diff --git a/.gitignore b/.gitignore index 14960ad..d6f2a41 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/gnutls-3.6.14.tar.xz +SOURCES/gnutls-3.6.16.tar.xz SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg diff --git a/.gnutls.metadata b/.gnutls.metadata index b23acfd..1108c13 100644 --- a/.gnutls.metadata +++ b/.gnutls.metadata @@ -1,2 +1,2 @@ -bea1b5abcb691acf014e592f41d0a9580a41216a SOURCES/gnutls-3.6.14.tar.xz +6ba8fb898dcf4b4046b60662ba97df835593e687 SOURCES/gnutls-3.6.16.tar.xz 648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg diff --git a/SOURCES/gnutls-3.6.14-autogen-int.patch b/SOURCES/gnutls-3.6.14-autogen-int.patch deleted file mode 100644 index 6723acb..0000000 --- a/SOURCES/gnutls-3.6.14-autogen-int.patch +++ /dev/null @@ -1,36 +0,0 @@ -From cf1de82bedd01c01e70921699c84a473b08d0dab Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 1 Jun 2020 17:23:59 +0200 -Subject: [PATCH] serv: omit upper bound of --maxearlydata option definition - -It turned out that AutoGen treats numbers that exceed INT_MAX in a -platform dependent way. In this case, 4294967295 (UINT_MAX) is -treated as is on 64-bit platforms, while it is interpreted as "-1" on -32-bit platforms. This causes a problem when the program -documentation is compiled under multilib environment. - -Reported by Ivan Molodetskikh in: -https://bugzilla.redhat.com/show_bug.cgi?id=1841844 -and the cause was identified by Anderson Toshiyuki Sasaki. - -Signed-off-by: Daiki Ueno ---- - src/serv-args.def | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/serv-args.def b/src/serv-args.def -index 996fbe36b..a584085e2 100644 ---- a/src/serv-args.def -+++ b/src/serv-args.def -@@ -51,7 +51,7 @@ flag = { - flag = { - name = maxearlydata; - arg-type = number; -- arg-range = "1->4294967295"; -+ arg-range = "1->"; - descrip = "The maximum early data size to accept"; - doc = ""; - }; --- -2.26.2 - diff --git a/SOURCES/gnutls-3.6.14-ecdsa-verify.patch b/SOURCES/gnutls-3.6.14-ecdsa-verify.patch deleted file mode 100644 index 3ebaf2a..0000000 --- a/SOURCES/gnutls-3.6.14-ecdsa-verify.patch +++ /dev/null @@ -1,87 +0,0 @@ -diff -up ./doc/doxygen/Doxyfile.orig ./doc/doxygen/Doxyfile -diff -up ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig ./lib/nettle/ecc/ecc-gostdsa-verify.c ---- ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig 2020-06-03 15:05:27.000000000 +0200 -+++ ./lib/nettle/ecc/ecc-gostdsa-verify.c 2021-04-01 11:24:42.820992320 +0200 -@@ -63,6 +63,8 @@ ecc_gostdsa_verify (const struct ecc_cur - const mp_limb_t *rp, const mp_limb_t *sp, - mp_limb_t *scratch) - { -+ mp_limb_t cy; -+ - /* Procedure, according to GOST R 34.10. q denotes the group - order. - -@@ -101,11 +103,17 @@ ecc_gostdsa_verify (const struct ecc_cur - ecc->q.invert (&ecc->q, vp, hp, vp + 2*ecc->p.size); - - /* z1 = s / h, P1 = z1 * G */ -- ecc_mod_mul (&ecc->q, z1, sp, vp); -+ ecc_mod_mul (&ecc->q, z1 + ecc->q.size, sp, vp); -+ /* Ensure canonical reduction */ -+ cy = mpn_sub_n (z1, z1 + ecc->q.size, ecc->q.m, ecc->q.size); -+ cnd_copy (cy, z1, z1 + ecc->q.size, ecc->q.size); - - /* z2 = - r / h, P2 = z2 * Y */ -- ecc_mod_mul (&ecc->q, z2, rp, vp); -- mpn_sub_n (z2, ecc->q.m, z2, ecc->p.size); -+ mpn_sub_n (hp, ecc->q.m, rp, ecc->p.size); -+ ecc_mod_mul (&ecc->q, z2 + ecc->q.size, hp, vp); -+ /* Ensure canonical reduction */ -+ cy = mpn_sub_n (z2, z2 + ecc->q.size, ecc->q.m, ecc->q.size); -+ cnd_copy (cy, z2, z2 + ecc->q.size, ecc->q.size); - - /* Total storage: 5*ecc->p.size + ecc->mul_itch */ - ecc->mul (ecc, P2, z2, pp, z2 + ecc->p.size); -diff -up ./lib/nettle/ecc/eddsa-hash.c.orig ./lib/nettle/ecc/eddsa-hash.c ---- ./lib/nettle/ecc/eddsa-hash.c.orig 2020-06-03 15:05:28.000000000 +0200 -+++ ./lib/nettle/ecc/eddsa-hash.c 2021-04-01 11:24:42.821992314 +0200 -@@ -43,13 +43,14 @@ - #include - #include "ecc-internal.h" - --/* Convert hash digest to integer, and reduce modulo q, to m->size -- limbs. Needs space for 2*m->size + 1 at rp. */ -+/* Convert hash digest to integer, and reduce canonically modulo q. -+ Needs space for 2*m->size + 1 at rp. */ - void - _eddsa_hash (const struct ecc_modulo *m, - mp_limb_t *rp, size_t digest_size, const uint8_t *digest) - { - mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS; -+ mp_limb_t cy; - - mpn_set_base256_le (rp, nlimbs, digest, digest_size); - -@@ -74,4 +75,8 @@ _eddsa_hash (const struct ecc_modulo *m, - assert (hi == 0); - } - m->mod (m, rp); -+ /* Ensure canonical reduction. */ -+ cy = mpn_sub_n (rp + m->size, rp, m->m, m->size); -+ cnd_copy (cy, rp + m->size, rp, m->size); -+ mpn_copyi (rp, rp + m->size, m->size); - } -diff -up ./lib/nettle/ecc/gostdsa-vko.c.orig ./lib/nettle/ecc/gostdsa-vko.c ---- ./lib/nettle/ecc/gostdsa-vko.c.orig 2020-06-03 15:05:28.000000000 +0200 -+++ ./lib/nettle/ecc/gostdsa-vko.c 2021-04-01 11:24:42.821992314 +0200 -@@ -64,6 +64,7 @@ gostdsa_vko (const struct ecc_scalar *pr - mp_size_t size = ecc->p.size; - mp_size_t itch = 4*size + ecc->mul_itch; - mp_limb_t *scratch; -+ mp_limb_t cy; - - if (itch < 5*size + ecc->h_to_a_itch) - itch = 5*size + ecc->h_to_a_itch; -@@ -87,7 +88,11 @@ gostdsa_vko (const struct ecc_scalar *pr - if (mpn_zero_p (UKM, size)) - UKM[0] = 1; - -- ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */ -+ ecc_mod_mul (&ecc->q, TEMP + ecc->q.size, priv->p, UKM); /* TEMP = UKM * priv */ -+ /* Ensure canonical reduction */ -+ cy = mpn_sub_n (TEMP, TEMP + ecc->q.size, ecc->q.m, ecc->q.size); -+ cnd_copy (cy, TEMP, TEMP + ecc->q.size, ecc->q.size); -+ - ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */ - ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */ - mpn_get_base256_le (out, bsize, TEMP, size); diff --git a/SOURCES/gnutls-3.6.14-fips-dh-check.patch b/SOURCES/gnutls-3.6.14-fips-dh-check.patch deleted file mode 100644 index 40d579f..0000000 --- a/SOURCES/gnutls-3.6.14-fips-dh-check.patch +++ /dev/null @@ -1,676 +0,0 @@ -From bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 10 Jul 2020 09:35:49 +0200 -Subject: [PATCH 1/5] dh: check validity of Z before export - -SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the -calculated shared secret is verified before the data is returned to the -caller. This patch adds the validation check. - -Suggested by Stephan Mueller. - -Signed-off-by: Daiki Ueno ---- - lib/nettle/pk.c | 26 +++++++++++++++++--------- - 1 file changed, 17 insertions(+), 9 deletions(-) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 57a8560ed..08c7d4860 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -288,7 +288,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - switch (algo) { - case GNUTLS_PK_DH: { - bigint_t f, x, q, prime; -- bigint_t k = NULL, ff = NULL, r = NULL; -+ bigint_t k = NULL, primesub1 = NULL, r = NULL; - unsigned int bits; - - if (nonce != NULL) -@@ -299,21 +299,20 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - q = priv->params[DH_Q]; - prime = priv->params[DH_P]; - -- ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL); -+ ret = _gnutls_mpi_init_multi(&k, &primesub1, &r, NULL); - if (ret < 0) - return gnutls_assert_val(ret); - -- ret = _gnutls_mpi_add_ui(ff, f, 1); -+ ret = _gnutls_mpi_sub_ui(primesub1, prime, 1); - if (ret < 0) { - gnutls_assert(); - goto dh_cleanup; - } - -- /* check if f==0,1, or f >= p-1. -- * or (ff=f+1) equivalently ff==1,2, ff >= p */ -- if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) -- || (_gnutls_mpi_cmp_ui(ff, 1) == 0) -- || (_gnutls_mpi_cmp(ff, prime) >= 0)) { -+ /* check if f==0,1, or f >= p-1 */ -+ if ((_gnutls_mpi_cmp_ui(f, 1) == 0) -+ || (_gnutls_mpi_cmp_ui(f, 0) == 0) -+ || (_gnutls_mpi_cmp(f, primesub1) >= 0)) { - gnutls_assert(); - ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - goto dh_cleanup; -@@ -354,6 +353,15 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - goto dh_cleanup; - } - -+ /* check if k==0,1, or k = p-1 */ -+ if ((_gnutls_mpi_cmp_ui(k, 1) == 0) -+ || (_gnutls_mpi_cmp_ui(k, 0) == 0) -+ || (_gnutls_mpi_cmp(k, primesub1) == 0)) { -+ gnutls_assert(); -+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; -+ goto dh_cleanup; -+ } -+ - if (flags & PK_DERIVE_TLS13) { - ret = - _gnutls_mpi_dprint_size(k, out, -@@ -370,7 +378,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - ret = 0; - dh_cleanup: - _gnutls_mpi_release(&r); -- _gnutls_mpi_release(&ff); -+ _gnutls_mpi_release(&primesub1); - zrelease_temp_mpi_key(&k); - if (ret < 0) - goto cleanup; --- -2.26.2 - - -From 13202600d3e42258d8758b05ff45a3e3d0f07e4e Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 10 Jul 2020 09:42:30 +0200 -Subject: [PATCH 2/5] ecdh: check validity of P before export - -SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of -the calculated shared secret is verified before the data is returned -to the caller. This patch adds the validation check. - -Suggested by Stephan Mueller. - -Signed-off-by: Daiki Ueno ---- - lib/nettle/pk.c | 27 +++++++++++++++++++++------ - 1 file changed, 21 insertions(+), 6 deletions(-) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 08c7d4860..7f0fa8e03 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -229,25 +229,38 @@ _gost_params_to_pubkey(const gnutls_pk_params_st * pk_params, - } - #endif - --static void -+static int - ecc_shared_secret(struct ecc_scalar *private_key, - struct ecc_point *public_key, void *out, unsigned size) - { - struct ecc_point r; -- mpz_t x; -+ mpz_t x, y; -+ int ret = 0; - - mpz_init(x); -+ mpz_init(y); - ecc_point_init(&r, public_key->ecc); - - ecc_point_mul(&r, private_key, public_key); - -- ecc_point_get(&r, x, NULL); -+ ecc_point_get(&r, x, y); -+ -+ /* Check if the point is not an identity element. Note that this cannot -+ * happen in nettle implementation, because it cannot represent an -+ * infinity point. */ -+ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); -+ goto cleanup; -+ } -+ - nettle_mpz_get_str_256(size, out, x); - -+ cleanup: - mpz_clear(x); -+ mpz_clear(y); - ecc_point_clear(&r); - -- return; -+ return ret; - } - - #define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS -@@ -423,8 +436,10 @@ dh_cleanup: - goto ecc_cleanup; - } - -- ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, -- out->size); -+ ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, -+ out->size); -+ if (ret < 0) -+ gnutls_free(out->data); - - ecc_cleanup: - ecc_point_clear(&ecc_pub); --- -2.26.2 - - -From 245fb622e82bfa7b80d2cec7cafdbc65014ca3cb Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 17 Jul 2020 17:45:17 +0200 -Subject: [PATCH 3/5] dh-primes: make the FIPS approved check return Q value - -This is necessary for full public key validation in -SP800-56A (revision 3), section 5.6.2.3.1. - -Signed-off-by: Daiki Ueno ---- - lib/auth/dh_common.c | 2 +- - lib/dh-primes.c | 38 +++++++++++++++++++++++--------------- - lib/dh.h | 10 ++++++---- - 3 files changed, 30 insertions(+), 20 deletions(-) - -diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c -index 252eea0cb..fcd696d4d 100644 ---- a/lib/auth/dh_common.c -+++ b/lib/auth/dh_common.c -@@ -259,7 +259,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, - - #ifdef ENABLE_FIPS140 - if (gnutls_fips140_mode_enabled() && -- !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) { -+ !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) { - gnutls_assert(); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } -diff --git a/lib/dh-primes.c b/lib/dh-primes.c -index a43a8e5de..a440b5b98 100644 ---- a/lib/dh-primes.c -+++ b/lib/dh-primes.c -@@ -1894,25 +1894,28 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = { - const unsigned int gnutls_modp_8192_key_bits = 512; - - unsigned --_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, -- size_t prime_size, -- const uint8_t *generator, -- size_t generator_size) -+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime, -+ size_t prime_size, -+ const uint8_t *generator, -+ size_t generator_size, -+ uint8_t **q, -+ size_t *q_size) - { - static const struct { - const gnutls_datum_t *prime; - const gnutls_datum_t *generator; -+ const gnutls_datum_t *q; - } primes[] = { -- { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator }, -- { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator }, -- { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator }, -- { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator }, -- { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator }, -- { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator }, -- { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator }, -- { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator }, -- { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator }, -- { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator }, -+ { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator, &gnutls_ffdhe_8192_group_q }, -+ { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator, &gnutls_ffdhe_6144_group_q }, -+ { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator, &gnutls_ffdhe_4096_group_q }, -+ { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator, &gnutls_ffdhe_3072_group_q }, -+ { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator, &gnutls_ffdhe_2048_group_q }, -+ { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator, &gnutls_modp_8192_group_q }, -+ { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator, &gnutls_modp_6144_group_q }, -+ { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator, &gnutls_modp_4096_group_q }, -+ { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator, &gnutls_modp_3072_group_q }, -+ { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator, &gnutls_modp_2048_group_q }, - }; - size_t i; - -@@ -1920,8 +1923,13 @@ _gnutls_dh_prime_is_fips_approved(const uint8_t *prime, - if (primes[i].prime->size == prime_size && - memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 && - primes[i].generator->size == generator_size && -- memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) -+ memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) { -+ if (q) { -+ *q = primes[i].q->data; -+ *q_size = primes[i].q->size; -+ } - return 1; -+ } - } - - return 0; -diff --git a/lib/dh.h b/lib/dh.h -index 672451947..f5c2c0924 100644 ---- a/lib/dh.h -+++ b/lib/dh.h -@@ -61,9 +61,11 @@ extern const gnutls_datum_t gnutls_modp_2048_group_generator; - extern const unsigned int gnutls_modp_2048_key_bits; - - unsigned --_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, -- size_t prime_size, -- const uint8_t *generator, -- size_t generator_size); -+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime, -+ size_t prime_size, -+ const uint8_t *generator, -+ size_t generator_size, -+ uint8_t **q, -+ size_t *q_size); - - #endif /* GNUTLS_LIB_DH_H */ --- -2.26.2 - - -From 8b575625614fbe5a22b68dc8d1877efb1d44dd37 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 17 Jul 2020 17:47:06 +0200 -Subject: [PATCH 4/5] dh: perform SP800-56A rev3 full pubkey validation on - keygen - -This implements full public key validation required in SP800-56A rev3, -section 5.6.2.3.1. - -Signed-off-by: Daiki Ueno ---- - lib/nettle/pk.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 90 insertions(+) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 7f0fa8e03..057836bc2 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -71,6 +71,7 @@ - #include "int/dsa-compute-k.h" - #include - #include -+#include "dh.h" - - static inline const struct ecc_curve *get_supported_nist_curve(int curve); - static inline const struct ecc_curve *get_supported_gost_curve(int curve); -@@ -2131,6 +2132,53 @@ edwards_curve_mul_g(gnutls_pk_algorithm_t algo, - } - } - -+static inline int -+dh_find_q(const gnutls_pk_params_st *pk_params, mpz_t q) -+{ -+ gnutls_datum_t prime = { NULL, 0 }; -+ gnutls_datum_t generator = { NULL, 0 }; -+ uint8_t *data_q; -+ size_t n_q; -+ bigint_t _q; -+ int ret = 0; -+ -+ ret = _gnutls_mpi_dprint(pk_params->params[DSA_P], &prime); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto cleanup; -+ } -+ -+ ret = _gnutls_mpi_dprint(pk_params->params[DSA_G], &generator); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto cleanup; -+ } -+ -+ if (!