj8jSxF9trQDJGM1ArWffFcPZUt2U4/ODHdcMTHx\n"
+ "kGwhIj+ghBlu6ykgu6J2wewCUooC\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA13 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUUKOs59gyCPAZzoC7zMZQSh6AnQgwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAmvqhj5GYqsXIpsr1BXBfD+2mTP/m/TEpKIYSZHM62dijYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQYRQqO+V1kefF7\n"
+ "QvNnFU1fX5H9+jAfBgNVHSMEGDAWgBQ27HzvP5hl2xR+LOzRcPfmY5ndXjAFBgMr\n"
+ "ZXADQQBrB3NkrYC7EQ74qgeesVOE71rW012dPOOKPAV0laR+JLEgsv9sfus+AdBF\n"
+ "WBNwR3KeYBTi/MFDuecxBHU2m5gD\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA12 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUUQooGfH21+sR7/pSgCWm13gg2H4wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAK2of/B4wMpk6k/KdugC5dMS+jo2fseUM7/PvXkE6HASjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ27HzvP5hl2xR+\n"
+ "LOzRcPfmY5ndXjAfBgNVHSMEGDAWgBSJDHU0Mj1Xr0e8ErCnRK24w7XwTTAFBgMr\n"
+ "ZXADQQDY8d2bAZpj7oGhdl2dBsCE48jEWj49da0PbgN12koAj3gf4hjMPd8G7p5z\n"
+ "8RsURAwQmCkE8ShvdNw/Qr2tDL0E\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA11 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUW9Dw0hU2pfjXhb5Stip+mk9SndIwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAn5ISjLVV6RBWsnxDWHDicpye7SjFwGOTwzF01/psiJ2jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSJDHU0Mj1Xr0e8\n"
+ "ErCnRK24w7XwTTAfBgNVHSMEGDAWgBSR9UU27RI0XohiEgHDxNo/9HP4djAFBgMr\n"
+ "ZXADQQCfQg6MDHk71vhyrEo4/5PcLb2Li5F/FKURyux7snv2TbkSdInloAqca9UR\n"
+ "DtqHSLCNLXCNdSPr5QwIt5p29rsE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA10 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUR4uTedG8e6MibKViQ3eX7QzXG1swBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAnslX04kSVOL5LAf1e+Ze3ggNnDJcEAxLDk8I/IhyjTyjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSR9UU27RI0Xohi\n"
+ "EgHDxNo/9HP4djAfBgNVHSMEGDAWgBRC7US5gJYnvd5F7EN+C4anMgd2NzAFBgMr\n"
+ "ZXADQQDo+jHt07Tvz3T5Lbz6apBrSln8xKYfJk2W1wP85XAnf7sZT9apM1bS4EyD\n"
+ "Kckw+KG+9x7myOZz6AXJgZB5OGAO\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA9 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUSIIIRjrNpE+kEPkiJMOqaNAazvQwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAZKy7p1Gn4W/reRxKJN99+QkHt2q9aELktCKe5PqrX5ejYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRC7US5gJYnvd5F\n"
+ "7EN+C4anMgd2NzAfBgNVHSMEGDAWgBSOhR7Ornis2x8g0J+bvTTwMnW60zAFBgMr\n"
+ "ZXADQQA0MEcC4FgKZEAfalVpApU2to0G158MVz/WTNcSc7fnl8ifJ/g56dVHL1jr\n"
+ "REvC/S28dn/CGAlbVXUAgxnHAbgE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA8 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUGGFSgD95vOTSj7iFxfXA5vq6vsYwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAg3W/bTdW0fR32NeZEVMXICpa30d7rSdddLOYDvqqUO+jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSOhR7Ornis2x8g\n"
+ "0J+bvTTwMnW60zAfBgNVHSMEGDAWgBT3zK8Hbn9aVTAOOFY6RSxJ2o5x2jAFBgMr\n"
+ "ZXADQQBl4gnzE463iMFg57gPvjHdVzA39sJBpiu0kUGfRcLnoRI/VOaLcx7WnJ9+\n"
+ "c3KxPZBec76EdIoQDkTmI6m2FIAM\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA7 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUGktMGXhNuaMhKyAlecymmLD+/GIwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEA/Z1oc76hOQ0Hi+2hePaGIntnMIDqBlb7RDMjRpYONP2jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT3zK8Hbn9aVTAO\n"
+ "OFY6RSxJ2o5x2jAfBgNVHSMEGDAWgBSPae3JUN3jP0NgUJqDV3eYxcaM3DAFBgMr\n"
+ "ZXADQQBMkwKaUZlvG/hax8rv3nnDv8kJOr6KVHBnxSx3hZ+8HIBT7GFm1+YDeYOB\n"
+ "jhNg66kyeFPGXXBCe+mvNQFFjCEE\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA6 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUKn3gz5lAUpKqWlHKLKYDbOJ4rygwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAZ/eD4eTe91ddvHusm7YlLPxU4ByGFc6suAmlP1CxXkWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSPae3JUN3jP0Ng\n"
+ "UJqDV3eYxcaM3DAfBgNVHSMEGDAWgBT9f/qSI/jhxvGI7aMtkpraDcjBnjAFBgMr\n"
+ "ZXADQQAMRnkmRhnLGdmJaY8B42gfyaAsqCMyds/Tw4OHYy+N48XuAxRjKkhf3szC\n"
+ "0lY71oU043mNP1yx/dzAuCTrVSgI\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA5 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUEgEYbBXXEyGv3vOq10JQv1SBiUUwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAs2xEDPw8RVal53nX9GVwUd1blq1wjtVFC8S1V7up7MWjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT9f/qSI/jhxvGI\n"
+ "7aMtkpraDcjBnjAfBgNVHSMEGDAWgBRBVkLu9BmCKz7HNI8md4vPpoE/7jAFBgMr\n"
+ "ZXADQQCCufAyLijtzzmeCuO3K50rBSbGvB3FQfep7g6kVsQKM3bw/olWK5/Ji0dD\n"
+ "ubJ0cFl1FmfAda7aVxLBtJOvO6MI\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA4 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIULj8GkaHw+92HuOTnXnXlxCy3VrEwBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAiedxh4dvtwDellMAHc/pZH0MAOXobRenTUgF1yj5l12jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRBVkLu9BmCKz7H\n"
+ "NI8md4vPpoE/7jAfBgNVHSMEGDAWgBSDtNRgQ36KwW/ASaMyr6WeDt0STDAFBgMr\n"
+ "ZXADQQDL8U2ckzur7CktdrVUNvfLhVCOz33d/62F28vQFHUa8h/4h+Mi1MMbXOKT\n"
+ "1bL2TvpFpU7Fx/vcIPXDielVqr4C\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA3 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUQXl74TDDw6MQRMbQUSPa6Qrvba8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEA7l0jQ0f4fJRw7Qja/Hz2qn8y91SI7CokxhSf+FT+9M6jYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSDtNRgQ36KwW/A\n"
+ "SaMyr6WeDt0STDAfBgNVHSMEGDAWgBQ2inEK4KH6ATftmybxKE1dZUzOozAFBgMr\n"
+ "ZXADQQCnP7Oqx1epGnFnO7TrTJwcUukXDEYsINve2GeUsi8HEIeKKlMcLZ2Cnaj7\n"
+ "5v9NGuWh3QJpmmSGpEemiv8dJc4A\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA2 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYTCCAROgAwIBAgIUP7Nmof8H2F1LyDkjqlYIUpGdXE8wBQYDK2VwMB0xGzAZ\n"
+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n"
+ "K2VwAyEAkW9Rod3CXAnha6nlaHkDbCOegq94lgmjqclA9sOIt3yjYzBhMA8GA1Ud\n"
+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2inEK4KH6ATft\n"
+ "mybxKE1dZUzOozAfBgNVHSMEGDAWgBRPq/CQlK/zuXkjZvTCibu+vejD+jAFBgMr\n"
+ "ZXADQQBU+A+uF0yrtO/yv9cRUdCoL3Y1NKM35INg8BQDnkv724cW9zk1x0q9Fuou\n"
+ "zvfSVb8S3vT8fF5ZDOxarQs6ZH0C\n"
+ "-----END CERTIFICATE-----\n",
+ /* ICA1 */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBXTCCAQ+gAwIBAgIUfUWP+AQHpdFTRKTf21mMzjaJsp0wBQYDK2VwMBkxFzAV\n"
+ "BgNVBAMTDkdudVRMUyB0ZXN0IENBMCAXDTI0MDMxMjIyNTMzOVoYDzk5OTkxMjMx\n"
+ "MjM1OTU5WjAdMRswGQYDVQQDDBJHbnVUTFMgdGVzdCBJQ0EgJGkwKjAFBgMrZXAD\n"
+ "IQAVmfBAvLbT+pTD24pQrr6S0jEIFIV/qOv93yYvAUzpzKNjMGEwDwYDVR0TAQH/\n"
+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFE+r8JCUr/O5eSNm9MKJ\n"
+ "u7696MP6MB8GA1UdIwQYMBaAFAFpt5wrFsqCtHc4PpluPDvwcxQLMAUGAytlcANB\n"
+ "AC6+XZnthjlUD0TbBKRF3qT5if3Pp29Bgvutw8859unzUZW8FkHg5KeDBj9ncgJc\n"
+ "O2tFnNH2hV6LDPJzU0rtLQc=\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
+static const char *many_icas_ca[] = {
+ /* CA (self-signed) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBNzCB6qADAgECAhRjaokcQwcrtW8tjuVFz3A33F8POjAFBgMrZXAwGTEXMBUG\n"
+ "A1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjQwMzEyMjI1MzM5WhgPOTk5OTEyMzEy\n"
+ "MzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMCowBQYDK2VwAyEAvoxP\n"
+ "TNdbWktxA8qQNNH+25Cx9rzP+DxLGeI/7ODwrQGjQjBAMA8GA1UdEwEB/wQFMAMB\n"
+ "Af8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQBabecKxbKgrR3OD6Zbjw78HMU\n"
+ "CzAFBgMrZXADQQCP5IUD74M7WrUx20uqzrzuj+s2jnBVmLQfWf/Ucetx+oTRFeq4\n"
+ "xZB/adWhycSeJUAB1zKqYUV9hgT8FWHbnHII\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+};
+
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-variable"
@@ -4696,6 +4903,8 @@ static struct {
1620118136, 1 },
{ "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0,
1704955300 },
+ { "many intermediates - ok", many_icas, many_icas_ca, 0, 0, 0,
+ 1710284400 },
{ NULL, NULL, NULL, 0, 0 }
};
--
GitLab

41
gnutls-CVE-2025-32988.patch Normal file
View File

@@ -0,0 +1,41 @@
From 608829769cbc247679ffe98841109fc73875e573 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 7 Jul 2025 10:44:12 +0900
Subject: [PATCH] x509: avoid double free when exporting othernames in SAN
Previously, the _gnutls_write_new_othername function, called by
gnutls_x509_ext_export_subject_alt_names to export "otherName" in a
certificate's SAN extension, freed the caller allocated ASN.1
structure upon error, resulting in a potential double-free.
Reported by OpenAI Security Research Team.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
NEWS | 5 +++++
lib/x509/extensions.c | 2 --
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 6c2da8fd10..e8be12eaf5 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -754,7 +754,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
result = asn1_write_value(ext, name2, oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
@@ -763,7 +762,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
result = asn1_write_value(ext, name2, data, data_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
--
GitLab

35
gnutls-CVE-2025-32989.patch Normal file
View File

@@ -0,0 +1,35 @@
From 8e5ca951257202089246fa37e93a99d210ee5ca2 Mon Sep 17 00:00:00 2001
From: Andrew Hamilton <adhamilt@gmail.com>
Date: Mon, 7 Jul 2025 10:23:59 +0900
Subject: [PATCH] x509: fix read buffer overrun in SCT timestamps
Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct
when processing x509 Signed Certificate Timestamps with certain
malformed data. Spotted by oss-fuzz at:
https://issues.oss-fuzz.com/issues/42530513
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
NEWS | 6 +++++-
.../04939b75417cc95b7372c6f208c4bda4579bdc34 | Bin 0 -> 1782 bytes
lib/x509/x509_ext.c | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
create mode 100644 fuzz/gnutls_x509_parser_fuzzer.repro/04939b75417cc95b7372c6f208c4bda4579bdc34
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index 0301a594c2..4b3e552536 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -3760,7 +3760,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext,
}
length = _gnutls_read_uint16(scts_content.data);
- if (length < 4) {
+ if (length < 4 || length > scts_content.size) {
gnutls_free(scts_content.data);
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
--
GitLab

