Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2023-04-11 13:50:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Tue Apr 11 13:50:35 2023 rev:146 rq:1078280 version:3.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2023-02-16 16:55:28.234607911 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new.19717/gnutls.changes 2023-04-11 13:50:40.583192835 +0200 @@ -1,0 +2,81 @@ +Mon Apr 10 14:48:41 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Temporarily disable GNULIB's year2038 support for 64bit time_t + by using the --disable-year2038 flag. This omits support for + timestamps past the year 2038: + * Fixes the public API on 32-bit architectures avoiding to + change the size of time_t as it cannot be changed without + breaking the ABI compatibility. + * Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1466 + +------------------------------------------------------------------- +Tue Feb 21 10:17:00 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Update to 3.8.0: [bsc#1205763, bsc#1209627] + * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key + exchange. Reported by Hubert Kario (#1050). Fix developed by + Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] + [CVE-2023-0361] + * libgnutls: C++ library is now header only. All definitions + from gnutlsxx.c have been moved into gnutlsxx.h. Users of the + C++ interface have two options: + 1. include gnutlsxx.h in their application and link against + the C library. (default) + 2. include gnutlsxx.h in their application, compile with + GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link + against the C++ library. + * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST + priority modifier have been added to allow disabling of the + status_request TLS extension in the client side. + * libgnutls: TLS heartbeat is disabled by default. + The heartbeat extension in TLS (RFC 6520) is not widely used + given other implementations dropped support for it. To enable + back support for it, supply --enable-heartbeat-support to + configure script. + * libgnutls: SRP authentication is now disabled by default. + It is disabled because the SRP authentication in TLS is not + up to date with the latest TLS standards and its ciphersuites + are based on the CBC mode and SHA-1. To enable it back, supply + --enable-srp-authentication option to configure script. + * libgnutls: All code has been indented using "indent -ppi1 -linux". + CI/CD has been adjusted to catch regressions. This is implemented + through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.ymlâs + commit-check. You may run devel/indent-gnutls to fix any + indentation issues if you make code modifications. + * guile: Guile-bindings removed. They have been extracted into a + separate project to reduce complexity and to simplify maintenance, + see <https://gitlab.com/gnutls/guile/>. + * minitasn1: Upgraded to libtasn1 version 4.19. + * API and ABI modifications: + GNUTLS_NO_STATUS_REQUEST: New flag + GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member + GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member + * Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch + and gnutls-FIPS-jitterentropy-threadsafe.patch into the main + patch gnutls-FIPS-jitterentropy.patch + * Rebase gnutls-FIPS-140-3-references.patch + * Rebase patches with upstream version: + - gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch + * Remove patches merged/fixed upstream: + - gnutls-FIPS-disable-failing-tests.patch + - gnutls-verify-library-HMAC.patch + - gnutls_ECDSA_signing.patch + - gnutls-Make-XTS-key-check-failure-not-fatal.patch + - gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch + * Update keyring with https://gnutls.org/gnutls-release-keyring.gpg + +------------------------------------------------------------------- +Thu Feb 16 19:43:04 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] + * Add