From 05700f0e0201b5ad4302c58123632a9175a72fe0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 14 2021 20:09:36 +0000 Subject: import gnutls-3.6.14-8.el8_3 --- diff --git a/SOURCES/gnutls-3.6.14-ecdsa-verify.patch b/SOURCES/gnutls-3.6.14-ecdsa-verify.patch new file mode 100644 index 0000000..3ebaf2a --- /dev/null +++ b/SOURCES/gnutls-3.6.14-ecdsa-verify.patch @@ -0,0 +1,87 @@ +diff -up ./doc/doxygen/Doxyfile.orig ./doc/doxygen/Doxyfile +diff -up ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig ./lib/nettle/ecc/ecc-gostdsa-verify.c +--- ./lib/nettle/ecc/ecc-gostdsa-verify.c.orig 2020-06-03 15:05:27.000000000 +0200 ++++ ./lib/nettle/ecc/ecc-gostdsa-verify.c 2021-04-01 11:24:42.820992320 +0200 +@@ -63,6 +63,8 @@ ecc_gostdsa_verify (const struct ecc_cur + const mp_limb_t *rp, const mp_limb_t *sp, + mp_limb_t *scratch) + { ++ mp_limb_t cy; ++ + /* Procedure, according to GOST R 34.10. q denotes the group + order. + +@@ -101,11 +103,17 @@ ecc_gostdsa_verify (const struct ecc_cur + ecc->q.invert (&ecc->q, vp, hp, vp + 2*ecc->p.size); + + /* z1 = s / h, P1 = z1 * G */ +- ecc_mod_mul (&ecc->q, z1, sp, vp); ++ ecc_mod_mul (&ecc->q, z1 + ecc->q.size, sp, vp); ++ /* Ensure canonical reduction */ ++ cy = mpn_sub_n (z1, z1 + ecc->q.size, ecc->q.m, ecc->q.size); ++ cnd_copy (cy, z1, z1 + ecc->q.size, ecc->q.size); + + /* z2 = - r / h, P2 = z2 * Y */ +- ecc_mod_mul (&ecc->q, z2, rp, vp); +- mpn_sub_n (z2, ecc->q.m, z2, ecc->p.size); ++ mpn_sub_n (hp, ecc->q.m, rp, ecc->p.size); ++ ecc_mod_mul (&ecc->q, z2 + ecc->q.size, hp, vp); ++ /* Ensure canonical reduction */ ++ cy = mpn_sub_n (z2, z2 + ecc->q.size, ecc->q.m, ecc->q.size); ++ cnd_copy (cy, z2, z2 + ecc->q.size, ecc->q.size); + + /* Total storage: 5*ecc->p.size + ecc->mul_itch */ + ecc->mul (ecc, P2, z2, pp, z2 + ecc->p.size); +diff -up ./lib/nettle/ecc/eddsa-hash.c.orig ./lib/nettle/ecc/eddsa-hash.c +--- ./lib/nettle/ecc/eddsa-hash.c.orig 2020-06-03 15:05:28.000000000 +0200 ++++ ./lib/nettle/ecc/eddsa-hash.c 2021-04-01 11:24:42.821992314 +0200 +@@ -43,13 +43,14 @@ + #include + #include "ecc-internal.h" + +-/* Convert hash digest to integer, and reduce modulo q, to m->size +- limbs. Needs space for 2*m->size + 1 at rp. */ ++/* Convert hash digest to integer, and reduce canonically modulo q. ++ Needs space for 2*m->size + 1 at rp. */ + void + _eddsa_hash (const struct ecc_modulo *m, + mp_limb_t *rp, size_t digest_size, const uint8_t *digest) + { + mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS; ++ mp_limb_t cy; + + mpn_set_base256_le (rp, nlimbs, digest, digest_size); + +@@ -74,4 +75,8 @@ _eddsa_hash (const struct ecc_modulo *m, + assert (hi == 0); + } + m->mod (m, rp); ++ /* Ensure canonical reduction. */ ++ cy = mpn_sub_n (rp + m->size, rp, m->m, m->size); ++ cnd_copy (cy, rp + m->size, rp, m->size); ++ mpn_copyi (rp, rp + m->size, m->size); + } +diff -up ./lib/nettle/ecc/gostdsa-vko.c.orig ./lib/nettle/ecc/gostdsa-vko.c +--- ./lib/nettle/ecc/gostdsa-vko.c.orig 2020-06-03 15:05:28.000000000 +0200 ++++ ./lib/nettle/ecc/gostdsa-vko.c 2021-04-01 11:24:42.821992314 +0200 +@@ -64,6 +64,7 @@ gostdsa_vko (const struct ecc_scalar *pr + mp_size_t size = ecc->p.size; + mp_size_t itch = 4*size + ecc->mul_itch; + mp_limb_t *scratch; ++ mp_limb_t cy; + + if (itch < 5*size + ecc->h_to_a_itch) + itch = 5*size + ecc->h_to_a_itch; +@@ -87,7 +88,11 @@ gostdsa_vko (const struct ecc_scalar *pr + if (mpn_zero_p (UKM, size)) + UKM[0] = 1; + +- ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */ ++ ecc_mod_mul (&ecc->q, TEMP + ecc->q.size, priv->p, UKM); /* TEMP = UKM * priv */ ++ /* Ensure canonical reduction */ ++ cy = mpn_sub_n (TEMP, TEMP + ecc->q.size, ecc->q.m, ecc->q.size); ++ cnd_copy (cy, TEMP, TEMP + ecc->q.size, ecc->q.size); ++ + ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */ + ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */ + mpn_get_base256_le (out, bsize, TEMP, size); diff --git a/SOURCES/gnutls-3.6.14-test-fixes.patch b/SOURCES/gnutls-3.6.14-test-fixes.patch new file mode 100644 index 0000000..0491472 --- /dev/null +++ b/SOURCES/gnutls-3.6.14-test-fixes.patch @@ -0,0 +1,95 @@ +From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 28 Dec 2020 16:16:53 +0100 +Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry + +The certificates stored in tests/testpkcs11-certs expired on +2020-12-13. To avoid verification failure due to that, use datefudge +to set custom date when calling gnutls-cli, gnutls-serv, and certtool. + +Based on the patch by Andreas Metzler: +https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121 + +Signed-off-by: Daiki Ueno +--- + tests/scripts/common.sh | 5 +++++ + tests/testpkcs11.sh | 12 +++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh +index 6ae19fa58..69b5fd612 100644 +--- a/tests/scripts/common.sh ++++ b/tests/scripts/common.sh +@@ -187,6 +187,11 @@ launch_bare_server() { + ${SERV} $* >${LOGFILE-/dev/null} & + } + ++launch_bare_server2() { ++ wait_for_free_port "$PORT" ++ "$@" >${LOGFILE-/dev/null} & ++} ++ + wait_server() { + local PID=$1 + trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2 +diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh +index 9458af238..3d74bfea6 100755 +--- a/tests/testpkcs11.sh ++++ b/tests/testpkcs11.sh +@@ -67,6 +67,8 @@ have_ed25519=0 + P11TOOL="${VALGRIND} ${P11TOOL} --batch" + SERV="${SERV} -q" + ++TESTDATE=2020-12-01 ++ + . ${srcdir}/scripts/common.sh + + rm -f "${LOGFILE}" +@@ -79,6 +81,8 @@ exit_error () { + exit 1 + } + ++skip_if_no_datefudge ++ + # $1: token + # $2: PIN + # $3: filename +@@ -523,6 +527,7 @@ write_certificate_test () { + pubkey="$5" + + echo -n "* Generating client certificate... " ++ datefudge -s "$TESTDATE" \ + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ + --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 +@@ -900,7 +905,9 @@ use_certificate_test () { + echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " + # start server + eval "${GETPORT}" +- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ ++ launch_bare_server2 datefudge -s "$TESTDATE" \ ++ $VALGRIND $SERV $DEBUG -p "$PORT" \ ++ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" \ + --verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1 + +@@ -908,13 +915,16 @@ use_certificate_test () { + wait_server ${PID} + + # connect to server using SC ++ datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 && \ + fail ${PID} "Connection should have failed!" + ++ datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ + fail ${PID} "Connection (with files) should have succeeded!" + ++ datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ + --x509keyfile="${token};object=gnutls-client;object-type=private" \ + --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ +-- +2.29.2 + diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec index 8d6bfd0..9f8c965 100644 --- a/SPECS/gnutls.spec +++ b/SPECS/gnutls.spec @@ -1,5 +1,5 @@ Version: 3.6.14 -Release: 7%{?dist} +Release: 8%{?dist} Patch1: gnutls-3.2.7-rpath.patch Patch2: gnutls-3.6.4-no-now-guile.patch Patch3: gnutls-3.6.13-enable-intel-cet.patch @@ -12,6 +12,9 @@ Patch9: gnutls-3.6.14-fix-iovec-memory-leak.patch Patch10: gnutls-3.6.14-fips-dh-selftests.patch Patch11: gnutls-3.6.14-fips-kdf-selftests.patch Patch12: gnutls-3.6.14-no-renegotiation.patch +# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html +Patch13: gnutls-3.6.14-ecdsa-verify.patch +Patch14: gnutls-3.6.14-test-fixes.patch %bcond_without dane %if 0%{?rhel} %bcond_with guile @@ -224,8 +227,8 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc %find_lang gnutls -#check -#make check %{?_smp_mflags} +%check +make check %{?_smp_mflags} %post devel if [ -f %{_infodir}/gnutls.info.gz ]; then @@ -295,9 +298,8 @@ fi %endif %changelog -* Tue Jan 05 2021 Johnny Hughes - 3.6.14-7 -- Skip timebomb test (RH bug 1908110, upstream bug 1135 - https://gitlab.com/gnutls/gnutls/-/issues/1135 +* Thu Apr 1 2021 Daiki Ueno - 3.6.14-8 +- Port fixes for potential miscalculation in ecdsa_verify (#1942929) * Tue Nov 3 2020 Daiki Ueno - 3.6.14-7 - Increase DH key bits to >= 2048 in self-tests (#1879506)