2089
gnutls-CVE-2025-32990.patch Normal file
View File

File diff suppressed because it is too large Load Diff

279
gnutls-CVE-2025-6395.patch Normal file
View File

@@ -0,0 +1,279 @@
From 23135619773e6ec087ff2abc65405bd4d5676bad Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 7 Jul 2025 11:15:45 +0900
Subject: [PATCH] handshake: clear HSK_PSK_SELECTED is when resetting binders
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
second Client Hello omits PSK, the server would result in a NULL
pointer dereference as the PSK binder information is cleared while the
HSK_PSK_SELECTED flag is still set. This makes sure that
HSK_PSK_SELECTED flag is always cleared when the PSK binders are
reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
only during a handshake; after that, whether PSK is used can be
checked with gnutls_auth_client_get_type.
Reported by Stefan Bühler.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
.gitignore | 1 +
NEWS | 4 +
lib/handshake.c | 25 +++-
lib/state.c | 4 +-
tests/Makefile.am | 2 +
tests/tls13/hello_retry_request_psk.c | 173 ++++++++++++++++++++++++++
6 files changed, 205 insertions(+), 4 deletions(-)
create mode 100644 tests/tls13/hello_retry_request_psk.c
Index: gnutls-3.8.3/lib/handshake.c
===================================================================
--- gnutls-3.8.3.orig/lib/handshake.c
+++ gnutls-3.8.3/lib/handshake.c
@@ -589,9 +589,28 @@ static int set_auth_types(gnutls_session
/* Under TLS1.3 this returns a KX which matches the negotiated
* groups from the key shares; if we are resuming then the KX seen
* here doesn't match the original session. */
- if (!session->internals.resumed)
- kx = gnutls_kx_get(session);
- else
+ if (!session->internals.resumed) {
+ const gnutls_group_entry_st *group = get_group(session);
+
+ if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+ if (group) {
+ kx = group->pk == GNUTLS_PK_DH ?
+ GNUTLS_KX_DHE_PSK :
+ GNUTLS_KX_ECDHE_PSK;
+ } else {
+ kx = GNUTLS_KX_PSK;
+ }
+ } else if (group) {
+ /* Not necessarily be RSA, but just to
+ * make _gnutls_map_kx_get_cred below
+ * work.
+ */
+ kx = group->pk == GNUTLS_PK_DH ?
+ GNUTLS_KX_DHE_RSA :
+ GNUTLS_KX_ECDHE_RSA;
+ } else
+ kx = GNUTLS_KX_UNKNOWN;
+ } else
kx = GNUTLS_KX_UNKNOWN;
} else {
/* TLS1.2 or earlier, kx is associated with ciphersuite */
Index: gnutls-3.8.3/lib/state.c
===================================================================
--- gnutls-3.8.3.orig/lib/state.c
+++ gnutls-3.8.3/lib/state.c
@@ -202,7 +202,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnut
const gnutls_group_entry_st *group = get_group(session);
if (ver->tls13_sem) {
- if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+ if (gnutls_auth_client_get_type(session) ==
+ GNUTLS_CRD_PSK) {
if (group) {
if (group->pk == GNUTLS_PK_DH)
return GNUTLS_KX_DHE_PSK;
@@ -349,6 +350,7 @@ void reset_binders(gnutls_session_t sess
_gnutls_free_temp_key_datum(&session->key.binders[0].psk);
_gnutls_free_temp_key_datum(&session->key.binders[1].psk);
memset(session->key.binders, 0, sizeof(session->key.binders));
+ session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
}
/* Check whether certificate credentials of type @cert_type are set
Index: gnutls-3.8.3/tests/Makefile.am
===================================================================
--- gnutls-3.8.3.orig/tests/Makefile.am
+++ gnutls-3.8.3/tests/Makefile.am
@@ -128,6 +128,8 @@ ctests += tls13/hello_retry_request
ctests += tls13/hello_retry_request_resume
+ctests += tls13/hello_retry_request_psk
+
ctests += tls13/psk-ext
ctests += tls13/key_update
Index: gnutls-3.8.3/tests/tls13/hello_retry_request_psk.c
===================================================================
--- /dev/null
+++ gnutls-3.8.3/tests/tls13/hello_retry_request_psk.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2017-2025 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#include <string.h>
+#include <gnutls/gnutls.h>
+#include <assert.h>
+
+#include "cert-common.h"
+#include "utils.h"
+#include "tls13/ext-parse.h"
+#include "eagain-common.h"
+
+/* This program exercises the case where a TLS 1.3 handshake ends up
+ * with HRR, and the first CH includes PSK while the 2nd CH omits
+ * it */
+
+const char *testname = "hello entry request";
+
+const char *side = "";
+
+#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__)
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+struct ctx_st {
+ unsigned hrr_seen;
+ unsigned hello_counter;
+};
+
+static int pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t *key)
+{
+ if (debug)
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
+}
+
+static int hello_callback(gnutls_session_t session, unsigned int htype,
+ unsigned post, unsigned int incoming,
+ const gnutls_datum_t *msg)
+{
+ struct ctx_st *ctx = gnutls_session_get_ptr(session);
+ assert(ctx != NULL);
+
+ if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST)
+ ctx->hrr_seen = 1;
+
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+ if (post == GNUTLS_HOOK_POST)
+ ctx->hello_counter++;
+ else {
+ /* Unset the PSK credential to omit the extension */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL);
+ }
+ }
+
+ return 0;
+}
+
+void doit(void)
+{
+ int sret, cret;
+ gnutls_psk_server_credentials_t scred;
+ gnutls_psk_client_credentials_t ccred;
+ gnutls_certificate_credentials_t ccred2;
+ gnutls_session_t server, client;
+ /* Need to enable anonymous KX specifically. */
+ const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
+
+ struct ctx_st ctx;
+ memset(&ctx, 0, sizeof(ctx));
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(9);
+
+ /* Init server */
+ assert(gnutls_psk_allocate_server_credentials(&scred) >= 0);
+ gnutls_psk_set_server_credentials_function(scred, pskfunc);
+
+ gnutls_init(&server, GNUTLS_SERVER);
+
+ assert(gnutls_priority_set_direct(
+ server,
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK",
+ NULL) >= 0);
+
+ gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0);
+ gnutls_psk_set_client_credentials(ccred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+ assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0);
+
+ assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_KEY_SHARE_TOP) >= 0);
+
+ gnutls_session_set_ptr(client, &ctx);
+
+ cret = gnutls_priority_set_direct(
+ client,
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK",
+ NULL);
+ if (cret < 0)
+ myfail("cannot set TLS 1.3 priorities\n");
+
+ gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY,
+ GNUTLS_HOOK_BOTH, hello_callback);
+
+ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ assert(ctx.hrr_seen != 0);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_psk_free_server_credentials(scred);
+ gnutls_psk_free_client_credentials(ccred);
+ gnutls_certificate_free_credentials(ccred2);
+
+ gnutls_global_deinit();
+ reset_buffers();
+}

231
gnutls-CVE-2025-9820.patch Normal file
View File

@@ -0,0 +1,231 @@
From 1d56f96f6ab5034d677136b9d50b5a75dff0faf5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 18 Nov 2025 13:17:55 +0900
Subject: [PATCH] pkcs11: avoid stack overwrite when initializing a token
If gnutls_pkcs11_token_init is called with label longer than 32
characters, the internal storage used to blank-fill it would
overflow. This adds a guard to prevent that.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
.gitignore | 2 +
NEWS | 4 +
lib/pkcs11_write.c | 5 +-
tests/Makefile.am | 2 +-
tests/pkcs11/long-label.c | 164 ++++++++++++++++++++++++++++++++++++++
5 files changed, 174 insertions(+), 3 deletions(-)
create mode 100644 tests/pkcs11/long-label.c
Index: gnutls-3.8.3/lib/pkcs11_write.c
===================================================================
--- gnutls-3.8.3.orig/lib/pkcs11_write.c
+++ gnutls-3.8.3/lib/pkcs11_write.c
@@ -28,6 +28,7 @@
#include "pkcs11x.h"
#include "x509/common.h"
#include "pk.h"
+#include "minmax.h"
static const ck_bool_t tval = 1;
static const ck_bool_t fval = 0;
@@ -1170,7 +1171,7 @@ int gnutls_pkcs11_delete_url(const char
* gnutls_pkcs11_token_init:
* @token_url: A PKCS #11 URL specifying a token
* @so_pin: Security Officer's PIN
- * @label: A name to be used for the token
+ * @label: A name to be used for the token, at most 32 characters
*
* This function will initialize (format) a token. If the token is
* at a factory defaults state the security officer's PIN given will be
@@ -1208,7 +1209,7 @@ int gnutls_pkcs11_token_init(const char
/* so it seems memset has other uses than zeroing! */
memset(flabel, ' ', sizeof(flabel));
if (label != NULL)
- memcpy(flabel, label, strlen(label));
+ memcpy(flabel, label, MIN(sizeof(flabel), strlen(label)));
rv = pkcs11_init_token(module, slot, (uint8_t *)so_pin, strlen(so_pin),
(uint8_t *)flabel);
Index: gnutls-3.8.3/tests/Makefile.am
===================================================================
--- gnutls-3.8.3.orig/tests/Makefile.am
+++ gnutls-3.8.3/tests/Makefile.am
@@ -495,7 +495,7 @@ pathbuf_CPPFLAGS = $(AM_CPPFLAGS) \
if ENABLE_PKCS11
if !WINDOWS
ctests += tls13/post-handshake-with-cert-pkcs11 pkcs11/tls-neg-pkcs11-no-key \
- global-init-override pkcs11/distrust-after
+ global-init-override pkcs11/distrust-after pkcs11/long-label
tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES = libpkcs11mock2.la libutils.la
tls13_post_handshake_with_cert_pkcs11_LDADD = $(LDADD) $(LIBDL)
pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES = libpkcs11mock2.la libutils.la
Index: gnutls-3.8.3/tests/pkcs11/long-label.c
===================================================================
--- /dev/null
+++ gnutls-3.8.3/tests/pkcs11/long-label.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright (C) 2025 Red Hat, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#if defined(_WIN32)
+
+int main(void)
+{
+ exit(77);
+}
+
+#else
+
+#include <string.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+
+#include "cert-common.h"
+#include "pkcs11/softhsm.h"
+#include "utils.h"
+
+/* This program tests that a token can be initialized with
+ * a label longer than 32 characters.
+ */
+
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "server|<%d>| %s", level, str);
+}
+
+#define PIN "1234"
+
+#define CONFIG_NAME "softhsm-long-label"
+#define CONFIG CONFIG_NAME ".config"
+
+static int pin_func(void *userdata, int attempt, const char *url,
+ const char *label, unsigned flags, char *pin,
+ size_t pin_max)
+{
+ if (attempt == 0) {
+ strcpy(pin, PIN);
+ return 0;
+ }
+ return -1;
+}
+
+static void test(const char *provider)
+{
+ int ret;
+ size_t i;
+
+ gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+
+ success("test with %s\n", provider);
+
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ /* point to SoftHSM token that libpkcs11mock4.so internally uses */
+ setenv(SOFTHSM_ENV, CONFIG, 1);
+
+ gnutls_pkcs11_set_pin_function(pin_func, NULL);
+
+ ret = gnutls_pkcs11_add_provider(provider, "trusted");
+ if (ret != 0) {
+ fail("gnutls_pkcs11_add_provider: %s\n", gnutls_strerror(ret));
+ }
+
+ /* initialize softhsm token */
+ ret = gnutls_pkcs11_token_init(
+ SOFTHSM_URL, PIN,
+ "this is a very long label whose length exceeds 32");
+ if (ret < 0) {
+ fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret));
+ }
+
+ for (i = 0;; i++) {
+ char *url = NULL;
+
+ ret = gnutls_pkcs11_token_get_url(i, 0, &url);
+ if (ret < 0)
+ break;
+ if (strstr(url,
+ "token=this%20is%20a%20very%20long%20label%20whose"))
+ break;
+ }
+ if (ret < 0)
+ fail("gnutls_pkcs11_token_get_url: %s\n", gnutls_strerror(ret));
+
+ gnutls_pkcs11_deinit();
+}
+
+void doit(void)
+{
+ const char *bin;
+ const char *lib;
+ char buf[128];
+
+ if (gnutls_fips140_mode_enabled())
+ exit(77);
+
+ /* this must be called once in the program */
+ global_init();
+
+ /* we call gnutls_pkcs11_init manually */
+ gnutls_pkcs11_deinit();
+
+ /* check if softhsm module is loadable */
+ lib = softhsm_lib();
+
+ /* initialize SoftHSM token that libpkcs11mock4.so internally uses */
+ bin = softhsm_bin();
+
+ set_softhsm_conf(CONFIG);
+ snprintf(buf, sizeof(buf),
+ "%s --init-token --slot 0 --label test --so-pin " PIN
+ " --pin " PIN,
+ bin);
+ system(buf);
+
+ test(lib);
+
+ lib = getenv("P11MOCKLIB4");
+ if (lib == NULL) {
+ fail("P11MOCKLIB4 is not set\n");
+ }
+
+ set_softhsm_conf(CONFIG);
+ snprintf(buf, sizeof(buf),
+ "%s --init-token --slot 0 --label test --so-pin " PIN
+ " --pin " PIN,
+ bin);
+ system(buf);
+
+ test(lib);
+}
+#endif /* _WIN32 */