gnutls-FIPS-jitterentropy-threadsafe.patch + +------------------------------------------------------------------- +Thu Feb 16 12:31:25 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] + * Rebase patches with the version submitted upstream. + * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch + * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch + +------------------------------------------------------------------- Old: ---- gnutls-3.7.9.tar.xz gnutls-3.7.9.tar.xz.sig gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch gnutls-FIPS-disable-failing-tests.patch gnutls-Make-XTS-key-check-failure-not-fatal.patch gnutls-verify-library-HMAC.patch gnutls_ECDSA_signing.patch New: ---- gnutls-3.8.0.tar.xz gnutls-3.8.0.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.2uZHFL/_old 2023-04-11 13:50:41.491198096 +0200 +++ /var/tmp/diff_new_pack.2uZHFL/_new 2023-04-11 13:50:41.495198119 +0200 @@ -25,6 +25,11 @@ %else %bcond_with dane %endif +%if 0%{?suse_version} >= 1550 +%bcond_without srp +%else +%bcond_with srp +%endif # Enable Linux kernel AF_ALG based acceleration %if 0%{?suse_version} >= 1550 # disable for now, as our OBS builds do not work with it. Marcus 20220511 @@ -34,50 +39,37 @@ %bcond_with kcapi %endif %bcond_with tpm -%bcond_without guile Name: gnutls -Version: 3.7.9 +Version: 3.8.0 Release: 0 Summary: The GNU Transport Layer Security Library License: GPL-3.0-or-later AND LGPL-2.1-or-later Group: Productivity/Networking/Security URL: https://www.gnutls.org/ -Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz -Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig +Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz +Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig # https://gnutls.org/gnutls-release-keyring.gpg -Source2: gnutls.keyring +Source2: https://gnutls.org/gnutls-release-keyring.gpg#/gnutls.keyring Source3: baselibs.conf # Suppress a false positive on the .hmac file Source4: gnutls.rpmlintrc Patch0: gnutls-3.5.11-skip-trust-store-tests.patch Patch1: gnutls-FIPS-TLS_KDF_selftest.patch -Patch2: gnutls-FIPS-disable-failing-tests.patch -Patch3: gnutls_ECDSA_signing.patch +Patch2: gnutls-disable-flaky-test-dtls-resume.patch +# FIPS 140-3 patches: +#PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration +Patch100: gnutls-FIPS-PCT-DH.patch +Patch101: gnutls-FIPS-PCT-ECDH.patch +#PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 +Patch102: gnutls-FIPS-140-3-references.patch %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 -%ifnarch s390 s390x #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy -Patch4: gnutls-FIPS-jitterentropy.patch -#PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode -Patch5: gnutls-FIPS-Set-error-state-when-jent-init-failed.patch -%endif +Patch103: gnutls-FIPS-jitterentropy.patch %endif -#PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only -Patch6: gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch -#PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal -Patch7: gnutls-Make-XTS-key-check-failure-not-fatal.patch -Patch8: gnutls-disable-flaky-test-dtls-resume.patch -#PATCH-FIX-OPENSUSE bsc#1199881 Verify only the libgnutls library HMAC -Patch9: gnutls-verify-library-HMAC.patch -#PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration -Patch10: gnutls-FIPS-PCT-DH.patch -Patch11: gnutls-FIPS-PCT-ECDH.patch -#PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 -Patch12: gnutls-FIPS-140-3-references.