Accepting request 1105301 from security:tls

OBS-URL: https://build.opensuse.org/request/show/1105301 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=150
2023-08-23 12:56:48 +00:00 · 2023-08-23 12:56:48 +00:00 · cbd889027b
commit cbd889027b
parent b8bcedc791 d830af4f9e
12 changed files with 477 additions and 726 deletions
--- a/gnutls-3.8.0.tar.xz
+++ b/gnutls-3.8.0.tar.xz
--- a/gnutls-3.8.0.tar.xz.sig
+++ b/gnutls-3.8.0.tar.xz.sig
--- a/gnutls-3.8.1.tar.xz
+++ b/gnutls-3.8.1.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c
 size 6447056
--- a/gnutls-3.8.1.tar.xz.sig
+++ b/gnutls-3.8.1.tar.xz.sig
--- a/gnutls-FIPS-140-3-references.patch
+++ b/gnutls-FIPS-140-3-references.patch
--- a/gnutls-FIPS-PCT-DH.patch
+++ b/gnutls-FIPS-PCT-DH.patch
@ -1,55 +0,0 @@
 From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001
 From: Pedro Monreal <pmgdeb@gmail.com>
 Date: Thu, 16 Feb 2023 17:02:38 +0100
 Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation
 Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise
 Consistency check, even if we only support ephemeral DH, as it is
 required by FIPS 140-3 IG 10.3.A.
 Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
 Co-authored-by: Daiki Ueno <ueno@gnu.org>
 ---
 lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 Index: gnutls-3.8.0/lib/nettle/pk.c
 ===================================================================
 --- gnutls-3.8.0.orig/lib/nettle/pk.c
 +++ gnutls-3.8.0/lib/nettle/pk.c
@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_
 		}
 		break;
 	case GNUTLS_PK_DH:
 +		{
 +			mpz_t y;
 +
 +			/* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
 +			 * of Pair-wise Consistency check, even if we only
 +			 * support ephemeral DH, as it is required by FIPS
 +			 * 140-3 IG 10.3.A.
 +			 *
 +			 * Use the private key, x, along with the generator g
 +			 * and prime modulus p included in the domain
 +			 * parameters associated with the key pair to compute
 +			 * g^x mod p. Compare the result to the public key, y.
 +			 */
 +			mpz_init(y);
 +			mpz_powm(y,
 +				 TOMPZ(params->params[DSA_G]),
 +				 TOMPZ(params->params[DSA_X]),
 +				 TOMPZ(params->params[DSA_P]));
 +			if (unlikely
 +			    (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
 +				ret =
 +				    gnutls_assert_val
 +				    (GNUTLS_E_PK_GENERATION_ERROR);
 +				mpz_clear(y);
 +				goto cleanup;
 +			}
 +			mpz_clear(y);
 +			break;
 +		}
 	case GNUTLS_PK_ECDH_X25519:
 	case GNUTLS_PK_ECDH_X448:
 		ret = 0;
--- a/gnutls-FIPS-PCT-ECDH.patch
+++ b/gnutls-FIPS-PCT-ECDH.patch
@ -1,193 +0,0 @@
 From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001
 From: Pedro Monreal <pmgdeb@gmail.com>
 Date: Fri, 24 Feb 2023 22:02:48 +0000
 Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key
 derivation
 This implements full public key validation required in
 SP800-56A rev3, section 5.6.2.3.3.