436
gnutls-FIPS-140-3-references.patch
View File

@@ -1,8 +1,8 @@
Index: gnutls-3.8.9/configure.ac
Index: gnutls-3.8.3/configure.ac
===================================================================
--- gnutls-3.8.9.orig/configure.ac
+++ gnutls-3.8.9/configure.ac
@@ -665,19 +665,19 @@ LT_INIT([disable-static,win32-dll,shared
--- gnutls-3.8.3.orig/configure.ac
+++ gnutls-3.8.3/configure.ac
@@ -623,19 +623,19 @@ LT_INIT([disable-static,win32-dll,shared
AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
AC_ARG_ENABLE(fips140-mode,
@@ -25,10 +25,10 @@ Index: gnutls-3.8.9/configure.ac
AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
[specify the FIPS140 module name]),
Index: gnutls-3.8.9/doc/cha-gtls-app.texi
Index: gnutls-3.8.3/doc/cha-gtls-app.texi
===================================================================
--- gnutls-3.8.9.orig/doc/cha-gtls-app.texi
+++ gnutls-3.8.9/doc/cha-gtls-app.texi
--- gnutls-3.8.3.orig/doc/cha-gtls-app.texi
+++ gnutls-3.8.3/doc/cha-gtls-app.texi
@@ -222,7 +222,7 @@ CPU. The currently available options are
@end itemize
@@ -38,10 +38,10 @@ Index: gnutls-3.8.9/doc/cha-gtls-app.texi
if set to one it will force the FIPS mode enablement.
@end multitable
Index: gnutls-3.8.9/doc/cha-internals.texi
Index: gnutls-3.8.3/doc/cha-internals.texi
===================================================================
--- gnutls-3.8.9.orig/doc/cha-internals.texi
+++ gnutls-3.8.9/doc/cha-internals.texi
--- gnutls-3.8.3.orig/doc/cha-internals.texi
+++ gnutls-3.8.3/doc/cha-internals.texi
@@ -14,7 +14,7 @@ happens inside the black box.
* TLS Hello Extension Handling::
* Cryptographic Backend::
@@ -162,11 +162,11 @@ Index: gnutls-3.8.9/doc/cha-internals.texi
operation. It can be attached to the current execution thread with
@funcref{gnutls_fips140_push_context} and its internal state will be
updated until it is detached with
Index: gnutls-3.8.9/doc/enums.texi
Index: gnutls-3.8.3/doc/enums.texi
===================================================================
--- gnutls-3.8.9.orig/doc/enums.texi
+++ gnutls-3.8.9/doc/enums.texi
@@ -1230,7 +1230,7 @@ application traffic secret is installed
--- gnutls-3.8.3.orig/doc/enums.texi
+++ gnutls-3.8.3/doc/enums.texi
@@ -1188,7 +1188,7 @@ application traffic secret is installed
@c gnutls_fips_mode_t
@table @code
@item GNUTLS_@-FIPS140_@-DISABLED
@@ -175,7 +175,7 @@ Index: gnutls-3.8.9/doc/enums.texi
@item GNUTLS_@-FIPS140_@-STRICT
The default mode; all forbidden operations will cause an
operation failure via error code.
@@ -1238,8 +1238,8 @@ operation failure via error code.
@@ -1196,8 +1196,8 @@ operation failure via error code.
A transient state during library initialization. That state
cannot be set or seen by applications.
@item GNUTLS_@-FIPS140_@-LAX
@@ -186,10 +186,10 @@ Index: gnutls-3.8.9/doc/enums.texi
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.8.9/doc/functions/gnutls_fips140_set_mode
Index: gnutls-3.8.3/doc/functions/gnutls_fips140_set_mode
===================================================================
--- gnutls-3.8.9.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.9/doc/functions/gnutls_fips140_set_mode
--- gnutls-3.8.3.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.3/doc/functions/gnutls_fips140_set_mode
@@ -3,7 +3,7 @@
@@ -215,11 +215,11 @@ Index: gnutls-3.8.9/doc/functions/gnutls_fips140_set_mode
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.8.9/doc/gnutls.html
Index: gnutls-3.8.3/doc/gnutls.html
===================================================================
--- gnutls-3.8.9.orig/doc/gnutls.html
+++ gnutls-3.8.9/doc/gnutls.html
@@ -485,7 +485,7 @@ Documentation License&rdquo;.
--- gnutls-3.8.3.orig/doc/gnutls.html
+++ gnutls-3.8.3/doc/gnutls.html
@@ -484,7 +484,7 @@ Documentation License&rdquo;.
<li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li>
<li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li>
<li><a id="toc-Random-Number-Generators" href="#Random-Number-Generators_002dinternals">11.6 Random Number Generators</a></li>
@@ -228,7 +228,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
</ul></li>
<li><a id="toc-Upgrading-from-previous-versions-1" href="#Upgrading-from-previous-versions">Appendix A Upgrading from previous versions</a></li>
<li><a id="toc-Support-1" href="#Support">Appendix B Support</a>
@@ -9028,7 +9028,7 @@ CPU. The currently available options are
@@ -9035,7 +9035,7 @@ CPU. The currently available options are
</li><li>0x200000: Enable VIA PHE
</li><li>0x400000: Enable VIA PHE SHA512
</li></ul></td></tr>
@@ -237,7 +237,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
if set to one it will force the FIPS mode enablement.</td></tr>
</tbody>
</table>
@@ -18452,7 +18452,7 @@ None:
@@ -18446,7 +18446,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
- file must pre-exist
@@ -246,7 +246,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
@@ -19472,7 +19472,7 @@ happens inside the black box.
@@ -19468,7 +19468,7 @@ happens inside the black box.
<li><a href="#TLS-Hello-Extension-Handling" accesskey="4">TLS Extension Handling</a></li>
<li><a href="#Cryptographic-Backend" accesskey="5">Cryptographic Backend</a></li>
<li><a href="#Random-Number-Generators_002dinternals" accesskey="6">Random Number Generators</a></li>
@@ -262,7 +262,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
-Next: <a href="#FIPS140_002d2-mode" accesskey="n" rel="next">FIPS140-2 mode</a>, Previous: <a href="#Cryptographic-Backend" accesskey="p" rel="prev">Cryptographic Backend</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
+Next: <a href="#FIPS140_002d2-mode" accesskey="n" rel="next">FIPS140-3 mode</a>, Previous: <a href="#Cryptographic-Backend" accesskey="p" rel="prev">Cryptographic Backend</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
<h3 class="section" id="Random-Number-Generators"><span>11.6 Random Number Generators<a class="copiable-link" href="#Random-Number-Generators"> &para;</a></span></h3>
<h3 class="section" id="Random-Number-Generators">11.6 Random Number Generators</h3>
@@ -20005,7 +20005,7 @@ Next: <a href="#FIPS140_002d2-mode" acce
@@ -271,14 +271,14 @@ Index: gnutls-3.8.9/doc/gnutls.html
-FIPS140-2 and the system is in FIPS140-2 mode.
+FIPS140-3 and the system is in FIPS140-3 mode.
</p>
<h4 class="subheading" id="The-default-generator-_002d-inner-workings"><span>The default generator - inner workings<a class="copiable-link" href="#The-default-generator-_002d-inner-workings"> &para;</a></span></h4>
<h4 class="subheading" id="The-default-generator-_002d-inner-workings">The default generator - inner workings</h4>
@@ -20142,22 +20142,22 @@ on the above paragraph, all levels are i
<p>
Previous: <a href="#Random-Number-Generators_002dinternals" accesskey="p" rel="prev">Random Number Generators</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
-<h3 class="section" id="FIPS140_002d2-mode-1"><span>11.7 FIPS140-2 mode<a class="copiable-link" href="#FIPS140_002d2-mode-1"> &para;</a></span></h3>
+<h3 class="section" id="FIPS140_002d2-mode-1"><span>11.7 FIPS140-3 mode<a class="copiable-link" href="#FIPS140_002d2-mode-1"> &para;</a></span></h3>
-<h3 class="section" id="FIPS140_002d2-mode-1">11.7 FIPS140-2 mode</h3>
+<h3 class="section" id="FIPS140_002d2-mode-1">11.7 FIPS140-3 mode</h3>
-<p>GnuTLS can operate in a special mode for FIPS140-2. That mode of operation
-is for the conformance to NIST&rsquo;s FIPS140-2 publication, which consists of policies
@@ -335,8 +335,8 @@ Index: gnutls-3.8.9/doc/gnutls.html
+<p>On runtime an application can verify whether the library is in FIPS140-3
mode using the <a class="ref" href="#gnutls_005ffips140_005fmode_005fenabled">gnutls_fips140_mode_enabled</a> function.
</p>
-<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements"><span>Relaxing FIPS140-2 requirements<a class="copiable-link" href="#Relaxing-FIPS140_002d2-requirements"> &para;</a></span></h4>
+<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements"><span>Relaxing FIPS140-3 requirements<a class="copiable-link" href="#Relaxing-FIPS140_002d2-requirements"> &para;</a></span></h4>
-<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements">Relaxing FIPS140-2 requirements</h4>
+<h4 class="subheading" id="Relaxing-FIPS140_002d2-requirements">Relaxing FIPS140-3 requirements</h4>
<p>The library by default operates in a strict enforcing mode, ensuring that
-all constraints imposed by the FIPS140-2 specification are enforced. However
@@ -364,8 +364,8 @@ Index: gnutls-3.8.9/doc/gnutls.html
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
</p></dd>
@@ -20226,7 +20226,7 @@ to a message to the audit callback funct
</dl>
@@ -20227,7 +20227,7 @@ to a message to the audit callback funct
<div class="caption"><p><strong class="strong">Figure 11.5: </strong>The <code class="code">gnutls_fips_mode_t</code> enumeration.</p></div></div>
<p>The intention of this API is to be used by applications which may run in
-FIPS140-2 mode, while they utilize few algorithms not in the allowed set,
@@ -373,7 +373,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
e.g., for non-security related purposes. In these cases applications should
wrap the non-compliant code within blocks like the following.
</p>
@@ -20255,9 +20255,9 @@ if (gnutls_fips140_mode_enabled())
@@ -20256,9 +20256,9 @@ if (gnutls_fips140_mode_enabled())
<p>The reason of the <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> flag in the
previous calls is to localize the change in the mode. Note also, that
such a block has no effect when the library is not operating
@@ -385,7 +385,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
</p><div class="example">
<pre class="example-preformatted">gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
</pre></div>
@@ -20280,7 +20280,7 @@ performed within a given context.
@@ -20281,7 +20281,7 @@ performed within a given context.
<dt><code class="code"><var class="var">int</var> <a class="ref" href="#gnutls_005ffips140_005fpop_005fcontext">gnutls_fips140_pop_context</a> ( <var class="var">void</var>)</code></dt>
</dl>
@@ -394,7 +394,7 @@ Index: gnutls-3.8.9/doc/gnutls.html
operation. It can be attached to the current execution thread with
<a class="ref" href="#gnutls_005ffips140_005fpush_005fcontext">gnutls_fips140_push_context</a> and its internal state will be
updated until it is detached with
@@ -20653,8 +20653,8 @@ Previous: <a href="#Contributing" access
@@ -20654,8 +20654,8 @@ Previous: <a href="#Contributing" access
to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives.
</p>
@@ -405,16 +405,16 @@ Index: gnutls-3.8.9/doc/gnutls.html
</p>
<hr>
</div>
@@ -24575,7 +24575,7 @@ unusable. This function is not thread-s
<h4 class="subheading" id="gnutls_005ffips140_005fset_005fmode-1"><span>gnutls_fips140_set_mode<a class="copiable-link" href="#gnutls_005ffips140_005fset_005fmode-1"> &para;</a></span></h4>
@@ -24569,7 +24569,7 @@ unusable. This function is not thread-s
<h4 class="subheading" id="gnutls_005ffips140_005fset_005fmode-1">gnutls_fips140_set_mode</h4>
<a class="anchor" id="gnutls_005ffips140_005fset_005fmode"></a><dl class="first-deftypefn first-deftypefun-alias-first-deftypefn">
<dt class="deftypefn deftypefun-alias-deftypefn" id="index-gnutls_005ffips140_005fset_005fmode"><span class="category-def">Function: </span><span><code class="def-type">void</code> <strong class="def-name">gnutls_fips140_set_mode</strong> <code class="def-code-arguments">(gnutls_fips_mode_t <var class="var">mode</var>, unsigned <var class="var">flags</var>)</code><a class="copiable-link" href="#index-gnutls_005ffips140_005fset_005fmode"> &para;</a></span></dt>
<dt class="deftypefn deftypefun-alias-deftypefn" id="index-gnutls_005ffips140_005fset_005fmode"><span class="category-def">Function: </span><span><code class="def-type">void</code> <strong class="def-name">gnutls_fips140_set_mode</strong> <code class="def-code-arguments">(gnutls_fips_mode_t <var class="var">mode</var>, unsigned <var class="var">flags</var>)</code><a class="copiable-link" href='#index-gnutls_005ffips140_005fset_005fmode'> &para;</a></span></dt>
-<dd><p><var class="var">mode</var>: the FIPS140-2 mode to switch to
+<dd><p><var class="var">mode</var>: the FIPS140-3 mode to switch to
</p>
<p><var class="var">flags</var>: should be zero or <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code>
</p>
@@ -24584,13 +24584,13 @@ unusable. This function is not thread-s
@@ -24578,13 +24578,13 @@ unusable. This function is not thread-s
behavior with no flags after threads are created is undefined.
</p>
<p>When the flag <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> is specified
@@ -430,20 +430,20 @@ Index: gnutls-3.8.9/doc/gnutls.html
values for <code class="code">mode</code> or to <code class="code">GNUTLS_FIPS140_SELFTESTS</code> mode, the library
switches to <code class="code">GNUTLS_FIPS140_STRICT</code> mode.
</p>
@@ -47011,7 +47011,7 @@ Next: <a href="#Concept-Index" accesskey
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
-<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a></td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-2 mode</a></td></tr>
+<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a></td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-3 mode</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a></td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.8.9/doc/gnutls.info-3
@@ -46927,7 +46927,7 @@ Next: <a href="#Concept-Index" accesskey
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
-<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-2 mode</a></td></tr>
+<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#FIPS140_002d2-mode">FIPS140-3 mode</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.8.3/doc/gnutls.info-3
===================================================================
--- gnutls-3.8.9.orig/doc/gnutls.info-3
+++ gnutls-3.8.9/doc/gnutls.info-3
@@ -2108,7 +2108,7 @@ to more. Both will exit with a st
--- gnutls-3.8.3.orig/doc/gnutls.info-3
+++ gnutls-3.8.3/doc/gnutls.info-3
@@ -2247,7 +2247,7 @@ to more. Both will exit with a st
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
- file must pre-exist
@@ -452,7 +452,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
@@ -3261,7 +3261,7 @@ to know what happens inside the black bo
@@ -3400,7 +3400,7 @@ to know what happens inside the black bo
* TLS Hello Extension Handling::
* Cryptographic Backend::
* Random Number Generators-internals::
@@ -461,7 +461,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3

File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
@@ -3789,7 +3789,7 @@ and abstract key types::.
@@ -3932,7 +3932,7 @@ and abstract key types::.
kernel implementation of /dev/crypto.

