diff --git a/.gitignore b/.gitignore index 2d84e1d..2f0aa7d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/gnutls-3.3.8-hobbled.tar.xz +SOURCES/gnutls-3.3.24-hobbled.tar.xz diff --git a/.gnutls.metadata b/.gnutls.metadata index 20684e9..70743da 100644 --- a/.gnutls.metadata +++ b/.gnutls.metadata @@ -1 +1 @@ -328c5c1d1fb28537df0e894765939b0f6b9780ea SOURCES/gnutls-3.3.8-hobbled.tar.xz +8e6860e7208db4b695e28c0389df1965161015b9 SOURCES/gnutls-3.3.24-hobbled.tar.xz diff --git a/SOURCES/gnutls-3.3.22-eapp-data.patch b/SOURCES/gnutls-3.3.22-eapp-data.patch new file mode 100644 index 0000000..74bb486 --- /dev/null +++ b/SOURCES/gnutls-3.3.22-eapp-data.patch @@ -0,0 +1,27 @@ +diff --git b/lib/gnutls_handshake.c a/lib/gnutls_handshake.c +index 5930941..e904f2e 100644 +--- b/lib/gnutls_handshake.c ++++ a/lib/gnutls_handshake.c +@@ -2510,7 +2510,8 @@ static int _gnutls_recv_supplemental(gnutls_session_t session) + * are non fatal errors, only in the specific case of a rehandshake. + * Their meaning is that the client rejected the rehandshake request or + * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it could also mean that +- * some data were pending. ++ * some data were pending. A client may receive that error code if ++ * it initiates the handshake and the server doesn't agreed. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. + **/ +diff --git b/lib/gnutls_record.c a/lib/gnutls_record.c +index 157d12a..40c20fe 100644 +--- b/lib/gnutls_record.c ++++ a/lib/gnutls_record.c +@@ -837,7 +837,7 @@ record_add_to_buffers(gnutls_session_t session, + * reasons). Otherwise it is an unexpected packet + */ + if (type == GNUTLS_ALERT +- || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO ++ || ((htype == GNUTLS_HANDSHAKE_SERVER_HELLO || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) + && type == GNUTLS_HANDSHAKE)) { + /* even if data is unexpected put it into the buffer */ + _gnutls_record_buffer_put(session, recv->type, diff --git a/SOURCES/gnutls-3.3.8-cve-2014-8564.patch b/SOURCES/gnutls-3.3.8-cve-2014-8564.patch deleted file mode 100644 index ec045e0..0000000 --- a/SOURCES/gnutls-3.3.8-cve-2014-8564.patch +++ /dev/null @@ -1,42 +0,0 @@ ->From 45401d6b4297f4ace2cbc2f476cf44d1f7d8dd45 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Fri, 31 Oct 2014 10:00:32 +0100 -Subject: [PATCH 1/2] when exporting curve coordinates to X9.63 format, perform - additional sanity checks on input - -Reported by Sean Burford. ---- - lib/gnutls_ecc.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c -index 847f0d2..aa6399b 100644 ---- a/lib/gnutls_ecc.c -+++ b/lib/gnutls_ecc.c -@@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, - - /* pad and store x */ - byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8; -+ if (numlen < byte_size) { -+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ goto cleanup; -+ } -+ - size = out->size - (1 + (numlen - byte_size)); - ret = - _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)], -@@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, - } - - byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8; -+ if (numlen < byte_size) { -+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ goto cleanup; -+ } -+ - size = out->size - (1 + (numlen + numlen - byte_size)); - ret = - _gnutls_mpi_print(y, --- -2.0.0 - diff --git a/SOURCES/gnutls-3.3.8-dh-fips-tests.patch b/SOURCES/gnutls-3.3.8-dh-fips-tests.patch deleted file mode 100644 index be8f315..0000000 --- a/SOURCES/gnutls-3.3.8-dh-fips-tests.patch +++ /dev/null @@ -1,305 +0,0 @@ -diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c -index b9ca0cb..ac8a922 100644 ---- a/lib/gnutls_global.c -+++ b/lib/gnutls_global.c -@@ -297,6 +297,7 @@ int gnutls_global_init(void) - * res == not in fips140 mode - */ - if (res != 0) { -+ _gnutls_debug_log("FIPS140-2 mode: %d\n", res); - _gnutls_priority_update_fips(); - - /* first round of self checks, these are done on the -diff --git a/lib/libgnutls.map b/lib/libgnutls.map -index 5de541d..cbd62d7 100644 ---- a/lib/libgnutls.map -+++ b/lib/libgnutls.map -@@ -1043,6 +1043,10 @@ GNUTLS_FIPS140 { - _gnutls_prf_raw; - _gnutls_encode_ber_rs_raw; - _rsa_generate_fips186_4_keypair; -+ _gnutls_dh_compute_key; -+ _gnutls_dh_generate_key; -+ _gnutls_ecdh_generate_key; -+ _gnutls_ecdh_compute_key; - }; - - GNUTLS_PRIVATE { -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index fbc3da1..1b61051 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -844,7 +844,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, - #endif - - params->params_nr = 0; -- -+ - ret = _gnutls_mpi_init_multi(¶ms->params[DSA_P], ¶ms->params[DSA_Q], - ¶ms->params[DSA_G], NULL); - if (ret < 0) { -@@ -891,6 +891,249 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, - return ret; - } - -+#ifdef ENABLE_FIPS140 -+int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, -+ gnutls_datum_t *priv_key, gnutls_datum_t *pub_key); -+ -+int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, -+ const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key, -+ const gnutls_datum_t *peer_key, gnutls_datum_t *Z); -+ -+int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, -+ const gnutls_datum_t *x, const gnutls_datum_t *y, -+ const gnutls_datum_t *k, -+ const gnutls_datum_t *peer_x, const gnutls_datum_t *peer_y, -+ gnutls_datum_t *Z); -+ -+int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, -+ gnutls_datum_t *x, gnutls_datum_t *y, -+ gnutls_datum_t *k); -+ -+ -+int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, -+ gnutls_datum_t *priv_key, gnutls_datum_t *pub_key) -+{ -+ gnutls_pk_params_st params; -+ int ret; -+ -+ gnutls_pk_params_init(¶ms); -+ params.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]); -+ params.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]); -+ -+ params.params_nr = 3; /* include empty q */ -+ params.algo = GNUTLS_PK_DH; -+ -+ priv_key->data = NULL; -+ pub_key->data = NULL; -+ -+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, ¶ms); -+ if (ret < 0) { -+ return gnutls_assert_val(ret); -+ } -+ -+ ret = -+ _gnutls_mpi_dprint_lz(params.params[DH_X], priv_key); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ ret = -+ _gnutls_mpi_dprint_lz(params.params[DH_Y], pub_key); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ ret = 0; -+ goto cleanup; -+ fail: -+ gnutls_free(pub_key->data); -+ gnutls_free(priv_key->data); -+ cleanup: -+ gnutls_pk_params_clear(¶ms); -+ return ret; -+} -+ -+int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, -+ const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key, -+ const gnutls_datum_t *peer_key, gnutls_datum_t *Z) -+{ -+ gnutls_pk_params_st pub, priv; -+ int ret; -+ -+ gnutls_pk_params_init(&pub); -+ gnutls_pk_params_init(&priv); -+ pub.algo = GNUTLS_PK_DH; -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&pub.params[DH_Y], peer_key->data, -+ peer_key->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ priv.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]); -+ priv.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]); -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&priv.params[DH_X], priv_key->data, -+ priv_key->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ priv.params_nr = 3; /* include empty q */ -+ priv.algo = GNUTLS_PK_DH; -+ -+ Z->data = NULL; -+ -+ ret = _gnutls_pk_derive(GNUTLS_PK_DH, Z, &priv, &pub); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto cleanup; -+ } -+ -+ ret = 0; -+ cleanup: -+ gnutls_pk_params_clear(&pub); -+ gnutls_pk_params_clear(&priv); -+ return ret; -+} -+ -+int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, -+ gnutls_datum_t *x, gnutls_datum_t *y, -+ gnutls_datum_t *k) -+{ -+ gnutls_pk_params_st params; -+ int ret; -+ -+ gnutls_pk_params_init(¶ms); -+ params.flags = curve; -+ params.algo = GNUTLS_PK_EC; -+ -+ x->data = NULL; -+ y->data = NULL; -+ k->data = NULL; -+ -+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_EC, curve, ¶ms); -+ if (ret < 0) { -+ return gnutls_assert_val(ret); -+ } -+ -+ ret = -+ _gnutls_mpi_dprint_lz(params.params[ECC_X], x); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ ret = -+ _gnutls_mpi_dprint_lz(params.params[ECC_Y], y); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ ret = -+ _gnutls_mpi_dprint_lz(params.params[ECC_K], k); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ ret = 0; -+ goto cleanup; -+ fail: -+ gnutls_free(y->data); -+ gnutls_free(x->data); -+ gnutls_free(k->data); -+ cleanup: -+ gnutls_pk_params_clear(¶ms); -+ return ret; -+} -+ -+int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, -+ const gnutls_datum_t *x, const gnutls_datum_t *y, -+ const gnutls_datum_t *k, -+ const gnutls_datum_t *peer_x, const gnutls_datum_t *peer_y, -+ gnutls_datum_t *Z) -+{ -+ gnutls_pk_params_st pub, priv; -+ int ret; -+ -+ gnutls_pk_params_init(&pub); -+ gnutls_pk_params_init(&priv); -+ -+ pub.algo = GNUTLS_PK_EC; -+ pub.flags = curve; -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&pub.params[ECC_Y], peer_y->data, -+ peer_y->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&pub.params[ECC_X], peer_x->data, -+ peer_x->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ priv.params_nr = 2; -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&priv.params[ECC_Y], y->data, -+ y->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&priv.params[ECC_X], x->data, -+ x->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ if (_gnutls_mpi_init_scan_nz -+ (&priv.params[ECC_K], k->data, -+ k->size) != 0) { -+ ret = -+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); -+ goto cleanup; -+ } -+ -+ -+ priv.params_nr = 3; -+ priv.algo = GNUTLS_PK_EC; -+ priv.flags = curve; -+ -+ Z->data = NULL; -+ -+ ret = _gnutls_pk_derive(GNUTLS_PK_EC, Z, &priv, &pub); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto cleanup; -+ } -+ -+ ret = 0; -+ cleanup: -+ gnutls_pk_params_clear(&pub); -+ gnutls_pk_params_clear(&priv); -+ return ret; -+} -+#endif -+ -+ - /* To generate a DH key either q must be set in the params or - * level should be set to the number of required bits. - */ -@@ -1398,12 +1641,12 @@ static int calc_rsa_exp(gnutls_pk_params_st * params) - { - bigint_t tmp; - int ret; -- -+ - if (params->params_nr < RSA_PRIVATE_PARAMS - 2) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } -- -+ - params->params[6] = params->params[7] = NULL; - - ret = _gnutls_mpi_init_multi(&tmp, ¶ms->params[6], ¶ms->params[7], NULL); diff --git a/SOURCES/gnutls-3.3.8-dh-fips-tests2.patch b/SOURCES/gnutls-3.3.8-dh-fips-tests2.patch deleted file mode 100644 index 4cb3df7..0000000 --- a/SOURCES/gnutls-3.3.8-dh-fips-tests2.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 0653fcc..66815f0 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -929,7 +929,7 @@ int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, - priv_key->data = NULL; - pub_key->data = NULL; - -- ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, ¶ms); -+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, dh_params->q_bits, ¶ms); - if (ret < 0) { - return gnutls_assert_val(ret); - } diff --git a/SOURCES/gnutls-3.3.8-drbg-fips-symbol.patch b/SOURCES/gnutls-3.3.8-drbg-fips-symbol.patch deleted file mode 100644 index 855c57f..0000000 --- a/SOURCES/gnutls-3.3.8-drbg-fips-symbol.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/lib/libgnutls.map b/lib/libgnutls.map -index cbd62d7..6e56004 100644 ---- a/lib/libgnutls.map -+++ b/lib/libgnutls.map -@@ -1032,7 +1032,7 @@ GNUTLS_FIPS140 { - gnutls_mac_self_test; - gnutls_digest_self_test; - #for FIPS140-2 validation -- rbg_aes_reseed; -+ drbg_aes_reseed; - drbg_aes_init; - drbg_aes_generate; - _dsa_generate_dss_pq; diff --git a/SOURCES/gnutls-3.3.8-fips-reseed.patch b/SOURCES/gnutls-3.3.8-fips-reseed.patch deleted file mode 100644 index 438edda..0000000 --- a/SOURCES/gnutls-3.3.8-fips-reseed.patch +++ /dev/null @@ -1,301 +0,0 @@ -diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c -index 9c87453..eb62cf0 100644 ---- a/lib/nettle/int/drbg-aes-self-test.c -+++ b/lib/nettle/int/drbg-aes-self-test.c -@@ -104,7 +104,8 @@ int drbg_aes_self_test(void) - struct drbg_aes_ctx test_ctx; - struct drbg_aes_ctx test_ctx2; - struct priv_st priv; -- int ret; -+ int ret, saved; -+ uint8_t *tmp; - unsigned char result[16]; - - memset(&priv, 0, sizeof(priv)); -@@ -119,26 +120,32 @@ int drbg_aes_self_test(void) - return 0; - } - -+ tmp = gnutls_malloc(MAX_DRBG_AES_GENERATE_SIZE+1); -+ if (tmp == NULL) { -+ gnutls_assert(); -+ return 0; -+ } -+ - for (i = 0; i < sizeof(tv) / sizeof(tv[0]); i++) { - /* Setup the key. */ - ret = - drbg_aes_init(&test_ctx, DRBG_AES_SEED_SIZE, tv[i].entropy, - strlen(tv[i].pstring), (void *)tv[i].pstring); - if (ret == 0) -- return 0; -+ goto fail; - - if (drbg_aes_is_seeded(&test_ctx) == 0) -- return 0; -+ goto fail; - - /* Get and compare the first three results. */ - for (j = 0; j < 3; j++) { - /* Compute the next value. */ - if (drbg_aes_random(&test_ctx, 16, result) == 0) -- return 0; -+ goto fail; - - /* Compare it to the known value. */ - if (memcmp(result, tv[i].res[j], 16) != 0) { -- return 0; -+ goto fail; - } - } - -@@ -146,20 +153,72 @@ int drbg_aes_self_test(void) - drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE, - tv[i].entropy, 0, NULL); - if (ret == 0) -- return 0; -+ goto fail; - - if (drbg_aes_random(&test_ctx, 16, result) == 0) -- return 0; -+ goto fail; - - if (memcmp(result, tv[i].res[3], 16) != 0) { -- return 0; -+ goto fail; - } - - /* test the error handling of drbg_aes_random() */ -+ saved = test_ctx.reseed_counter; - test_ctx.reseed_counter = DRBG_AES_RESEED_TIME+1; - if (drbg_aes_random(&test_ctx, 16, result) != 0) { - gnutls_assert(); -- return 0; -+ goto fail; -+ } -+ test_ctx.reseed_counter = saved; -+ -+ ret = drbg_aes_random(&test_ctx, MAX_DRBG_AES_GENERATE_SIZE+1, tmp); -+ if (ret == 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ /* test the low-level function */ -+ ret = drbg_aes_generate(&test_ctx, MAX_DRBG_AES_GENERATE_SIZE+1, tmp, 0, NULL); -+ if (ret != 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ -+ /* Test of the reseed function for error handling */ -+ ret = -+ drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE*2, -+ (uint8_t*)tv, 0, NULL); -+ if (ret != 0) -+ goto fail; -+ -+ ret = -+ drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE, -+ tv[i].entropy, DRBG_AES_SEED_SIZE*2, (uint8_t*)tv); -+ if (ret != 0) -+ goto fail; -+ -+ /* check whether reseed detection works */ -+ if (i==0) { -+ ret = -+ drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE, -+ tv[i].entropy, 0, NULL); -+ if (ret == 0) -+ goto fail; -+ -+ saved = test_ctx.reseed_counter; -+ test_ctx.reseed_counter = DRBG_AES_RESEED_TIME-4; -+ for (j=0;j<5;j++) { -+ if (drbg_aes_random(&test_ctx, 1, result) == 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ } -+ /* that should fail */ -+ if (drbg_aes_random(&test_ctx, 1, result) != 0) { -+ gnutls_assert(); -+ goto fail; -+ } -+ test_ctx.reseed_counter = saved; - } - - /* test deinit, which is zeroize_key() */ -@@ -167,9 +226,15 @@ int drbg_aes_self_test(void) - zeroize_key(&test_ctx, sizeof(test_ctx)); - if (memcmp(&test_ctx, &test_ctx2, sizeof(test_ctx)) == 0) { - gnutls_assert(); -- return 0; -+ goto fail; - } -+ -+ - } - -+ free(tmp); - return 1; -+ fail: -+ free(tmp); -+ return 0; - } -diff --git a/lib/nettle/int/drbg-aes.c b/lib/nettle/int/drbg-aes.c -index 5ff2484..43df5e1 100644 ---- a/lib/nettle/int/drbg-aes.c -+++ b/lib/nettle/int/drbg-aes.c -@@ -22,6 +22,7 @@ - - #include - #include -+#include - #include - #include - #include -@@ -67,7 +68,6 @@ drbg_aes_update(struct drbg_aes_ctx *ctx, - - memcpy(ctx->v, &tmp[DRBG_AES_KEY_SIZE], AES_BLOCK_SIZE); - -- ctx->reseed_counter = 1; - ctx->seeded = 1; - } - -@@ -93,6 +93,27 @@ drbg_aes_reseed(struct drbg_aes_ctx *ctx, - memxor(tmp, entropy, entropy_size); - - drbg_aes_update(ctx, tmp); -+ ctx->reseed_counter = 1; -+ -+ return 1; -+} -+ -+int drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst) -+{ -+ unsigned p_len; -+ int left = length; -+ uint8_t *p = dst; -+ int ret; -+ -+ while(left > 0) { -+ p_len = MIN(MAX_DRBG_AES_GENERATE_SIZE, left); -+ ret = drbg_aes_generate(ctx, p_len, p, 0, 0); -+ if (ret == 0) -+ return ret; -+ -+ p += p_len; -+ left -= p_len; -+ } - - return 1; - } -@@ -106,11 +127,14 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst, - unsigned left; - - if (ctx->seeded == 0) -- return 0; -+ return gnutls_assert_val(0); -+ -+ if (length > MAX_DRBG_AES_GENERATE_SIZE) -+ return gnutls_assert_val(0); - - if (add_size > 0) { - if (add_size > DRBG_AES_SEED_SIZE) -- return 0; -+ return gnutls_assert_val(0); - memcpy(seed, add, add_size); - if (add_size != DRBG_AES_SEED_SIZE) - memset(&seed[add_size], 0, DRBG_AES_SEED_SIZE - add_size); -@@ -140,7 +164,7 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst, - /* if detected loop */ - if (memcmp(dst, ctx->prev_block, AES_BLOCK_SIZE) == 0) { - _gnutls_switch_lib_state(LIB_STATE_ERROR); -- return 0; -+ return gnutls_assert_val(0); - } - - memcpy(ctx->prev_block, dst, AES_BLOCK_SIZE); -@@ -154,7 +178,7 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst, - /* if detected loop */ - if (memcmp(tmp, ctx->prev_block, AES_BLOCK_SIZE) == 0) { - _gnutls_switch_lib_state(LIB_STATE_ERROR); -- return 0; -+ return gnutls_assert_val(0); - } - - memcpy(ctx->prev_block, tmp, AES_BLOCK_SIZE); -@@ -162,7 +186,7 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst, - } - - if (ctx->reseed_counter > DRBG_AES_RESEED_TIME) -- return 0; -+ return gnutls_assert_val(0); - ctx->reseed_counter++; - - drbg_aes_update(ctx, seed); -diff --git a/lib/nettle/int/drbg-aes.h b/lib/nettle/int/drbg-aes.h -index eb89be6..72608de 100644 ---- a/lib/nettle/int/drbg-aes.h -+++ b/lib/nettle/int/drbg-aes.h -@@ -55,10 +55,13 @@ struct drbg_aes_ctx { - unsigned reseed_counter; - }; - -+/* max_number_of_bits_per_request */ -+#define MAX_DRBG_AES_GENERATE_SIZE 65536 /* 2^19 */ -+ - /* This DRBG should be reseeded