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge BuildRequires: fdupes -BuildRequires: fipscheck BuildRequires: gcc-c++ BuildRequires: gtk-doc # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present @@ -112,9 +104,6 @@ BuildRequires: libunbound-devel %endif %endif -%if %{with guile} -BuildRequires: guile-devel > 1.8 -%endif %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 BuildRequires: crypto-policies Requires: crypto-policies @@ -213,17 +202,6 @@ %description -n libgnutlsxx-devel Files needed for software development using gnutls. -%if %{with guile} -%package guile -Summary: Guile wrappers for gnutls -License: LGPL-2.1-or-later -Group: Development/Libraries/Other -Requires: guile > 1.8 - -%description guile -GnuTLS Wrappers for GNU Guile, a dialect of Scheme. -%endif - %prep %autosetup -p1 @@ -233,10 +211,8 @@ export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro" export CFLAGS="%{optflags} -fPIE" export CXXFLAGS="%{optflags} -fPIE" -autoreconf -fiv -# Rename the internal .hmac file to include the so library version -sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.am lib/Makefile.in lib/fips.c +autoreconf -fiv %configure \ gl_cv_func_printf_directive_n=yes \ @@ -258,16 +234,18 @@ %else --disable-libdane \ %endif -%if %{with guile} - --enable-guile \ - --with-guile-extension-dir=%{_libdir}/guile/3.0 \ -%else - --disable-guile \ +%if %{with srp} + --enable-srp-authentication \ +%endif +%ifarch %{ix86} + --disable-year2038 \ %endif + --enable-shared \ --enable-fips140-mode \ --with-fips140-module-name="GnuTLS version" \ --with-fips140-module-version="%{version}-%{release}" \ %{nil} + %make_build %install @@ -287,11 +265,11 @@ # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' -# note: The FIPS hmac is now calculated with an internal tool since +# Note: The FIPS hmac is now calculated with an internal tool since # commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed %{expand:%%global __os_install_post {%__os_install_post -./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac -sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac + ./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac" + sed -i "s^%{buildroot}/usr^^" "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac" }} rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot @@ -318,7 +296,8 @@ find -name test-suite.log -print -exec cat {} + exit 1 } -#Run the regression tests also in FIPS mode + +# Run the regression tests also in forced FIPS mode GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { find -name test-suite.log -print -exec cat {} + exit 1 @@ -346,7 +325,9 @@ %{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool +%if %{with srp} %{_bindir}/srptool +%endif %if %{with dane} %{_bindir}/danetool %endif @@ -414,11 +395,4 @@ %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h -%if %{with guile} -%files guile -%license LICENSE -%{_libdir}/guile/* -%{_datadir}/guile/site/* -%endif - %changelog ++++++ gnutls-3.7.9.tar.xz -> gnutls-3.8.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.7.9.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new.19717/gnutls-3.8.0.tar.xz differ: char 25, line 1 ++++++ gnutls-FIPS-140-3-references.patch ++++++ ++++ 1044 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/gnutls/gnutls-FIPS-140-3-references.patch ++++ and /work/SRC/openSUSE:Factory/.gnutls.new.19717/gnutls-FIPS-140-3-references.patch ++++++ gnutls-FIPS-PCT-DH.patch ++++++ --- /var/tmp/diff_new_pack.2uZHFL/_old 2023-04-11 13:50:41.587198652 +0200 +++ /var/tmp/diff_new_pack.2uZHFL/_new 2023-04-11 13:50:41.591198675 +0200 @@ -1,86 +1,56 @@ -Index: gnutls-3.7.8/lib/nettle/pk.c +From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001 +From: Pedro Monreal <pmg...@gmail.com> +Date: Thu, 16 Feb 2023 17:02:38 +0100 +Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation + +Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise +Consistency check, even if we only support ephemeral DH, as it is +required by FIPS 140-3 IG 10.3.A. + +Signed-off-by: Pedro Monreal <pmg...@gmail.com> +Co-authored-by: Daiki Ueno <u...