@@ -470,7 +470,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3
11.6 Random Number Generators
=============================
@@ -3799,7 +3799,7 @@ About the generators
@@ -3942,7 +3942,7 @@ About the generators
GnuTLS provides two random generators. The default, and the AES-DRBG
random generator which is only used when the library is compiled with
@@ -479,7 +479,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3
The default generator - inner workings
--------------------------------------
@@ -4030,7 +4030,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
@@ -4174,7 +4174,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
Figure 11.5: The gnutls_fips_mode_t enumeration.
The intention of this API is to be used by applications which may run in
@@ -488,7 +488,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3
set, e.g., for non-security related purposes. In these cases
applications should wrap the non-compliant code within blocks like the
following.
@@ -4054,10 +4054,10 @@ are macros to simplify the following seq
@@ -4198,10 +4198,10 @@ are macros to simplify the following seq
The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous
calls is to localize the change in the mode. Note also, that such a
@@ -501,7 +501,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3
gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
Service indicator
@@ -4539,8 +4539,8 @@ There are certifications from national o
@@ -4683,8 +4683,8 @@ There are certifications from national o
practices, such as unit testing and reliance on well known crypto
primitives.
@@ -512,7 +512,7 @@ Index: gnutls-3.8.9/doc/gnutls.info-3