_gnutls_dh_prime_match_fips_approved(prime.data, -+ prime.size, -+ generator.data, -+ generator.size, -+ &data_q, -+ &n_q)) { -+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ goto cleanup; -+ } -+ -+ if (_gnutls_mpi_init_scan_nz(&_q, data_q, n_q) != 0) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ mpz_set(q, TOMPZ(_q)); -+ _gnutls_mpi_release(&_q); -+ -+ cleanup: -+ gnutls_free(prime.data); -+ gnutls_free(generator.data); -+ -+ return ret; -+} -+ - /* To generate a DH key either q must be set in the params or - * level should be set to the number of required bits. - */ -@@ -2212,6 +2260,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - mpz_t x, y; - int max_tries; - unsigned have_q = 0; -+ mpz_t q; -+ mpz_t primesub1; -+ mpz_t ypowq; - - if (algo != params->algo) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -@@ -2229,6 +2280,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - mpz_init(x); - mpz_init(y); - -+ mpz_init(q); -+ mpz_init(primesub1); -+ mpz_init(ypowq); -+ - max_tries = 3; - do { - if (have_q) { -@@ -2260,8 +2315,40 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - ret = GNUTLS_E_LIB_IN_ERROR_STATE; - goto dh_fail; - } -+ - } while(mpz_cmp_ui(y, 1) == 0); - -+#ifdef ENABLE_FIPS140 -+ if (_gnutls_fips_mode_enabled()) { -+ /* Perform FFC full public key validation checks -+ * according to SP800-56A (revision 3), 5.6.2.3.1. -+ */ -+ -+ /* Step 1: 2 <= y <= p - 2 */ -+ mpz_sub_ui(primesub1, pub.p, 1); -+ -+ if (mpz_cmp_ui(y, 2) < 0 || mpz_cmp(y, primesub1) >= 0) { -+ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); -+ goto dh_fail; -+ } -+ -+ /* Step 2: 1 = y^q mod p */ -+ if (have_q) -+ mpz_set(q, pub.q); -+ else { -+ ret = dh_find_q(params, q); -+ if (ret < 0) -+ goto dh_fail; -+ } -+ -+ mpz_powm(ypowq, y, q, pub.p); -+ if (mpz_cmp_ui(ypowq, 1) != 0) { -+ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); -+ goto dh_fail; -+ } -+ } -+#endif -+ - ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL); - if (ret < 0) { - gnutls_assert(); -@@ -2278,6 +2365,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - mpz_clear(r); - mpz_clear(x); - mpz_clear(y); -+ mpz_clear(q); -+ mpz_clear(primesub1); -+ mpz_clear(ypowq); - - if (ret < 0) - goto fail; --- -2.26.2 - - -From 23756c8580dff99d0856adca49dd22a55352ad62 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Sat, 18 Jul 2020 08:26:48 +0200 -Subject: [PATCH 5/5] ecdh: perform SP800-56A rev3 full pubkey validation on - keygen - -This implements full public key validation required in -SP800-56A rev3, section 5.6.2.3.3. - -Signed-off-by: Daiki Ueno ---- - lib/nettle/pk.c | 182 +++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 180 insertions(+), 2 deletions(-) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 057836bc2..588e9df50 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -1552,6 +1552,80 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve) - } - } - -+static inline const char *get_supported_nist_curve_order(int curve) -+{ -+ static const struct { -+ int curve; -+ const char *order; -+ } orders[] = { -+#ifdef ENABLE_NON_SUITEB_CURVES -+ { GNUTLS_ECC_CURVE_SECP192R1, -+ "ffffffffffffffffffffffff99def836" -+ "146bc9b1b4d22831" }, -+ { GNUTLS_ECC_CURVE_SECP224R1, -+ "ffffffffffffffffffffffffffff16a2" -+ "e0b8f03e13dd29455c5c2a3d" }, -+#endif -+ { GNUTLS_ECC_CURVE_SECP256R1, -+ "ffffffff00000000ffffffffffffffff" -+ "bce6faada7179e84f3b9cac2fc632551" }, -+ { GNUTLS_ECC_CURVE_SECP384R1, -+ "ffffffffffffffffffffffffffffffff" -+ "ffffffffffffffffc7634d81f4372ddf" -+ "581a0db248b0a77aecec196accc52973" }, -+ { GNUTLS_ECC_CURVE_SECP521R1, -+ "1fffffffffffffffffffffffffffffff" -+ "ffffffffffffffffffffffffffffffff" -+ "ffa51868783bf2f966b7fcc0148f709a" -+ "5d03bb5c9b8899c47aebb6fb71e91386" -+ "409" }, -+ }; -+ size_t i; -+ -+ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) { -+ if (orders[i].curve == curve) -+ return orders[i].order; -+ } -+ return NULL; -+} -+ -+static inline const char *get_supported_nist_curve_modulus(int curve) -+{ -+ static const struct { -+ int curve; -+ const char *order; -+ } orders[] = { -+#ifdef ENABLE_NON_SUITEB_CURVES -+ { GNUTLS_ECC_CURVE_SECP192R1, -+ "fffffffffffffffffffffffffffffffe" -+ "ffffffffffffffff" }, -+ { GNUTLS_ECC_CURVE_SECP224R1, -+ "ffffffffffffffffffffffffffffffff" -+ "000000000000000000000001" }, -+#endif -+ { GNUTLS_ECC_CURVE_SECP256R1, -+ "ffffffff000000010000000000000000" -+ "00000000ffffffffffffffffffffffff" }, -+ { GNUTLS_ECC_CURVE_SECP384R1, -+ "ffffffffffffffffffffffffffffffff" -+ "fffffffffffffffffffffffffffffffe" -+ "ffffffff0000000000000000ffffffff" }, -+ { GNUTLS_ECC_CURVE_SECP521R1, -+ "1ff" -+ "ffffffffffffffffffffffffffffffff" -+ "ffffffffffffffffffffffffffffffff" -+ "ffffffffffffffffffffffffffffffff" -+ "ffffffffffffffffffffffffffffffff" }, -+ }; -+ size_t i; -+ -+ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) { -+ if (orders[i].curve == curve) -+ return orders[i].order; -+ } -+ return NULL; -+} -+ - static inline const struct ecc_curve *get_supported_gost_curve(int curve) - { - switch (curve) { -@@ -2507,6 +2581,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - struct ecc_scalar key; - struct ecc_point pub; - const struct ecc_curve *curve; -+ struct ecc_scalar n; -+ struct ecc_scalar m; -+ struct ecc_point r; -+ mpz_t x, y, xx, yy, nn, mm; - - curve = get_supported_nist_curve(level); - if (curve == NULL) -@@ -2514,8 +2592,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - gnutls_assert_val - (GNUTLS_E_ECC_UNSUPPORTED_CURVE); - -+ mpz_init(x); -+ mpz_init(y); -+ mpz_init(xx); -+ mpz_init(yy); -+ mpz_init(nn); -+ mpz_init(mm); -+ - ecc_scalar_init(&key, curve); - ecc_point_init(&pub, curve); -+ ecc_scalar_init(&n, curve); -+ ecc_scalar_init(&m, curve); -+ ecc_point_init(&r, curve); - - ecdsa_generate_keypair(&pub, &key, NULL, rnd_func); - if (HAVE_LIB_ERROR()) { -@@ -2533,15 +2621,105 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - params->curve = level; - params->params_nr = ECC_PRIVATE_PARAMS; - -- ecc_point_get(&pub, TOMPZ(params->params[ECC_X]), -- TOMPZ(params->params[ECC_Y])); -+ ecc_point_get(&pub, x, y); -+ -+#ifdef ENABLE_FIPS140 -+ if (_gnutls_fips_mode_enabled()) { -+ /* Perform ECC full public key validation checks -+ * according to SP800-56A (revision 3), 5.6.2.3.3. -+ */ -+ -+ const char *order, *modulus; -+ -+ /* Step 1: verify that Q is not an identity -+ * element (an infinity point). Note that this -+ * cannot happen in the nettle implementation, -+ * because it cannot represent an infinity point -+ * on curves. */ -+ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_fail; -+ } -+ -+ /* Step 2: verify that both coordinates of Q are -+ * in the range [0, p - 1]. -+ * -+ * Step 3: verify that Q lie on the curve -+ * -+ * Both checks are performed in nettle. */ -+ if (!ecc_point_set(&r, x, y)) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_fail; -+ } -+ -+ /* Step 4: verify that n * Q, where n is the -+ * curve order, result in an identity element -+ * -+ * Since nettle internally cannot represent an -+ * identity element on curves, we validate this -+ * instead: -+ * -+ * (n - 1) * Q = -Q -+ * -+ * That effectively means: n * Q = -Q + Q = O -+ */ -+ order = get_supported_nist_curve_order(level); -+ if (unlikely(order == NULL)) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); -+ goto ecc_fail; -+ } -+ -+ ret = mpz_set_str(nn, order, 16); -+ if (unlikely(ret < 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto ecc_fail; -+ } -+ -+ modulus = get_supported_nist_curve_modulus(level); -+ if (unlikely(modulus == NULL)) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); -+ goto ecc_fail; -+ } -+ -+ ret = mpz_set_str(mm, modulus, 16); -+ if (unlikely(ret < 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto ecc_fail; -+ } -+ -+ /* (n - 1) * Q = -Q */ -+ mpz_sub_ui (nn, nn, 1); -+ ecc_scalar_set(&n, nn); -+ ecc_point_mul(&r, &n, &r); -+ ecc_point_get(&r, xx, yy); -+ mpz_sub (mm, mm, y); -+ -+ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_fail; -+ } -+ } -+#endif -+ -+ mpz_set(TOMPZ(params->params[ECC_X]), x); -+ mpz_set(TOMPZ(params->params[ECC_Y]), y); -+ - ecc_scalar_get(&key, TOMPZ(params->params[ECC_K])); - - ret = 0; - - ecc_fail: -+ mpz_clear(x); -+ mpz_clear(y); -+ mpz_clear(xx); -+ mpz_clear(yy); -+ mpz_clear(nn); -+ mpz_clear(mm); - ecc_point_clear(&pub); - ecc_scalar_clear(&key); -+ ecc_point_clear(&r); -+ ecc_scalar_clear(&n); -+ ecc_scalar_clear(&m); - - if (ret < 0) - goto fail; --- -2.26.2 - diff --git a/SOURCES/gnutls-3.6.14-fips-dh-primes.patch b/SOURCES/gnutls-3.6.14-fips-dh-primes.patch deleted file mode 100644 index 4aa5846..0000000 --- a/SOURCES/gnutls-3.6.14-fips-dh-primes.patch +++ /dev/null @@ -1,1843 +0,0 @@ -From 481e48f3236be42ff1fcb96f96c4efcbb2b69242 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 26 Jun 2020 09:43:02 +0200 -Subject: [PATCH 1/2] dh-primes: add MODP primes from RFC 3526 - -Signed-off-by: Daiki Ueno ---- - lib/dh-primes.c | 933 ++++++++++++++++++++++++++++++++++++++++++++++++ - lib/dh.h | 29 ++ - 2 files changed, 962 insertions(+) - -diff --git a/lib/dh-primes.c b/lib/dh-primes.c -index d785584d0..5d2dce0fb 100644 ---- a/lib/dh-primes.c -+++ b/lib/dh-primes.c -@@ -960,4 +960,937 @@ const gnutls_datum_t gnutls_ffdhe_8192_group_generator = { - }; - const unsigned int gnutls_ffdhe_8192_key_bits = 512; - -+static const unsigned char modp_generator = 0x02; -+ -+static const unsigned char modp_params_2048[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, -+ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, -+ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, -+ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, -+ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, -+ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, -+ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, -+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, -+ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, -+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, -+ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, -+ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, -+ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, -+ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, -+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, -+ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, -+ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, -+ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, -+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, -+ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, -+ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, -+ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, -+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, -+ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, -+ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, -+ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, -+ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, -+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, -+ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, -+ 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+static const unsigned char modp_q_2048[] = { -+ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, -+ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, -+ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, -+ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, -+ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, -+ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, -+ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, -+ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, -+ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, -+ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, -+ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, -+ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, -+ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, -+ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, -+ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, -+ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, -+ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, -+ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, -+ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, -+ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, -+ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, -+ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, -+ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, -+ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, -+ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, -+ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, -+ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, -+ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, -+ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, -+ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, -+ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, -+ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, -+ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, -+ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, -+ 0x56, 0x55, 0x34, 0x7F, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+const gnutls_datum_t gnutls_modp_2048_group_prime = { -+ (void *) modp_params_2048, sizeof(modp_params_2048) -+}; -+const gnutls_datum_t gnutls_modp_2048_group_q = { -+ (void *) modp_q_2048, sizeof(modp_q_2048) -+}; -+const gnutls_datum_t gnutls_modp_2048_group_generator = { -+ (void *) &modp_generator, sizeof(modp_generator) -+}; -+const unsigned int gnutls_modp_2048_key_bits = 256; -+ -+static const unsigned char modp_params_3072[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, -+ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, -+ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, -+ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, -+ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, -+ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, -+ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, -+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, -+ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, -+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, -+ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, -+ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, -+ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, -+ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, -+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, -+ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, -+ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, -+ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, -+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, -+ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, -+ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, -+ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, -+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, -+ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, -+ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, -+ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, -+ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, -+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, -+ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, -+ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, -+ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, -+ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, -+ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, -+ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, -+ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, -+ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, -+ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, -+ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, -+ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, -+ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, -+ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, -+ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, -+ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, -+ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, -+ 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+static const unsigned char modp_q_3072[] = { -+ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, -+ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, -+ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, -+ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, -+ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, -+ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, -+ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, -+ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, -+ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, -+ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, -+ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, -+ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, -+ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, -+ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, -+ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, -+ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, -+ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, -+ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, -+ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, -+ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, -+ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, -+ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, -+ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, -+ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, -+ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, -+ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, -+ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, -+ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, -+ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, -+ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, -+ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, -+ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, -+ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, -+ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, -+ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, -+ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, -+ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, -+ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, -+ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, -+ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, -+ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, -+ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, -+ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, -+ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, -+ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, -+ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, -+ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, -+ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, -+ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, -+ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, -+ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, -+ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, -+ 