@gnu.org> +--- + lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +Index: gnutls-3.8.0/lib/nettle/pk.c =================================================================== ---- gnutls-3.7.8.orig/lib/nettle/pk.c -+++ gnutls-3.7.8/lib/nettle/pk.c -@@ -2498,6 +2498,48 @@ static int pct_test(gnutls_pk_algorithm_ +--- gnutls-3.8.0.orig/lib/nettle/pk.c ++++ gnutls-3.8.0/lib/nettle/pk.c +@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_ } break; case GNUTLS_PK_DH: -+ if (_gnutls_fips_mode_enabled()) { -+ /* Perform Owner Assurance of Pair-wise Consistency -+ * according to SP800-56A (revision 3), 5.6.2.1.4. -+ * -+ * DH params (see lib/crypto-backend.h) -+ * [DSA_P] [0] is p (prime number) -+ * [DSA_Q] [1] is q (prime order) -+ * [DSA_G] [2] is g (generator) -+ * [DSA_Y] [3] is y (public key) -+ * [DSA_X] [4] is x (private key only) ++ { ++ mpz_t y; ++ ++ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance ++ * of Pair-wise Consistency check, even if we only ++ * support ephemeral DH, as it is required by FIPS ++ * 140-3 IG 10.3.A. + * -+ * Regenerate the public key from the private key with -+ * y = g^x mod p and compare it with the previous one. ++ * Use the private key, x, along with the generator g ++ * and prime modulus p included in the domain ++ * parameters associated with the key pair to compute ++ * g^x mod p. Compare the result to the public key, y. + */ -+ -+ mpz_t p, g, y, x; -+ -+ mpz_init(p); -+ mpz_init(g); + mpz_init(y); -+ mpz_init(x); -+ -+ mpz_set(p, params->params[DSA_P]); -+ mpz_set(g, params->params[DSA_G]); -+ mpz_set(x, params->params[DSA_X]); -+ -+ mpz_powm(y, g, x, p); -+ -+ ret = mpz_cmp(y, params->params[DSA_Y]); -+ if (unlikely(ret != 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); -+ } -+ -+ mpz_clear(p); -+ mpz_clear(g); -+ mpz_clear(y); -+ mpz_clear(x); -+ if (ret < 0) { ++ mpz_powm(y, ++ TOMPZ(params->params[DSA_G]), ++ TOMPZ(params->params[DSA_X]), ++ TOMPZ(params->params[DSA_P])); ++ if (unlikely ++ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) { ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_PK_GENERATION_ERROR); ++ mpz_clear(y); + goto cleanup; + } ++ mpz_clear(y); ++ break; + } -+ break; case GNUTLS_PK_ECDH_X25519: case GNUTLS_PK_ECDH_X448: ret = 0; -@@ -2780,8 +2822,17 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a - } - } - #endif -- -- ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL); -+ if (_gnutls_fips_mode_enabled()) { -+ ret = _gnutls_mpi_init_multi(¶ms->params[DSA_P], -+ ¶ms->params[DSA_G], -+ ¶ms->params[DSA_Y], -+ ¶ms->params[DSA_X], -+ NULL); -+ } else { -+ ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], -+ ¶ms->params[DSA_X], -+ NULL); -+ } - if (ret < 0) { - gnutls_assert(); - goto dh_fail; -@@ -2790,6 +2841,11 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a - mpz_set(TOMPZ(params->params[DSA_Y]), y); - mpz_set(TOMPZ(params->params[DSA_X]), x); - params->params_nr += 2; -+ if (_gnutls_fips_mode_enabled()) { -+ mpz_set(TOMPZ(params->params[DSA_P]), pub.p); -+ mpz_set(TOMPZ(params->params[DSA_G]), pub.g); -+ params->params_nr += 2; -+ } - - ret = 0; - ++++++ gnutls-FIPS-PCT-ECDH.patch ++++++ --- /var/tmp/diff_new_pack.2uZHFL/_old 2023-04-11 13:50:41.599198722 +0200 +++ /var/tmp/diff_new_pack.2uZHFL/_new 2023-04-11 13:50:41.603198744 +0200 @@ -1,7 +1,22 @@ -Index: gnutls-3.7.3/lib/nettle/pk.c -=================================================================== ---- gnutls-3.7.3.orig/lib/nettle/pk.c -+++ gnutls-3.7.3/lib/nettle/pk.c +From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001 +From: Pedro Monreal <pmg...@gmail.com> +Date: Fri, 24 Feb 2023 22:02:48 +0000 +Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key + derivation + +This implements full public key validation required in +SP800-56A rev3, section 5.6.2.3.3. + +Co-authored-by: Daiki Ueno <u...@gnu.org> +Signed-off-by: Pedro Monreal <pmg...