File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top
@@ -9015,7 +9015,7 @@ gnutls_fips140_set_mode
@@ -9151,7 +9151,7 @@ gnutls_fips140_set_mode
-- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE,
unsigned FLAGS)
@@ -521,10 +521,10 @@ Index: gnutls-3.8.9/doc/gnutls.info-3
FLAGS: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD
Index: gnutls-3.8.9/doc/invoke-gnutls-cli.texi
Index: gnutls-3.8.3/doc/invoke-gnutls-cli.texi
===================================================================
--- gnutls-3.8.9.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.9/doc/invoke-gnutls-cli.texi
--- gnutls-3.8.3.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.3/doc/invoke-gnutls-cli.texi
@@ -102,7 +102,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
@@ -534,10 +534,10 @@ Index: gnutls-3.8.9/doc/invoke-gnutls-cli.texi
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
Index: gnutls-3.8.9/doc/manpages/gnutls-cli.1
Index: gnutls-3.8.3/doc/manpages/gnutls-cli.1
===================================================================
--- gnutls-3.8.9.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.9/doc/manpages/gnutls-cli.1
--- gnutls-3.8.3.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.3/doc/manpages/gnutls-cli.1
@@ -398,7 +398,7 @@ Specify the PKCS #11 provider library.
This will override the default options in /etc/gnutls/pkcs11.conf
.TP
@@ -547,11 +547,11 @@ Index: gnutls-3.8.9/doc/manpages/gnutls-cli.1
.sp
.TP
.NOP \f\*[B-Font]\-\-list\-config\f[]
Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
Index: gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
===================================================================
--- gnutls-3.8.9.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
@@ -20874,12 +20874,12 @@ gnutls_fips140_set_mode (<em class="para
--- gnutls-3.8.3.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.3/doc/reference/html/gnutls-gnutls.html
@@ -20866,12 +20866,12 @@ gnutls_fips140_set_mode (<em class="para
(globally), and should be called prior to creating any threads. Its
behavior with no flags after threads are created is undefined.</p>
<p>When the flag <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SET-MODE-THREAD:CAPS" title="GNUTLS_FIPS140_SET_MODE_THREAD"><code class="literal">GNUTLS_FIPS140_SET_MODE_THREAD</code></a> is specified
@@ -566,7 +566,7 @@ Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
values for <em class="parameter"><code>mode</code></em>
or to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SELFTESTS:CAPS"><code class="literal">GNUTLS_FIPS140_SELFTESTS</code></a> mode, the library
switches to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-STRICT:CAPS"><code class="literal">GNUTLS_FIPS140_STRICT</code></a> mode.</p>
@@ -20894,7 +20894,7 @@ switches to <a class="link" href="gnutls
@@ -20886,7 +20886,7 @@ switches to <a class="link" href="gnutls
<tbody>
<tr>
<td class="parameter_name"><p>mode</p></td>
@@ -575,7 +575,7 @@ Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
<td class="parameter_annotations"> </td>
</tr>
<tr>
@@ -26035,7 +26035,7 @@ encryption</p>
@@ -25904,7 +25904,7 @@ encryption</p>
<hr>
<div class="refsect2">
<a name="gnutls-fips-mode-t"></a><h3>enum gnutls_fips_mode_t</h3>
@@ -584,7 +584,7 @@ Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
<div class="refsect3">
<a name="gnutls-fips-mode-t.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
@@ -26048,7 +26048,7 @@ encryption</p>
@@ -25917,7 +25917,7 @@ encryption</p>
<tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-DISABLED:CAPS"></a>GNUTLS_FIPS140_DISABLED</p></td>
<td class="enum_member_description">
@@ -593,7 +593,7 @@ Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
</td>
<td class="enum_member_annotations"> </td>
</tr>
@@ -26071,8 +26071,8 @@ operation failure via error code.</p>
@@ -25940,8 +25940,8 @@ operation failure via error code.</p>
<tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-LAX:CAPS"></a>GNUTLS_FIPS140_LAX</p></td>
<td class="enum_member_description">
@@ -604,17 +604,17 @@ Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).</p>
</td>
@@ -27712,4 +27712,4 @@ This is used by <a class="link" href="gn
@@ -27575,4 +27575,4 @@ This is used by <a class="link" href="gn
<div class="footer">
<hr>Generated by GTK-Doc V1.34.0</div>
<hr>Generated by GTK-Doc V1.33.1</div>
</body>
-</html>
\ No newline at end of file
+</html>
Index: gnutls-3.8.9/lib/fips.c
Index: gnutls-3.8.3/lib/fips.c
===================================================================
--- gnutls-3.8.9.orig/lib/fips.c
+++ gnutls-3.8.9/lib/fips.c
--- gnutls-3.8.3.orig/lib/fips.c
+++ gnutls-3.8.3/lib/fips.c
@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void)
}
@@ -633,7 +633,7 @@ Index: gnutls-3.8.9/lib/fips.c
ret = GNUTLS_FIPS140_SELFTESTS;
goto exit;
}
@@ -745,7 +745,7 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi
/**
* gnutls_fips140_set_mode:
@@ -642,7 +642,7 @@ Index: gnutls-3.8.9/lib/fips.c
* @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD
*
* That function is not thread-safe when changing the mode with no flags
@@ -753,13 +753,13 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi
* behavior with no flags after threads are created is undefined.
*
* When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified
@@ -658,7 +658,7 @@ Index: gnutls-3.8.9/lib/fips.c
* values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library
* switches to %GNUTLS_FIPS140_STRICT mode.
*
@@ -771,10 +771,10 @@ void gnutls_fips140_set_mode(gnutls_fips
@@ -720,10 +720,10 @@ void gnutls_fips140_set_mode(gnutls_fips
gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled();
if (prev == GNUTLS_FIPS140_DISABLED ||
prev == GNUTLS_FIPS140_SELFTESTS) {
@@ -671,7 +671,7 @@ Index: gnutls-3.8.9/lib/fips.c
return;
}
@@ -787,7 +787,7 @@ void gnutls_fips140_set_mode(gnutls_fips
@@ -736,7 +736,7 @@ void gnutls_fips140_set_mode(gnutls_fips
case GNUTLS_FIPS140_SELFTESTS:
_gnutls_audit_log(
NULL,
@@ -680,7 +680,7 @@ Index: gnutls-3.8.9/lib/fips.c
mode = GNUTLS_FIPS140_STRICT;
break;
default:
@@ -963,7 +963,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -912,7 +912,7 @@ void _gnutls_switch_fips_state(gnutls_fi
}
if (!_tfips_context) {
@@ -689,7 +689,7 @@ Index: gnutls-3.8.9/lib/fips.c
return;
}
@@ -977,7 +977,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -926,7 +926,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (mode != GNUTLS_FIPS140_LAX) {
_gnutls_audit_log(
NULL,
@@ -698,7 +698,7 @@ Index: gnutls-3.8.9/lib/fips.c
operation_state_to_string(state));
}
_tfips_context->state = state;
@@ -988,7 +988,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -937,7 +937,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (mode != GNUTLS_FIPS140_LAX) {
_gnutls_audit_log(
NULL,
@@ -707,7 +707,7 @@ Index: gnutls-3.8.9/lib/fips.c
operation_state_to_string(state));
}
_tfips_context->state = state;
@@ -1000,7 +1000,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -949,7 +949,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (mode != GNUTLS_FIPS140_LAX) {
_gnutls_audit_log(
NULL,
@@ -716,7 +716,7 @@ Index: gnutls-3.8.9/lib/fips.c
operation_state_to_string(
_tfips_context->state),
operation_state_to_string(state));
@@ -1062,7 +1062,7 @@ int gnutls_fips140_run_self_tests(void)
@@ -1011,7 +1011,7 @@ int gnutls_fips140_run_self_tests(void)
ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(NULL,
@@ -725,7 +725,7 @@ Index: gnutls-3.8.9/lib/fips.c
} else {
/* Restore the previous library state */
_gnutls_switch_lib_state(prev_lib_state);
@@ -1074,7 +1074,7 @@ int gnutls_fips140_run_self_tests(void)
@@ -1023,7 +1023,7 @@ int gnutls_fips140_run_self_tests(void)
if (gnutls_fips140_pop_context() < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(
@@ -734,11 +734,11 @@ Index: gnutls-3.8.9/lib/fips.c
}
gnutls_fips140_context_deinit(fips_context);
}
Index: gnutls-3.8.9/lib/fips.h
Index: gnutls-3.8.3/lib/fips.h
===================================================================
--- gnutls-3.8.9.orig/lib/fips.h
+++ gnutls-3.8.9/lib/fips.h
@@ -163,7 +163,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
--- gnutls-3.8.3.orig/lib/fips.h
+++ gnutls-3.8.3/lib/fips.h
@@ -160,7 +160,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
}
#ifdef ENABLE_FIPS140
@@ -747,7 +747,7 @@ Index: gnutls-3.8.9/lib/fips.h
* and return an error if necessary or ignore */
#define FIPS_RULE(condition, ret_error, ...) \
{ \
@@ -173,10 +173,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
@@ -170,10 +170,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
if (_mode == GNUTLS_FIPS140_LOG) { \
_gnutls_audit_log( \
NULL, \
@@ -760,7 +760,7 @@ Index: gnutls-3.8.9/lib/fips.h
return ret_error; \
} \
} \
@@ -191,7 +191,7 @@ inline static bool is_mac_algo_allowed(g
@@ -188,7 +188,7 @@ inline static bool is_mac_algo_allowed(g
switch (mode) {
case GNUTLS_FIPS140_LOG:
_gnutls_audit_log(NULL,
@@ -769,7 +769,7 @@ Index: gnutls-3.8.9/lib/fips.h
gnutls_mac_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
@@ -213,7 +213,7 @@ inline static bool is_cipher_algo_allowe
@@ -210,7 +210,7 @@ inline static bool is_cipher_algo_allowe
switch (mode) {
case GNUTLS_FIPS140_LOG:
_gnutls_audit_log(NULL,
@@ -778,11 +778,11 @@ Index: gnutls-3.8.9/lib/fips.h
gnutls_cipher_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
Index: gnutls-3.8.9/lib/global.c
Index: gnutls-3.8.3/lib/global.c
===================================================================
--- gnutls-3.8.9.orig/lib/global.c
+++ gnutls-3.8.9/lib/global.c
@@ -339,12 +339,12 @@ static int _gnutls_global_init(unsigned
--- gnutls-3.8.3.orig/lib/global.c
+++ gnutls-3.8.3/lib/global.c
@@ -337,12 +337,12 @@ static int _gnutls_global_init(unsigned
#ifdef ENABLE_FIPS140
res = _gnutls_fips_mode_enabled();
@@ -797,7 +797,7 @@ Index: gnutls-3.8.9/lib/global.c
_gnutls_priority_update_fips();
/* first round of self checks, these are done on the
@@ -354,7 +354,7 @@ static int _gnutls_global_init(unsigned
@@ -352,7 +352,7 @@ static int _gnutls_global_init(unsigned
if (ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(
@@ -806,7 +806,7 @@ Index: gnutls-3.8.9/lib/global.c
if (res != 2) {
gnutls_assert();
goto out;
@@ -377,7 +377,7 @@ static int _gnutls_global_init(unsigned
@@ -375,7 +375,7 @@ static int _gnutls_global_init(unsigned
if (ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(
@@ -815,11 +815,11 @@ Index: gnutls-3.8.9/lib/global.c
if (res != 2) {
gnutls_assert();
goto out;
Index: gnutls-3.8.9/lib/includes/gnutls/gnutls.h.in
Index: gnutls-3.8.3/lib/includes/gnutls/gnutls.h.in
===================================================================
--- gnutls-3.8.9.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.9/lib/includes/gnutls/gnutls.h.in
@@ -3236,16 +3236,16 @@ typedef int (*gnutls_alert_read_func)(gn
--- gnutls-3.8.3.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.3/lib/includes/gnutls/gnutls.h.in
@@ -3199,16 +3199,16 @@ typedef int (*gnutls_alert_read_func)(gn
void gnutls_alert_set_read_function(gnutls_session_t session,
gnutls_alert_read_func func);
@@ -840,7 +840,7 @@ Index: gnutls-3.8.9/lib/includes/gnutls/gnutls.h.in
* application is aware of the followed security policy, and needs
* to utilize disallowed operations for other reasons (e.g., compatibility).
* @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results
@@ -3253,7 +3253,7 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -3216,7 +3216,7 @@ unsigned gnutls_fips140_mode_enabled(voi
* @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state
* cannot be set or seen by applications.
*
@@ -849,10 +849,10 @@ Index: gnutls-3.8.9/lib/includes/gnutls/gnutls.h.in
*/
typedef enum gnutls_fips_mode_t {
GNUTLS_FIPS140_DISABLED = 0,
Index: gnutls-3.8.9/src/cli.c
Index: gnutls-3.8.3/src/cli.c
===================================================================
--- gnutls-3.8.9.orig/src/cli.c
+++ gnutls-3.8.9/src/cli.c
--- gnutls-3.8.3.orig/src/cli.c
+++ gnutls-3.8.3/src/cli.c
@@ -1635,10 +1635,10 @@ static void cmd_parser(int argc, char **
if (HAVE_OPT(FIPS140_MODE)) {
@@ -866,11 +866,11 @@ Index: gnutls-3.8.9/src/cli.c
exit(1);
}
Index: gnutls-3.8.9/src/gnutls-cli-options.c
Index: gnutls-3.8.3/src/gnutls-cli-options.c
===================================================================
--- gnutls-3.8.9.orig/src/gnutls-cli-options.c
+++ gnutls-3.8.9/src/gnutls-cli-options.c
@@ -843,7 +843,7 @@ usage (FILE *out, int status)
--- gnutls-3.8.3.orig/src/gnutls-cli-options.c
+++ gnutls-3.8.3/src/gnutls-cli-options.c
@@ -810,7 +810,7 @@ usage (FILE *out, int status)
" --inline-commands-prefix=str Change the default delimiter for inline commands\n"
" --provider=file Specify the PKCS #11 provider library\n"
" - file must pre-exist\n"
@@ -879,10 +879,10 @@ Index: gnutls-3.8.9/src/gnutls-cli-options.c
" --list-config Reports the configuration of the library\n"
" --logfile=str Redirect informational messages to a specific file\n"
" --keymatexport=str Label used for exporting keying material\n"
Index: gnutls-3.8.9/tests/cert-tests/gost.sh
Index: gnutls-3.8.3/tests/cert-tests/gost.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/gost.sh
+++ gnutls-3.8.9/tests/cert-tests/gost.sh
--- gnutls-3.8.3.orig/tests/cert-tests/gost.sh
+++ gnutls-3.8.3/tests/cert-tests/gost.sh
@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -892,10 +892,10 @@ Index: gnutls-3.8.9/tests/cert-tests/gost.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs12-corner-cases.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs12-corner-cases.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs12-corner-cases.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12-corner-cases.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -905,10 +905,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs12-corner-cases.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs12-encode.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs12-encode.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs12-encode.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12-encode.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -918,10 +918,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs12-encode.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs12-gost.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs12-gost.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs12-gost.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -931,10 +931,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs12-gost.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs12.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs12.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs12.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs12.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -944,10 +944,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs12.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs8-decode.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs8-decode.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs8-decode.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8-decode.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -957,10 +957,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs8-decode.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs8-eddsa.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs8-eddsa.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs8-eddsa.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8-eddsa.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -970,10 +970,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs8-eddsa.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs8-gost.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs8-gost.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs8-gost.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8-gost.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -983,10 +983,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs8-gost.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cert-tests/pkcs8.sh
Index: gnutls-3.8.3/tests/cert-tests/pkcs8.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.8.9/tests/cert-tests/pkcs8.sh
--- gnutls-3.8.3.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.8.3/tests/cert-tests/pkcs8.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@@ -996,10 +996,10 @@ Index: gnutls-3.8.9/tests/cert-tests/pkcs8.sh
exit 77
fi
Index: gnutls-3.8.9/tests/cipher-listings.sh
Index: gnutls-3.8.3/tests/cipher-listings.sh
===================================================================
--- gnutls-3.8.9.orig/tests/cipher-listings.sh
+++ gnutls-3.8.9/tests/cipher-listings.sh
--- gnutls-3.8.3.orig/tests/cipher-listings.sh
+++ gnutls-3.8.3/tests/cipher-listings.sh
@@ -63,7 +63,7 @@ check()
${CLI} --fips140-mode
@@ -1009,10 +1009,10 @@ Index: gnutls-3.8.9/tests/cipher-listings.sh
exit 77
fi
Index: gnutls-3.8.9/tests/testpkcs11.sh
Index: gnutls-3.8.3/tests/testpkcs11.sh
===================================================================
--- gnutls-3.8.9.orig/tests/testpkcs11.sh
+++ gnutls-3.8.9/tests/testpkcs11.sh
--- gnutls-3.8.3.orig/tests/testpkcs11.sh
+++ gnutls-3.8.3/tests/testpkcs11.sh
@@ -26,7 +26,7 @@
RETCODE=0
@@ -1022,10 +1022,10 @@ Index: gnutls-3.8.9/tests/testpkcs11.sh
exit 77
fi
Index: gnutls-3.8.9/doc/enums/gnutls_fips_mode_t
Index: gnutls-3.8.3/doc/enums/gnutls_fips_mode_t
===================================================================
--- gnutls-3.8.9.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.9/doc/enums/gnutls_fips_mode_t
--- gnutls-3.8.3.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.3/doc/enums/gnutls_fips_mode_t
@@ -3,7 +3,7 @@
@c gnutls_fips_mode_t
@table @code
@@ -1046,11 +1046,11 @@ Index: gnutls-3.8.9/doc/enums/gnutls_fips_mode_t
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.8.9/doc/gnutls-api.texi
Index: gnutls-3.8.3/doc/gnutls-api.texi
===================================================================
--- gnutls-3.8.9.orig/doc/gnutls-api.texi
+++ gnutls-3.8.9/doc/gnutls-api.texi
@@ -3279,7 +3279,7 @@ unusable. This function is not thread-s
--- gnutls-3.8.3.orig/doc/gnutls-api.texi
+++ gnutls-3.8.3/doc/gnutls-api.texi
@@ -3275,7 +3275,7 @@ unusable. This function is not thread-s
@subheading gnutls_fips140_set_mode
@anchor{gnutls_fips140_set_mode}
@deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags})
@@ -1059,7 +1059,7 @@ Index: gnutls-3.8.9/doc/gnutls-api.texi
@var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD}
@@ -3288,13 +3288,13 @@ That function is not thread-safe when ch
@@ -3284,13 +3284,13 @@ That function is not thread-safe when ch
behavior with no flags after threads are created is undefined.
When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified
@@ -1075,10 +1075,10 @@ Index: gnutls-3.8.9/doc/gnutls-api.texi
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.8.9/lib/ext/session_ticket.c
Index: gnutls-3.8.3/lib/ext/session_ticket.c
===================================================================
--- gnutls-3.8.9.orig/lib/ext/session_ticket.c
+++ gnutls-3.8.9/lib/ext/session_ticket.c
--- gnutls-3.8.3.orig/lib/ext/session_ticket.c
+++ gnutls-3.8.3/lib/ext/session_ticket.c
@@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g
{
if (_gnutls_fips_mode_enabled()) {
@@ -1088,11 +1088,11 @@ Index: gnutls-3.8.9/lib/ext/session_ticket.c
* some limits on allowed key size, thus it is not
* used. These limits do not affect this function as
* it does not generate a "key" but rather key material
Index: gnutls-3.8.9/lib/libgnutls.map
Index: gnutls-3.8.3/lib/libgnutls.map
===================================================================
--- gnutls-3.8.9.orig/lib/libgnutls.map
+++ gnutls-3.8.9/lib/libgnutls.map
@@ -1459,7 +1459,7 @@ GNUTLS_FIPS140_3_4 {
--- gnutls-3.8.3.orig/lib/libgnutls.map
+++ gnutls-3.8.3/lib/libgnutls.map
@@ -1441,7 +1441,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_hkdf_self_test;
gnutls_pbkdf2_self_test;
gnutls_tlsprf_self_test;
@@ -1101,11 +1101,11 @@ Index: gnutls-3.8.9/lib/libgnutls.map
drbg_aes_reseed;
drbg_aes_init;
drbg_aes_generate;
Index: gnutls-3.8.9/lib/nettle/mac.c
Index: gnutls-3.8.3/lib/nettle/mac.c
===================================================================
--- gnutls-3.8.9.orig/lib/nettle/mac.c
+++ gnutls-3.8.9/lib/nettle/mac.c
@@ -292,7 +292,7 @@ static void _wrap_gmac_digest(void *_ctx
--- gnutls-3.8.3.orig/lib/nettle/mac.c
+++ gnutls-3.8.3/lib/nettle/mac.c
@@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx
static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
struct nettle_mac_ctx *ctx)
{
@@ -1114,20 +1114,20 @@ Index: gnutls-3.8.9/lib/nettle/mac.c
* gnutls_hash_init() and gnutls_hmac_init() */
ctx->set_nonce = NULL;
@@ -688,7 +688,7 @@ static void _md5_sha1_init(void *_ctx)
@@ -648,7 +648,7 @@ static void _md5_sha1_digest(void *_ctx,
static int _ctx_init(gnutls_digest_algorithm_t algo,
struct nettle_hash_ctx *ctx)
{
- /* Any FIPS140-2 related enforcement is performed on
+ /* Any FIPS140-3 related enforcement is performed on
* gnutls_hash_init() and gnutls_hmac_init() */
ctx->finished = NULL;
Index: gnutls-3.8.9/config.h.in
switch (algo) {
case GNUTLS_DIG_MD5:
Index: gnutls-3.8.3/config.h.in
===================================================================
--- gnutls-3.8.9.orig/config.h.in
+++ gnutls-3.8.9/config.h.in
@@ -104,7 +104,7 @@
--- gnutls-3.8.3.orig/config.h.in
+++ gnutls-3.8.3/config.h.in
@@ -82,7 +82,7 @@
/* enable DHE */
#undef ENABLE_ECDHE
@@ -1136,7 +1136,7 @@ Index: gnutls-3.8.9/config.h.in
#undef ENABLE_FIPS140
/* enable GOST */
@@ -147,7 +147,7 @@
@@ -125,7 +125,7 @@
/* Define this to 1 if F_DUPFD behavior does not match POSIX */
#undef FCNTL_DUPFD_BUGGY
@@ -1145,11 +1145,11 @@ Index: gnutls-3.8.9/config.h.in
#undef FIPS_KEY
/* The FIPS140 module name */
Index: gnutls-3.8.9/configure
Index: gnutls-3.8.3/configure
===================================================================
--- gnutls-3.8.9.orig/configure
+++ gnutls-3.8.9/configure
@@ -4493,7 +4493,7 @@ Optional Features:
--- gnutls-3.8.3.orig/configure
+++ gnutls-3.8.3/configure
@@ -3830,7 +3830,7 @@ Optional Features:
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
@@ -1158,10 +1158,10 @@ Index: gnutls-3.8.9/configure
--enable-strict-x509 enable stricter sanity checks for x509 certificates
--disable-non-suiteb-curves
disable curves not in SuiteB
Index: gnutls-3.8.9/doc/cha-support.texi
Index: gnutls-3.8.3/doc/cha-support.texi
===================================================================
--- gnutls-3.8.9.orig/doc/cha-support.texi
+++ gnutls-3.8.9/doc/cha-support.texi
--- gnutls-3.8.3.orig/doc/cha-support.texi
+++ gnutls-3.8.3/doc/cha-support.texi
@@ -134,5 +134,5 @@ There are certifications from national o
to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives.
@@ -1170,10 +1170,23 @@ Index: gnutls-3.8.9/doc/cha-support.texi
-See @ref{FIPS140-2 mode} for more information.
+GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux.
+See @ref{FIPS140-3 mode} for more information.
Index: gnutls-3.8.9/src/gnutls-cli-options.json
Index: gnutls-3.8.3/doc/gnutls.info
===================================================================
--- gnutls-3.8.9.orig/src/gnutls-cli-options.json
+++ gnutls-3.8.9/src/gnutls-cli-options.json
--- gnutls-3.8.3.orig/doc/gnutls.info
+++ gnutls-3.8.3/doc/gnutls.info
@@ -618,7 +618,7 @@ Ref: fig-crypto-layers744471
Ref: Cryptographic Backend-Footnote-1747783
Ref: Cryptographic Backend-Footnote-2747868
Node: Random Number Generators-internals747980
-Node: FIPS140-2 mode755450
+Node: FIPS140-3 mode755450
Ref: gnutls_fips_mode_t758148
Node: Upgrading from previous versions761817
Node: Support776059
Index: gnutls-3.8.3/src/gnutls-cli-options.json
===================================================================
--- gnutls-3.8.3.orig/src/gnutls-cli-options.json
+++ gnutls-3.8.3/src/gnutls-cli-options.json
@@ -384,7 +384,7 @@
},
{
@@ -1183,58 +1196,3 @@ Index: gnutls-3.8.9/src/gnutls-cli-options.json
},
{
"long-option": "list-config",
Index: gnutls-3.8.9/tests/pkcs11-tool.sh
===================================================================
--- gnutls-3.8.9.orig/tests/pkcs11-tool.sh
+++ gnutls-3.8.9/tests/pkcs11-tool.sh
@@ -30,7 +30,7 @@ set -x
: ${DIFF=diff}
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.8.9/doc/manpages/gnutls_fips140_set_mode.3
===================================================================
--- gnutls-3.8.9.orig/doc/manpages/gnutls_fips140_set_mode.3
+++ gnutls-3.8.9/doc/manpages/gnutls_fips140_set_mode.3
@@ -8,7 +8,7 @@ gnutls_fips140_set_mode \- API function
.BI "void gnutls_fips140_set_mode(gnutls_fips_mode_t " mode ", unsigned " flags ");"
.SH ARGUMENTS
.IP "gnutls_fips_mode_t mode" 12
-the FIPS140\-2 mode to switch to
+the FIPS140\-3 mode to switch to
.IP "unsigned flags" 12
should be zero or \fBGNUTLS_FIPS140_SET_MODE_THREAD\fP
.SH "DESCRIPTION"
@@ -17,13 +17,13 @@ That function is not thread\-safe when c
behavior with no flags after threads are created is undefined.
When the flag \fBGNUTLS_FIPS140_SET_MODE_THREAD\fP is specified
-then this call will change the FIPS140\-2 mode for this particular
+then this call will change the FIPS140\-3 mode for this particular
thread and not for the whole process. That way an application
can utilize this function to set and reset mode for specific
operations.
This function never fails but will be a no\-op if used when
-the library is not in FIPS140\-2 mode. When asked to switch to unknown
+the library is not in FIPS140\-3 mode. When asked to switch to unknown
values for \fImode\fP or to \fBGNUTLS_FIPS140_SELFTESTS\fP mode, the library
switches to \fBGNUTLS_FIPS140_STRICT\fP mode.
.SH "SINCE"
Index: gnutls-3.8.9/doc/gnutls.info
===================================================================
--- gnutls-3.8.9.orig/doc/gnutls.info
+++ gnutls-3.8.9/doc/gnutls.info
@@ -619,7 +619,7 @@ Ref: fig-crypto-layers743671
Ref: Cryptographic Backend-Footnote-1746978
Ref: Cryptographic Backend-Footnote-2747063
Node: Random Number Generators-internals747175
-Node: FIPS140-2 mode754631
+Node: FIPS140-3 mode754631
Ref: gnutls_fips_mode_t757295
Node: Upgrading from previous versions760963
Node: Support775201