if reseed_counter exceeds - * that number. Otherwise drbg_aes_random() will fail. - */ --#define DRBG_AES_RESEED_TIME 65536 -+#define DRBG_AES_RESEED_TIME 16777216 - - /* The entropy provided in these functions should be of - * size DRBG_AES_SEED_SIZE. Additional data and pers. -@@ -74,7 +77,10 @@ drbg_aes_reseed(struct drbg_aes_ctx *ctx, - unsigned entropy_size, const uint8_t *entropy, - unsigned add_size, const uint8_t* add); - --#define drbg_aes_random(ctx, l, dst) drbg_aes_generate(ctx, l, dst, 0, NULL) -+/* our wrapper for the low-level drbg_aes_generate */ -+int -+drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length, -+ uint8_t * dst); - - int - drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, -diff --git a/tests/rng-fork.c b/tests/rng-fork.c -index ba9178e..45a18b4 100644 ---- a/tests/rng-fork.c -+++ b/tests/rng-fork.c -@@ -53,6 +53,7 @@ void doit(void) - unsigned char buf1[64]; - unsigned char buf2[64]; - pid_t pid; -+ unsigned char *tmp; - int ret; - FILE *fp; - unsigned i; -@@ -119,6 +120,20 @@ void doit(void) - exit(1); - } - } -+#define TMP_SIZE (65*1024) -+ tmp = malloc(TMP_SIZE); -+ if (tmp == NULL) { -+ fail("memory error\n"); -+ exit(1); -+ } -+ for (i = 0; i <= 65539; i++) { -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, tmp, TMP_SIZE); -+ if (ret < 0) { -+ fail("Error iterating RNG-random more than %u times for %d data\n", i, TMP_SIZE); -+ exit(1); -+ } -+ } -+ free(tmp); - - gnutls_global_deinit(); - } diff --git a/SOURCES/gnutls-3.3.8-fips-rnd-regr.patch b/SOURCES/gnutls-3.3.8-fips-rnd-regr.patch deleted file mode 100644 index a9b8850..0000000 --- a/SOURCES/gnutls-3.3.8-fips-rnd-regr.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/lib/random.h b/lib/random.h -index 370a2f9..59e3f3c 100644 ---- a/lib/random.h -+++ b/lib/random.h -@@ -50,7 +50,10 @@ int _gnutls_rnd_init(void); - - inline static int _gnutls_rnd_check(void) - { -- return _gnutls_rnd_ops.check(gnutls_rnd_ctx); -+ if (_gnutls_rnd_ops.check) -+ return _gnutls_rnd_ops.check(gnutls_rnd_ctx); -+ else -+ return 0; - } - - #ifndef _WIN32 diff --git a/SOURCES/gnutls-3.3.8-fips140-dsa1024.patch b/SOURCES/gnutls-3.3.8-fips140-dsa1024.patch deleted file mode 100644 index 656e34f..0000000 --- a/SOURCES/gnutls-3.3.8-fips140-dsa1024.patch +++ /dev/null @@ -1,71 +0,0 @@ -diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h -index 08fac25..82d545e 100644 ---- a/lib/nettle/int/dsa-fips.h -+++ b/lib/nettle/int/dsa-fips.h -@@ -80,7 +80,7 @@ int - _dsa_validate_dss_g(struct dsa_public_key *pub, - unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index); - --unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits); -+unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate); - - /* The following low-level functions can be used for DH key exchange as well - */ -diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c -index 2712ddb..1ac9441 100644 ---- a/lib/nettle/int/dsa-keygen-fips186.c -+++ b/lib/nettle/int/dsa-keygen-fips186.c -@@ -36,11 +36,11 @@ - - #include - --unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits) -+unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate) - { - switch (q_bits) { - case 160: -- if (_gnutls_fips_mode_enabled() != 0) -+ if (_gnutls_fips_mode_enabled() != 0 && generate != 0) - return 0; - - if (p_bits != 1024) -@@ -77,7 +77,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub, - uint8_t *storage = NULL; - unsigned storage_length = 0; - -- ret = _dsa_check_qp_sizes(q_bits, p_bits); -+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 1); - if (ret == 0) { - return 0; - } -@@ -375,7 +375,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub, - uint8_t domain_seed[MAX_PVP_SEED_SIZE*3]; - unsigned domain_seed_size = 0; - -- ret = _dsa_check_qp_sizes(q_bits, p_bits); -+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 1); - if (ret == 0) - return 0; - -diff --git a/lib/nettle/int/dsa-validate.c b/lib/nettle/int/dsa-validate.c -index 3f55755..daa39da 100644 ---- a/lib/nettle/int/dsa-validate.c -+++ b/lib/nettle/int/dsa-validate.c -@@ -83,7 +83,7 @@ _dsa_validate_dss_g(struct dsa_public_key *pub, - p_bits = mpz_sizeinbase(pub->p, 2); - q_bits = mpz_sizeinbase(pub->q, 2); - -- ret = _dsa_check_qp_sizes(q_bits, p_bits); -+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 0); - if (ret == 0) { - return 0; - } -@@ -151,7 +151,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub, - p_bits = mpz_sizeinbase(pub->p, 2); - q_bits = mpz_sizeinbase(pub->q, 2); - -- ret = _dsa_check_qp_sizes(q_bits, p_bits); -+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 0); - if (ret == 0) { - return 0; - } diff --git a/SOURCES/gnutls-3.3.8-fips140-rsa.patch b/SOURCES/gnutls-3.3.8-fips140-rsa.patch deleted file mode 100644 index b456b6f..0000000 --- a/SOURCES/gnutls-3.3.8-fips140-rsa.patch +++ /dev/null @@ -1,178 +0,0 @@ -From c25a14ab6ce15d18338a7499e5849225aea03a7d Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Tue, 14 Oct 2014 13:57:33 +0200 -Subject: [PATCH] FIPS140-2 RSA key generation changes to account for seed - starting with null byte - ---- - lib/nettle/int/dsa-fips.h | 2 ++ - lib/nettle/int/provable-prime.c | 25 ++++++++++++++++++------- - lib/nettle/int/rsa-keygen-fips186.c | 33 ++++++++++++++++++++------------- - 3 files changed, 40 insertions(+), 20 deletions(-) - -diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h -index 571bc0a..08fac25 100644 ---- a/lib/nettle/int/dsa-fips.h -+++ b/lib/nettle/int/dsa-fips.h -@@ -115,4 +115,6 @@ hash (uint8_t digest[DIGEST_SIZE], unsigned length, void *data) - return; - } - -+unsigned mpz_seed_sizeinbase_256_u(mpz_t s, unsigned nominal); -+ - #endif /* DSA_FIPS_H_INCLUDED */ -diff --git a/lib/nettle/int/provable-prime.c b/lib/nettle/int/provable-prime.c -index 3bb46aa..e4a4325 100644 ---- a/lib/nettle/int/provable-prime.c -+++ b/lib/nettle/int/provable-prime.c -@@ -992,6 +992,18 @@ static unsigned small_prime_check(unsigned x) - return 1; - } - -+/* The seed in FIPS186-3 is used either as an integer or blob, -+ * but when used as an integer it must not be trunacated below -+ * the "nominal" seed size. This function returns the size -+ * that way. */ -+unsigned mpz_seed_sizeinbase_256_u(mpz_t s, unsigned nominal) -+{ -+ unsigned ret = nettle_mpz_sizeinbase_256_u(s); -+ if (ret < nominal) -+ return nominal; -+ return ret; -+} -+ - static int st_provable_prime_small(mpz_t p, - unsigned *prime_seed_length, - void *prime_seed, -@@ -1018,7 +1030,7 @@ static int st_provable_prime_small(mpz_t p, - nettle_mpz_set_str_256_u(s, seed_length, seed); - - retry: -- tseed_length = nettle_mpz_sizeinbase_256_u(s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, seed_length); - if (tseed_length > sizeof(tseed)) { - goto fail; - } -@@ -1030,7 +1042,7 @@ static int st_provable_prime_small(mpz_t p, - - mpz_add_ui(s, s, 1); - -- tseed_length = nettle_mpz_sizeinbase_256_u(s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, seed_length); - if (tseed_length > sizeof(tseed)) - goto fail; - -@@ -1071,7 +1083,7 @@ static int st_provable_prime_small(mpz_t p, - mpz_set_ui(p, c); - - if (prime_seed != NULL) { -- tseed_length = nettle_mpz_sizeinbase_256_u(s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, tseed_length); - if (*prime_seed_length < tseed_length) - goto fail; - -@@ -1161,7 +1173,7 @@ st_provable_prime(mpz_t p, - goto fail; - - for (i = 0; i < iterations; i++) { -- tseed_length = nettle_mpz_sizeinbase_256_u(s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length); - if (tseed_length > sizeof(tseed)) - goto fail; - nettle_mpz_get_str_256(tseed_length, tseed, s); -@@ -1212,9 +1224,8 @@ st_provable_prime(mpz_t p, - - mpz_set_ui(r, 0); /* a = 0 */ - if (iterations > 0) { -- - for (i = 0; i < iterations; i++) { -- tseed_length = nettle_mpz_sizeinbase_256_u(s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length); - if (tseed_length > sizeof(tseed)) - goto fail; - -@@ -1249,7 +1260,7 @@ st_provable_prime(mpz_t p, - mpz_set(p, c); - - if (prime_seed != NULL) { -- tseed_length = nettle_mpz_sizeinbase_256_u(s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length); - if (*prime_seed_length < tseed_length) - goto fail; - -diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c -index 754842a..624aa36 100644 ---- a/lib/nettle/int/rsa-keygen-fips186.c -+++ b/lib/nettle/int/rsa-keygen-fips186.c -@@ -53,7 +53,7 @@ unsigned iterations; - unsigned storage_length = 0, i; - uint8_t *storage = NULL; - uint8_t pseed[MAX_PVP_SEED_SIZE+1]; --unsigned pseed_length = sizeof(pseed); -+unsigned pseed_length = sizeof(pseed), tseed_length; - unsigned max = bits*5; - - mpz_init(p0); -@@ -85,11 +85,13 @@ unsigned max = bits*5; - - nettle_mpz_set_str_256_u(s, pseed_length, pseed); - for (i = 0; i < iterations; i++) { -- pseed_length = nettle_mpz_sizeinbase_256_u(s); -- nettle_mpz_get_str_256(pseed_length, pseed, s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length); -+ if (tseed_length > sizeof(pseed)) -+ goto fail; -+ nettle_mpz_get_str_256(tseed_length, pseed, s); - - hash(&storage[(iterations - i - 1) * DIGEST_SIZE], -- pseed_length, pseed); -+ tseed_length, pseed); - mpz_add_ui(s, s, 1); - } - -@@ -170,11 +172,13 @@ unsigned max = bits*5; - mpz_set_ui(x, 0); /* a = 0 */ - if (iterations > 0) { - for (i = 0; i < iterations; i++) { -- pseed_length = nettle_mpz_sizeinbase_256_u(s); -- nettle_mpz_get_str_256(pseed_length, pseed, s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length); -+ if (tseed_length > sizeof(pseed)) -+ goto fail; -+ nettle_mpz_get_str_256(tseed_length, pseed, s); - - hash(&storage[(iterations - i - 1) * DIGEST_SIZE], -- pseed_length, pseed); -+ tseed_length, pseed); - mpz_add_ui(s, s, 1); - } - -@@ -203,16 +207,19 @@ unsigned max = bits*5; - mpz_powm(r1, r2, p0, p); - if (mpz_cmp_ui(r1, 1) == 0) { - if (prime_seed_length != NULL) { -- pseed_length = nettle_mpz_sizeinbase_256_u(s); -- nettle_mpz_get_str_256(pseed_length, pseed, s); -+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length); -+ if (tseed_length > sizeof(pseed)) -+ goto fail; -+ -+ nettle_mpz_get_str_256(tseed_length, pseed, s); - -- if (*prime_seed_length < pseed_length) { -- *prime_seed_length = pseed_length; -+ if (*prime_seed_length < tseed_length) { -+ *prime_seed_length = tseed_length; - goto fail; - } -- *prime_seed_length = pseed_length; -+ *prime_seed_length = tseed_length; - if (prime_seed != NULL) -- memcpy(prime_seed, pseed, pseed_length); -+ memcpy(prime_seed, pseed, tseed_length); - } - ret = 1; - goto cleanup; --- -1.9.3 - diff --git a/SOURCES/gnutls-3.3.8-handshake-reset.patch b/SOURCES/gnutls-3.3.8-handshake-reset.patch deleted file mode 100644 index 1ad4e15..0000000 --- a/SOURCES/gnutls-3.3.8-handshake-reset.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c -index 53f1ef1..759c67e 100644 ---- a/lib/gnutls_handshake.c -+++ b/lib/gnutls_handshake.c -@@ -2491,7 +2491,8 @@ static int _gnutls_recv_supplemental(gnutls_session_t session) - * full handshake will be performed. - * - * The non-fatal errors expected by this function are: -- * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN, and %GNUTLS_E_WARNING_ALERT_RECEIVED. -+ * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN, -+ * %GNUTLS_E_LARGE_PACKET and %GNUTLS_E_WARNING_ALERT_RECEIVED. - * The former two interrupt the handshake procedure due to the lower - * layer being interrupted, and the latter because of an alert that - * may be sent by a server (it is always a good idea to check any -@@ -2600,12 +2601,15 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms) - #define IMED_RET( str, ret, allow_alert) do { \ - if (ret < 0) { \ - /* EAGAIN and INTERRUPTED are always non-fatal */ \ -- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \ -+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_LARGE_PACKET) \ - return ret; \ - /* a warning alert might interrupt handshake */ \ - if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \ - gnutls_assert(); \ - ERR( str, ret); \ -+ /* do not allow non-fatal errors at this point */ \ -+ if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \ -+ session_invalidate(session); \ - _gnutls_handshake_hash_buffers_clear(session); \ - return ret; \ - } } while (0) -diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c -index e2a492d..157d12a 100644 ---- a/lib/gnutls_record.c -+++ b/lib/gnutls_record.c -@@ -349,12 +349,6 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) - return 0; - } - --inline static void session_invalidate(gnutls_session_t session) --{ -- session->internals.invalid_connection = 1; --} -- -- - inline static void session_unresumable(gnutls_session_t session) - { - session->internals.resumable = RESUME_FALSE; -diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h -index 50ff08d..cb0320c 100644 ---- a/lib/gnutls_record.h -+++ b/lib/gnutls_record.h -@@ -101,4 +101,9 @@ unsigned int get_total_headers2(gnutls_session_t session, record_parameters_st * - return total + _gnutls_cipher_get_explicit_iv_size(params->cipher); - } - -+inline static void session_invalidate(gnutls_session_t session) -+{ -+ session->internals.invalid_connection = 1; -+} -+ - #endif diff --git a/SOURCES/gnutls-3.3.8-handshake-reset2.patch b/SOURCES/gnutls-3.3.8-handshake-reset2.patch deleted file mode 100644 index 3572b77..0000000 --- a/SOURCES/gnutls-3.3.8-handshake-reset2.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 42a8bb3bdad73f13425ae18a41addbbc04496101 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Thu, 25 Sep 2014 12:00:39 +0200 -Subject: [PATCH] protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an infinite loop on handshake - ---- - lib/gnutls_handshake.c | 6 +++++- - lib/gnutls_int.h | 3 +++ - lib/gnutls_state.c | 1 + - 3 files changed, 9 insertions(+), 1 deletions(-) - -diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c -index 759c67e..8b73267 100644 ---- a/lib/gnutls_handshake.c -+++ b/lib/gnutls_handshake.c -@@ -2601,8 +2601,12 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms) - #define IMED_RET( str, ret, allow_alert) do { \ - if (ret < 0) { \ - /* EAGAIN and INTERRUPTED are always non-fatal */ \ -- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_LARGE_PACKET) \ -+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \ - return ret; \ -+ if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \ -+ session->internals.handshake_large_loops++; \ -+ return ret; \ -+ } \ - /* a warning alert might interrupt handshake */ \ - if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \ - gnutls_assert(); \ -diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h -index 58ffdf1..deca5fe 100644 ---- a/lib/gnutls_int.h -+++ b/lib/gnutls_int.h -@@ -961,6 +961,9 @@ typedef struct { - - /* DTLS session state */ - dtls_st dtls; -+ /* In case of clients that don't handle GNUTLS_E_LARGE_PACKET, don't -+ * force them into an infinite loop */ -+ unsigned handshake_large_loops; - - /* if set it means that the master key was set using - * gnutls_session_set_master() rather than being negotiated. */ -diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c -index 121ad5c..6165531 100644 ---- a/lib/gnutls_state.c -+++ b/lib/gnutls_state.c -@@ -261,6 +261,7 @@ static void _gnutls_handshake_internal_state_init(gnutls_session_t session) - - session->internals.resumable = RESUME_TRUE; - -+ session->internals.handshake_large_loops = 0; - session->internals.dtls.hsk_read_seq = 0; - session->internals.dtls.hsk_write_seq = 0; - } --- -1.7.1 - diff --git a/SOURCES/gnutls-3.3.8-handshake-reset3.patch b/SOURCES/gnutls-3.3.8-handshake-reset3.patch deleted file mode 100644 index 0f9b0d5..0000000 --- a/SOURCES/gnutls-3.3.8-handshake-reset3.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 01049f9c00f0a903d4923a054769ef9f2187bd21 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Fri, 21 Nov 2014 20:18:08 +0100 -Subject: [PATCH] treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial - negotiation is complete - -This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2 -Reported by Dan Winship. https://savannah.gnu.org/support/?108690 ---- - lib/gnutls_handshake.c | 11 ++++++++--- - lib/gnutls_record.c | 2 +- - 2 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c -index 40d399c..e904f2e 100644 ---- a/lib/gnutls_handshake.c -+++ b/lib/gnutls_handshake.c -@@ -2607,6 +2610,8 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms) - /* EAGAIN and INTERRUPTED are always non-fatal */ \ - if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \ - return ret; \ -+ if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \ -+ return ret; \ - if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \ - session->internals.handshake_large_loops++; \ - return ret; \ -diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c -index 157d12a..40c20fe 100644 ---- a/lib/gnutls_record.c -+++ b/lib/gnutls_record.c -@@ -837,7 +837,7 @@ record_add_to_buffers(gnutls_session_t session, - * reasons). Otherwise it is an unexpected packet - */ - if (type == GNUTLS_ALERT -- || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO -+ || ((htype == GNUTLS_HANDSHAKE_SERVER_HELLO || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) - && type == GNUTLS_HANDSHAKE)) { - /* even if data is unexpected put it into the buffer */ - _gnutls_record_buffer_put(session, recv->type, --- -2.1.0 - diff --git a/SOURCES/gnutls-3.3.8-keygen-fix.patch b/SOURCES/gnutls-3.3.8-keygen-fix.patch deleted file mode 100644 index 275fa6c..0000000 --- a/SOURCES/gnutls-3.3.8-keygen-fix.patch +++ /dev/null @@ -1,127 +0,0 @@ -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 9017421..ad2b965 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -798,50 +798,53 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, - return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); - - #ifdef ENABLE_FIPS140 -- if (algo==GNUTLS_PK_DSA) -- index = 1; -- else -- index = 2; -+ if (_gnutls_fips_mode_enabled() != 0) { -+ if (algo==GNUTLS_PK_DSA) -+ index = 1; -+ else -+ index = 2; - -- ret = -- dsa_generate_dss_pqg(&pub, &cert, -+ ret = -+ dsa_generate_dss_pqg(&pub, &cert, - index, - NULL, rnd_func, - NULL, NULL, - level, q_bits); -- if (ret != 1) { -- gnutls_assert(); -- ret = GNUTLS_E_PK_GENERATION_ERROR; -- goto dsa_fail; -- } -+ if (ret != 1) { -+ gnutls_assert(); -+ ret = GNUTLS_E_PK_GENERATION_ERROR; -+ goto dsa_fail; -+ } - -- /* verify the generated parameters */ -- ret = dsa_validate_dss_pqg(&pub, &cert, index); -- if (ret != 1) { -- gnutls_assert(); -- ret = GNUTLS_E_PK_GENERATION_ERROR; -- goto dsa_fail; -- } --#else -- /* unfortunately nettle only accepts 160 or 256 -- * q_bits size. The check below makes sure we handle -- * cases in between by rounding up, but fail when -- * larger numbers are requested. */ -- if (q_bits < 160) -- q_bits = 160; -- else if (q_bits > 160 && q_bits <= 256) -- q_bits = 256; -- ret = -- dsa_generate_keypair(&pub, &priv, -+ /* verify the generated parameters */ -+ ret = dsa_validate_dss_pqg(&pub, &cert, index); -+ if (ret != 1) { -+ gnutls_assert(); -+ ret = GNUTLS_E_PK_GENERATION_ERROR; -+ goto dsa_fail; -+ } -+ } else -+#endif -+ { -+ /* unfortunately nettle only accepts 160 or 256 -+ * q_bits size. The check below makes sure we handle -+ * cases in between by rounding up, but fail when -+ * larger numbers are requested. */ -+ if (q_bits < 160) -+ q_bits = 160; -+ else if (q_bits > 160 && q_bits <= 256) -+ q_bits = 256; -+ ret = -+ dsa_generate_keypair(&pub, &priv, - NULL, rnd_func, - NULL, NULL, - level, q_bits); -- if (ret != 1) { -- gnutls_assert(); -- ret = GNUTLS_E_PK_GENERATION_ERROR; -- goto dsa_fail; -+ if (ret != 1) { -+ gnutls_assert(); -+ ret = GNUTLS_E_PK_GENERATION_ERROR; -+ goto dsa_fail; -+ } - } --#endif - - params->params_nr = 0; - -@@ -1148,7 +1151,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - switch (algo) { - case GNUTLS_PK_DSA: - #ifdef ENABLE_FIPS140 -- { -+ if (_gnutls_fips_mode_enabled() != 0) { - struct dsa_public_key pub; - struct dsa_private_key priv; - -@@ -1272,17 +1275,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - rsa_private_key_init(&priv); - - mpz_set_ui(pub.e, 65537); --#ifdef ENABLE_FIPS140 -- ret = -- rsa_generate_fips186_4_keypair(&pub, &priv, NULL, -+ -+ if (_gnutls_fips_mode_enabled() != 0) { -+ ret = -+ rsa_generate_fips186_4_keypair(&pub, &priv, NULL, - rnd_func, NULL, NULL, - level); --#else -- ret = -- rsa_generate_keypair(&pub, &priv, NULL, -+ } else { -+ ret = -+ rsa_generate_keypair(&pub, &priv, NULL, - rnd_func, NULL, NULL, - level, 0); --#endif -+ } - if (ret != 1) { - gnutls_assert(); - ret = GNUTLS_E_PK_GENERATION_ERROR; diff --git a/SOURCES/gnutls-3.3.8-lcm-fips.patch b/SOURCES/gnutls-3.3.8-lcm-fips.patch deleted file mode 100644 index 6d79390..0000000 --- a/SOURCES/gnutls-3.3.8-lcm-fips.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c -index 8d2a2b8..754842a 100644 ---- a/lib/nettle/int/rsa-keygen-fips186.c -+++ b/lib/nettle/int/rsa-keygen-fips186.c -@@ -256,7 +256,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, - /* Desired size of modulo, in bits */ - unsigned n_size) - { -- mpz_t t, r, p1, q1, phi; -+ mpz_t t, r, p1, q1, lcm; - int ret; - struct dss_params_validation_seeds cert; - unsigned l = n_size / 2; -@@ -281,7 +281,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, - - mpz_init(p1); - mpz_init(q1); -- mpz_init(phi); -+ mpz_init(lcm); - mpz_init(t); - mpz_init(r); - -@@ -337,9 +337,13 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, - - mpz_sub_ui(p1, key->p, 1); - mpz_sub_ui(q1, key->q, 1); -- mpz_mul(phi, p1, q1); - -- assert(mpz_invert(key->d, pub->e, phi) != 0); -+ mpz_lcm(lcm, p1, q1); -+ -+ if (mpz_invert(key->d, pub->e, lcm) == 0) { -+ ret = 0; -+ goto cleanup; -+ } - - /* Done! Almost, we must compute the auxillary private values. */ - /* a = d % (p-1) */ -@@ -357,7 +361,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, - cleanup: - mpz_clear(p1); - mpz_clear(q1); -- mpz_clear(phi); -+ mpz_clear(lcm); - mpz_clear(t); - mpz_clear(r); - return ret; diff --git a/SOURCES/gnutls-3.3.8-md5-downgrade.patch b/SOURCES/gnutls-3.3.8-md5-downgrade.patch deleted file mode 100644 index be943b4..0000000 --- a/SOURCES/gnutls-3.3.8-md5-downgrade.patch +++ /dev/null @@ -1,414 +0,0 @@ -From 6612a7181af32903b03020090fe361360142258b Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Wed, 9 Dec 2015 10:07:18 +0100 -Subject: [PATCH] Prevent a downgrade attack to RSA-MD5 signatures - -This is by considering the list of the signature algorithms set by -priorities. ---- - lib/ext/signature.c | 18 +-- - tests/Makefile.am | 2 +- - tests/sign-md5-rep.c | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 346 insertions(+), 18 deletions(-) - create mode 100644 tests/sign-md5-rep.c - -diff --git a/lib/ext/signature.c b/lib/ext/signature.c -index fb971f5..6f3066e 100644 ---- a/lib/ext/signature.c -+++ b/lib/ext/signature.c -@@ -313,28 +313,12 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session, - gnutls_sign_algorithm_t sig) - { - unsigned i; -- int ret; - const version_entry_st *ver = get_version(session); -- sig_ext_st *priv; -- extension_priv_data_t epriv; - - if (unlikely(ver == NULL)) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - -- ret = -- _gnutls_ext_get_session_data(session, -- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, -- &epriv); -- if (ret < 0) { -- gnutls_assert(); -- return 0; -- } -- priv = epriv.ptr; -- -- if (!_gnutls_version_has_selectable_sighash(ver) -- || priv->sign_algorithms_size == 0) -- /* none set, allow all */ -- { -+ if (!_gnutls_version_has_selectable_sighash(ver)) { - return 0; - } - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 95d6541..d1c4839 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -84,7 +84,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid \ - mini-cert-status mini-rsa-psk global-init sec-params \ - fips-test mini-global-load name-constraints x509-extensions \ - long-session-id mini-x509-callbacks-intr \ -- crlverify init_fds -+ crlverify init_fds sign-md5-rep - - if ENABLE_OCSP - ctests += ocsp -diff --git a/tests/sign-md5-rep.c b/tests/sign-md5-rep.c -new file mode 100644 -index 0000000..72869fa ---- /dev/null -+++ b/tests/sign-md5-rep.c -@@ -0,0 +1,344 @@ -+/* -+ * Copyright (C) 2015 Nikos Mavrogiannopoulos -+ * -+ * Author: Nikos Mavrogiannopoulos -+ * -+ * This file is part of GnuTLS. -+ * -+ * GnuTLS is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GnuTLS is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GnuTLS; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#include -+#include -+ -+#if defined(_WIN32) -+ -+int main() -+{ -+ exit(77); -+} -+ -+#else -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "utils.h" -+ -+static void terminate(void); -+ -+/* This program tests whether EtM is negotiated as expected. -+ */ -+ -+static void server_log_func(int level, const char *str) -+{ -+ fprintf(stderr, "server|<%d>| %s", level, str); -+} -+ -+static void client_log_func(int level, const char *str) -+{ -+ fprintf(stderr, "client|<%d>| %s", level, str); -+} -+ -+static unsigned char server_cert_pem[] = -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" -+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" -+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" -+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" -+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" -+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" -+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" -+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" -+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" -+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" -+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" -+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" -+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; -+ -+const gnutls_datum_t server_cert = { server_cert_pem, -+ sizeof(server_cert_pem) -+}; -+ -+static unsigned char server_key_pem[] = -+ "-----BEGIN RSA PRIVATE KEY-----\n" -+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" -+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" -+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" -+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" -+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" -+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" -+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" -+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" -+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" -+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" -+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" -+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" -+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" -+ "-----END RSA PRIVATE KEY-----\n"; -+ -+const gnutls_datum_t server_key = { server_key_pem, -+ sizeof(server_key_pem) -+}; -+ -+ -+static int handshake_callback(gnutls_session_t session, unsigned int htype, -+ unsigned post, unsigned