0x90, 0x54, 0x9D, 0x69, 0x65, 0x7F, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+const gnutls_datum_t gnutls_modp_3072_group_prime = { -+ (void *) modp_params_3072, sizeof(modp_params_3072) -+}; -+const gnutls_datum_t gnutls_modp_3072_group_q = { -+ (void *) modp_q_3072, sizeof(modp_q_3072) -+}; -+const gnutls_datum_t gnutls_modp_3072_group_generator = { -+ (void *) &modp_generator, sizeof(modp_generator) -+}; -+const unsigned int gnutls_modp_3072_key_bits = 276; -+ -+static const unsigned char modp_params_4096[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, -+ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, -+ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, -+ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, -+ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, -+ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, -+ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, -+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, -+ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, -+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, -+ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, -+ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, -+ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, -+ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, -+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, -+ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, -+ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, -+ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, -+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, -+ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, -+ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, -+ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, -+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, -+ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, -+ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, -+ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, -+ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, -+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, -+ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, -+ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, -+ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, -+ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, -+ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, -+ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, -+ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, -+ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, -+ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, -+ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, -+ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, -+ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, -+ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, -+ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, -+ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, -+ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, -+ 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, -+ 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, -+ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, -+ 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, -+ 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, -+ 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, -+ 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, -+ 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, -+ 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, -+ 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, -+ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, -+ 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, -+ 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, -+ 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, -+ 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, -+ 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF -+}; -+ -+static const unsigned char modp_q_4096[] = { -+ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, -+ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, -+ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, -+ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, -+ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, -+ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, -+ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, -+ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, -+ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, -+ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, -+ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, -+ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, -+ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, -+ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, -+ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, -+ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, -+ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, -+ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, -+ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, -+ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, -+ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, -+ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, -+ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, -+ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, -+ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, -+ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, -+ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, -+ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, -+ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, -+ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, -+ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, -+ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, -+ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, -+ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, -+ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, -+ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, -+ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, -+ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, -+ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, -+ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, -+ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, -+ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, -+ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, -+ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, -+ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, -+ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, -+ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, -+ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, -+ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, -+ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, -+ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, -+ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, -+ 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, -+ 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, -+ 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, -+ 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, -+ 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, -+ 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, -+ 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, -+ 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, -+ 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, -+ 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, -+ 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, -+ 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, -+ 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, -+ 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, -+ 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, -+ 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, -+ 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, -+ 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, -+ 0xFA, 0x1A, 0xE4, 0x9A, 0x03, 0x18, 0xCC, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF -+}; -+ -+const gnutls_datum_t gnutls_modp_4096_group_prime = { -+ (void *) modp_params_4096, sizeof(modp_params_4096) -+}; -+const gnutls_datum_t gnutls_modp_4096_group_q = { -+ (void *) modp_q_4096, sizeof(modp_q_4096) -+}; -+const gnutls_datum_t gnutls_modp_4096_group_generator = { -+ (void *) &modp_generator, sizeof(modp_generator) -+}; -+const unsigned int gnutls_modp_4096_key_bits = 336; -+ -+static const unsigned char modp_params_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, -+ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, -+ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, -+ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, -+ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, -+ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, -+ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, -+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, -+ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, -+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, -+ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, -+ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, -+ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, -+ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, -+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, -+ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, -+ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, -+ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, -+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, -+ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, -+ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, -+ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, -+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, -+ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, -+ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, -+ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, -+ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, -+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, -+ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, -+ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, -+ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, -+ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, -+ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, -+ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, -+ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, -+ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, -+ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, -+ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, -+ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, -+ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, -+ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, -+ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, -+ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, -+ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, -+ 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, -+ 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, -+ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, -+ 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, -+ 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, -+ 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, -+ 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, -+ 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, -+ 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, -+ 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, -+ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, -+ 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, -+ 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, -+ 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, -+ 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, -+ 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, -+ 0x26, 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, -+ 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, -+ 0xBA, 0x37, 0xBD, 0xF8, 0xFF, 0x94, 0x06, -+ 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, -+ 0x2F, 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, -+ 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, -+ 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, -+ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, -+ 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, -+ 0xBB, 0x1B, 0xDB, 0x7F, 0x14, 0x47, 0xE6, -+ 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, -+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, -+ 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, -+ 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, -+ 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, -+ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, -+ 0xF6, 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, -+ 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, -+ 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, -+ 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, -+ 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, -+ 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, -+ 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, -+ 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, -+ 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, -+ 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, -+ 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, -+ 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, -+ 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, 0xDA, -+ 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, -+ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, -+ 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, -+ 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, -+ 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, -+ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+static const unsigned char modp_q_6144[] = { -+ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, -+ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, -+ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, -+ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, -+ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, -+ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, -+ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, -+ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, -+ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, -+ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, -+ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, -+ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, -+ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, -+ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, -+ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, -+ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, -+ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, -+ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, -+ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, -+ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, -+ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, -+ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, -+ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, -+ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, -+ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, -+ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, -+ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, -+ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, -+ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, -+ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, -+ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, -+ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, -+ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, -+ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, -+ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, -+ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, -+ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, -+ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, -+ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, -+ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, -+ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, -+ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, -+ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, -+ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, -+ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, -+ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, -+ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, -+ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, -+ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, -+ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, -+ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, -+ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, -+ 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, -+ 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, -+ 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, -+ 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, -+ 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, -+ 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, -+ 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, -+ 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, -+ 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, -+ 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, -+ 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, -+ 