@gmail.com> +--- + lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 125 insertions(+), 3 deletions(-) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 6adf958a61..d30bca594f 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c @@ -71,6 +71,9 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve); static inline const struct ecc_curve *get_supported_gost_curve(int curve); @@ -12,7 +27,7 @@ /* When these callbacks are used for a nettle operation, the * caller must check the macro HAVE_LIB_ERROR() after the operation * is complete. If the macro is true, the operation is to be considered -@@ -406,6 +409,10 @@ dh_cleanup: +@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, struct ecc_scalar ecc_priv; struct ecc_point ecc_pub; const struct ecc_curve *curve; @@ -23,7 +38,7 @@ out->data = NULL; -@@ -425,10 +432,21 @@ dh_cleanup: +@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, not_approved = true; } @@ -42,20 +57,19 @@ if (ret < 0) { gnutls_assert(); - goto cleanup; -+ goto ecc_pub_cleanup; ++ goto ecc_fail_cleanup; } - ret = -@@ -436,7 +454,7 @@ dh_cleanup: + ret = _ecc_params_to_privkey(priv, &ecc_priv, curve); if (ret < 0) { ecc_point_clear(&ecc_pub); gnutls_assert(); - goto cleanup; -+ goto ecc_priv_cleanup; ++ goto ecc_fail_cleanup; } out->size = gnutls_ecc_curve_get_size(priv->curve); -@@ -449,16 +467,111 @@ dh_cleanup: +@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, goto ecc_cleanup; } @@ -64,7 +78,7 @@ + */ + + /* Step 1: verify that Q is not an identity -+ * element (an infinity point). Note that this ++ * element (an infinity point). Note that this + * cannot happen in the nettle implementation, + * because it cannot represent an infinity point + * on curves. */ @@ -75,7 +89,6 @@ gnutls_free(out->data); + goto ecc_cleanup; + } -+ +#ifdef ENABLE_FIPS140 + if (_gnutls_fips_mode_enabled()) { + const char *order, *modulus; @@ -90,7 +103,9 @@ + * + * Both checks are performed in nettle. */ + if (!ecc_point_set(&r, x, y)) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_cleanup; + } + @@ -105,54 +120,63 @@ + * + * That effectively means: n * Q = -Q + Q = O + */ -+ order = get_supported_nist_curve_order(priv->curve); ++ order = ++ get_supported_nist_curve_order(priv->curve); + if (unlikely(order == NULL)) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_INTERNAL_ERROR); + goto ecc_cleanup; + } + + ret = mpz_set_str(nn, order, 16); + if (unlikely(ret < 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_MPI_SCAN_FAILED); + goto ecc_cleanup; + } + -+ modulus = get_supported_nist_curve_modulus(priv->curve); ++ modulus = ++ get_supported_nist_curve_modulus ++ (priv->curve); + if (unlikely(modulus == NULL)) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_INTERNAL_ERROR); + goto ecc_cleanup; + } + + ret = mpz_set_str(mm, modulus, 16); + if (unlikely(ret < 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_MPI_SCAN_FAILED); + goto ecc_cleanup; + } + + /* (n - 1) * Q = -Q */ -+ mpz_sub_ui (nn, nn, 1); ++ mpz_sub_ui(nn, nn, 1); + ecc_scalar_set(&n, nn); + ecc_point_mul(&r, &n, &r); + ecc_point_get(&r, xx, yy); -+ mpz_sub (mm, mm, y); ++ mpz_sub(mm, mm, y); + + if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_cleanup; + } + } else { + not_approved = true; + } +#endif -+ -+ ret = 0; - ecc_cleanup: -- ecc_point_clear(&ecc_pub); + ecc_cleanup: + ecc_point_clear(&ecc_pub); ecc_scalar_zclear(&ecc_priv); -+ ecc_priv_cleanup: -+ ecc_point_clear(&ecc_pub); -+ ecc_pub_cleanup: ++ ecc_fail_cleanup: + mpz_clear(x); + mpz_clear(y); + mpz_clear(xx); @@ -162,11 +186,9 @@ + ecc_point_clear(&r); + ecc_scalar_clear(&n); + ecc_scalar_clear(&m); -+ if (ret < 0) goto cleanup; -+ break; - } - case GNUTLS_PK_ECDH_X25519: +-- +GitLab ++++++ gnutls-FIPS-jitterentropy.patch ++++++ --- /var/tmp/diff_new_pack.2uZHFL/_old 2023-04-11 13:50:41.623198860 +0200 +++ /var/tmp/diff_new_pack.2uZHFL/_new 2023-04-11 13:50:41.627198883 +0200 @@ -1,122 +1,131 @@ -Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c +Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/sysrng-linux.c -+++ gnutls-3.7.3/lib/nettle/sysrng-linux.c -@@ -49,6 +49,12 @@ +--- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c ++++ gnutls-3.8.0/lib/nettle/sysrng-linux.c +@@ -49,6 +49,15 @@ get_entropy_func _rnd_get_system_entropy = NULL; #if defined(__linux__) -+# ifdef ENABLE_FIPS140 ++# if defined(ENABLE_FIPS140) +# define HAVE_JENT +# include <jitterentropy.h> -+static int jent_initialized = 0; -+static struct rand_data* ec = NULL; ++/* Per thread context of random generator, and a flag to indicate initialization */ ++static _Thread_local struct rand_data* ec = NULL; ++static _Thread_local int jent_initialized = 0; ++/* Declare function to fix a missing-prototypes compilation warning */ ++void FIPS_jent_entropy_deinit(void); +# endif # ifdef HAVE_GETRANDOM # include <sys/random.h> # else -@@ -66,6 +72,96 @@ static ssize_t _getrandom0(void *buf, si +@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si # endif # endif -+# if defined(HAVE_JENT) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) +/* check whether the CPU Jitter entropy collector is available. */ +static unsigned FIPS_jent_entropy_init(void) +{ -+ unsigned int rv = 1; -+ unsigned int osr = 1; /* <OSR> Oversampling rate */ -+ unsigned int flags = 0; /* JENT_FORCE_FIPS -+ * JENT_DISABLE_MEMORY_ACCESS -+ * JENT_DISABLE_INTERNAL_TIMER -+ * JENT_FORCE_INTERNAL_TIMER -+ * JENT_MAX_MEMSIZE_{32,64,128,256,512}kB -+ * JENT_MAX_MEMSIZE_{1,2,4,8,16,32,64,128,256,512}MB -+ */ -+ -+ /* Set the FIPS flag. */ -+ flags |= JENT_FORCE_FIPS; -+ -+ /* Do not re-initialize jent. */ -+ if (jent_initialized == 0) { -+ if (jent_entropy_init_ex(osr, flags)) -+ return 0; -+ jent_initialized = 1; -+ } -+ -+ /* Allocate the entropy collector. */ -+ if (ec == NULL) { -+ ec = jent_entropy_collector_alloc(osr, flags); -+ if (ec == NULL) { -+ rv = 0; -+ } -+ } ++ unsigned int rv = 1; ++ unsigned int osr = 1; /* <OSR> Oversampling rate */ ++ unsigned int flags = 0; /* JENT_FORCE_FIPS ++ * JENT_DISABLE_MEMORY_ACCESS ++ * JENT_DISABLE_INTERNAL_TIMER ++ * JENT_FORCE_INTERNAL_TIMER ++ * JENT_MAX_MEMSIZE_{32,64,128,256,512}kB ++ * JENT_MAX_MEMSIZE_{1,2,4,8,16,32,64,128,256,512}MB ++ */ ++ ++ /* Set the FIPS flag. */ ++ flags |= JENT_FORCE_FIPS; ++ ++ /* Do not re-initialize jent. */ ++ if (jent_initialized == 0) { ++ if (jent_entropy_init_ex(osr, flags)) ++ return 0; ++ jent_initialized = 1; ++ } ++ ++ /* Allocate the entropy collector. */ ++ if (ec == NULL) { ++ ec = jent_entropy_collector_alloc(osr, flags); ++ if (ec == NULL) { ++ rv = 0; ++ } ++ } + -+ return rv; ++ return rv; +} + +void FIPS_jent_entropy_deinit(void) +{ -+ /* Free the entropy collector. */ -+ if (ec != NULL) { -+ jent_entropy_collector_free(ec); -+ ec = NULL; -+ } ++ /* Free the entropy collector. */ ++ if (ec != NULL) { ++ jent_entropy_collector_free(ec); ++ ec = NULL; ++ } ++ ++ jent_initialized = 0; + -+ return; ++ return; +} + +/* returns exactly the amount of bytes requested */ +static int force_jent(void *buf, size_t buflen, unsigned int flags, -+ unsigned int osr) ++ unsigned int osr) +{ -+ static int jent_bytes = -1; -+ -+ if (buf == NULL || buflen == 0) { -+ return -1; -+ } ++ static int jent_bytes = -1; + -+ /* Ensure the entropy source has been fully initiated. */ -+ if (jent_initialized == 0 || ec == NULL) { -+ if (!FIPS_jent_entropy_init()) { -+ return -1; -+ } -+ } ++ if (buf == NULL || buflen == 0) { ++ return -1; ++ } ++ ++ /* Ensure the entropy source has been fully initiated. */ ++ if (jent_initialized == 0 || ec == NULL) { ++ if (!FIPS_jent_entropy_init()) { ++ return -1; ++ } ++ } + -+ /* Get entropy bytes. */ -+ jent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen); ++ /* Get entropy bytes. */ ++ jent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen); + -+ return jent_bytes; ++ return jent_bytes; +} + +static int _rnd_get_system_entropy_jent(void* _rnd, size_t size) +{ -+ int ret; -+ unsigned int osr = 1; -+ unsigned int flags = 0; -+ -+ /* Set the FIPS flag. */ -+ flags |= JENT_FORCE_FIPS; -+ -+ ret = force_jent(_rnd, size, flags, osr); -+ if (ret < 0) { -+ int e = errno; -+ gnutls_assert(); -+ _gnutls_debug_log("Failed