214
gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
View File

@@ -1,120 +1,112 @@
Index: gnutls-3.8.8/lib/fips.c
Index: gnutls-3.8.0/lib/fips.c
===================================================================
--- gnutls-3.8.8.orig/lib/fips.c
+++ gnutls-3.8.8/lib/fips.c
@@ -349,11 +349,90 @@ static int load_hmac_file(struct hmac_fi
}
--- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
@@ -171,16 +171,28 @@ struct hmac_entry {
struct hmac_file {
int version;
struct hmac_entry gnutls;
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
struct hmac_entry nettle;
struct hmac_entry hogweed;
struct hmac_entry gmp;
+#endif
};
struct lib_paths {
char gnutls[GNUTLS_PATH_MAX];
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
char nettle[GNUTLS_PATH_MAX];
char hogweed[GNUTLS_PATH_MAX];
char gmp[GNUTLS_PATH_MAX];
+#endif
};
/*
+ * check_dep_lib_hmac:
+ * @path: path to the library which hmac should be compared
+ *
+ * Verify that HMAC of a given library matches the hmac in the file
+ * provided by the library, named: .<libname>.so.<soname>.hmac.
+ *
+ * Returns: 0 on successful HMAC verification, a negative error code otherwise
+ */
+static int check_dep_lib_hmac(const char *path)
+{
+ int ret;
+ unsigned prev;
+ uint8_t hmac[HMAC_SIZE];
+ gnutls_datum_t data;
+ char hmac_path[GNUTLS_PATH_MAX];
+ uint8_t lib_hmac[HMAC_SIZE];
+ size_t lib_hmac_size;
+
+ _gnutls_debug_log("Loading: %s\n", path);
+ ret = gnutls_load_file(path, &data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not load %s: %s\n", path,
+ gnutls_strerror(ret));
+ return gnutls_assert_val(ret);
+ }
+
+ prev = _gnutls_get_lib_state();
+ _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
+ ret = gnutls_hmac_fast(HMAC_ALGO, FIPS_KEY, sizeof(FIPS_KEY) - 1,
+ data.data, data.size, hmac);
+ _gnutls_switch_lib_state(prev);
+
+ gnutls_free(data.data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not calculate HMAC for %s: %s\n", path,
+ gnutls_strerror(ret));
+ return gnutls_assert_val(ret);
+ }
+
+ /* Check now the integrity of the hmac provided by the library */
+ ret = get_hmac_path(hmac_path, sizeof(hmac_path), path);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not get hmac file path: %s\n",
+ gnutls_strerror(ret));
+ return ret;
+ }
+ _gnutls_debug_log("Loading: %s\n", hmac_path);
+ ret = gnutls_load_file(hmac_path, &data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not load %s: %s\n", hmac_path,
+ gnutls_strerror(ret));
+ return gnutls_assert_val(ret);
+ }
+ lib_hmac_size = hex_data_size(data.size);
+ /* trim eventual newlines from the end of the data read from file */
+ while ((data.size > 0) && (data.data[data.size - 1] == '\n')) {
+ data.data[data.size - 1] = 0;
+ data.size--;
+ }
+ ret = gnutls_hex_decode(&data, lib_hmac, &lib_hmac_size);
+ gnutls_free(data.data);
+ if (ret < 0) {
+ _gnutls_debug_log("Could not hex decode hmac\n");
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+ ret = gnutls_memcmp(lib_hmac, hmac, HMAC_SIZE);
+ if (ret){
+ _gnutls_debug_log("Calculated MAC for %s does not match\n",
+ path);
+ gnutls_memset(hmac, 0, HMAC_SIZE);
+ gnutls_memset(lib_hmac, 0, HMAC_SIZE);
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+ _gnutls_debug_log("Successfully verified MAC for %s\n", path);
+ gnutls_memset(hmac, 0, HMAC_SIZE);
+ return 0;
+}
+
+/*
* check_lib_hmac:
* @entry: hmac file entry
* @path: path to the library which hmac should be compared
*
- * Verify that HMAC from hmac file entry matches HMAC of given library.
+ * Verify that HMAC from hmac file entry matches HMAC of gnutls library.
*
* Returns: 0 on successful HMAC verification, a negative error code otherwise
*/
@@ -496,17 +575,20 @@ static int check_binary_integrity(void)
@@ -241,12 +253,18 @@ static int handler(void *user, const cha
}
} else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
return lib_handler(&p->gnutls, section, name, value);
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
} else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
return lib_handler(&p->nettle, section, name, value);
} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
return lib_handler(&p->hogweed, section, name, value);
} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
return lib_handler(&p->gmp, section, name, value);
+#endif
} else {
return 0;
}
@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info
if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+#endif
return 0;
}
@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gnutls library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
if (paths->nettle[0] == '\0') {
_gnutls_debug_log("Nettle library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gmp library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
-
+#endif
return GNUTLS_E_SUCCESS;
}
@@ -467,6 +496,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
if (ret < 0)
return ret;
#ifdef NETTLE_LIBRARY_SONAME
- ret = check_lib_hmac(&hmac.nettle, paths.nettle);
+ //ret = check_lib_hmac(&hmac.nettle, paths.nettle);
+ ret = check_dep_lib_hmac(paths.nettle);
+# if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
ret = check_lib_hmac(&hmac.nettle, paths.nettle);
if (ret < 0)
return ret;
#endif
#ifdef HOGWEED_LIBRARY_SONAME
- ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
+ //ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
+ ret = check_dep_lib_hmac(paths.hogweed);
@@ -476,6 +510,7 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gmp, paths.gmp);
if (ret < 0)
return ret;
#endif
#ifdef GMP_LIBRARY_SONAME
- ret = check_lib_hmac(&hmac.gmp, paths.gmp);
+ //ret = check_lib_hmac(&hmac.gmp, paths.gmp);
+ ret = check_dep_lib_hmac(paths.gmp);
if (ret < 0)
return ret;
#endif
+# endif
return 0;
}

12
gnutls-FIPS-TLS_KDF_selftest.patch
View File

@@ -1,8 +1,8 @@
Index: gnutls-3.8.9/lib/fips.c
Index: gnutls-3.7.7/lib/fips.c
===================================================================
--- gnutls-3.8.9.orig/lib/fips.c
+++ gnutls-3.8.9/lib/fips.c
@@ -621,6 +621,26 @@ int _gnutls_fips_perform_self_checks2(vo
--- gnutls-3.7.7.orig/lib/fips.c
+++ gnutls-3.7.7/lib/fips.c
@@ -517,6 +517,26 @@ int _gnutls_fips_perform_self_checks2(vo
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
}
@@ -27,5 +27,5 @@ Index: gnutls-3.8.9/lib/fips.c
+ }
+
/* PK */
if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
if (ret < 0) {