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, -+ 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, -+ 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, -+ 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, -+ 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, -+ 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, -+ 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, -+ 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49, -+ 0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, -+ 0x13, 0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, -+ 0x23, 0x6F, 0x64, 0xBA, 0x8F, 0x3B, 0x1E, -+ 0xDD, 0x1B, 0xDE, 0xFC, 0x7F, 0xCA, 0x03, -+ 0x56, 0xCF, 0x29, 0x87, 0x72, 0xED, 0x9C, -+ 0x17, 0xA0, 0x98, 0x00, 0xD7, 0x58, 0x35, -+ 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18, 0x8B, -+ 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C, -+ 0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, -+ 0x76, 0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, -+ 0x5D, 0x8D, 0xED, 0xBF, 0x8A, 0x23, 0xF3, -+ 0x66, 0x12, 0xA5, 0x99, 0x90, 0x28, 0xA8, -+ 0x95, 0xEB, 0xD7, 0xA1, 0x37, 0xDC, 0x7A, -+ 0x00, 0x9B, 0xC6, 0x69, 0x5F, 0xAC, 0xC1, -+ 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76, 0x78, -+ 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81, -+ 0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, -+ 0x7B, 0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, -+ 0x06, 0x41, 0x5A, 0xD4, 0x20, 0x18, 0xC8, -+ 0x05, 0x8E, 0x4F, 0x2C, 0xF3, 0xE4, 0xBF, -+ 0xDF, 0x63, 0xF4, 0x79, 0x91, 0xD4, 0xBD, -+ 0x3F, 0x1B, 0x66, 0x44, 0x5F, 0x07, 0x8E, -+ 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62, 0xA5, -+ 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55, -+ 0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, -+ 0xEC, 0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, -+ 0x1B, 0xF0, 0x53, 0xCB, 0x8A, 0xF7, 0x79, -+ 0x4D, 0xF1, 0x94, 0x03, 0x50, 0xEA, 0xC5, -+ 0xDB, 0xE2, 0xED, 0x3B, 0x7A, 0xA8, 0x55, -+ 0x1E, 0xC5, 0x0F, 0xDF, 0xF8, 0x75, 0x8C, -+ 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE, 0x6D, -+ 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19, -+ 0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, -+ 0x34, 0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, -+ 0x30, 0x77, 0x09, 0x5F, 0x96, 0xAD, 0x85, -+ 0xBA, 0x3A, 0x6B, 0x73, 0x4A, 0x7C, 0x8F, -+ 0x36, 0xE6, 0x20, 0x12, 0x7F, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+const gnutls_datum_t gnutls_modp_6144_group_prime = { -+ (void *) modp_params_6144, sizeof(modp_params_6144) -+}; -+const gnutls_datum_t gnutls_modp_6144_group_q = { -+ (void *) modp_q_6144, sizeof(modp_q_6144) -+}; -+const gnutls_datum_t gnutls_modp_6144_group_generator = { -+ (void *) &modp_generator, sizeof(modp_generator) -+}; -+const unsigned int gnutls_modp_6144_key_bits = 376; -+ -+static const unsigned char modp_params_8192[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, -+ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, -+ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, -+ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, -+ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, -+ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, -+ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, -+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, -+ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, -+ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, -+ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, -+ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, -+ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, -+ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, -+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, -+ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, -+ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, -+ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, -+ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, -+ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, -+ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, -+ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, -+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, -+ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, -+ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, -+ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, -+ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, -+ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, -+ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, -+ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, -+ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, -+ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, -+ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, -+ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, -+ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, -+ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, -+ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, -+ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, -+ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, -+ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, -+ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, -+ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, -+ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, -+ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, -+ 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, -+ 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, -+ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, -+ 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, -+ 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, -+ 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, -+ 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, -+ 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, -+ 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, -+ 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, -+ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, -+ 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, -+ 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, -+ 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, -+ 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, -+ 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, -+ 0x26, 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, -+ 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, -+ 0xBA, 0x37, 0xBD, 0xF8, 0xFF, 0x94, 0x06, -+ 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, -+ 0x2F, 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, -+ 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, -+ 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, -+ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, -+ 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, -+ 0xBB, 0x1B, 0xDB, 0x7F, 0x14, 0x47, 0xE6, -+ 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, -+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, -+ 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, -+ 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, -+ 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, -+ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, -+ 0xF6, 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, -+ 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, -+ 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, -+ 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, -+ 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, -+ 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, -+ 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, -+ 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, -+ 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, -+ 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, -+ 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, -+ 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, -+ 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, 0xDA, -+ 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, -+ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, -+ 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, -+ 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, -+ 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, -+ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, -+ 0x6F, 0x12, 0xFE, 0xE5, 0xE4, 0x38, 0x77, -+ 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, -+ 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, -+ 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, -+ 0x00, 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, -+ 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, 0x6B, -+ 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, -+ 0x5A, 0xE4, 0xF5, 0x68, 0x34, 0x23, 0xB4, -+ 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, -+ 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, 0xE3, -+ 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, -+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, -+ 0x07, 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, -+ 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, -+ 0xEA, 0x30, 0x6B, 0x4B, 0xCB, 0xC8, 0x86, -+ 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, -+ 0x7F, 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, -+ 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, 0x06, -+ 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, -+ 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, -+ 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, -+ 0x6A, 0x36, 0x45, 0x97, 0xE8, 0x99, 0xA0, -+ 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, -+ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, -+ 0x19, 0x5D, 0xED, 0x7E, 0xA1, 0xB1, 0xD5, -+ 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, -+ 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, -+ 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, -+ 0x92, 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, -+ 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, 0xD5, -+ 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, -+ 0xFC, 0x02, 0x6E, 0x47, 0x95, 0x58, 0xE4, -+ 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, -+ 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, 0xC8, -+ 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, -+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, -+ 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF -+}; -+ -+static const unsigned char modp_q_8192[] = { -+ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, -+ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, -+ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, -+ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, -+ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, -+ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, -+ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, -+ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, -+ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, -+ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, -+ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, -+ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, -+ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, -+ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, -+ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, -+ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, -+ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, -+ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, -+ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, -+ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, -+ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, -+ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, -+ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, -+ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, -+ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, -+ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, -+ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, -+ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, -+ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, -+ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, -+ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, -+ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, -+ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, -+ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, -+ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, -+ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, -+ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, -+ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, -+ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, -+ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, -+ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, -+ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, -+ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, -+ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, -+ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, -+ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, -+ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, -+ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, -+ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, -+ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, -+ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, -+ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, -+ 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, -+ 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, -+ 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, -+ 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, -+ 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, -+ 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, -+ 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, -+ 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, -+ 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, -+ 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, -+ 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, -+ 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, -+ 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, -+ 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, -+ 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, -+ 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, -+ 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, -+ 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, -+ 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49, -+ 0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, -+ 0x13, 0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, -+ 0x23, 0x6F, 0x64, 0xBA, 0x8F, 0x3B, 0x1E, -+ 0xDD, 0x1B, 0xDE, 0xFC, 0x7F, 0xCA, 0x03, -+ 0x56, 0xCF, 0x29, 0x87, 0x72, 0xED, 0x9C, -+ 0x17, 0xA0, 0x98, 0x00, 0xD7, 0x58, 0x35, -+ 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18, 0x8B, -+ 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C, -+ 0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, -+ 0x76, 0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, -+ 0x5D, 0x8D, 0xED, 0xBF, 0x8A, 0x23, 0xF3, -+ 0x66, 0x12, 0xA5, 0x99, 0x90, 0x28, 0xA8, -+ 0x95, 0xEB, 0xD7, 0xA1, 0x37, 0xDC, 0x7A, -+ 0x00, 0x9B, 0xC6, 0x69, 0x5F, 0xAC, 0xC1, -+ 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76, 0x78, -+ 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81, -+ 0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, -+ 0x7B, 0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, -+ 0x06, 0x41, 0x5A, 0xD4, 0x20, 0x18, 0xC8, -+ 0x05, 0x8E, 0x4F, 0x2C, 0xF3, 0xE4, 0xBF, -+ 0xDF, 0x63, 0xF4, 0x79, 0x91, 0xD4, 0xBD, -+ 0x3F, 0x1B, 0x66, 0x44, 0x5F, 0x07, 0x8E, -+ 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62, 0xA5, -+ 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55, -+ 0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, -+ 0xEC, 0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, -+ 0x1B, 0xF0, 0x53, 0xCB, 0x8A, 0xF7, 0x79, -+ 0x4D, 0xF1, 0x94, 0x03, 0x50, 0xEA, 0xC5, -+ 0xDB, 0xE2, 0xED, 0x3B, 0x7A, 0xA8, 0x55, -+ 0x1E, 0xC5, 0x0F, 0xDF, 0xF8, 0x75, 0x8C, -+ 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE, 0x6D, -+ 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19, -+ 0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, -+ 0x34, 0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, -+ 0x30, 0x77, 0x09, 0x5F, 0x96, 0xAD, 0x85, -+ 0xBA, 0x3A, 0x6B, 0x73, 0x4A, 0x7C, 0x8F, -+ 0x36, 0xDF, 0x08, 0xAC, 0xBA, 0x51, 0xC9, -+ 0x37, 0x89, 0x7F, 0x72, 0xF2, 0x1C, 0x3B, -+ 0xBE, 0x5B, 0x54, 0x99, 0x6F, 0xC6, 0x6C, -+ 0x5F, 0x62, 0x68, 0x39, 0xDC, 0x98, 0xDD, -+ 0x1D, 0xE4, 0x19, 0x5B, 0x46, 0xCE, 0xE9, -+ 0x80, 0x3A, 0x0F, 0xD3, 0xDF, 0xC5, 0x7E, -+ 0x23, 0xF6, 0x92, 0xBB, 0x7B, 0x49, 0xB5, -+ 0xD2, 0x12, 0x33, 0x1D, 0x55, 0xB1, 0xCE, -+ 0x2D, 0x72, 0x7A, 0xB4, 0x1A, 0x11, 0xDA, -+ 0x3A, 0x15, 0xF8, 0xE4, 0xBC, 0x11, 0xC7, -+ 0x8B, 0x65, 0xF1, 0xCE, 0xB2, 0x96, 0xF1, -+ 0xFE, 0xDC, 0x5F, 0x7E, 0x42, 0x45, 0x6C, -+ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xBE, -+ 0x03, 0x89, 0xF5, 0xAB, 0xD4, 0x0D, 0x11, -+ 0xF8, 0x63, 0x9A, 0x39, 0xFE, 0x32, 0x36, -+ 0x75, 0x18, 0x35, 0xA5, 0xE5, 0xE4, 0x43, -+ 0x17, 0xC1, 0xC2, 0xEE, 0xFD, 0x4E, 0xA5, -+ 0xBF, 0xD1, 0x60, 0x43, 0xF4, 0x3C, 0xB4, -+ 0x19, 0x81, 0xF6, 0xAD, 0xEE, 0x9D, 0x03, -+ 0x15, 0x9E, 0x7A, 0xD9, 0xD1, 0x3C, 0x53, -+ 0x36, 0x95, 0x09, 0xFC, 0x1F, 0xA2, 0x7C, -+ 0x16, 0xEF, 0x98, 0x87, 0x70, 0x3A, 0x55, -+ 0xB5, 0x1B, 0x22, 0xCB, 0xF4, 0x4C, 0xD0, -+ 0x12, 0xAE, 0xE0, 0xB2, 0x79, 0x8E, 0x62, -+ 0x84, 0x23, 0x42, 0x8E, 0xFC, 0xD5, 