int incoming) -+{ -+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL); -+ return 0; -+} -+ -+ -+/* A very basic TLS client, with anonymous authentication. -+ */ -+ -+#define MAX_BUF 1024 -+ -+static void client(int fd) -+{ -+ int ret; -+ char buffer[MAX_BUF + 1]; -+ gnutls_certificate_credentials_t x509_cred; -+ gnutls_session_t session; -+ /* Need to enable anonymous KX specifically. */ -+ -+ global_init(); -+ -+ if (debug) { -+ gnutls_global_set_log_function(client_log_func); -+ gnutls_global_set_log_level(7); -+ } -+ -+ gnutls_certificate_allocate_credentials(&x509_cred); -+ -+ /* Initialize TLS session -+ */ -+ gnutls_init(&session, GNUTLS_CLIENT); -+ -+ /* Use default priorities */ -+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL); -+ -+ /* put the anonymous credentials to the current session -+ */ -+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); -+ -+ gnutls_transport_set_int(session, fd); -+ gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, -+ GNUTLS_HOOK_PRE, -+ handshake_callback); -+ -+ /* Perform the TLS handshake -+ */ -+ do { -+ ret = gnutls_handshake(session); -+ } -+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0); -+ -+ if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { -+ /* success */ -+ goto end; -+ } -+ -+ if (ret < 0) { -+ terminate(); -+ fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); -+ exit(1); -+ } else { -+ if (debug) -+ success("client: Handshake was completed\n"); -+ } -+ -+ if (gnutls_sign_algorithm_get(session) == GNUTLS_SIGN_RSA_MD5) { -+ terminate(); -+ fail("client: MD5 was negotiated\n"); -+ exit(1); -+ } -+ success("client: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session))); -+ -+ if (debug) -+ success("client: TLS version is: %s\n", -+ gnutls_protocol_get_name -+ (gnutls_protocol_get_version(session))); -+ -+ do { -+ do { -+ ret = gnutls_record_recv(session, buffer, MAX_BUF); -+ } while (ret == GNUTLS_E_AGAIN -+ || ret == GNUTLS_E_INTERRUPTED); -+ } while (ret > 0); -+ -+ if (ret == 0) { -+ if (debug) -+ success -+ ("client: Peer has closed the TLS connection\n"); -+ goto end; -+ } else if (ret < 0) { -+ terminate(); -+ fail("client: Error: %s\n", gnutls_strerror(ret)); -+ exit(1); -+ } -+ -+ gnutls_bye(session, GNUTLS_SHUT_WR); -+ -+ end: -+ -+ close(fd); -+ -+ gnutls_deinit(session); -+ -+ gnutls_certificate_free_credentials(x509_cred); -+ -+ gnutls_global_deinit(); -+} -+ -+ -+/* These are global */ -+pid_t child; -+ -+static void terminate(void) -+{ -+ kill(child, SIGTERM); -+ exit(1); -+} -+ -+static void server(int fd) -+{ -+ int ret; -+ char buffer[MAX_BUF + 1]; -+ gnutls_session_t session; -+ gnutls_certificate_credentials_t x509_cred; -+ -+ /* this must be called once in the program -+ */ -+ global_init(); -+ memset(buffer, 0, sizeof(buffer)); -+ -+ if (debug) { -+ gnutls_global_set_log_function(server_log_func); -+ gnutls_global_set_log_level(4711); -+ } -+ -+ gnutls_certificate_allocate_credentials(&x509_cred); -+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, -+ &server_key, -+ GNUTLS_X509_FMT_PEM); -+ -+ gnutls_init(&session, GNUTLS_SERVER); -+ -+ /* avoid calling all the priority functions, since the defaults -+ * are adequate. -+ */ -+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL); -+ -+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); -+ -+ gnutls_transport_set_int(session, fd); -+ -+ do { -+ ret = gnutls_handshake(session); -+ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); -+ if (ret < 0) { -+ /* failure is expected here */ -+ goto end; -+ } -+ -+ if (debug) { -+ success("server: Handshake was completed\n"); -+ success("server: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session))); -+ } -+ -+ if (debug) -+ success("server: TLS version is: %s\n", -+ gnutls_protocol_get_name -+ (gnutls_protocol_get_version(session))); -+ -+ /* do not wait for the peer to close the connection. -+ */ -+ gnutls_bye(session, GNUTLS_SHUT_WR); -+ -+ end: -+ close(fd); -+ gnutls_deinit(session); -+ -+ gnutls_certificate_free_credentials(x509_cred); -+ -+ gnutls_global_deinit(); -+ -+ if (debug) -+ success("server: finished\n"); -+} -+ -+static void ch_handler(int sig) -+{ -+ int status; -+ wait(&status); -+ if (WEXITSTATUS(status) != 0 || -+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { -+ if (WIFSIGNALED(status)) -+ fail("Child died with sigsegv\n"); -+ else -+ fail("Child died with status %d\n", -+ WEXITSTATUS(status)); -+ terminate(); -+ } -+ return; -+} -+ -+void doit(void) -+{ -+ int fd[2]; -+ int ret; -+ -+ signal(SIGCHLD, ch_handler); -+ -+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); -+ if (ret < 0) { -+ perror("socketpair"); -+ exit(1); -+ } -+ -+ child = fork(); -+ if (child < 0) { -+ perror("fork"); -+ fail("fork"); -+ exit(1); -+ } -+ -+ if (child) { -+ /* parent */ -+ close(fd[1]); -+ client(fd[0]); -+ kill(child, SIGTERM); -+ } else { -+ close(fd[0]); -+ server(fd[1]); -+ exit(0); -+ } -+} -+ -+#endif /* _WIN32 */ --- -2.5.0 - diff --git a/SOURCES/gnutls-3.3.8-mem-issue.patch b/SOURCES/gnutls-3.3.8-mem-issue.patch deleted file mode 100644 index 58f9943..0000000 --- a/SOURCES/gnutls-3.3.8-mem-issue.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c -index b102f4d..a4921f9 100644 ---- a/lib/gnutls_x509.c -+++ b/lib/gnutls_x509.c -@@ -697,11 +697,11 @@ static int - read_cert_url(gnutls_certificate_credentials_t res, const char *url) - { - int ret; -- gnutls_x509_crt_t crt; -+ gnutls_x509_crt_t crt = NULL; - gnutls_pcert_st *ccert; - gnutls_str_array_t names; - gnutls_datum_t t = {NULL, 0}; -- unsigned i; -+ unsigned i, count = 0; - - _gnutls_str_array_init(&names); - -@@ -729,13 +729,13 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url) - - if (ret < 0) { - gnutls_assert(); -- goto cleanup1; -+ goto cleanup; - } - - ret = get_x509_name(crt, &names); - if (ret < 0) { - gnutls_assert(); -- goto cleanup1; -+ goto cleanup; - } - - /* Try to load the whole certificate chain from the PKCS #11 token */ -@@ -747,17 +747,18 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url) - } - - ret = gnutls_pcert_import_x509(&ccert[i], crt, 0); -- gnutls_x509_crt_deinit(crt); -- - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } -+ count++; - - ret = gnutls_pkcs11_get_raw_issuer(url, crt, &t, GNUTLS_X509_FMT_DER, 0); - if (ret < 0) - break; -- -+ -+ gnutls_x509_crt_deinit(crt); -+ crt = NULL; - ret = gnutls_x509_crt_init(&crt); - if (ret < 0) { - gnutls_assert(); -@@ -767,23 +768,25 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url) - ret = gnutls_x509_crt_import(crt, &t, GNUTLS_X509_FMT_DER); - if (ret < 0) { - gnutls_assert(); -- goto cleanup1; -+ goto cleanup; - } - gnutls_free(t.data); - t.data = NULL; - } - -- ret = certificate_credential_append_crt_list(res, names, ccert, i+1); -+ ret = certificate_credential_append_crt_list(res, names, ccert, count); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - -- return 0; --cleanup1: -- gnutls_x509_crt_deinit(crt); -+ if (crt != NULL) -+ gnutls_x509_crt_deinit(crt); - -+ return 0; - cleanup: -+ if (crt != NULL) -+ gnutls_x509_crt_deinit(crt); - gnutls_free(t.data); - _gnutls_str_array_clear(&names); - gnutls_free(ccert); -@@ -959,7 +962,6 @@ static int check_if_sorted(gnutls_pcert_st * crt, int nr) - ret = gnutls_x509_crt_init(&x509); - if (ret < 0) - return gnutls_assert_val(ret); -- - ret = - gnutls_x509_crt_import(x509, &crt[i].cert, - GNUTLS_X509_FMT_DER); diff --git a/SOURCES/gnutls-3.3.8-rnd-reregister.patch b/SOURCES/gnutls-3.3.8-rnd-reregister.patch deleted file mode 100644 index 960ff17..0000000 --- a/SOURCES/gnutls-3.3.8-rnd-reregister.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b6d992d0f96f2ecd9c0a3975576e4204c66b1fc6 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Thu, 11 Dec 2014 10:15:54 +0100 -Subject: [PATCH] Allow a random generator with the same priority to - re-register - -That corrects an issue where the library is deinitialized, and -reinitialization wouldn't register the same rnd module. -Reported by Stanislav Zidek. ---- - lib/crypto-backend.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c -index 8840b1c..2132b53 100644 ---- a/lib/crypto-backend.c -+++ b/lib/crypto-backend.c -@@ -193,7 +193,7 @@ const gnutls_crypto_cipher_st - int - gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s) - { -- if (crypto_rnd_prio > priority) { -+ if (crypto_rnd_prio >= priority) { - memcpy(&_gnutls_rnd_ops, s, sizeof(*s)); - crypto_rnd_prio = priority; - return 0; --- -1.9.3 - diff --git a/SOURCES/gnutls-3.3.8-sha224-fix.patch b/SOURCES/gnutls-3.3.8-sha224-fix.patch deleted file mode 100644 index 7786ba6..0000000 --- a/SOURCES/gnutls-3.3.8-sha224-fix.