 Co-authored-by: Daiki Ueno <ueno@gnu.org>
 Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
 ---
 lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 125 insertions(+), 3 deletions(-)
 diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
 index 6adf958a61..d30bca594f 100644
 --- a/lib/nettle/pk.c
 +++ b/lib/nettle/pk.c
@@ -71,6 +71,9 @@
 static inline const struct ecc_curve *get_supported_nist_curve(int curve);
 static inline const struct ecc_curve *get_supported_gost_curve(int curve);
 +static inline const char *get_supported_nist_curve_order(int curve);
 +static inline const char *get_supported_nist_curve_modulus(int curve);
 +
 /* When these callbacks are used for a nettle operation, the
  * caller must check the macro HAVE_LIB_ERROR() after the operation
  * is complete. If the macro is true, the operation is to be considered
@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
 			struct ecc_scalar ecc_priv;
 			struct ecc_point ecc_pub;
 			const struct ecc_curve *curve;
 +			struct ecc_scalar n;
 +			struct ecc_scalar m;
 +			struct ecc_point r;
 +			mpz_t x, y, xx, yy, nn, mm;
 			out->data = NULL;
@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
 				not_approved = true;
 			}
 +			mpz_init(x);
 +			mpz_init(y);
 +			mpz_init(xx);
 +			mpz_init(yy);
 +			mpz_init(nn);
 +			mpz_init(mm);
 +
 +			ecc_scalar_init(&n, curve);
 +			ecc_scalar_init(&m, curve);
 +			ecc_point_init(&r, curve);
 +
 			ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve);
 			if (ret < 0) {
 				gnutls_assert();
 -				goto cleanup;
 +				goto ecc_fail_cleanup;
 			}
 			ret = _ecc_params_to_privkey(priv, &ecc_priv, curve);
 			if (ret < 0) {
 				ecc_point_clear(&ecc_pub);
 				gnutls_assert();
 -				goto cleanup;
 +				goto ecc_fail_cleanup;
 			}
 			out->size = gnutls_ecc_curve_get_size(priv->curve);
@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
 				goto ecc_cleanup;
 			}
 +			/* Perform ECC Full Public-Key Validation Routine
 +			 * according to SP800-56A (revision 3), 5.6.2.3.3.
 +			 */
 +
 +			/* Step 1: verify that Q is not an identity
 +			 * element (an infinity point). Note that this
 +			 * cannot happen in the nettle implementation,
 +			 * because it cannot represent an infinity point
 +			 * on curves. */
 			ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
 						out->size);
 -			if (ret < 0)
 +			if (ret < 0) {
 				gnutls_free(out->data);
 +				goto ecc_cleanup;
 +			}
 +#ifdef ENABLE_FIPS140
 +			if (_gnutls_fips_mode_enabled()) {
 +				const char *order, *modulus;
 +
 +				ecc_point_mul(&r, &ecc_priv, &ecc_pub);
 +				ecc_point_get(&r, x, y);
 +
 +				/* Step 2: verify that both coordinates of Q are
 +				 * in the range [0, p - 1].
 +				 *
 +				 * Step 3: verify that Q lie on the curve
 +				 *
 +				 * Both checks are performed in nettle.  */
 +				if (!ecc_point_set(&r, x, y)) {
 +					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_ILLEGAL_PARAMETER);
 +					goto ecc_cleanup;
 +				}
 +
 +				/* Step 4: verify that n * Q, where n is the
 +				 * curve order, result in an identity element
 +				 *
 +				 * Since nettle internally cannot represent an
 +				 * identity element on curves, we validate this
 +				 * instead:
 +				 *
 +				 *   (n - 1) * Q = -Q
 +				 *
 +				 * That effectively means: n * Q = -Q + Q = O
 +				 */
 +				order =
 +				    get_supported_nist_curve_order(priv->curve);
 +				if (unlikely(order == NULL)) {
 +					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_INTERNAL_ERROR);
 +					goto ecc_cleanup;
 +				}
 +
 +				ret = mpz_set_str(nn, order, 16);
 +				if (unlikely(ret < 0)) {
 +					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_MPI_SCAN_FAILED);
 +					goto ecc_cleanup;
 +				}
 +
 +				modulus =
 +				    get_supported_nist_curve_modulus
 +				    (priv->curve);
 +				if (unlikely(modulus == NULL)) {
 +					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_INTERNAL_ERROR);