0xA4, -+ 0x0C, 0xAE, 0xF6, 0xBF, 0x50, 0xD8, 0xEA, -+ 0x88, 0x5E, 0xBF, 0x73, 0xA6, 0xB9, 0xFD, -+ 0x79, 0xB5, 0xE1, 0x8F, 0x67, 0xD1, 0x34, -+ 0x1A, 0xC8, 0x23, 0x7A, 0x75, 0xC3, 0xCF, -+ 0xC9, 0x20, 0x04, 0xA1, 0xC5, 0xA4, 0x0E, -+ 0x36, 0x6B, 0xC4, 0x4D, 0x00, 0x17, 0x6A, -+ 0xF7, 0x1C, 0x15, 0xE4, 0x8C, 0x86, 0xD3, -+ 0x7E, 0x01, 0x37, 0x23, 0xCA, 0xAC, 0x72, -+ 0x23, 0xAB, 0x3B, 0xF4, 0xD5, 0x4F, 0x18, -+ 0x28, 0x71, 0x3B, 0x2B, 0x4A, 0x6F, 0xE4, -+ 0x0F, 0xAB, 0x74, 0x40, 0x5C, 0xB7, 0x38, -+ 0xB0, 0x64, 0xC0, 0x6E, 0xCC, 0x76, 0xE9, -+ 0xEF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF -+}; -+ -+const gnutls_datum_t gnutls_modp_8192_group_prime = { -+ (void *) modp_params_8192, sizeof(modp_params_8192) -+}; -+const gnutls_datum_t gnutls_modp_8192_group_q = { -+ (void *) modp_q_8192, sizeof(modp_q_8192) -+}; -+const gnutls_datum_t gnutls_modp_8192_group_generator = { -+ (void *) &modp_generator, sizeof(modp_generator) -+}; -+const unsigned int gnutls_modp_8192_key_bits = 512; -+ - #endif -diff --git a/lib/dh.h b/lib/dh.h -index 9f3dc2a70..a64a4eb5e 100644 ---- a/lib/dh.h -+++ b/lib/dh.h -@@ -31,4 +31,33 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, - - int _gnutls_set_cred_dh_params(gnutls_dh_params_t *cparams, gnutls_sec_param_t sec_param); - -+/* The static parameters defined in RFC 3526, used for the approved -+ * primes check in SP800-56A (Appendix D). -+ */ -+ -+extern const gnutls_datum_t gnutls_modp_8192_group_prime; -+extern const gnutls_datum_t gnutls_modp_8192_group_q; -+extern const gnutls_datum_t gnutls_modp_8192_group_generator; -+extern const unsigned int gnutls_modp_8192_key_bits; -+ -+extern const gnutls_datum_t gnutls_modp_6144_group_prime; -+extern const gnutls_datum_t gnutls_modp_6144_group_q; -+extern const gnutls_datum_t gnutls_modp_6144_group_generator; -+extern const unsigned int gnutls_modp_6144_key_bits; -+ -+extern const gnutls_datum_t gnutls_modp_4096_group_prime; -+extern const gnutls_datum_t gnutls_modp_4096_group_q; -+extern const gnutls_datum_t gnutls_modp_4096_group_generator; -+extern const unsigned int gnutls_modp_4096_key_bits; -+ -+extern const gnutls_datum_t gnutls_modp_3072_group_prime; -+extern const gnutls_datum_t gnutls_modp_3072_group_q; -+extern const gnutls_datum_t gnutls_modp_3072_group_generator; -+extern const unsigned int gnutls_modp_3072_key_bits; -+ -+extern const gnutls_datum_t gnutls_modp_2048_group_prime; -+extern const gnutls_datum_t gnutls_modp_2048_group_q; -+extern const gnutls_datum_t gnutls_modp_2048_group_generator; -+extern const unsigned int gnutls_modp_2048_key_bits; -+ - #endif /* GNUTLS_LIB_DH_H */ --- -2.26.2 - - -From 3f4532862bf9140976d970ab14e102cede61d1c7 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 26 Jun 2020 10:21:26 +0200 -Subject: [PATCH 2/2] dhe: check if DH params in SKE match the FIPS approved - algorithms - -SP800-56A rev. 3 restricts the FIPS compliant clients to use only -approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a -check in the handling of ServerKeyExchange if DHE is negotiated. - -Signed-off-by: Daiki Ueno ---- - doc/credentials/Makefile.am | 24 ++++ - .../dhparams/rfc2409-group-1-768.pem | 5 + - .../dhparams/rfc2409-group-2-1024.pem | 5 + - .../dhparams/rfc3526-group-14-2048.pem | 8 ++ - .../dhparams/rfc3526-group-15-3072.pem | 11 ++ - .../dhparams/rfc3526-group-16-4096.pem | 13 ++ - .../dhparams/rfc3526-group-17-6144.pem | 19 +++ - .../dhparams/rfc3526-group-18-8192.pem | 24 ++++ - .../dhparams/rfc3526-group-5-1536.pem | 7 + - doc/credentials/dhparams/rfc5054-1024.pem | 5 + - doc/credentials/dhparams/rfc5054-1536.pem | 7 + - doc/credentials/dhparams/rfc5054-2048.pem | 8 ++ - doc/credentials/dhparams/rfc5054-3072.pem | 11 ++ - doc/credentials/dhparams/rfc5054-4096.pem | 13 ++ - doc/credentials/dhparams/rfc5054-6144.pem | 19 +++ - doc/credentials/dhparams/rfc5054-8192.pem | 24 ++++ - .../dhparams/rfc5114-group-22-1024.pem | 8 ++ - .../dhparams/rfc5114-group-23-2048.pem | 13 ++ - .../dhparams/rfc5114-group-24-2048.pem | 13 ++ - .../dhparams/rfc7919-ffdhe2048.pem | 8 ++ - .../dhparams/rfc7919-ffdhe3072.pem | 11 ++ - .../dhparams/rfc7919-ffdhe4096.pem | 14 ++ - .../dhparams/rfc7919-ffdhe6144.pem | 19 +++ - .../dhparams/rfc7919-ffdhe8192.pem | 24 ++++ - lib/auth/dh_common.c | 8 ++ - lib/dh-primes.c | 34 +++++ - lib/dh.h | 6 + - tests/Makefile.am | 2 + - tests/client-sign-md5-rep.c | 5 + - tests/dh-fips-approved.sh | 127 ++++++++++++++++++ - tests/utils.c | 58 ++++---- - 31 files changed, 521 insertions(+), 32 deletions(-) - create mode 100644 doc/credentials/dhparams/rfc2409-group-1-768.pem - create mode 100644 doc/credentials/dhparams/rfc2409-group-2-1024.pem - create mode 100644 doc/credentials/dhparams/rfc3526-group-14-2048.pem - create mode 100644 doc/credentials/dhparams/rfc3526-group-15-3072.pem - create mode 100644 doc/credentials/dhparams/rfc3526-group-16-4096.pem - create mode 100644 doc/credentials/dhparams/rfc3526-group-17-6144.pem - create mode 100644 doc/credentials/dhparams/rfc3526-group-18-8192.pem - create mode 100644 doc/credentials/dhparams/rfc3526-group-5-1536.pem - create mode 100644 doc/credentials/dhparams/rfc5054-1024.pem - create mode 100644 doc/credentials/dhparams/rfc5054-1536.pem - create mode 100644 doc/credentials/dhparams/rfc5054-2048.pem - create mode 100644 doc/credentials/dhparams/rfc5054-3072.pem - create mode 100644 doc/credentials/dhparams/rfc5054-4096.pem - create mode 100644 doc/credentials/dhparams/rfc5054-6144.pem - create mode 100644 doc/credentials/dhparams/rfc5054-8192.pem - create mode 100644 doc/credentials/dhparams/rfc5114-group-22-1024.pem - create mode 100644 doc/credentials/dhparams/rfc5114-group-23-2048.pem - create mode 100644 doc/credentials/dhparams/rfc5114-group-24-2048.pem - create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe2048.pem - create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe3072.pem - create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe4096.pem - create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe6144.pem - create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe8192.pem - create mode 100755 tests/dh-fips-approved.sh - -diff --git a/doc/credentials/Makefile.am b/doc/credentials/Makefile.am -index ecdd57a10..25778856f 100644 ---- a/doc/credentials/Makefile.am -+++ b/doc/credentials/Makefile.am -@@ -31,3 +31,27 @@ EXTRA_DIST += srp-passwd.txt srp-tpasswd.conf - - EXTRA_DIST += psk-passwd.txt - -+EXTRA_DIST += \ -+ dhparams/rfc2409-group-1-768.pem \ -+ dhparams/rfc2409-group-2-1024.pem \ -+ dhparams/rfc3526-group-14-2048.pem \ -+ dhparams/rfc3526-group-15-3072.pem \ -+ dhparams/rfc3526-group-16-4096.pem \ -+ dhparams/rfc3526-group-17-6144.pem \ -+ dhparams/rfc3526-group-18-8192.pem \ -+ dhparams/rfc3526-group-5-1536.pem \ -+ dhparams/rfc5054-1024.pem \ -+ dhparams/rfc5054-1536.pem \ -+ dhparams/rfc5054-2048.pem \ -+ dhparams/rfc5054-3072.pem \ -+ dhparams/rfc5054-4096.pem \ -+ dhparams/rfc5054-6144.pem \ -+ dhparams/rfc5054-8192.pem \ -+ dhparams/rfc5114-group-22-1024.pem \ -+ dhparams/rfc5114-group-23-2048.pem \ -+ dhparams/rfc5114-group-24-2048.pem \ -+ dhparams/rfc7919-ffdhe2048.pem \ -+ dhparams/rfc7919-ffdhe3072.pem \ -+ dhparams/rfc7919-ffdhe4096.pem \ -+ dhparams/rfc7919-ffdhe6144.pem \ -+ dhparams/rfc7919-ffdhe8192.pem -diff --git a/doc/credentials/dhparams/rfc2409-group-1-768.pem b/doc/credentials/dhparams/rfc2409-group-1-768.pem -new file mode 100644 -index 000000000..33a617018 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc2409-group-1-768.pem -@@ -0,0 +1,5 @@ -+-----BEGIN DH PARAMETERS----- -+MGYCYQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5siUUoI -+eY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummOjYg//// -+//////8CAQI= -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc2409-group-2-1024.pem b/doc/credentials/dhparams/rfc2409-group-2-1024.pem -new file mode 100644 -index 000000000..bbfb1bfb6 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc2409-group-2-1024.pem -@@ -0,0 +1,5 @@ -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE -+3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/ta -+iZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc3526-group-14-2048.pem b/doc/credentials/dhparams/rfc3526-group-14-2048.pem -new file mode 100644 -index 000000000..b15071532 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc3526-group-14-2048.pem -@@ -0,0 +1,8 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc3526-group-15-3072.pem b/doc/credentials/dhparams/rfc3526-group-15-3072.pem -new file mode 100644 -index 000000000..f27b77820 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc3526-group-15-3072.pem -@@ -0,0 +1,11 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS -+yv//////////AgEC -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc3526-group-16-4096.pem b/doc/credentials/dhparams/rfc3526-group-16-4096.pem -new file mode 100644 -index 000000000..a734b9050 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc3526-group-16-4096.pem -@@ -0,0 +1,13 @@ -+-----BEGIN DH PARAMETERS----- -+MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI -+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O -++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI -+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc3526-group-17-6144.pem b/doc/credentials/dhparams/rfc3526-group-17-6144.pem -new file mode 100644 -index 000000000..d8307bda3 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc3526-group-17-6144.pem -@@ -0,0 +1,19 @@ -+-----BEGIN DH PARAMETERS----- -+MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI -+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O -++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI -+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG -+3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU -+7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId -+A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha -+xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ -+8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA -+JP//////////AgEC -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc3526-group-18-8192.pem b/doc/credentials/dhparams/rfc3526-group-18-8192.pem -new file mode 100644 -index 000000000..af54dd656 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc3526-group-18-8192.pem -@@ -0,0 +1,24 @@ -+-----BEGIN DH PARAMETERS----- -+MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI -+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O -++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI -+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG -+3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU -+7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId -+A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha -+xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ -+8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R -+WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk -+ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw -+xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4 -+Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i -+aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU -+38gfVuiAuW5xYMmA3Zjt09///////////wIBAg== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc3526-group-5-1536.pem b/doc/credentials/dhparams/rfc3526-group-5-1536.pem -new file mode 100644 -index 000000000..44df6de65 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc3526-group-5-1536.pem -@@ -0,0 +1,7 @@ -+-----BEGIN DH PARAMETERS----- -+MIHHAoHBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR -+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL -+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7ORbPcIAfLihY78FmNpINhxV05pp -+Fj+o/STPX4NlXSPco62WHGLzViCFUrue1SkHcJaWbWcMNU5KvJgE8XRsCMojcyf/ -+/////////wIBAg== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-1024.pem b/doc/credentials/dhparams/rfc5054-1024.pem -new file mode 100644 -index 000000000..33aed9fab ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-1024.pem -@@ -0,0 +1,5 @@ -+-----BEGIN DH PARAMETERS----- -+MIGHAoGBAO6vCrmts43WnDP4CvqPxehgcmGHdf88C56iMUycJWV21nTfdJbqgdM4 -+O0gT1pLG4ODV2OJQuYvkjklcHWCJ2tFdx9e0YVTWts6O9K1psV1JglWbKXvPGIXF -+KfVmZg5X7GjtvDwFcmzAL9TL9Jduqpr9UTj+g3ZDW5/GHS/A6wbjAgEC -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-1536.pem b/doc/credentials/dhparams/rfc5054-1536.pem -new file mode 100644 -index 000000000..dc2db6b42 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-1536.pem -@@ -0,0 +1,7 @@ -+-----BEGIN DH PARAMETERS----- -+MIHHAoHBAJ3vPK+5OSd6sfEqhheke7vbpR30maxMgL7uqWFLGcxNX09fVW4ny95R -+xqlL5GB6KRVYkDug0PhDgLZVu5oi6NzfAop87Gfw0IE0sci5eYkUm2CeC+O6tj1H -+VIOB28Wx/HZOP0tT3Z2hFYv9PiucjPVu3wGVOTSWJ9sv1T0kt8SGZXcuQ31sf4zk -+QnNK98y3roN8Jkrjqb64f4ov6bi1KS5aAh//XpFHnoznoowkQsbzFRgPk0maI03P -+duP+0TX5uwIBAg== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-2048.pem b/doc/credentials/dhparams/rfc5054-2048.pem -new file mode 100644 -index 000000000..814e70ce6 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-2048.pem -@@ -0,0 +1,8 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBCAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ -+7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq -+6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA -+Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z -+eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96 -+5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAg== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-3072.pem b/doc/credentials/dhparams/rfc5054-3072.pem -new file mode 100644 -index 000000000..d84b2424a ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-3072.pem -@@ -0,0 +1,11 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS -+yv//////////AgEF -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-4096.pem b/doc/credentials/dhparams/rfc5054-4096.pem -new file mode 100644 -index 000000000..99ca4456b ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-4096.pem -@@ -0,0 +1,13 @@ -+-----BEGIN DH PARAMETERS----- -+MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI -+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O -++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI -+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU= -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-6144.pem b/doc/credentials/dhparams/rfc5054-6144.pem -new file mode 100644 -index 000000000..97d8d21a9 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-6144.pem -@@ -0,0 +1,19 @@ -+-----BEGIN DH PARAMETERS----- -+MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI -+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O -++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI -+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG -+3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU -+7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId -+A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha -+xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ -+8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA -+JP//////////AgEF -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5054-8192.pem b/doc/credentials/dhparams/rfc5054-8192.pem -new file mode 100644 -index 000000000..bb54575c7 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5054-8192.pem -@@ -0,0 +1,24 @@ -+-----BEGIN DH PARAMETERS----- -+MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb -+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft -+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT -+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh -+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq -+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM -+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq -+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI -+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O -++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI -+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG -+3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU -+7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId -+A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha -+xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ -+8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R -+WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk -+ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw -+xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4 -+Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i -+aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU -+38gfVuiAuW5xYMmA3Zjt09///////////wIBEw== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5114-group-22-1024.pem b/doc/credentials/dhparams/rfc5114-group-22-1024.pem -new file mode 100644 -index 000000000..759afcb2f ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5114-group-22-1024.pem -@@ -0,0 +1,8 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBCAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y -+mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4 -++qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV -+w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0 -+sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR -+jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5Q== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5114-group-23-2048.pem b/doc/credentials/dhparams/rfc5114-group-23-2048.pem -new file mode 100644 -index 000000000..d4f360ef2 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5114-group-23-2048.pem -@@ -0,0 +1,13 @@ -+-----BEGIN DH PARAMETERS----- -+MIICCgKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW -+26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5 -+S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF -+2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB -+pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451 -+uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze -+vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e -+kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2 -+xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK -+gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh -+vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+g== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc5114-group-24-2048.pem b/doc/credentials/dhparams/rfc5114-group-24-2048.pem -new file mode 100644 -index 000000000..dc0211648 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc5114-group-24-2048.pem -@@ -0,0 +1,13 @@ -+-----BEGIN DH PARAMETERS----- -+MIICCQKCAQEAh6jmHbS2Zjz/u9GcZRlZmYzu9ghmDdDyXSzu1ENeOwDgDfjx1hlX -+1Pr330VhsqowFsPZETQJb6o79Cltgw6afCCeDGSXUXq9WoqdMGvPZ+2R+eZyW0dY -+wCLgse9Cdb97bFv8EdRfkIi5QfVOseWbuLw5oL8SMH9cT9twxYGyP3a2Osrhyqa3 -+kC1SUmc1SIoO8TxtmlG/pKs62DR3llJNjvahZ7WkGCXZZ+FE5RQFZCUcysuD5rSG -+9rPKP3lxUGAmwLhX9omWKFbe1AEKvQvmIcOjlgpU5xDDdfJjddcBQQOktUMwwZiv -+EmEW0iduEXFfaTh3+tfvCcrbCUrpHhoVlwKCAQA/syybcxNNCy53UGZg7b1ITKex -+jyHvIFQH9Hk6GguhJRDbwVB3vkY//0/tSqwLtVW+OmwbDGtHsbw3c79+jG9ikBIo -++MKMuxilWuMTQQAKZQGW+THHelfy3fRj5ensFEt3feYqqrioYorDdtKC1u04ZOZ5 -+gkKOvIMdFDSPby+Rk7UEWvJ2cWTh38lnwfs/LlWkvRv/6DucgNBSuYXRguoK2yo7 -+cxPT/hTISEseBSWIubfSu9LfAWGZ7NBuFVfNCRWzNTu7ZODsN3/QKDcN+StSx4kU -+KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc7919-ffdhe2048.pem b/doc/credentials/dhparams/rfc7919-ffdhe2048.pem -new file mode 100644 -index 000000000..9b182b720 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc7919-ffdhe2048.pem -@@ -0,0 +1,8 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc7919-ffdhe3072.pem b/doc/credentials/dhparams/rfc7919-ffdhe3072.pem -new file mode 100644 -index 000000000..fb31ccda5 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc7919-ffdhe3072.pem -@@ -0,0 +1,11 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 -+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 -+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu -+N///////////AgEC -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc7919-ffdhe4096.pem b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem -new file mode 100644 -index 000000000..ad9f68b1e ---- /dev/null -+++ b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem -@@ -0,0 +1,14 @@ -+-----BEGIN DH PARAMETERS----- -+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 -+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 -+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e -+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx -+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K -+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= -+-----END DH PARAMETERS----- -+ -diff --git a/doc/credentials/dhparams/rfc7919-ffdhe6144.pem b/doc/credentials/dhparams/rfc7919-ffdhe6144.pem -new file mode 100644 -index 000000000..d8239bb05 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc7919-ffdhe6144.pem -@@ -0,0 +1,19 @@ -+-----BEGIN DH PARAMETERS----- -+MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 -+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 -+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e -+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx -+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K -+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq -+OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE -+HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj -+w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 -+vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 -+A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO -+Zf//////////AgEC -+-----END DH PARAMETERS----- -diff --git a/doc/credentials/dhparams/rfc7919-ffdhe8192.pem b/doc/credentials/dhparams/rfc7919-ffdhe8192.pem -new file mode 100644 -index 000000000..4484cf885 ---- /dev/null -+++ b/doc/credentials/dhparams/rfc7919-ffdhe8192.pem -@@ -0,0 +1,24 @@ -+-----BEGIN DH PARAMETERS----- -+MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 -+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 -+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e -+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx -+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K -+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq -+OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE -+HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj -+w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 -+vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 -+A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq -+qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI -+KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C -+UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh -+e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm -+bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh -+TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg== -+-----END DH PARAMETERS----- -diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c -index 19c205bbe..252eea0cb 100644 ---- a/lib/auth/dh_common.c -+++ b/lib/auth/dh_common.c -@@ -257,6 +257,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, - } - } - -+#ifdef ENABLE_FIPS140 -+ if (gnutls_fips140_mode_enabled() && -+ !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) { -+ gnutls_assert(); -+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; -+ } -+#endif -+ - if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_G], data_g, _n_g) != 0) { - gnutls_assert(); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; -diff --git a/lib/dh-primes.c b/lib/dh-primes.c -index 5d2dce0fb..a43a8e5de 100644 ---- a/lib/dh-primes.c -+++ b/lib/dh-primes.c -@@ -1893,4 +1893,38 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = { - }; - const unsigned int gnutls_modp_8192_key_bits = 512; - -+unsigned -+_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, -+ size_t prime_size, -+ const uint8_t *generator, -+ size_t generator_size) -+{ -+ static const struct { -+ const gnutls_datum_t *prime; -+ const gnutls_datum_t *generator; -+ } primes[] = { -+ { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator }, -+ { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator }, -+ { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator }, -+ { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator }, -+ { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator }, -+ { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator }, -+ { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator }, -+ { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator }, -+ { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator }, -+ { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator }, -+ }; -+ size_t i; -+ -+ for (i = 0; i < sizeof(primes) / sizeof(primes[0]); i++) { -+ if (primes[i].prime->size == prime_size && -+ memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 && -+ primes[i].generator->size == generator_size && -+ memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) -+ return 1; -+ } -+ -+ return 0; -+} -+ - #endif -diff --git a/lib/dh.h b/lib/dh.h -index a64a4eb5e..672451947 100644 ---- a/lib/dh.h -+++ b/lib/dh.h -@@ -60,4 +60,10 @@ extern const gnutls_datum_t gnutls_modp_2048_group_q; - extern const gnutls_datum_t gnutls_modp_2048_group_generator; - extern const unsigned int gnutls_modp_2048_key_bits; - -+unsigned -+_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, -+ size_t prime_size, -+ const uint8_t *generator, -+ size_t generator_size); -+ - #endif /* GNUTLS_LIB_DH_H */ -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 7cdf828e0..13d7ba385 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -522,6 +522,8 @@ endif - - dist_check_SCRIPTS += gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh gnutls-cli-rawpk.sh - -+dist_check_SCRIPTS += dh-fips-approved.sh -+ - if ENABLE_PKCS11 - dist_check_SCRIPTS += p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh - -diff --git a/tests/client-sign-md5-rep.c b/tests/client-sign-md5-rep.c -index 1c7877fbd..b1ad46ce9 100644 ---- a/tests/client-sign-md5-rep.c -+++ b/tests/client-sign-md5-rep.c -@@ -468,6 +468,11 @@ void doit(void) - int sockets[2]; - int err; - -+ /* tls1_hello contains ServerKeyExchange with custom DH -+ * parameters */ -+ if (gnutls_fips140_mode_enabled()) -+ exit(77); -+ - signal(SIGPIPE, SIG_IGN); - - err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); -diff --git a/tests/dh-fips-approved.sh b/tests/dh-fips-approved.sh -new file mode 100755 -index 000000000..136dd15f3 ---- /dev/null -+++ b/tests/dh-fips-approved.sh -@@ -0,0 +1,127 @@ -+#!/bin/sh -+ -+# Copyright (C) 2017 Nikos Mavrogiannopoulos -+# -+# Author: Nikos Mavrogiannopoulos -+# -+# This file is part of GnuTLS. -+# -+# GnuTLS is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 3 of the License, or (at -+# your option) any later version. -+# -+# GnuTLS is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public License -+# along with this program. If not, see -+ -+srcdir="${srcdir:-.}" -+SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" -+CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" -+unset RETCODE -+ -+if ! test -x "${SERV}"; then -+ exit 77 -+fi -+ -+if ! test -x "${CLI}"; then -+ exit 77 -+fi -+ -+if test "${WINDIR}" != ""; then -+ exit 77 -+fi -+ -+if ! test -z "${VALGRIND}"; then -+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" -+fi -+ -+ -+SERV="${SERV} -q" -+ -+. "${srcdir}/scripts/common.sh" -+ -+KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem -+CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem -+CA1=${srcdir}/../doc/credentials/x509/ca.pem -+ -+ALLOWED_PARAMS=" -+rfc3526-group-14-2048 -+rfc3526-group-15-3072 -+rfc3526-group-16-4096 -+rfc3526-group-17-6144 -+rfc3526-group-18-8192 -+rfc7919-ffdhe2048 -+rfc7919-ffdhe3072 -+rfc7919-ffdhe4096 -+rfc7919-ffdhe6144 -+rfc7919-ffdhe8192 -+" -+ -+DISALLOWED_PARAMS=" -+rfc2409-group-2-1024 -+rfc3526-group-5-1536 -+rfc5054-1024 -+rfc5054-1536 -+rfc5054-2048 -+rfc5054-3072 -+rfc5054-4096 -+rfc5054-6144 -+rfc5054-8192 -+rfc5114-group-22-1024 -+rfc5114-group-23-2048 -+rfc5114-group-24-2048 -+" -+ -+OPTS="--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+AES-128-GCM:-GROUP-ALL" -+ -+for params in $ALLOWED_PARAMS; do -+ echo "Checking with approved DH params: $params" -+ -+ PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem -+ -+ eval "${GETPORT}" -+ launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} -+ PID=$! -+ wait_server ${PID} -+ -+ ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null || \ -+ fail ${PID} "handshake should have succeeded!" -+ -+ kill ${PID} -+ wait -+done -+ -+for params in $DISALLOWED_PARAMS; do -+ echo "Checking with non-approved DH params: $params" -+ -+ PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem -+ -+ eval "${GETPORT}" -+ launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} -+ PID=$! -+ wait_server ${PID} -+ -+ ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null -+ -+ RET=$? -+ -+ if test $RET -eq 0; then -+ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1; then -+ fail ${PID} "handshake should have failed (FIPS mode 1)!" -+ fi -+ else -+ if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then -+ fail ${PID} "handshake should have succeeded (FIPS mode 0)!" -+ fi -+ fi -+ -+ kill ${PID} -+ wait -+done -+ -+exit 0 -diff --git a/tests/utils.c b/tests/utils.c -index 9186a1757..60cd79b35 100644 ---- a/tests/utils.c -+++ b/tests/utils.c -@@ -50,47 +50,41 @@ int debug = 0; - int error_count = 0; - int break_on_error = 0; - -+/* doc/credentials/dhparams/rfc3526-group-14-2048.pem */ - const char *pkcs3 = - "-----BEGIN DH PARAMETERS-----\n" -- "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n" -- "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n" -- "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n" -+ "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" -+ "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" -+ "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" -+ "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" -+ "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" -+ "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n" - "-----END DH PARAMETERS-----\n"; - -+/* doc/credentials/dhparams/rfc7919-ffdhe2048.pem */ - const char *pkcs3_2048 = - "-----BEGIN DH PARAMETERS-----\n" -- "MIICDgKCAQEAvVNCqM8M9ZoVYBKEkV2KN8ELHHJ75aTZiK9z6170iKSgbITkOxsd\n" -- "aBCLzHZd7d6/2aNofUeuWdDGHm73d8v53ma2HRVCNESeC2LKsEDFG9FjjUeugvfl\n" -- "zb85TLZwWT9Lb35Ddhdk7CtxoukjS0/JkCE+8RGzmk5+57N8tNffs4aSSHSe4+cw\n" -- "i4wULDxiG2p052czAMP3YR5egWvMuiByhy0vKShiZmOy1/Os5r6E/GUF+298gDjG\n" -- "OeaEUF9snrTcoBwB4yNjVSEbuAh5fMd5zFtz2+dzrk9TYZ44u4DQYkgToW05WcmC\n" -- "+LG0bLAH6lrJR5OMgyheZEo6F20z/d2yyQKCAQEAtzcuTHW61SFQiDRouk6eD0Yx\n" -- "0k1RJdaQdlRf6/Dcc6lEqnbezL90THzvxkBwfJ5jG1VZE7JlVCvLRkBtgb0/6SCf\n" -- "MATfEKG2JMOnKsJxvidmKEp4uN32LketXRrrEBl7rS+HABEfKAzqx+J6trBaq25E\n" -- "7FVJFsyoa8IL8N8YUWwhE2UuEfmiqQQaeoIUYC/xD2arMXn9N0W84Nyy2S9IL4ct\n" -- "e3Azi1Wc8MMfpbxxDRxXCnM2uMkLYWs1lQmcUUX+Uygv3P8lgS+RJ1Pi3+BWMx0S\n" -- "ocsZXqOr6dbEF1WOLObQRK7h/MZp80iVUyrBgX0MbVFN9M5i2u4KKTG95VKRtgIC\n" -- "AQA=\n" "-----END DH PARAMETERS-----\n"; -+ "MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" -+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" -+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" -+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" -+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" -+ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==\n" -+ "-----END DH PARAMETERS-----\n"; - -+/* doc/credentials/dhparams/rfc7919-ffdhe3072.pem */ - const char *pkcs3_3072 = - "-----BEGIN DH PARAMETERS-----\n" -- "MIIDDgKCAYEAtRUay8nDgwE5dSVzW525wEu/d0vrFolvYJSevxg2myj5S+gr3Fgq\n" -- "OGaZc4zrBxkxsELc7GuCqaXSOWL4yobT8N05yGbYWkWRPf4crRMx3P7/Gba9WsmH\n" -- "BlL71uPf1IN9CanAlabkhV89RKiYaCpUI19+/sq+N2dO874ToBZCNhxZnTgRZ+po\n" -- "Gdr6XWM0lQ8imIKSer0px3ZHI+/5gmyPry35tGpwlbyclJAg3wlTSdnqDcLxq7AF\n" -- "OZ23PzC3ij7SFErOX9EFBdS2bjtU47O3OkPc9EIYMEv5nwnXICLHslwVifmURAjV\n" -- "LfpObL8LYGN4Gac4tFxuDa0PMg0ES5ADugYBwdRFTAtCy5WOYXINzAAOrH9MommT\n" -- "rMkELf7JOCaV2ktBsvTlrgMAXeyqbf2YSG6CGjj4QnUuqPybSgwPru7VlahsS2lo\n" -- "qjutBPpgIxS53o97Wi3V5kQedKJiNuIDNnJMFNuTADAM+OYwClTH7ZSwTsxEgVpr\n" -- "tMH+WnTI7KTJAoIBgQCrELwIUB4oNbf0x+fIpVndhDpl/WcFc/lDtmiRuym5gWbb\n" -- "NPeI+1rdhnS2R3+nCJODFQTcPNMgIJuSu2EnDCSs5xJ2k08SAgSzyxEdjBpY7qJe\n" -- "+lJPJ12zhcl0vgcvMhb/YgqVe2MKz0RvnYZPwHM/aJbjYjq/6OpK3fVw4M1ZccBK\n" -- "QD4OHK8HOvGU7Wf6kRIcxUlfn15spMCIsrAZQBddWLmQgktsxJNUS+AnaPwTBoOv\n" -- "nGCr1vzw8OS1DtS03VCmtqt3otXhJ3D2oCIG6ogxVAKfHR30KIfzZLBfmCjdzHmH\n" -- "x4OwYTN1wy5juA438QtiDtcgK60ZqSzQO08ZklRncA/TkkyEH6kPn5KSh/hW9O3D\n" -- "KZeAY/KF0/Bc1XNtqPEYFb7Vo3rbTsyjXkICN1Hk9S0OIKL42K7rWBepO9KuddSd\n" -- "aXgH9staP0HXCyyW1VAyqo0TwcWDhE/R7IQQGGwGyd4rD0T+ySW/t09ox23O6X8J\n" -- "FSp6mOVNcuvhB5U2gW8CAgEA\n" "-----END DH PARAMETERS-----\n"; -+ "MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" -+ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" -+ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" -+ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" -+ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" -+ "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" -+ "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" -+ "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n" -+ "N///////////AgEC\n" -+ "-----END DH PARAMETERS-----\n"; - - void _fail(const char *format, ...) - { --- -2.26.2 - diff --git a/SOURCES/gnutls-3.6.14-fips-mode-check.patch b/SOURCES/gnutls-3.6.14-fips-mode-check.patch deleted file mode 100644 index af9862f..0000000 --- a/SOURCES/gnutls-3.6.14-fips-mode-check.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d1dc655cd2c8ae417381e5f966941c75cfe287ee Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Thu, 4 Jun 2020 16:42:07 +0200 -Subject: [PATCH] _gnutls_fips_mode_enabled: treat selftest failure as FIPS - disabled - -Previously gnutls_fips140_mode_enabled() returned true, even after -selftests have failed and the library state has switched to error. -While later calls to crypto operations fails, it would be more -convenient to have a function to detect that state. - -Signed-off-by: Daiki Ueno ---- - lib/fips.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/lib/fips.c b/lib/fips.c -index acdd2ec23..f8b10f750 100644 ---- a/lib/fips.c -+++ b/lib/fips.c -@@ -491,8 +491,17 @@ unsigned gnutls_fips140_mode_enabled(void) - #ifdef ENABLE_FIPS140 - unsigned ret = _gnutls_fips_mode_enabled(); - -- if (ret > GNUTLS_FIPS140_DISABLED) -+ if (ret > GNUTLS_FIPS140_DISABLED) { -+ /* If the previous run of selftests has failed, return as if -+ * the FIPS mode is disabled. We could use HAVE_LIB_ERROR, if -+ * we can assume that all the selftests run atomically from -+ * the ELF constructor. -+ */ -+ if (_gnutls_get_lib_state() == LIB_STATE_ERROR) -+ return 0; -+ - return ret; -+ } - #endif - return 0; - } --- -2.26.2 - diff --git a/SOURCES/gnutls-3.6.14-fix-iovec-memory-leak.patch b/SOURCES/gnutls-3.6.14-fix-iovec-memory-leak.patch deleted file mode 100644 index 15b2c51..0000000 --- a/SOURCES/gnutls-3.6.14-fix-iovec-memory-leak.