to use jent: %s\n", strerror(e)); -+ FIPS_jent_entropy_deinit(); -+ return GNUTLS_E_RANDOM_DEVICE_ERROR; -+ } ++ int ret; ++ unsigned int osr = 1; ++ unsigned int flags = 0; ++ ++ /* Set the FIPS flag. */ ++ flags |= JENT_FORCE_FIPS; ++ ++ ret = force_jent(_rnd, size, flags, osr); ++ if (ret < 0) { ++ int e = errno; ++ gnutls_assert(); ++ _gnutls_debug_log("Failed to use jent: %s\n", strerror(e)); ++ FIPS_jent_entropy_deinit(); ++ return GNUTLS_E_RANDOM_DEVICE_ERROR; ++ } + -+ return 0; ++ return 0; +} ++# endif +# endif - ++ static unsigned have_getrandom(void) { -@@ -164,6 +260,16 @@ int _rnd_system_entropy_init(void) + char c; +@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void) int urandom_fd; #if defined(__linux__) -+# if defined(HAVE_JENT) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) + /* Enable jitterentropy usage if available */ + if (FIPS_jent_entropy_init()) { + _rnd_get_system_entropy = _rnd_get_system_entropy_jent; @@ -124,28 +133,36 @@ + return 0; + } else { + _gnutls_debug_log("jitterentropy is not available\n"); ++ /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */ ++ if (_gnutls_fips_mode_enabled()) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR); ++ } + } ++# endif +# endif /* Enable getrandom() usage if available */ if (have_getrandom()) { _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom; -@@ -193,6 +299,11 @@ int _rnd_system_entropy_init(void) +@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void) void _rnd_system_entropy_deinit(void) { /* A no-op now when we open and close /dev/urandom every time */ +#if defined(__linux__) -+# if defined(HAVE_JENT) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) + FIPS_jent_entropy_deinit(); ++# endif +# endif +#endif return; } - -Index: gnutls-3.7.3/lib/nettle/Makefile.in +Index: gnutls-3.8.0/lib/nettle/Makefile.in =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/Makefile.in -+++ gnutls-3.7.3/lib/nettle/Makefile.in -@@ -398,7 +398,7 @@ am__v_CC_1 = +--- gnutls-3.8.0.orig/lib/nettle/Makefile.in ++++ gnutls-3.8.0/lib/nettle/Makefile.in +@@ -399,7 +399,7 @@ am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -154,10 +171,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; -Index: gnutls-3.7.3/lib/nettle/Makefile.am +Index: gnutls-3.8.0/lib/nettle/Makefile.am =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/Makefile.am -+++ gnutls-3.7.3/lib/nettle/Makefile.am +--- gnutls-3.8.0.orig/lib/nettle/Makefile.am ++++ gnutls-3.8.0/lib/nettle/Makefile.am @@ -20,7 +20,7 @@ include $(top_srcdir)/lib/common.mk @@ -167,10 +184,10 @@ AM_CPPFLAGS = \ -I$(srcdir)/int \ -Index: gnutls-3.7.3/lib/nettle/rnd-fips.c +Index: gnutls-3.8.0/lib/nettle/rnd-fips.c =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/rnd-fips.c -+++ gnutls-3.7.3/lib/nettle/rnd-fips.c +--- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c ++++ gnutls-3.8.0/lib/nettle/rnd-fips.c @@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; @@ -193,4 +210,17 @@ ret = get_entropy(fctx, buffer, sizeof(buffer)); if (ret < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); +Index: gnutls-3.8.0/tests/Makefile.am +=================================================================== +--- gnutls-3.8.0.orig/tests/Makefile.am ++++ gnutls-3.8.0/tests/Makefile.am +@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm + dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ + keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ + tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ +- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \ ++ set_x509_key_file_ocsp client-fastopen srp rng-pthread \ + safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \ + safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \ + rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \ ++++++ gnutls.keyring ++++++ Binary files /var/tmp/diff_new_pack.2uZHFL/_old and /var/tmp/diff_new_pack.2uZHFL/_new differ