 +					goto ecc_cleanup;
 +				}
 +
 +				ret = mpz_set_str(mm, modulus, 16);
 +				if (unlikely(ret < 0)) {
 +					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_MPI_SCAN_FAILED);
 +					goto ecc_cleanup;
 +				}
 +
 +				/* (n - 1) * Q = -Q */
 +				mpz_sub_ui(nn, nn, 1);
 +				ecc_scalar_set(&n, nn);
 +				ecc_point_mul(&r, &n, &r);
 +				ecc_point_get(&r, xx, yy);
 +				mpz_sub(mm, mm, y);
 +
 +				if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) {
 +					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_ILLEGAL_PARAMETER);
 +					goto ecc_cleanup;
 +				}
 +			} else {
 +				not_approved = true;
 +			}
 +#endif
  ecc_cleanup:
 			ecc_point_clear(&ecc_pub);
 			ecc_scalar_zclear(&ecc_priv);
 + ecc_fail_cleanup:
 +			mpz_clear(x);
 +			mpz_clear(y);
 +			mpz_clear(xx);
 +			mpz_clear(yy);
 +			mpz_clear(nn);
 +			mpz_clear(mm);
 +			ecc_point_clear(&r);
 +			ecc_scalar_clear(&n);
 +			ecc_scalar_clear(&m);
 			if (ret < 0)
 				goto cleanup;
 			break;
 -- 
 GitLab
--- a/gnutls-FIPS-jitterentropy.patch
+++ b/gnutls-FIPS-jitterentropy.patch
@ -1,7 +1,7 @@
-Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
+Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c
 ===================================================================
--- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c
+--- gnutls-3.8.1.orig/lib/nettle/sysrng-linux.c
-+++ gnutls-3.8.0/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.1/lib/nettle/sysrng-linux.c
@@ -49,6 +49,15 @@
 get_entropy_func _rnd_get_system_entropy = NULL;
@ -18,7 +18,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
 #ifdef HAVE_GETRANDOM
 #include <sys/random.h>
 #else
-@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si
+@@ -68,6 +77,101 @@ static ssize_t _getrandom0(void *buf, si
 #endif
 #endif
@ -120,7 +120,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
 static unsigned have_getrandom(void)
 {
 	char c;
-@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void)
+@@ -163,6 +267,24 @@ int _rnd_system_entropy_init(void)
 	int urandom_fd;
 #if defined(__linux__)
@ -145,7 +145,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
 	/* Enable getrandom() usage if available */
 	if (have_getrandom()) {
 		_rnd_get_system_entropy = _rnd_get_system_entropy_getrandom;
-@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void)
+@@ -193,5 +315,12 @@ int _rnd_system_entropy_init(void)
 void _rnd_system_entropy_deinit(void)
 {
 	/* A no-op now when we open and close /dev/urandom every time */
@ -158,11 +158,11 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
 +#endif
 	return;
 }
-Index: gnutls-3.8.0/lib/nettle/Makefile.in
+Index: gnutls-3.8.1/lib/nettle/Makefile.in
 ===================================================================
--- gnutls-3.8.0.orig/lib/nettle/Makefile.in
+--- gnutls-3.8.1.orig/lib/nettle/Makefile.in
-+++ gnutls-3.8.0/lib/nettle/Makefile.in
+++ gnutls-3.8.1/lib/nettle/Makefile.in
-@@ -399,7 +399,7 @@ am__v_CC_1 =
+@@ -402,7 +402,7 @@ am__v_CC_1 =
 CCLD = $(CC)
 LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@ -171,10 +171,10 @@ Index: gnutls-3.8.0/lib/nettle/Makefile.in
 AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
-Index: gnutls-3.8.0/lib/nettle/Makefile.am
+Index: gnutls-3.8.1/lib/nettle/Makefile.am
 ===================================================================
--- gnutls-3.8.0.orig/lib/nettle/Makefile.am
+--- gnutls-3.8.1.orig/lib/nettle/Makefile.am
-+++ gnutls-3.8.0/lib/nettle/Makefile.am
+++ gnutls-3.8.1/lib/nettle/Makefile.am
@@ -20,7 +20,7 @@
 include $(top_srcdir)/lib/common.mk
@ -184,10 +184,10 @@ Index: gnutls-3.8.0/lib/nettle/Makefile.am
 AM_CPPFLAGS = \
 	-I$(srcdir)/int		\
-Index: gnutls-3.8.0/lib/nettle/rnd-fips.c
+Index: gnutls-3.8.1/lib/nettle/rnd-fips.c
 ===================================================================
--- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c
+--- gnutls-3.8.1.orig/lib/nettle/rnd-fips.c
-+++ gnutls-3.8.0/lib/nettle/rnd-fips.c