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 5 Jun 2020 16:26:33 +0200 -Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t - -The AEAD iov interface falls back to serializing the input buffers if -the low-level cipher doesn't support scatter/gather encryption. -However, there was a bug in the functions used for the serialization, -which causes memory leaks under a certain condition (i.e. the number -of input buffers is 1). - -This patch makes the logic of the functions simpler, by removing a -micro-optimization that tries to minimize the number of calls to -malloc/free. - -The original problem was reported by Marius Steffen in: -https://bugzilla.samba.org/show_bug.cgi?id=14399 -and the cause was investigated by Alexander Haase in: -https://gitlab.com/gnutls/gnutls/-/merge_requests/1277 - -Signed-off-by: Daiki Ueno ---- - lib/crypto-api.c | 36 +++++++++++------------------------- - tests/aead-cipher-vec.c | 33 ++++++++++++++++++--------------- - 2 files changed, 29 insertions(+), 40 deletions(-) - -diff --git a/lib/crypto-api.c b/lib/crypto-api.c -index 45be64ed1..8524f5ed4 100644 ---- a/lib/crypto-api.c -+++ b/lib/crypto-api.c -@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, - struct iov_store_st { - void *data; - size_t size; -- unsigned allocated; - }; - - static void iov_store_free(struct iov_store_st *s) - { -- if (s->allocated) { -- gnutls_free(s->data); -- s->allocated = 0; -- } -+ gnutls_free(s->data); - } - - static int iov_store_grow(struct iov_store_st *s, size_t length) - { -- if (s->allocated || s->data == NULL) { -- s->size += length; -- s->data = gnutls_realloc(s->data, s->size); -- if (s->data == NULL) -- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -- s->allocated = 1; -- } else { -- void *data = s->data; -- size_t size = s->size + length; -- s->data = gnutls_malloc(size); -- memcpy(s->data, data, s->size); -- s->size += length; -- } -+ void *data; -+ -+ s->size += length; -+ data = gnutls_realloc(s->data, s->size); -+ if (data == NULL) -+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -+ -+ s->data = data; - return 0; - } - -@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) - memset(dst, 0, sizeof(*dst)); - if (iovcnt == 0) { - return 0; -- } else if (iovcnt == 1) { -- dst->data = iov[0].iov_base; -- dst->size = iov[0].iov_len; -- /* implies: dst->allocated = 0; */ -- return 0; - } else { - int i; - uint8_t *p; -@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) - - p = dst->data; - for (i=0;i 0) -+ memcpy(p, iov[i].iov_base, iov[i].iov_len); - p += iov[i].iov_len; - } - -- dst->allocated = 1; - return 0; - } - } -diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c -index fba9010d9..6a30a35f7 100644 ---- a/tests/aead-cipher-vec.c -+++ b/tests/aead-cipher-vec.c -@@ -49,6 +49,7 @@ static void start(const char *name, int algo) - giovec_t auth_iov[2]; - uint8_t tag[64]; - size_t tag_size = 0; -+ size_t i; - - key.data = key16; - key.size = gnutls_cipher_get_key_size(algo); -@@ -82,21 +83,23 @@ static void start(const char *name, int algo) - if (ret < 0) - fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret)); - -- ret = gnutls_aead_cipher_encryptv2(ch, -- iv.data, iv.size, -- auth_iov, 2, -- iov, 3, -- tag, &tag_size); -- if (ret < 0) -- fail("could not encrypt data: %s\n", gnutls_strerror(ret)); -- -- ret = gnutls_aead_cipher_decryptv2(ch, -- iv.data, iv.size, -- auth_iov, 2, -- iov, 3, -- tag, tag_size); -- if (ret < 0) -- fail("could not decrypt data: %s\n", gnutls_strerror(ret)); -+ for (i = 0; i < 2; i++) { -+ ret = gnutls_aead_cipher_encryptv2(ch, -+ iv.data, iv.size, -+ auth_iov, 2, -+ iov, i + 1, -+ tag, &tag_size); -+ if (ret < 0) -+ fail("could not encrypt data: %s\n", gnutls_strerror(ret)); -+ -+ ret = gnutls_aead_cipher_decryptv2(ch, -+ iv.data, iv.size, -+ auth_iov, 2, -+ iov, i + 1, -+ tag, tag_size); -+ if (ret < 0) -+ fail("could not decrypt data: %s\n", gnutls_strerror(ret)); -+ } - - gnutls_aead_cipher_deinit(ch); - } --- -2.25.4 - diff --git a/SOURCES/gnutls-3.6.14-memcmp.patch b/SOURCES/gnutls-3.6.14-memcmp.patch deleted file mode 100644 index a211c97..0000000 --- a/SOURCES/gnutls-3.6.14-memcmp.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 9acc0f68320db4c7c6dadacb974e77c7fbca72a7 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Sun, 21 Jun 2020 16:03:54 +0200 -Subject: [PATCH] safe_memcmp: remove in favor of gnutls_memcmp - -Signed-off-by: Daiki Ueno ---- - lib/accelerated/x86/aes-xts-x86-aesni.c | 2 +- - lib/ext/pre_shared_key.c | 2 +- - lib/mem.h | 9 --------- - lib/nettle/cipher.c | 8 ++++---- - lib/tls13/finished.c | 2 +- - lib/x509/x509.c | 3 ++- - 6 files changed, 9 insertions(+), 17 deletions(-) - -diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c -index 3371d0812..b904cbf00 100644 ---- a/lib/accelerated/x86/aes-xts-x86-aesni.c -+++ b/lib/accelerated/x86/aes-xts-x86-aesni.c -@@ -72,7 +72,7 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) - - /* Check key block according to FIPS-140-2 IG A.9 */ - if (_gnutls_fips_mode_enabled()){ -- if (safe_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { -+ if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { - _gnutls_switch_lib_state(LIB_STATE_ERROR); - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - } -diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c -index fef67d341..240be2162 100644 ---- a/lib/ext/pre_shared_key.c -+++ b/lib/ext/pre_shared_key.c -@@ -650,7 +650,7 @@ static int server_recv_params(gnutls_session_t session, - } - - if (_gnutls_mac_get_algo_len(prf) != binder_recvd.size || -- safe_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) { -+ gnutls_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) { - gnutls_assert(); - ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - goto fail; -diff --git a/lib/mem.h b/lib/mem.h -index dc838a2b4..d3eea97a4 100644 ---- a/lib/mem.h -+++ b/lib/mem.h -@@ -35,15 +35,6 @@ char *_gnutls_strdup(const char *); - - unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size); - --/* To avoid undefined behavior when s1 or s2 are null and n = 0 */ --inline static --int safe_memcmp(const void *s1, const void *s2, size_t n) --{ -- if (n == 0) -- return 0; -- return memcmp(s1, s2, n); --} -- - #define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \ - _gnutls_mpi_clear(*mpi); \ - _gnutls_mpi_release(mpi); \ -diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c -index b0a52deb5..ec0c1ab04 100644 ---- a/lib/nettle/cipher.c -+++ b/lib/nettle/cipher.c -@@ -482,7 +482,7 @@ _xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, - const uint8_t *key) - { - if (_gnutls_fips_mode_enabled() && -- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) -+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes128_set_encrypt_key(xts_key, key); -@@ -493,7 +493,7 @@ _xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, - const uint8_t *key) - { - if (_gnutls_fips_mode_enabled() && -- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) -+ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes128_set_decrypt_key(xts_key, key); -@@ -504,7 +504,7 @@ _xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, - const uint8_t *key) - { - if (_gnutls_fips_mode_enabled() && -- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) -+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes256_set_encrypt_key(xts_key, key); -@@ -515,7 +515,7 @@ _xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, - const uint8_t *key) - { - if (_gnutls_fips_mode_enabled() && -- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) -+ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) - _gnutls_switch_lib_state(LIB_STATE_ERROR); - - xts_aes256_set_decrypt_key(xts_key, key); -diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c -index 68eab993e..ec646e673 100644 ---- a/lib/tls13/finished.c -+++ b/lib/tls13/finished.c -@@ -112,7 +112,7 @@ int _gnutls13_recv_finished(gnutls_session_t session) - #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - # warning This is unsafe for production builds - #else -- if (safe_memcmp(verifier, buf.data, buf.length) != 0) { -+ if (gnutls_memcmp(verifier, buf.data, buf.length) != 0) { - gnutls_assert(); - ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET; - goto cleanup; -diff --git a/lib/x509/x509.c b/lib/x509/x509.c -index 2091f3ae6..2b68fe440 100644 ---- a/lib/x509/x509.c -+++ b/lib/x509/x509.c -@@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) - } - - if (empty1 != empty2 || -- sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) { -+ sp1.size != sp2.size || -+ (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) { - gnutls_assert(); - ret = GNUTLS_E_CERTIFICATE_ERROR; - goto cleanup; --- -2.26.2 - diff --git a/SOURCES/gnutls-3.6.14-no-renegotiation.patch b/SOURCES/gnutls-3.6.14-no-renegotiation.patch deleted file mode 100644 index cb935bc..0000000 --- a/SOURCES/gnutls-3.6.14-no-renegotiation.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Sat, 22 Aug 2020 17:19:39 +0200 -Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is - incomplete - -If the initial handshake is incomplete and the server sends a -no_renegotiation alert, the client should treat it as a fatal error -even if its level is warning. Otherwise the same handshake -state (e.g., DHE parameters) are reused in the next gnutls_handshake -call, if it is called in the loop idiom: - - do { - ret = gnutls_handshake(session); - } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - -Signed-off-by: Daiki Ueno ---- - ...a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 | Bin 0 -> 671 bytes - ...1da801fb3c6d1f7f846f227721e221adea08aa319c | Bin 0 -> 729 bytes - lib/gnutls_int.h | 1 + - lib/handshake.c | 48 +++++++++++++----- - 4 files changed, 36 insertions(+), 13 deletions(-) - create mode 100644 fuzz/gnutls_client_fuzzer.in/00ea40761ce11e769f1817a04b3d3f7dcc0ab4571cf0df3b67ab7e1005e9e7a8 - create mode 100644 fuzz/gnutls_psk_client_fuzzer.in/b16434290b77e13d7a983d1da801fb3c6d1f7f846f227721e221adea08aa319c - -diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h -index bb6c19713..31cec5c0c 100644 ---- a/lib/gnutls_int.h -+++ b/lib/gnutls_int.h -@@ -1370,6 +1370,7 @@ typedef struct { - #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */ - #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */ - #define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */ -+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */ - - /* The hsk_flags are for use within the ongoing handshake; - * they are reset to zero prior to handshake start by gnutls_handshake. */ -diff --git a/lib/handshake.c b/lib/handshake.c -index b40f84b3d..ce2d160e2 100644 ---- a/lib/handshake.c -+++ b/lib/handshake.c -@@ -2061,6 +2061,8 @@ read_server_hello(gnutls_session_t session, - if (ret < 0) - return gnutls_assert_val(ret); - -+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED; -+ - return 0; - } - -@@ -2585,16 +2587,42 @@ int gnutls_rehandshake(gnutls_session_t session) - return 0; - } - -+/* This function checks whether the error code should be treated fatal -+ * or not, and also does the necessary state transition. In -+ * particular, in the case of a rehandshake abort it resets the -+ * handshake's internal state. -+ */ - inline static int - _gnutls_abort_handshake(gnutls_session_t session, int ret) - { -- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) && -- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION)) -- || ret == GNUTLS_E_GOT_APPLICATION_DATA) -- return 0; -+ switch (ret) { -+ case GNUTLS_E_WARNING_ALERT_RECEIVED: -+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) { -+ /* The server always toleretes a "no_renegotiation" alert. */ -+ if (session->security_parameters.entity == GNUTLS_SERVER) { -+ STATE = STATE0; -+ return ret; -+ } -+ -+ /* The client should tolerete a "no_renegotiation" alert only if: -+ * - the initial handshake has completed, or -+ * - a Server Hello is not yet received -+ */ -+ if (session->internals.initial_negotiation_completed || -+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) { -+ STATE = STATE0; -+ return ret; -+ } - -- /* this doesn't matter */ -- return GNUTLS_E_INTERNAL_ERROR; -+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); -+ } -+ return ret; -+ case GNUTLS_E_GOT_APPLICATION_DATA: -+ STATE = STATE0; -+ return ret; -+ default: -+ return ret; -+ } - } - - -@@ -2756,13 +2784,7 @@ int gnutls_handshake(gnutls_session_t session) - } - - if (ret < 0) { -- /* In the case of a rehandshake abort -- * we should reset the handshake's internal state. -- */ -- if (_gnutls_abort_handshake(session, ret) == 0) -- STATE = STATE0; -- -- return ret; -+ return _gnutls_abort_handshake(session, ret); - } - - /* clear handshake buffer */ --- -2.26.2 - diff --git a/SOURCES/gnutls-3.6.14-test-fixes.patch b/SOURCES/gnutls-3.6.14-test-fixes.patch deleted file mode 100644 index 0491472..0000000 --- a/SOURCES/gnutls-3.6.14-test-fixes.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 28 Dec 2020 16:16:53 +0100 -Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry - -The certificates stored in tests/testpkcs11-certs expired on -2020-12-13. To avoid verification failure due to that, use datefudge -to set custom date when calling gnutls-cli, gnutls-serv, and certtool. - -Based on the patch by Andreas Metzler: -https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121 - -Signed-off-by: Daiki Ueno ---- - tests/scripts/common.sh | 5 +++++ - tests/testpkcs11.sh | 12 +++++++++++- - 2 files changed, 16 insertions(+), 1 deletion(-) - -diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh -index 6ae19fa58..69b5fd612 100644 ---- a/tests/scripts/common.sh -+++ b/tests/scripts/common.sh -@@ -187,6 +187,11 @@ launch_bare_server() { - ${SERV} $* >${LOGFILE-/dev/null} & - } - -+launch_bare_server2() { -+ wait_for_free_port "$PORT" -+ "$@" >${LOGFILE-/dev/null} & -+} -+ - wait_server() { - local PID=$1 - trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2 -diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh -index 9458af238..3d74bfea6 100755 ---- a/tests/testpkcs11.sh -+++ b/tests/testpkcs11.sh -@@ -67,6 +67,8 @@ have_ed25519=0 - P11TOOL="${VALGRIND} ${P11TOOL} --batch" - SERV="${SERV} -q" - -+TESTDATE=2020-12-01 -+ - . ${srcdir}/scripts/common.sh - - rm -f "${LOGFILE}" -@@ -79,6 +81,8 @@ exit_error () { - exit 1 - } - -+skip_if_no_datefudge -+ - # $1: token - # $2: PIN - # $3: filename -@@ -523,6 +527,7 @@ write_certificate_test () { - pubkey="$5" - - echo -n "* Generating client certificate... " -+ datefudge -s "$TESTDATE" \ - "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ - --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ - --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 -@@ -900,7 +905,9 @@ use_certificate_test () { - echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " - # start server - eval "${GETPORT}" -- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ -+ launch_bare_server2 datefudge -s "$TESTDATE" \ -+ $VALGRIND $SERV $DEBUG -p "$PORT" \ -+ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \ - --x509keyfile="$keyfile" --x509cafile="${cafile}" \ - --verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1 - -@@ -908,13 +915,16 @@ use_certificate_test () { - wait_server ${PID} - - # connect to server using SC -+ datefudge -s "$TESTDATE" \ - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 && \ - fail ${PID} "Connection should have failed!" - -+ datefudge -s "$TESTDATE" \ - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ - --x509keyfile="$keyfile" --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ - fail ${PID} "Connection (with files) should have succeeded!" - -+ datefudge -s "$TESTDATE" \ - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ - --x509keyfile="${token};object=gnutls-client;object-type=private" \ - --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ --- -2.29.2 - diff --git a/SOURCES/gnutls-3.6.14.tar.xz.sig b/SOURCES/gnutls-3.6.14.tar.xz.sig deleted file mode 100644 index 3e8c890..0000000 Binary files a/SOURCES/gnutls-3.6.14.tar.xz.sig and /dev/null differ diff --git a/SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch b/SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch new file mode 100644 index 0000000..a5f1c0f --- /dev/null +++ b/SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch @@ -0,0 +1,14 @@ +--- gnutls-3.7.2/doc/manpages/p11tool.1 2021-05-29 10:15:22.000000000 +0200 ++++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1 2021-06-28 09:35:23.000000000 +0200 +@@ -230,8 +230,9 @@ + .NOP \f\*[B-Font]\-\-write\f[] + Writes the loaded objects to a PKCS #11 token. + .sp +-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with +- one of \--load-privkey, \--load-pubkey, \--load-certificate option. ++It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option. ++.sp ++When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand. + .TP + .NOP \f\*[B-Font]\-\-delete\f[] + Deletes the objects matching the given PKCS #11 URL. diff --git a/SOURCES/gnutls-3.6.16-tls12-cert-type.patch b/SOURCES/gnutls-3.6.16-tls12-cert-type.patch new file mode 100644 index 0000000..b5ba1a5 --- /dev/null +++ b/SOURCES/gnutls-3.6.16-tls12-cert-type.patch @@ -0,0 +1,125 @@ +From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 14 May 2021 15:59:37 +0200 +Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR + +When the server is advertising signature algorithms in TLS 1.2 +CertificateRequest, it shouldn't send certificate_types not backed by +any of those algorithms. + +Signed-off-by: Daiki Ueno +--- + lib/auth/cert.c | 76 +++++++++++++++++++++++-- + tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++ + 2 files changed, 89 insertions(+), 6 deletions(-) + +diff --git a/lib/auth/cert.c b/lib/auth/cert.c +index 3073a33d3..0b0f04b2b 100644 +--- a/lib/auth/cert.c ++++ b/lib/auth/cert.c +@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64, + #endif + } CertificateSigType; + ++enum CertificateSigTypeFlags { ++ RSA_SIGN_FLAG = 1, ++ DSA_SIGN_FLAG = 1 << 1, ++ ECDSA_SIGN_FLAG = 1 << 2, ++#ifdef ENABLE_GOST ++ GOSTR34102012_256_SIGN_FLAG = 1 << 3, ++ GOSTR34102012_512_SIGN_FLAG = 1 << 4 ++#endif ++}; ++ + /* Moves data from an internal certificate struct (gnutls_pcert_st) to + * another internal certificate struct (cert_auth_info_t), and deinitializes + * the former. +@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, + uint8_t tmp_data[CERTTYPE_SIZE]; + const version_entry_st *ver = get_version(session); + unsigned init_pos = data->length; ++ enum CertificateSigTypeFlags flags; + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); +@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } + +- i = 1; ++ if (_gnutls_version_has_selectable_sighash(ver)) { ++ size_t j; ++ ++ flags = 0; ++ for (j = 0; j < session->internals.priorities->sigalg.size; j++) { ++ const gnutls_sign_entry_st *se = ++ session->internals.priorities->sigalg.entry[j]; ++ switch (se->pk) { ++ case GNUTLS_PK_RSA: ++ case GNUTLS_PK_RSA_PSS: ++ flags |= RSA_SIGN_FLAG; ++ break; ++ case GNUTLS_PK_DSA: ++ flags |= DSA_SIGN_FLAG; ++ break; ++ case GNUTLS_PK_ECDSA: ++ flags |= ECDSA_SIGN_FLAG; ++ break; + #ifdef ENABLE_GOST +- if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) { +- tmp_data[i++] = GOSTR34102012_256_SIGN; +- tmp_data[i++] = GOSTR34102012_512_SIGN; +- } else ++ case GNUTLS_PK_GOST_12_256: ++ flags |= GOSTR34102012_256_SIGN_FLAG; ++ break; ++ case GNUTLS_PK_GOST_12_512: ++ flags |= GOSTR34102012_512_SIGN_FLAG; ++ break; ++#endif ++ default: ++ gnutls_assert(); ++ _gnutls_debug_log( ++ "%s is unsupported for cert request\n", ++ gnutls_pk_get_name(se->pk)); ++ } ++ } ++ ++ } else { ++#ifdef ENABLE_GOST ++ if (_gnutls_kx_is_vko_gost(session->security_parameters. ++ cs->kx_algorithm)) { ++ flags = GOSTR34102012_256_SIGN_FLAG | ++ GOSTR34102012_512_SIGN_FLAG; ++ } else + #endif +- { ++ { ++ flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG; ++ } ++ } ++ ++ i = 1; ++ if (flags & RSA_SIGN_FLAG) { + tmp_data[i++] = RSA_SIGN; ++ } ++ if (flags & DSA_SIGN_FLAG) { + tmp_data[i++] = DSA_SIGN; ++ } ++ if (flags & ECDSA_SIGN_FLAG) { + tmp_data[i++] = ECDSA_SIGN; + } ++#ifdef ENABLE_GOST ++ if (flags & GOSTR34102012_256_SIGN_FLAG) { ++ tmp_data[i++] = GOSTR34102012_256_SIGN; ++ } ++ if (flags & GOSTR34102012_512_SIGN_FLAG) { ++ tmp_data[i++] = GOSTR34102012_512_SIGN; ++ } ++#endif + tmp_data[0] = i - 1; + + ret = _gnutls_buffer_append_data(data, tmp_data, i); +-- +2.31.1 + diff --git a/SOURCES/gnutls-3.6.16-trust-ca-sha1.patch b/SOURCES/gnutls-3.6.16-trust-ca-sha1.patch new file mode 100644 index 0000000..515f2f1 --- /dev/null +++ b/SOURCES/gnutls-3.6.16-trust-ca-sha1.patch @@ -0,0 +1,283 @@ +From c2409e479df41620bceac314c76cabb1d35a4075 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 3 May 2021 16:35:43 +0200 +Subject: [PATCH] x509/verify: treat SHA-1 signed CA in the trusted set + differently +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Suppose there is a certificate chain ending with an intermediate CA: +EE → ICA1 → ICA2. If the system trust store contains a root CA +generated with the same key as ICA2 but signed with a prohibited +algorithm, such as SHA-1, the library previously reported a +verification failure, though the situation is not uncommon during a +transition period of root CA. + +This changes the library behavior such that the check on signature +algorithm will be skipped when examining the trusted root CA. + +Signed-off-by: Daiki Ueno +--- + lib/x509/verify.c | 26 ++++--- + tests/test-chains.h | 165 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 182 insertions(+), 9 deletions(-) + +diff --git a/lib/x509/verify.c b/lib/x509/verify.c +index fd7c6a164..a50b5ea44 100644 +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -415,14 +415,19 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned + #define CASE_SEC_PARAM(profile, level) \ + case profile: \ + sym_bits = gnutls_sec_param_to_symmetric_bits(level); \ +- hash = gnutls_sign_get_hash_algorithm(sigalg); \ +- entry = mac_to_entry(hash); \ +- if (hash <= 0 || entry == NULL) { \ ++ se = _gnutls_sign_to_entry(sigalg); \ ++ if (unlikely(se == NULL)) { \ ++ _gnutls_cert_log("cert", crt); \ ++ _gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \ ++ return gnutls_assert_val(0); \ ++ } \ ++ if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \ + return gnutls_assert_val(0); \ + } \ +- if (_gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \ ++ if (!trusted && \ ++ _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \ + return gnutls_assert_val(0); \ +@@ -449,19 +454,22 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned + * @crt: a certificate + * @issuer: the certificates issuer (allowed to be NULL) + * @sigalg: the signature algorithm used ++ * @trusted: whether @crt is treated as trusted (e.g., present in the system ++ * trust list); if it is true, the check on signature algorithm will ++ * be skipped + * @flags: the specified verification flags + */ + static unsigned is_level_acceptable( + gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, +- gnutls_sign_algorithm_t sigalg, unsigned flags) ++ gnutls_sign_algorithm_t sigalg, bool trusted, ++ unsigned flags) + { + gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags); +- const mac_entry_st *entry; + int issuer_pkalg = 0, pkalg, ret; + unsigned bits = 0, issuer_bits = 0, sym_bits = 0; + gnutls_pk_params_st params; + gnutls_sec_param_t sp; +- int hash; ++ const gnutls_sign_entry_st *se; + gnutls_certificate_verification_profiles_t min_profile; + + min_profile = _gnutls_get_system_wide_verification_profile(); +@@ -798,7 +806,7 @@ verify_crt(gnutls_x509_crt_t cert, + } + + if (sigalg >= 0 && se) { +- if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) { ++ if (is_level_acceptable(cert, issuer, sigalg, false, flags) == 0) { + MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM); + } + +@@ -893,7 +901,7 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer, + + /* we explicitly allow CAs which we do not support their self-algorithms + * to pass. */ +- if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, flags)) { ++ if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) { + status |= GNUTLS_CERT_INSECURE_ALGORITHM|GNUTLS_CERT_INVALID; + } + +diff --git a/tests/test-chains.h b/tests/test-chains.h +index 9b06b85f5..64f50fabf 100644 +--- a/tests/test-chains.h ++++ b/tests/test-chains.h +@@ -4106,6 +4106,163 @@ static const char *superseding_ca[] = { + NULL + }; + ++static const char *rsa_sha1_in_trusted[] = { ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n" ++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n" ++ "MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n" ++ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n" ++ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n" ++ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n" ++ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n" ++ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n" ++ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n" ++ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n" ++ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n" ++ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n" ++ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n" ++ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n" ++ "AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n" ++ "eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n" ++ "flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n" ++ "x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n" ++ "PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n" ++ "CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n" ++ "W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n" ++ "-----END CERTIFICATE-----\n", ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n" ++ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n" ++ "MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n" ++ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n" ++ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n" ++ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n" ++ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n" ++ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n" ++ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n" ++ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n" ++ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n" ++ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n" ++ "GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n" ++ "EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n" ++ "arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n" ++ "AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n" ++ "3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n" ++ "zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n" ++ "b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n" ++ "vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n" ++ "sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *rsa_sha1_in_trusted_ca[] = { ++ /* This CA is generated with the same key as rsa_sha1_in_trusted[1], but ++ * self-signed using SHA-1. ++ */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n" ++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n" ++ "MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n" ++ "KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n" ++ "Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n" ++ "b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n" ++ "rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n" ++ "fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n" ++ "4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n" ++ "UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n" ++ "MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n" ++ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n" ++ "S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n" ++ "Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n" ++ "gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n" ++ "Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n" ++ "9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n" ++ "wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n" ++ "w3SV1ZRcNg==\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *rsa_sha1_not_in_trusted[] = { ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n" ++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n" ++ "MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n" ++ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n" ++ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n" ++ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n" ++ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n" ++ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n" ++ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n" ++ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n" ++ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n" ++ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n" ++ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n" ++ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n" ++ "AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n" ++ "+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n" ++ "/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n" ++ "3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n" ++ "X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n" ++ "7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n" ++ "4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n" ++ "-----END CERTIFICATE-----\n", ++ /* ICA with SHA1 signature */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n" ++ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n" ++ "NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n" ++ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n" ++ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n" ++ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n" ++ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n" ++ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n" ++ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n" ++ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n" ++ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n" ++ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n" ++ "GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n" ++ "muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n" ++ "2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n" ++ "cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n" ++ "dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n" ++ "qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n" ++ "VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n" ++ "5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n" ++ "PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *rsa_sha1_not_in_trusted_ca[] = { ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n" ++ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n" ++ "MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n" ++ "Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n" ++ "OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n" ++ "K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n" ++ "lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n" ++ "fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n" ++ "pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n" ++ "1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n" ++ "aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n" ++ "kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n" ++ "VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n" ++ "S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n" ++ "WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n" ++ "C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n" ++ "o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n" ++ "7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n" ++ "Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n" ++ "nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n" ++ "6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n" ++ "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ + #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) + # pragma GCC diagnostic push + # pragma GCC diagnostic ignored "-Wunused-variable" +@@ -4275,6 +4432,14 @@ static struct + { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), + 0, NULL, 1584352960, 1}, + { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 }, ++ { "rsa-sha1 in trusted - ok", ++ rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca, ++ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), ++ 0, NULL, 1620052390, 1}, ++ { "rsa-sha1 not in trusted - not ok", ++ rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca, ++ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), ++ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1}, + { NULL, NULL, NULL, 0, 0} + }; + +-- +2.31.1 + diff --git a/SOURCES/gnutls-3.6.16.tar.xz.sig b/SOURCES/gnutls-3.6.16.tar.xz.sig new file mode 100644 index 0000000..96e702b Binary files /dev/null and b/SOURCES/gnutls-3.6.16.tar.xz.sig differ diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec index 9f8c965..0bcbaba 100644 --- a/SPECS/gnutls.spec +++ b/SPECS/gnutls.spec @@ -1,20 +1,13 @@ -Version: 3.6.14 -Release: 8%{?dist} +Version: 3.6.16 +Release: 4%{?dist} Patch1: gnutls-3.2.7-rpath.patch Patch2: gnutls-3.6.4-no-now-guile.patch Patch3: gnutls-3.6.13-enable-intel-cet.patch -Patch4: gnutls-3.6.14-autogen-int.patch -Patch5: gnutls-3.6.14-fips-mode-check.patch -Patch6: gnutls-3.6.14-fips-dh-primes.patch -Patch7: gnutls-3.6.14-memcmp.patch -Patch8: gnutls-3.6.14-fips-dh-check.patch -Patch9: gnutls-3.6.14-fix-iovec-memory-leak.patch Patch10: gnutls-3.6.14-fips-dh-selftests.patch Patch11: gnutls-3.6.14-fips-kdf-selftests.patch -Patch12: gnutls-3.6.14-no-renegotiation.patch -# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html -Patch13: gnutls-3.6.14-ecdsa-verify.patch -Patch14: gnutls-3.6.14-test-fixes.patch +Patch12: gnutls-3.6.16-tls12-cert-type.patch +Patch13: gnutls-3.6.16-trust-ca-sha1.patch +Patch14: gnutls-3.6.16-doc-p11tool-ckaid.patch %bcond_without dane %if 0%{?rhel} %bcond_with guile @@ -298,8 +291,30 @@ fi %endif %changelog -* Thu Apr 1 2021 Daiki Ueno - 3.6.14-8 -- Port fixes for potential miscalculation in ecdsa_verify (#1942929) +* Mon Jun 28 2021 Daiki Ueno - 3.6.16-4 +- p11tool: Document ID reuse behavior when importing certs (#1776250) + +* Mon Jun 7 2021 Daiki Ueno - 3.6.16-3 +- Treat SHA-1 signed CA in the trusted set differently (#1965445) + +* Wed May 26 2021 Daiki Ueno - 3.6.16-2 +- Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216) + +* Mon May 24 2021 Daiki Ueno - 3.6.16-1 +- Update to upstream 3.6.16 release (#1956783) +- Fix potential use-after-free in key_share handling (#1927597) +- Fix potential use-after-free in pre_shared_key handling (#1927593) +- Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334) +- Fix cert expiration issue in tests (#1908110) + +* Thu Apr 1 2021 Daiki Ueno - 3.6.14-10 +- Port fixes for potential miscalculation in ecdsa_verify (#1942931) + +* Tue Nov 24 2020 Daiki Ueno - 3.6.14-9 +- Revert the previous change + +* Wed Nov 11 2020 Daiki Ueno - 3.6.14-8 +- Depend on specific NVR of gmp and nettle (#1812933) * Tue Nov 3 2020 Daiki Ueno - 3.6.14-7 - Increase DH key bits to >= 2048 in self-tests (#1879506)