265
gnutls-FIPS-disable-mac-sha1.patch
View File

@@ -1,265 +0,0 @@
commit c4eba74d4745e3a97b443abae1431658a826d2eb
Author: Angel Yankov <angel.yankov@suse.com>
Date: Thu Nov 28 11:02:07 2024 +0200
SHA-1 is not allowed in FIPS-140-3 anymore after 2030. Mark it as
unapproved
Signed-off-by: Angel Yankov <angel.yankov@suse.com>
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 0abbd7f69..f25ee0b14 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -33,6 +33,7 @@
#include "crypto-api.h"
#include "iov.h"
#include "intprops.h"
+#include <gnutls/gnutls.h>
typedef struct api_cipher_hd_st {
cipher_hd_st ctx_enc;
@@ -597,7 +598,9 @@ int gnutls_hmac_init(gnutls_hmac_hd_t *dig, gnutls_mac_algorithm_t algorithm,
bool not_approved = false;
/* MD5 is only allowed internally for TLS */
- if (!is_mac_algo_allowed(algorithm)) {
+ if (algorithm == GNUTLS_MAC_SHA1)
+ not_approved = true;
+ else if (!is_mac_algo_allowed(algorithm)) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
} else if (!is_mac_algo_approved_in_fips(algorithm)) {
@@ -757,8 +760,9 @@ int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm, const void *key,
{
int ret;
bool not_approved = false;
-
- if (!is_mac_algo_allowed(algorithm)) {
+ if (algorithm == GNUTLS_MAC_SHA1)
+ not_approved = true;
+ else if (!is_mac_algo_allowed(algorithm)) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
} else if (!is_mac_algo_approved_in_fips(algorithm)) {
@@ -839,8 +843,9 @@ int gnutls_hash_init(gnutls_hash_hd_t *dig, gnutls_digest_algorithm_t algorithm)
{
int ret;
bool not_approved = false;
-
- if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
+ if (algorithm == GNUTLS_MAC_SHA1)
+ not_approved = true;
+ else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {
@@ -957,8 +962,9 @@ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, const void *ptext,
{
int ret;
bool not_approved = false;
-
- if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
+ if (algorithm == GNUTLS_MAC_SHA1)
+ not_approved = true;
+ else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {
@@ -2174,7 +2180,9 @@ int gnutls_pbkdf2(gnutls_mac_algorithm_t mac, const gnutls_datum_t *key,
bool not_approved = false;
/* MD5 is only allowed internally for TLS */
- if (!is_mac_algo_allowed(mac)) {
+ if (mac == GNUTLS_MAC_SHA1)
+ not_approved = true;
+ else if (!is_mac_algo_allowed(mac)) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
} else if (!is_mac_algo_hmac_approved_in_fips(mac)) {
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
index f6505f7fe..f3b5cc870 100644
--- a/lib/crypto-selftests.c
+++ b/lib/crypto-selftests.c
@@ -2891,7 +2891,7 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
case GNUTLS_MAC_UNKNOWN:
NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors);
FALLTHROUGH;
- CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);
+ NON_FIPS_CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);
FALLTHROUGH;
CASE(GNUTLS_MAC_SHA224, test_mac, hmac_sha224_vectors);
FALLTHROUGH;
diff --git a/lib/fips.h b/lib/fips.h
index 60a4e5f67..76b746253 100644
--- a/lib/fips.h
+++ b/lib/fips.h
@@ -81,7 +81,6 @@ inline static bool
is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)
{
switch (algo) {
- case GNUTLS_MAC_SHA1:
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 91eaffd68..da8783b95 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -2784,10 +2784,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
if (hash_len > vdata->size)
hash_len = vdata->size;
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
- * mode */
switch (DIG_TO_MAC(sign_params->dsa_dig)) {
- case GNUTLS_MAC_SHA1:
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
@@ -2857,7 +2854,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
bits = mpz_sizeinbase(pub.n, 2);
/* In FIPS 140-3, RSA key size should be larger than 2048-bit.
- * In addition to this, only SHA-1 and SHA-2 are allowed
+ * In addition to this, only SHA-2 is allowed
* for SigVer; it is checked in _pkcs1_rsa_verify_sig in
* lib/pubkey.c.
*/
@@ -2903,7 +2900,7 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
}
/* RSA modulus size should be 2048-bit or larger in FIPS
- * 140-3. In addition to this, only SHA-1 and SHA-2 are
+ * 140-3. In addition to this, only SHA-2 are
* allowed for SigVer, while Nettle only supports
* SHA256, SHA384, and SHA512 for RSA-PSS (see
* _rsa_pss_verify_digest in this file for the details).
diff --git a/lib/pubkey.c b/lib/pubkey.c
index 1e5ecf31c..811e5310b 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -2516,10 +2516,7 @@ static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
d.size = digest_size;
if (pk == GNUTLS_PK_RSA) {
- /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
- * mode */
switch (me->id) {
- case GNUTLS_MAC_SHA1:
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
diff --git a/tests/fips-test.c b/tests/fips-test.c
index 3af4df719..d3fab9dfb 100644
--- a/tests/fips-test.c
+++ b/tests/fips-test.c
@@ -397,11 +397,12 @@ void doit(void)
}
FIPS_POP_CONTEXT(ERROR);
+ FIPS_PUSH_CONTEXT();
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
if (ret < 0) {
- fail("gnutls_hmac_init failed\n");
+ fail("gnutls_hmac_init failed for sha1\n");
}
- gnutls_hmac_deinit(mh, NULL);
+ FIPS_POP_CONTEXT(NOT_APPROVED);
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size);
if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
@@ -596,7 +597,7 @@ void doit(void)
}
FIPS_POP_CONTEXT(NOT_APPROVED);
- /* Verify a signature created with 2432-bit RSA and SHA-1; approved */
+ /* Verify a signature created with 2432-bit RSA and SHA-1; not approved */
FIPS_PUSH_CONTEXT();
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1,
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
@@ -604,7 +605,7 @@ void doit(void)
if (ret < 0) {
fail("gnutls_pubkey_verify_data2 failed\n");
}
- FIPS_POP_CONTEXT(APPROVED);
+ FIPS_POP_CONTEXT(NOT_APPROVED);
gnutls_free(signature.data);
gnutls_pubkey_deinit(pubkey);
gnutls_privkey_deinit(privkey);
@@ -707,7 +708,7 @@ void doit(void)
}
FIPS_POP_CONTEXT(NOT_APPROVED);
- /* Verify a signature created with ECDSA and SHA-1; approved */
+ /* Verify a signature created with ECDSA and SHA-1; not approved */
FIPS_PUSH_CONTEXT();
ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1,
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1,
@@ -715,7 +716,7 @@ void doit(void)
if (ret < 0) {
fail("gnutls_pubkey_verify_data2 failed\n");
}
- FIPS_POP_CONTEXT(APPROVED);
+ FIPS_POP_CONTEXT(NOT_APPROVED);
gnutls_free(signature.data);
/* Create a signature with ECDSA and SHA-1 (old API); not approved */
@@ -736,7 +737,7 @@ void doit(void)
}
hashed_data.data = hash;
hashed_data.size = 20;
- FIPS_POP_CONTEXT(APPROVED);
+ FIPS_POP_CONTEXT(NOT_APPROVED);
/* Create a signature with ECDSA and SHA1 (2-pass API); not-approved */
FIPS_PUSH_CONTEXT();
diff --git a/tests/gnutls_hmac_fast.c b/tests/gnutls_hmac_fast.c
index e092bdd95..b54e64569 100644
--- a/tests/gnutls_hmac_fast.c
+++ b/tests/gnutls_hmac_fast.c
@@ -42,6 +42,11 @@ void doit(void)
if (debug)
gnutls_global_set_log_level(4711);
+ /* enable MD5 and SHA1 usage */
+ if (gnutls_fips140_mode_enabled()) {
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);
+ }
+
err = gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
digest);
if (err < 0)
@@ -59,11 +64,6 @@ void doit(void)
}
}
- /* enable MD5 usage */
- if (gnutls_fips140_mode_enabled()) {
- gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);
- }
-
err = gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8,
digest);
if (err < 0)
diff --git a/tests/kdf-api.c b/tests/kdf-api.c
index d476482fa..45c6d60de 100644
--- a/tests/kdf-api.c
+++ b/tests/kdf-api.c
@@ -108,7 +108,6 @@ inline static bool
is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)
{
switch (algo) {
- case GNUTLS_MAC_SHA1:
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
@@ -145,7 +144,7 @@ static void test_pbkdf2(gnutls_mac_algorithm_t mac, const char *ikm_hex,
assert(gnutls_hex_decode2(&hex, &salt) >= 0);
fips_push_context(fips_context);
- assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
+ gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length);
fips_pop_context(fips_context, expected_state);
gnutls_free(ikm.data);
gnutls_free(salt.data);

16
gnutls-FIPS-jitterentropy-deinit-threads.patch
View File

@@ -1,8 +1,8 @@
Index: gnutls-3.8.4/lib/state.c
Index: gnutls-3.7.3/lib/state.c
===================================================================
--- gnutls-3.8.4.orig/lib/state.c
+++ gnutls-3.8.4/lib/state.c
@@ -830,6 +830,12 @@ void gnutls_deinit(gnutls_session_t sess
--- gnutls-3.7.3.orig/lib/state.c
+++ gnutls-3.7.3/lib/state.c
@@ -794,6 +794,12 @@ void gnutls_deinit(gnutls_session_t sess
gnutls_mutex_deinit(&session->internals.post_negotiation_lock);
gnutls_mutex_deinit(&session->internals.epoch_lock);
@@ -15,11 +15,11 @@ Index: gnutls-3.8.4/lib/state.c
gnutls_free(session);
}
Index: gnutls-3.8.4/lib/nettle/rnd.c
Index: gnutls-3.7.3/lib/nettle/rnd.c
===================================================================
--- gnutls-3.8.4.orig/lib/nettle/rnd.c
+++ gnutls-3.8.4/lib/nettle/rnd.c
@@ -79,6 +79,12 @@ struct generators_ctx_st {
--- gnutls-3.7.3.orig/lib/nettle/rnd.c
+++ gnutls-3.7.3/lib/nettle/rnd.c
@@ -75,6 +75,12 @@ struct generators_ctx_st {
static void wrap_nettle_rnd_deinit(void *_ctx)
{

40
gnutls-FIPS-jitterentropy.patch
View File

@@ -1,7 +1,7 @@
Index: gnutls-3.8.9/lib/nettle/sysrng-linux.c
Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c
===================================================================
--- gnutls-3.8.9.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.9/lib/nettle/sysrng-linux.c
--- gnutls-3.8.1.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.1/lib/nettle/sysrng-linux.c
@@ -49,6 +49,15 @@
get_entropy_func _rnd_get_system_entropy = NULL;
@@ -158,11 +158,11 @@ Index: gnutls-3.8.9/lib/nettle/sysrng-linux.c
+#endif
return;
}
Index: gnutls-3.8.9/lib/nettle/Makefile.in
Index: gnutls-3.8.1/lib/nettle/Makefile.in
===================================================================
--- gnutls-3.8.9.orig/lib/nettle/Makefile.in
+++ gnutls-3.8.9/lib/nettle/Makefile.in
@@ -521,7 +521,7 @@ am__v_CC_1 =
--- gnutls-3.8.1.orig/lib/nettle/Makefile.in
+++ gnutls-3.8.1/lib/nettle/Makefile.in
@@ -402,7 +402,7 @@ am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -171,10 +171,10 @@ Index: gnutls-3.8.9/lib/nettle/Makefile.in
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
Index: gnutls-3.8.9/lib/nettle/Makefile.am
Index: gnutls-3.8.1/lib/nettle/Makefile.am
===================================================================
--- gnutls-3.8.9.orig/lib/nettle/Makefile.am
+++ gnutls-3.8.9/lib/nettle/Makefile.am
--- gnutls-3.8.1.orig/lib/nettle/Makefile.am
+++ gnutls-3.8.1/lib/nettle/Makefile.am
@@ -20,7 +20,7 @@
include $(top_srcdir)/lib/common.mk
@@ -182,12 +182,12 @@ Index: gnutls-3.8.9/lib/nettle/Makefile.am
-AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS)
+AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS) -ljitterentropy
AM_CPPFLAGS += \
AM_CPPFLAGS = \
-I$(srcdir)/int \
Index: gnutls-3.8.9/lib/nettle/rnd-fips.c
Index: gnutls-3.8.1/lib/nettle/rnd-fips.c
===================================================================
--- gnutls-3.8.9.orig/lib/nettle/rnd-fips.c
+++ gnutls-3.8.9/lib/nettle/rnd-fips.c
--- gnutls-3.8.1.orig/lib/nettle/rnd-fips.c
+++ gnutls-3.8.1/lib/nettle/rnd-fips.c
@@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc
uint8_t buffer[DRBG_AES_SEED_SIZE];
int ret;
@@ -210,16 +210,16 @@ Index: gnutls-3.8.9/lib/nettle/rnd-fips.c
ret = get_entropy(fctx, buffer, sizeof(buffer));
if (ret < 0) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
Index: gnutls-3.8.9/tests/Makefile.am
Index: gnutls-3.8.1/tests/Makefile.am
===================================================================
--- gnutls-3.8.9.orig/tests/Makefile.am
+++ gnutls-3.8.9/tests/Makefile.am
@@ -212,7 +212,7 @@ ctests += mini-record-2 simple gnutls_hm
--- gnutls-3.8.1.orig/tests/Makefile.am
+++ gnutls-3.8.1/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
- set_x509_key_file_ocsp client-fastopen rng-sigint srp \
+ set_x509_key_file_ocsp client-fastopen srp \
- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
+ set_x509_key_file_ocsp client-fastopen srp rng-pthread \
safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \

8
gnutls-disable-flaky-test-dtls-resume.patch
View File

@@ -1,8 +1,8 @@
Index: gnutls-3.8.9/tests/Makefile.am
Index: gnutls-3.7.8/tests/Makefile.am
===================================================================
--- gnutls-3.8.9.orig/tests/Makefile.am
+++ gnutls-3.8.9/tests/Makefile.am
@@ -530,7 +530,7 @@ if !WINDOWS
--- gnutls-3.7.8.orig/tests/Makefile.am
+++ gnutls-3.7.8/tests/Makefile.am
@@ -508,7 +508,7 @@ if !WINDOWS
# List of tests not available/functional under windows
#

10
gnutls-set-cligen-python-interp.patch
View File

@@ -1,10 +0,0 @@
Index: gnutls-3.8.9/cligen/cli-docgen.py
===================================================================
--- gnutls-3.8.9.orig/cligen/cli-docgen.py
+++ gnutls-3.8.9/cligen/cli-docgen.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# Copyright (C) 2021-2022 Daiki Ueno
# SPDX-License-Identifier: LGPL-2.1-or-later

34
gnutls-skip-pqx-test.patch
View File

@@ -1,34 +0,0 @@
Index: gnutls-3.8.9/tests/Makefile.am
===================================================================
--- gnutls-3.8.9.orig/tests/Makefile.am
+++ gnutls-3.8.9/tests/Makefile.am
@@ -603,8 +603,6 @@ ctests += win32-certopenstore
endif
-dist_check_SCRIPTS += pqc-hybrid-kx.sh
-
cpptests =
if ENABLE_CXX
if HAVE_CMOCKA
Index: gnutls-3.8.9/tests/Makefile.in
===================================================================
--- gnutls-3.8.9.orig/tests/Makefile.in
+++ gnutls-3.8.9/tests/Makefile.in
@@ -3236,7 +3236,7 @@ am__dist_check_SCRIPTS_DIST = rfc2253-es
gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh \
gnutls-cli-rawpk.sh dh-fips-approved.sh p11-kit-trust.sh \
testpkcs11.sh certtool-pkcs11.sh pkcs11-tool.sh \
- p11-kit-load.sh danetool.sh tpmtool_test.sh pqc-hybrid-kx.sh
+ p11-kit-load.sh danetool.sh tpmtool_test.sh
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -7106,7 +7106,6 @@ dist_check_SCRIPTS = rfc2253-escape-test
$(am__append_18) $(am__append_20) $(am__append_21) \
$(am__append_23) $(am__append_25) $(am__append_26) \
$(am__append_27) $(am__append_29) $(am__append_30) \
- pqc-hybrid-kx.sh
@WINDOWS_FALSE@dtls_stress_SOURCES = dtls/dtls-stress.c
@WINDOWS_FALSE@dtls_stress_LDADD = $(COMMON_GNUTLS_LDADD) \
@WINDOWS_FALSE@ $(COMMON_DEPS_LDADD)