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c -index 17724f7..e9d8eab 100644 ---- a/lib/accelerated/x86/sha-x86-ssse3.c -+++ b/lib/accelerated/x86/sha-x86-ssse3.c -@@ -248,7 +248,7 @@ static int _ctx_init(gnutls_digest_algorithm_t algo, - case GNUTLS_DIG_SHA224: - sha224_init(&ctx->ctx.sha224); - ctx->update = (update_func) x86_sha256_update; -- ctx->digest = (digest_func) sha256_digest; -+ ctx->digest = (digest_func) sha224_digest; - ctx->init = (init_func) sha224_init; - ctx->ctx_ptr = &ctx->ctx.sha224; - ctx->length = SHA224_DIGEST_SIZE; diff --git a/SOURCES/gnutls-3.3.8-testdsa-rndport.patch b/SOURCES/gnutls-3.3.8-testdsa-rndport.patch deleted file mode 100644 index ae7a2b9..0000000 --- a/SOURCES/gnutls-3.3.8-testdsa-rndport.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa -index 4da172f..394d60a 100755 ---- a/tests/dsa/testdsa -+++ b/tests/dsa/testdsa -@@ -23,7 +23,7 @@ - srcdir="${srcdir:-.}" - SERV="${SERV:-../../src/gnutls-serv} -q" - CLI="${CLI:-../../src/gnutls-cli}" --PORT="${PORT:-5558}" -+PORT="$(((($$<<15)|RANDOM) % 63001 + 2000))" - DEBUG="" - unset RETCODE - diff --git a/SOURCES/gnutls-3.3.8-urandom-fd-fips.patch b/SOURCES/gnutls-3.3.8-urandom-fd-fips.patch deleted file mode 100644 index 7854fe4..0000000 --- a/SOURCES/gnutls-3.3.8-urandom-fd-fips.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a3f4c7e3f8cf4bb7be0267dd96d363ff69114162 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Wed, 10 Dec 2014 15:40:49 +0100 -Subject: [PATCH] added the .check function in FIPS140-2 code - ---- - lib/nettle/rnd-fips.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c -index 32fc141..7bb5dca 100644 ---- a/lib/nettle/rnd-fips.c -+++ b/lib/nettle/rnd-fips.c -@@ -218,6 +218,15 @@ static void _rngfips_deinit(void *_ctx) - free(ctx); - } - -+/* This is called when gnutls_global_init() is called for second time. -+ * It must check whether any resources are still available. -+ * The particular problem it solves is to verify that the urandom fd is still -+ * open (for applications that for some reason closed all fds */ -+static int _rndfips_check(void **ctx) -+{ -+ return _rnd_system_entropy_check(); -+} -+ - static void _rngfips_refresh(void *_ctx) - { - /* this is predictable RNG. Don't refresh */ -@@ -243,6 +252,7 @@ static int selftest_kat(void) - - gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = { - .init = _rngfips_init, -+ .check = _rndfips_check, - .deinit = _rngfips_deinit, - .rnd = _rngfips_rnd, - .rnd_refresh = _rngfips_refresh, --- -1.9.3 - diff --git a/SOURCES/gnutls-3.3.8-urandom-fd.patch b/SOURCES/gnutls-3.3.8-urandom-fd.patch deleted file mode 100644 index 7882f0e..0000000 --- a/SOURCES/gnutls-3.3.8-urandom-fd.patch +++ /dev/null @@ -1,310 +0,0 @@ -diff -urN gnutls-3.3.8.orig/lib/crypto-backend.h gnutls-3.3.8/lib/crypto-backend.h ---- gnutls-3.3.8.orig/lib/crypto-backend.h 2014-07-29 22:22:47.000000000 +0200 -+++ gnutls-3.3.8/lib/crypto-backend.h 2014-11-18 09:52:15.420936655 +0100 -@@ -77,6 +77,7 @@ - - typedef struct gnutls_crypto_rnd { - int (*init) (void **ctx); -+ int (*check) (void **ctx); - int (*rnd) (void *ctx, int level, void *data, size_t datasize); - void (*rnd_refresh) (void *ctx); - void (*deinit) (void *ctx); -diff -urN gnutls-3.3.8.orig/lib/gnutls_global.c gnutls-3.3.8/lib/gnutls_global.c ---- gnutls-3.3.8.orig/lib/gnutls_global.c 2014-09-04 21:05:54.000000000 +0200 -+++ gnutls-3.3.8/lib/gnutls_global.c 2014-11-18 09:57:18.851879610 +0100 -@@ -207,6 +207,16 @@ - - _gnutls_init++; - if (_gnutls_init > 1) { -+ if (_gnutls_init == 2 && _gnutls_init_ret == 0) { -+ /* some applications may close the urandom fd -+ * before calling gnutls_global_init(). in that -+ * case reopen it */ -+ ret = _gnutls_rnd_check(); -+ if (ret < 0) { -+ gnutls_assert(); -+ goto out; -+ } -+ } - ret = _gnutls_init_ret; - goto out; - } -diff -urN gnutls-3.3.8.orig/lib/nettle/rnd.c gnutls-3.3.8/lib/nettle/rnd.c ---- gnutls-3.3.8.orig/lib/nettle/rnd.c 2014-07-29 22:25:07.000000000 +0200 -+++ gnutls-3.3.8/lib/nettle/rnd.c 2014-11-18 09:52:15.420936655 +0100 -@@ -255,6 +255,15 @@ - return 0; - } - -+/* This is called when gnutls_global_init() is called for second time. -+ * It must check whether any resources are still available. -+ * The particular problem it solves is to verify that the urandom fd is still -+ * open (for applications that for some reason closed all fds */ -+static int wrap_nettle_rnd_check(void **ctx) -+{ -+ return _rnd_system_entropy_check(); -+} -+ - static int - wrap_nettle_rnd_nonce(void *_ctx, void *data, size_t datasize) - { -@@ -363,6 +372,7 @@ - - gnutls_crypto_rnd_st _gnutls_rnd_ops = { - .init = wrap_nettle_rnd_init, -+ .check = wrap_nettle_rnd_check, - .deinit = wrap_nettle_rnd_deinit, - .rnd = wrap_nettle_rnd, - .rnd_refresh = wrap_nettle_rnd_refresh, -diff -urN gnutls-3.3.8.orig/lib/nettle/rnd-common.c gnutls-3.3.8/lib/nettle/rnd-common.c ---- gnutls-3.3.8.orig/lib/nettle/rnd-common.c 2014-08-03 14:22:42.000000000 +0200 -+++ gnutls-3.3.8/lib/nettle/rnd-common.c 2014-11-18 10:25:56.962112669 +0100 -@@ -37,6 +37,10 @@ - #include - #include - -+#include -+#include -+#include -+ - /* gnulib wants to claim strerror even if it cannot provide it. WTF */ - #undef strerror - -@@ -94,6 +98,11 @@ - - get_entropy_func _rnd_get_system_entropy = _rnd_get_system_entropy_win32; - -+int _rnd_system_entropy_check(void) -+{ -+ return 0; -+} -+ - int _rnd_system_entropy_init(void) - { - int old; -@@ -127,7 +136,8 @@ - #include - #include "egd.h" - --static int device_fd = -1; -+int _gnutls_urandom_fd = -1; -+static mode_t _gnutls_urandom_fd_mode = 0; - - static int _rnd_get_system_entropy_urandom(void* _rnd, size_t size) - { -@@ -137,7 +147,7 @@ - for (done = 0; done < size;) { - int res; - do { -- res = read(device_fd, rnd + done, size - done); -+ res = read(_gnutls_urandom_fd, rnd + done, size - done); - } while (res < 0 && errno == EINTR); - - if (res <= 0) { -@@ -168,7 +178,7 @@ - - for (done = 0; done < size;) { - res = -- _rndegd_read(&device_fd, rnd + done, size - done); -+ _rndegd_read(&_gnutls_urandom_fd, rnd + done, size - done); - if (res <= 0) { - if (res < 0) { - _gnutls_debug_log("Failed to read egd.\n"); -@@ -186,31 +196,53 @@ - - get_entropy_func _rnd_get_system_entropy = NULL; - -+int _rnd_system_entropy_check(void) -+{ -+ int ret; -+ struct stat st; -+ -+ ret = fstat(_gnutls_urandom_fd, &st); -+ if (ret < 0 || st.st_mode != _gnutls_urandom_fd_mode) { -+ return _rnd_system_entropy_init(); -+ } -+ return 0; -+} -+ - int _rnd_system_entropy_init(void) - { --int old; -+ int old; -+ struct stat st; - -- device_fd = open("/dev/urandom", O_RDONLY); -- if (device_fd < 0) { -+ _gnutls_urandom_fd = open("/dev/urandom", O_RDONLY); -+ if (_gnutls_urandom_fd < 0) { - _gnutls_debug_log("Cannot open urandom!\n"); - goto fallback; - } - -- old = fcntl(device_fd, F_GETFD); -+ old = fcntl(_gnutls_urandom_fd, F_GETFD); - if (old != -1) -- fcntl(device_fd, F_SETFD, old | FD_CLOEXEC); -+ fcntl(_gnutls_urandom_fd, F_SETFD, old | FD_CLOEXEC); -+ -+ if (fstat(_gnutls_urandom_fd, &st) >= 0) { -+ _gnutls_urandom_fd_mode = st.st_mode; -+ } - - _rnd_get_system_entropy = _rnd_get_system_entropy_urandom; - - return 0; - fallback: -- device_fd = _rndegd_connect_socket(); -- if (device_fd < 0) { -+ _gnutls_urandom_fd = _rndegd_connect_socket(); -+ if (_gnutls_urandom_fd < 0) { - _gnutls_debug_log("Cannot open egd socket!\n"); - return - gnutls_assert_val - (GNUTLS_E_RANDOM_DEVICE_ERROR); - } -+ -+ if (fstat(_gnutls_urandom_fd, &st) >= 0) { -+ _gnutls_urandom_fd_mode = st.st_mode; -+ } -+ - _rnd_get_system_entropy = _rnd_get_system_entropy_egd; - - return 0; -@@ -218,9 +250,9 @@ - - void _rnd_system_entropy_deinit(void) - { -- if (device_fd >= 0) { -- close(device_fd); -- device_fd = -1; -+ if (_gnutls_urandom_fd >= 0) { -+ close(_gnutls_urandom_fd); -+ _gnutls_urandom_fd = -1; - } - } - #endif -diff -urN gnutls-3.3.8.orig/lib/nettle/rnd-common.h gnutls-3.3.8/lib/nettle/rnd-common.h ---- gnutls-3.3.8.orig/lib/nettle/rnd-common.h 2014-07-29 22:22:47.000000000 +0200 -+++ gnutls-3.3.8/lib/nettle/rnd-common.h 2014-11-18 09:52:15.420936655 +0100 -@@ -50,6 +50,7 @@ - void _rnd_get_event(struct event_st *e); - - int _rnd_system_entropy_init(void); -+int _rnd_system_entropy_check(void); - void _rnd_system_entropy_deinit(void); - - typedef int (*get_entropy_func)(void* rnd, size_t size); -diff -urN gnutls-3.3.8.orig/lib/random.h gnutls-3.3.8/lib/random.h ---- gnutls-3.3.8.orig/lib/random.h 2014-07-29 22:22:47.000000000 +0200 -+++ gnutls-3.3.8/lib/random.h 2014-11-18 09:58:19.458267672 +0100 -@@ -48,4 +48,13 @@ - void _gnutls_rnd_deinit(void); - int _gnutls_rnd_init(void); - -+inline static int _gnutls_rnd_check(void) -+{ -+ return _gnutls_rnd_ops.check(gnutls_rnd_ctx); -+} -+ -+#ifndef _WIN32 -+extern int _gnutls_urandom_fd; -+#endif -+ - #endif -diff -urN gnutls-3.3.8.orig/tests/init_fds.c gnutls-3.3.8/tests/init_fds.c ---- gnutls-3.3.8.orig/tests/init_fds.c 1970-01-01 01:00:00.000000000 +0100 -+++ gnutls-3.3.8/tests/init_fds.c 2014-11-18 10:01:10.484365302 +0100 -@@ -0,0 +1,80 @@ -+/* -+ * Copyright (C) 2014 Nikos Mavrogiannopoulos -+ * -+ * Author: Nikos Mavrogiannopoulos -+ * -+ * This file is part of GnuTLS. -+ * -+ * GnuTLS is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GnuTLS