+++ gnutls-3.8.1/lib/nettle/rnd-fips.c
@@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc
 	uint8_t buffer[DRBG_AES_SEED_SIZE];
 	int ret;
@ -210,10 +210,10 @@ Index: gnutls-3.8.0/lib/nettle/rnd-fips.c
 	ret = get_entropy(fctx, buffer, sizeof(buffer));
 	if (ret < 0) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
-Index: gnutls-3.8.0/tests/Makefile.am
+Index: gnutls-3.8.1/tests/Makefile.am
 ===================================================================
--- gnutls-3.8.0.orig/tests/Makefile.am
+--- gnutls-3.8.1.orig/tests/Makefile.am
-+++ gnutls-3.8.0/tests/Makefile.am
+++ gnutls-3.8.1/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
--- a/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
+++ b/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
@ -0,0 +1,56 @@
 From abfa8634db940115a11a07596ce53c8f9c4f87d2 Mon Sep 17 00:00:00 2001
 From: Adrian Bunk <bunk@debian.org>
 Date: Sun, 6 Aug 2023 22:46:22 +0300
 Subject: [PATCH] Move the GNUTLS_NO_EXTENSIONS compatibility #define to
 gnutls.h
 Signed-off-by: Adrian Bunk <bunk@debian.org>
 ---
 lib/ext/ext_master_secret.h     | 3 ---
 lib/includes/gnutls/gnutls.h.in | 3 +++
 lib/state.h                     | 3 ---
 3 files changed, 3 insertions(+), 6 deletions(-)
 diff --git a/lib/ext/ext_master_secret.h b/lib/ext/ext_master_secret.h
 index 45d38178bd..419335b4e3 100644
 --- a/lib/ext/ext_master_secret.h
 +++ b/lib/ext/ext_master_secret.h
@@ -23,9 +23,6 @@
 #ifndef GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
 #define GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
 -/* Keep backward compatibility */
 -#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
 -
 #include <hello_ext.h>
 extern const hello_ext_entry_st ext_mod_ext_master_secret;
 diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
 index ec132cb5c3..fc64c7a228 100644
 --- a/lib/includes/gnutls/gnutls.h.in
 +++ b/lib/includes/gnutls/gnutls.h.in
@@ -542,6 +542,9 @@ typedef enum {
 #define GNUTLS_ENABLE_CERT_TYPE_NEG 0
 // Here for compatibility reasons
 +/* Keep backward compatibility */
 +#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
 +
 /**
  * gnutls_alert_level_t:
  * @GNUTLS_AL_WARNING: Alert of warning severity.
 diff --git a/lib/state.h b/lib/state.h
 index dc086bcf0d..975ceee3a7 100644
 --- a/lib/state.h
 +++ b/lib/state.h
@@ -110,7 +110,4 @@ inline static int _gnutls_PRF(gnutls_session_t session, const uint8_t *secret,
 #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
 -/* Keep backward compatibility */
 -#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
 -
 #endif /* GNUTLS_LIB_STATE_H */
 -- 
 GitLab
--- a/gnutls-srp-test-SIGPIPE.patch
+++ b/gnutls-srp-test-SIGPIPE.patch
@ -0,0 +1,22 @@
 Index: gnutls-3.8.1/tests/srp.c
 ===================================================================
 --- gnutls-3.8.1.orig/tests/srp.c
 +++ gnutls-3.8.1/tests/srp.c
@@ -287,7 +289,7 @@ static void start(const char *name, cons
 	if (child) {
 		int status;
 		/* parent */
 -		close(fd[0]);
 +		/* close(fd[0]); */
 		client(fd[1], prio, user, pass, exp_err);
 		if (exp_err < 0) {
 			kill(child, SIGTERM);
@@ -297,7 +299,7 @@ static void start(const char *name, cons
 			check_wait_status(status);
 		}
 	} else {
 -		close(fd[1]);
 +		/* close(fd[1]); */
 		server(fd[0], prio);
 		exit(0);
 	}
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,64 @@
 -------------------------------------------------------------------
 Tue Aug 22 15:00:57 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Fix missing GNUTLS_NO_EXTENSIONS compatibility.
  * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634
  * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
 -------------------------------------------------------------------
 Mon Aug 21 09:33:40 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - tests: Fix the SRP test that fails with SIGPIPE signal return due
  to a socket being closed before using it.
