Pedro Monreal Gonzalez
cf30493c2c
- Update to 3.8.0: [bsc#1205763, bsc#1209627]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. Reported by Hubert Kario (#1050). Fix developed by
Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
[CVE-2023-0361]
* libgnutls: C++ library is now header only. All definitions
from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
C++ interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
* libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
* libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used
given other implementations dropped support for it. To enable
back support for it, supply --enable-heartbeat-support to
configure script.
* libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not
up to date with the latest TLS standards and its ciphersuites
are based on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
* libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
OBS-URL: https://build.opensuse.org/request/show/1074130
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=88
56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001
|
|
From: Pedro Monreal <pmgdeb@gmail.com>
|
|
Date: Thu, 16 Feb 2023 17:02:38 +0100
|
|
Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation
|
|
|
|
Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise
|
|
Consistency check, even if we only support ephemeral DH, as it is
|
|
required by FIPS 140-3 IG 10.3.A.
|
|
|
|
Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
|
|
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
|
---
|
|
lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++
|
|
1 file changed, 29 insertions(+)
|
|
|
|
Index: gnutls-3.8.0/lib/nettle/pk.c
|
|
===================================================================
|
|
--- gnutls-3.8.0.orig/lib/nettle/pk.c
|
|
+++ gnutls-3.8.0/lib/nettle/pk.c
|
|
@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_
|
|
}
|
|
break;
|
|
case GNUTLS_PK_DH:
|
|
+ {
|
|
+ mpz_t y;
|
|
+
|
|
+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
|
|
+ * of Pair-wise Consistency check, even if we only
|
|
+ * support ephemeral DH, as it is required by FIPS
|
|
+ * 140-3 IG 10.3.A.
|
|
+ *
|
|
+ * Use the private key, x, along with the generator g
|
|
+ * and prime modulus p included in the domain
|
|
+ * parameters associated with the key pair to compute
|
|
+ * g^x mod p. Compare the result to the public key, y.
|
|
+ */
|
|
+ mpz_init(y);
|
|
+ mpz_powm(y,
|
|
+ TOMPZ(params->params[DSA_G]),
|
|
+ TOMPZ(params->params[DSA_X]),
|
|
+ TOMPZ(params->params[DSA_P]));
|
|
+ if (unlikely
|
|
+ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
|
|
+ ret =
|
|
+ gnutls_assert_val
|
|
+ (GNUTLS_E_PK_GENERATION_ERROR);
|
|
+ mpz_clear(y);
|
|
+ goto cleanup;
|
|
+ }
|
|
+ mpz_clear(y);
|
|
+ break;
|
|
+ }
|
|
case GNUTLS_PK_ECDH_X25519:
|
|
case GNUTLS_PK_ECDH_X448:
|
|
ret = 0;
|