is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GnuTLS; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#include -+#include -+#include -+#include -+ -+#include "utils.h" -+ -+/* See . */ -+ -+void doit(void) -+{ -+#ifndef _WIN32 -+ int res; -+ unsigned i; -+ int serial = 0; -+ char buf[128]; -+ -+ res = read(3, buf, 16); -+ if (res == 16) -+ serial = 1; -+ -+ /* close all descriptors */ -+ for (i=3;i<1024;i++) -+ close(i); -+ -+ res = gnutls_global_init(); -+ if (res != 0) -+ fail("global_init\n"); -+ -+ if (serial != 0) { -+ res = read(3, buf, 16); -+ if (res != 16) { -+ fail("could not open fd, or OS doesn't assign fds in a serial way (%d)\n", res); -+ } -+ } -+ -+ res = gnutls_global_init(); -+ if (res != 0) -+ fail("global_init2\n"); -+ -+ gnutls_rnd_refresh(); -+ -+ res = gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); -+ if (res != 0) -+ fail("gnutls_rnd\n"); -+ -+ gnutls_global_deinit(); -+ -+ if (debug) -+ success("init-close success\n"); -+#else -+ return; -+#endif -+} -diff -urN gnutls-3.3.8.orig/tests/Makefile.am gnutls-3.3.8/tests/Makefile.am ---- gnutls-3.3.8.orig/tests/Makefile.am 2014-09-13 13:08:01.000000000 +0200 -+++ gnutls-3.3.8/tests/Makefile.am 2014-11-18 10:01:10.483365293 +0100 -@@ -84,7 +84,7 @@ - mini-cert-status mini-rsa-psk global-init sec-params \ - fips-test mini-global-load name-constraints x509-extensions \ - long-session-id mini-x509-callbacks-intr \ -- crlverify -+ crlverify init_fds - - if ENABLE_OCSP - ctests += ocsp diff --git a/SOURCES/gnutls-3.3.8-zombie-fips.patch b/SOURCES/gnutls-3.3.8-zombie-fips.patch deleted file mode 100644 index ed36f0b..0000000 --- a/SOURCES/gnutls-3.3.8-zombie-fips.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff -ur gnutls-3.3.8.orig/lib/fips.c gnutls-3.3.8/lib/fips.c ---- gnutls-3.3.8.orig/lib/fips.c 2014-09-04 21:05:54.000000000 +0200 -+++ gnutls-3.3.8/lib/fips.c 2014-11-18 09:46:47.376148426 +0100 -@@ -37,6 +37,8 @@ - #define FIPS_KERNEL_FILE "/proc/sys/crypto/fips_enabled" - #define FIPS_SYSTEM_FILE "/etc/system-fips" - -+static int _fips_mode = -1; -+ - /* Returns: - * 0 - FIPS mode disabled - * 1 - FIPS mode enabled and enforced -@@ -46,21 +48,20 @@ - { - unsigned f1p = 0, f2p; - FILE* fd; --static int fips_mode = -1; - const char *p; - -- if (fips_mode != -1) -- return fips_mode; -+ if (_fips_mode != -1) -+ return _fips_mode; - - p = getenv("GNUTLS_FORCE_FIPS_MODE"); - if (p) { - if (p[0] == '1') -- fips_mode = 1; -+ _fips_mode = 1; - else if (p[0] == '2') -- fips_mode = 2; -+ _fips_mode = 2; - else -- fips_mode = 0; -- return fips_mode; -+ _fips_mode = 0; -+ return _fips_mode; - } - - fd = fopen(FIPS_KERNEL_FILE, "r"); -@@ -76,20 +77,29 @@ - - if (f1p != 0 && f2p != 0) { - _gnutls_debug_log("FIPS140-2 mode enabled\n"); -- fips_mode = 1; -- return fips_mode; -+ _fips_mode = 1; -+ return _fips_mode; - } - - if (f2p != 0) { - /* a funny state where self tests are performed - * and ignored */ - _gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n"); -- fips_mode = 2; -- return fips_mode; -+ _fips_mode = 2; -+ return _fips_mode; - } - -- fips_mode = 0; -- return fips_mode; -+ _fips_mode = 0; -+ return _fips_mode; -+} -+ -+/* This _fips_mode == 2 is a strange mode where checks are being -+ * performed, but its output is ignored. */ -+void _gnutls_fips_mode_reset_zombie(void) -+{ -+ if (_fips_mode == 2) { -+ _fips_mode = 0; -+ } - } - - #define GNUTLS_LIBRARY_NAME "libgnutls.so.28" -@@ -367,6 +377,9 @@ - goto error; - } - -+ if (_fips_mode == 2) -+ _fips_mode = 0; -+ - return 0; - - error: -Only in gnutls-3.3.8/lib: fips.c.orig -diff -ur gnutls-3.3.8.orig/lib/fips.h gnutls-3.3.8/lib/fips.h ---- gnutls-3.3.8.orig/lib/fips.h 2014-09-04 21:05:54.000000000 +0200 -+++ gnutls-3.3.8/lib/fips.h 2014-11-18 09:46:47.377148445 +0100 -@@ -55,6 +55,7 @@ - - int _gnutls_fips_perform_self_checks1(void); - int _gnutls_fips_perform_self_checks2(void); -+void _gnutls_fips_mode_reset_zombie(void); - - #ifdef ENABLE_FIPS140 - unsigned _gnutls_fips_mode_enabled(void); -diff -ur gnutls-3.3.8.orig/lib/gnutls_global.c gnutls-3.3.8/lib/gnutls_global.c ---- gnutls-3.3.8.orig/lib/gnutls_global.c 2014-09-04 21:05:54.000000000 +0200 -+++ gnutls-3.3.8/lib/gnutls_global.c 2014-11-18 09:46:47.377148445 +0100 -@@ -326,6 +326,7 @@ - goto out; - } - } -+ _gnutls_fips_mode_reset_zombie(); - } - #endif - _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL); -Only in gnutls-3.3.8/lib: gnutls_global.c.orig diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec index ba542db..2934d88 100644 --- a/SPECS/gnutls.spec +++ b/SPECS/gnutls.spec @@ -2,8 +2,8 @@ %bcond_with guile Summary: A TLS protocol implementation Name: gnutls -Version: 3.3.8 -Release: 14%{?dist} +Version: 3.3.24 +Release: 1%{?dist} # The libraries are LGPLv2.1+, utilities are GPLv3+ License: GPLv3+ and LGPLv2+ Group: System Environment/Libraries @@ -16,6 +16,7 @@ BuildRequires: trousers-devel >= 0.3.11.2 BuildRequires: libidn-devel BuildRequires: gperf BuildRequires: fipscheck +BuildRequires: softhsm, net-tools Requires: p11-kit-trust # The automatic dependency on libtasn1 and p11-kit is insufficient, Requires: libtasn1 >= 3.8 @@ -37,29 +38,11 @@ Patch1: gnutls-3.2.7-rpath.patch Patch2: gnutls-3.1.11-nosrp.patch Patch3: gnutls-3.3.8-no-libtasn1-check.patch Patch4: gnutls-3.3.8-fips-key.patch -Patch5: gnutls-3.3.8-mem-issue.patch -Patch6: gnutls-3.3.8-testdsa-rndport.patch -Patch7: gnutls-3.3.8-padlock-disable.patch -Patch8: gnutls-3.3.8-dh-fips-tests.patch -Patch9: gnutls-3.3.8-drbg-fips-symbol.patch -Patch10: gnutls-3.3.8-lcm-fips.patch -Patch11: gnutls-3.3.8-sha224-fix.patch -Patch12: gnutls-3.3.8-fips140-rsa.patch -Patch13: gnutls-3.3.8-fips140-dsa1024.patch -Patch14: gnutls-3.3.8-handshake-reset.patch -Patch15: gnutls-3.3.8-handshake-reset2.patch -Patch16: gnutls-3.3.8-keygen-fix.patch -Patch17: gnutls-3.3.8-dh-fips-tests2.patch -Patch18: gnutls-3.3.8-cve-2014-8564.patch -Patch19: gnutls-3.3.8-zombie-fips.patch -Patch20: gnutls-3.3.8-urandom-fd.patch -Patch21: gnutls-3.3.8-fips-rnd-regr.patch -Patch22: gnutls-3.3.8-urandom-fd-fips.patch -Patch23: gnutls-3.3.8-rnd-reregister.patch -Patch24: gnutls-3.3.8-handshake-reset3.patch -Patch25: gnutls-3.3.8-fips-reseed.patch -Patch26: gnutls-3.3.8-md5-downgrade.patch - +Patch5: gnutls-3.3.8-padlock-disable.patch +# In 3.3.8 we were shipping an early backport of a fix in GNUTLS_E_APPLICATION_DATA +# behavior, which was using 3.4.0 semantics. We continue shipping to support +# any applications depending on that. +Patch6: gnutls-3.3.22-eapp-data.patch # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -163,28 +146,9 @@ This package contains Guile bindings for the library. %patch2 -p1 -b .nosrp %patch3 -p1 -b .libtasn1 %patch4 -p1 -b .fips-key -%patch5 -p1 -b .mem-issue -%patch6 -p1 -b .testdsa -%patch7 -p1 -b .padlock-disable -%patch8 -p1 -b .fips-dh -%patch9 -p1 -b .fips-drbg -%patch10 -p1 -b .fips-lcm -%patch11 -p1 -b .sha224-fix -%patch12 -p1 -b .fips-rsa-fix -%patch13 -p1 -b .fips-dsa1024-fix -%patch14 -p1 -b .handshake-reset -%patch15 -p1 -b .handshake-reset2 -%patch16 -p1 -b .keygen-fix -%patch17 -p1 -b .fips-dh2 -%patch18 -p1 -b .cve-2014-8564 -%patch19 -p1 -b .zombie-fips -%patch20 -p1 -b .init-fd -%patch21 -p1 -b .fips-regression -%patch22 -p1 -b .init-fd-fips -%patch23 -p1 -b .reregister -%patch24 -p1 -b .handshake-reset3 -%patch25 -p1 -b .fips-reseed -%patch26 -p1 -b .md5-downgrade +%patch5 -p1 -b .padlock-disable +%patch6 -p1 -b .eapp-data + sed 's/gnutls_srp.c//g' -i lib/Makefile.in sed 's/gnutls_srp.lo//g' -i lib/Makefile.in rm -f lib/minitasn1/*.c lib/minitasn1/*.h @@ -196,9 +160,11 @@ autoreconf -if %build export LDFLAGS="-Wl,--no-add-needed" -# --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit" %configure --with-libtasn1-prefix=%{_prefix} \ + --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit" \ --with-included-libcfg \ + --with-arcfour128 \ + --with-ssl3 \ --disable-static \ --disable-openssl-compatibility \ --disable-srp-authentication \ @@ -330,8 +296,20 @@ fi %endif %changelog -* Wed Dec 9 2015 Nikos Mavrogiannopoulos 3.3.8-14 -- Prevent downgrade attack to RSA-MD5 in server key exchange. +* Tue Jul 12 2016 Nikos Mavrogiannopoulos 3.3.24-1 +- Addressed issue with DSA public keys smaller than 2^1024 (#1238279) +- Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365) +- When writing certificates to smart cards write the CKA_ISSUER and + CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179) +- Use the shared system certificate store (#1110750) +- Address MD5 transcript collision attacks in TLS key exchange (#1289888, + CVE-2015-7575) +- Allow hashing data over 2^32 bytes (#1306953) +- Ensure written PKCS#11 public keys are not marked as private (#1339453) +- Ensure secure_getenv() is called on all uses of environment variables + (#1344591). +- Fix issues related to PKCS #11 private key listing on certain HSMs + (#1351389) * Fri Jun 5 2015 Nikos Mavrogiannopoulos 3.3.8-13 - Corrected reseed and respect of max_number_of_bits_per_request in