  * Add gnutls-srp-test-SIGPIPE.patch
 -------------------------------------------------------------------
 Mon Aug 7 07:51:59 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Update to version 3.8.1:
  * libgnutls: ClientHello extensions are randomized by default
    To make fingerprinting harder, TLS extensions in ClientHello
    messages are shuffled. As this behavior may cause compatibility
    issue with legacy applications that do not accept the last
    extension without payload, the behavior can be reverted with the
    %NO_SHUFFLE_EXTENSIONS priority keyword.
  * libgnutls: Add support for RFC 9258 external PSK importer.
    This enables to deploy the same PSK across multiple TLS versions
    (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application
    needs to set up a callback that formats the PSK identity using
    gnutls_psk_format_imported_identity().
  * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to
    %GNUTLS_NO_DEFAULT_EXTENSIONS.
  * libgnutls: Add additional PBKDF limit checks in FIPS mode as
    defined in SP 800-132. Minimum salt length is 128 bits and
    minimum iterations bound is 1000 for PBKDF in FIPS mode.
  * libgnutls: Add a mechanism to control whether to enforce extended
    master secret (RFC 7627). FIPS 140-3 mandates the use of TLS
    session hash (extended master secret, EMS) in TLS 1.2. To enforce
    this, a new priority keyword %FORCE_SESSION_HASH is added and if
    it is set and EMS is not set, the peer aborts the connection. This
    behavior is the default in FIPS mode, though it can be overridden
    through the configuration file with the "tls-session-hash" option.
    In either case non-EMS PRF is reported as a non-approved operation
    through the FIPS service indicator.
  * New option --attime to specify current time.
    To make testing with different timestamp to the system easier, the
    tools doing certificate verification now provide a new option
    --attime, which takes an arbitrary time.
  * API and ABI modifications:
    gnutls_psk_client_credentials_function3: New typedef
    gnutls_psk_server_credentials_function3: New typedef
    gnutls_psk_set_server_credentials_function3: New function
    gnutls_psk_set_client_credentials_function3: New function
    gnutls_psk_format_imported_identity: New function
    GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags
  * Rebase patches:
    - gnutls-FIPS-140-3-references.patch
    - gnutls-FIPS-jitterentropy.patch
  * Remove patches merged/fixed upstream:
    - gnutls-FIPS-PCT-DH.patch
    - gnutls-FIPS-PCT-ECDH.patch
 -------------------------------------------------------------------
 Mon May 29 07:27:23 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
--- a/gnutls.spec
+++ b/gnutls.spec
@ -40,7 +40,7 @@
 %endif
 %bcond_with tpm
 Name:           gnutls
-Version:        3.8.0
+Version:        3.8.1
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        GPL-3.0-or-later AND LGPL-2.1-or-later
@ -56,17 +56,18 @@ Source4:        gnutls.rpmlintrc
 Patch0:         gnutls-3.5.11-skip-trust-store-tests.patch
 Patch1:         gnutls-FIPS-TLS_KDF_selftest.patch
 Patch2:         gnutls-disable-flaky-test-dtls-resume.patch
 # PATCH-FIX-OPENSUSE The srp test fails with SIGPIPE
 Patch3:         gnutls-srp-test-SIGPIPE.patch
 # PATCH-FIX-OPENSUSE Fix missing GNUTLS_NO_EXTENSIONS compatibility
 Patch4:         gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
 # FIPS 140-3 patches:
 #PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration
 Patch100:       gnutls-FIPS-PCT-DH.patch
 Patch101:       gnutls-FIPS-PCT-ECDH.patch
 #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3
-Patch102:       gnutls-FIPS-140-3-references.patch
+Patch100:       gnutls-FIPS-140-3-references.patch
 #PATCH-FIX-SUSE bsc#1211476 FIPS: Skip fixed HMAC verification for nettle, hogweed and gmp
-Patch103:       gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
+Patch101:       gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
-Patch104:       gnutls-FIPS-jitterentropy.patch
+Patch102:       gnutls-FIPS-jitterentropy.patch
 %endif
 BuildRequires:  autogen
 BuildRequires:  automake