10
gnutls-srp-test-SIGPIPE.patch
View File

@@ -1,8 +1,8 @@
Index: gnutls-3.8.9/tests/srp.c
Index: gnutls-3.8.1/tests/srp.c
===================================================================
--- gnutls-3.8.9.orig/tests/srp.c
+++ gnutls-3.8.9/tests/srp.c
@@ -290,7 +290,7 @@ static void start(const char *name, cons
--- gnutls-3.8.1.orig/tests/srp.c
+++ gnutls-3.8.1/tests/srp.c
@@ -287,7 +289,7 @@ static void start(const char *name, cons
if (child) {
int status;
/* parent */
@@ -11,7 +11,7 @@ Index: gnutls-3.8.9/tests/srp.c
client(fd[1], prio, user, pass, exp_err);
if (exp_err < 0) {
kill(child, SIGTERM);
@@ -300,7 +300,7 @@ static void start(const char *name, cons
@@ -297,7 +299,7 @@ static void start(const char *name, cons
check_wait_status(status);
}
} else {

198
gnutls.changes
View File

@@ -1,144 +1,49 @@
-------------------------------------------------------------------
Mon Mar 24 09:41:17 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
Mon Nov 24 10:25:40 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
- FIPS: Mark SHA-1 as non-approved in the SLI. [jsc#PED-12224]
* Add gnutls-FIPS-disable-mac-sha1.patch
- Security fix bsc#1254132 CVE-2025-9820
* Fix buffer overflow in gnutls_pkcs11_token_init
* Added gnutls-CVE-2025-9820.patch
-------------------------------------------------------------------
Mon Feb 24 11:15:52 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
Mon Jul 14 17:54:02 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Update to 3.8.9
- libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
- libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
- libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
- libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243
- Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2
* Rebased gnutls-FIPS-140-3-references.patch
* Rebased gnutls-FIPS-TLS_KDF_selftest.patch
* Rebased gnutls-FIPS-jitterentropy.patch
* Rebased gnutls-disable-flaky-test-dtls-resume.patch
* Rebased gnutls-srp-test-SIGPIPE.patch
* Rebased gnutls-3.5.11-skip-trust-store-tests.patch
* Add gnutls-set-cligen-python-interp.patch
* Add gnutls-skip-pqx-test.patch
- Fix heap buffer overread when handling the CT SCT extension during X.509
certificate parsing [bsc#1246233, CVE-2025-32989]
* Add patch gnutls-CVE-2025-32989.patch
- Fix double-free due to incorrect ownership handling in the export logic of
SAN entries containing an otherName [bsc#1246232, CVE-2025-32988]
* Add patch gnutls-CVE-2025-32988.patch
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- Fix NULL pointer dereference when 2nd Client Hello omits PSK
[bsc#1246299, CVE-2025-6395]
* Add patch gnutls-CVE-2025-6395.patch
-------------------------------------------------------------------
Mon Nov 11 10:04:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
Fri Feb 14 14:53:32 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
- Update to 3.8.8:
- libgnutls: Experimental support for X25519MLKEM768 and
SecP256r1MLKEM768 key exchange in TLS 1.3: The support for
post-quantum key exchanges has been extended to cover the final
standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem.
The minimum supported version of liboqs is bumped to 0.11.0.
- libgnutls: All records included in an OCSP response are now checked
in TLS: Previously, when multiple records are provided in a single
OCSP response, only the first record was considered; now all those
records are examined until the server certificate matches.
- libgnutls: Handling of malformed compress_certificate extension is
now more standard compliant: The server behavior of receiving a
malformed compress_certificate extension now more strictly follows
RFC 8879; return illegal_parameter alert instead of bad_certificate,
as well as overlong extension data is properly rejected.
- build: More flexible library linking options for compression
libraries, TPM, and liboqs support: The configure options,
--with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs
now take 4 states: yes/link/dlopen/no, to specify how the libraries
are linked or loaded.
* Rebase gnutls-FIPS-140-3-references.patch
- Security fix [bsc#1236974, CVE-2024-12243]
* gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
* Add gnutls-CVE-2024-12243.patch
-------------------------------------------------------------------
Fri Sep 27 08:02:09 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
Mon Apr 8 09:11:16 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Build with liboqs to support the X25519Kyber768 post-quantum key
exchange algorithm.
- Security fix: [bsc#1221747, CVE-2024-28835]
* gnutls: certtool crash when verifying a certificate chain
* Add gnutls-CVE-2024-28835.patch
-------------------------------------------------------------------
Thu Sep 5 07:57:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
Mon Apr 8 08:31:25 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Allow to perform the integrity check with the hmac provided
by each library [bsc#1226724]
* Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
-------------------------------------------------------------------
Mon Sep 2 10:09:23 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.7:
* libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely
disable DSA algorithm support.
* libgnutls: Experimental support for X25519Kyber768Draft00 key
exchange in TLS. For testing purposes, the hybrid post-quantum
key exchange defined in draft-tls-westerbaan-xyber768d00 has been
implemented using liboqs. Since the algorithm is still not finalized,
the support of this key exchange is disabled by default and can be
enabled with the --with-liboqs configure option.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
-------------------------------------------------------------------
Thu Jul 25 08:51:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.6:
* libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
* libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
* API and ABI modifications:
- gnutls_pkcs12_generate_mac3: New function
- gnutls_pkcs12_flags_t: New enum
- gnutls_hash_squeeze: New function
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-jitterentropy.patch
-------------------------------------------------------------------
Fri Apr 5 07:28:14 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.5:
* libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option 'allow-rsa-pkcs1-encrypt'
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
* libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
* libgnutls: A couple of memory related issues have been fixed in
RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA
with earlier versions of GMP. These were a regression introduced
in the 3.8.4 release. See #1535 and !1827.
* build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
* API and ABI modifications:
- GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of
gnutls_pkcs_encrypt_flags_t
* Rebase patches:
- gnutls-FIPS-TLS_KDF_selftest.patch
- gnutls-FIPS-140-3-references.patch
- Security fix: [bsc#1221746, CVE-2024-28834]
* gnutls: side-channel in the deterministic ECDSA
* Add gnutls-CVE-2024-28834.patch
-------------------------------------------------------------------
Wed Mar 20 12:08:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
@@ -148,45 +53,6 @@ Wed Mar 20 12:08:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
pre-intitization done in the main thread. [bsc#1221242]
* Add gnutls-FIPS-jitterentropy-deinit-threads.patch
-------------------------------------------------------------------
Wed Mar 20 09:26:32 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.4:
* libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a gnutls_x509_spki_t object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
* libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [bsc#1221746, CVE-2024-28834]
* libgnutls: Fixed a bug where certtool crashed when verifying a
certificate chain with more than 16 certificates. Reported by
William Woodruff (#1525) and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [bsc#1221747, CVE-2024-28835]
* libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
* build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
* API and ABI modifications:
- gnutls_x509_spki_get_rsa_oaep_params: New function.
- gnutls_x509_spki_set_rsa_oaep_params: New function.
- GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
-------------------------------------------------------------------
Wed Feb 21 18:04:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Remove some if..endif that do not affect any result
- Split documentation (some 1100 files) to separate subpackage
-------------------------------------------------------------------
Wed Jan 17 08:41:07 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

66
gnutls.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package gnutls
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -35,14 +35,12 @@
# disable for now, as our OBS builds do not work with it. Marcus 20220511
#bcond_without kcapi
%bcond_with kcapi
%bcond_without liboqs
%else
%bcond_with kcapi
%bcond_with liboqs
%endif
%bcond_with tpm
Name: gnutls
Version: 3.8.9
Version: 3.8.3
Release: 0
Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later
@@ -71,10 +69,22 @@ Patch102: gnutls-FIPS-jitterentropy.patch
#PATCH-FIX-SUSE bsc#1221242 Fix memleak in gnutls' jitterentropy collector
Patch103: gnutls-FIPS-jitterentropy-deinit-threads.patch
%endif
Patch104: gnutls-set-cligen-python-interp.patch
Patch105: gnutls-skip-pqx-test.patch
# PATCH-FIX-SUSE jsc#jsc#PED-12224 FIPS: Mark SHA1 as unapproved in the SLI
Patch106: gnutls-FIPS-disable-mac-sha1.patch
#PATCH-FIX-UPSTREAM bsc#1221746 CVE-2024-28834: gnutls: side-channel in the deterministic ECDSA
Patch200: gnutls-CVE-2024-28834.patch
#PATCH-FIX-UPSTREAM bsc#1221747 CVE-2024-28835: gnutls: certtool crash when verifying a certificate chain
Patch201: gnutls-CVE-2024-28835.patch
#PATCH-FIX-UPSTREAM bsc#1236974 CVE-2024-12243: gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
Patch202: gnutls-CVE-2024-12243.patch
#PATCH-FIX-UPSTREAM: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing [bsc#1246233, CVE-2025-32989]
Patch203: gnutls-CVE-2025-32989.patch
#PATCH-FIX-UPSTREAM: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName [bsc#1246232, CVE-2025-32988]
Patch204: gnutls-CVE-2025-32988.patch
#PATCH-FIX-UPSTREAM: Fix 1-byte heap buffer overflow when parsing templates with certtool [bsc#1246267, CVE-2025-32990]
Patch205: gnutls-CVE-2025-32990.patch
#PATCH-FIX-UPSTREAM: Fix NULL pointer dereference when 2nd Client Hello omits PSK [bsc#1246299, CVE-2025-6395]
Patch206: gnutls-CVE-2025-6395.patch
# PATCH-FIX-UPSTREAM bsc#1254132 CVE-2025-9820 buffer overflow in gnutls_pkcs11_token_init
Patch207: gnutls-CVE-2025-9820.patch
BuildRequires: autogen
BuildRequires: automake
BuildRequires: datefudge
@@ -97,9 +107,6 @@ BuildRequires: pkgconfig(zlib)
%if %{with kcapi}
BuildRequires: pkgconfig(libkcapi)
%endif
%if %{with liboqs}
BuildRequires: pkgconfig(liboqs)
%endif
%if 0%{?suse_version} <= 1320
BuildRequires: net-tools
%else
@@ -143,6 +150,7 @@ The GnuTLS library provides a secure layer over a reliable transport
layer. Currently the GnuTLS library implements the proposed standards
of the IETF's TLS working group.
%if %{with dane}
%package -n libgnutls-dane%{gnutls_dane_sover}
Summary: DANE support for the GNU Transport Layer Security Library
License: LGPL-2.1-or-later
@@ -152,6 +160,7 @@ Group: System/Libraries
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer.
This package contains the "DANE" part of gnutls.
%endif
%package -n libgnutlsxx%{gnutlsxx_sover}
Summary: C++ API for the GNU Transport Layer Security Library
@@ -181,6 +190,7 @@ Requires: crypto-policies
%description -n libgnutls-devel
Files needed for software development using gnutls.
%if %{with dane}
%package -n libgnutls-dane-devel
Summary: Development package for GnuTLS DANE component
License: LGPL-2.1-or-later
@@ -189,14 +199,7 @@ Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
%description -n libgnutls-dane-devel
Files needed for software development using gnutls.
%package -n libgnutls-devel-doc
Summary: Manual and Info pages for libgnutls
License: LGPL-2.1-or-later
BuildArch: noarch
%description -n libgnutls-devel-doc
Manpages (troff) and GNU Info pages for libgnutls.
%endif
%package -n libgnutlsxx-devel
Summary: Development package for the GnuTLS C++ API
@@ -244,9 +247,6 @@ autoreconf -fiv
%if %{with srp}
--enable-srp-authentication \
%endif
%if %{with liboqs}
--with-liboqs \
%endif
%ifarch %{ix86} %{arm}
--disable-year2038 \
%endif
@@ -316,13 +316,17 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%if %{with dane}
%post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
%postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
%endif
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%files -f libgnutls.lang
%license COPYING COPYING.LESSERv2
%license LICENSE
%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
%{_bindir}/certtool
%{_bindir}/gnutls-cli
@@ -343,22 +347,22 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%{_mandir}/man1/*
%files -n libgnutls%{gnutls_sover}
%license COPYING COPYING.LESSERv2
%license LICENSE
%{_libdir}/libgnutls.so.%{gnutls_sover}*
%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
%if %{with dane}
%files -n libgnutls-dane%{gnutls_dane_sover}
%license COPYING COPYING.LESSERv2
%license LICENSE
%{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}*
%endif
%files -n libgnutlsxx%{gnutlsxx_sover}
%license COPYING COPYING.LESSERv2
%license LICENSE
%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}*
%files -n libgnutls-devel
%license COPYING COPYING.LESSERv2
%license LICENSE
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/abstract.h
%{_includedir}/%{name}/crypto.h
@@ -379,15 +383,13 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%{_includedir}/%{name}/urls.h
%{_libdir}/libgnutls.so
%{_libdir}/pkgconfig/gnutls.pc
%files -n libgnutls-devel-doc
%{_mandir}/man3/*
%{_infodir}/*%{ext_info}
%{_docdir}/libgnutls-devel
%doc %{_docdir}/libgnutls-devel
%if %{with dane}
%files -n libgnutls-dane-devel
%license COPYING COPYING.LESSERv2
%license LICENSE
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/dane.h
%{_libdir}/pkgconfig/gnutls-dane.pc
@@ -395,7 +397,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%endif
%files -n libgnutlsxx-devel
%license COPYING COPYING.LESSERv2
%license LICENSE
%{_libdir}/libgnutlsxx.so
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/gnutlsxx.h