diff --git a/backport-CVE-2024-0553-rsa-psk-minimize-branching-after-decryption.patch b/backport-CVE-2024-0553-rsa-psk-minimize-branching-after-decryption.patch deleted file mode 100644 index 5bcb7162c88f89a3d6def2ac00164ab3cb41cd2a..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-0553-rsa-psk-minimize-branching-after-decryption.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 40dbbd8de499668590e8af51a15799fbc430595e Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Wed, 10 Jan 2024 19:13:17 +0900 -Subject: [PATCH] rsa-psk: minimize branching after decryption - -This moves any non-trivial code between gnutls_privkey_decrypt_data2 -and the function return in _gnutls_proc_rsa_psk_client_kx up until the -decryption. This also avoids an extra memcpy to session->key.key. - -Signed-off-by: Daiki Ueno - -Reference: https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e -Conflicts: NA - ---- - lib/auth/rsa_psk.c | 69 ++++++++++++++++++++++++---------------------- - 1 file changed, 36 insertions(+), 33 deletions(-) - -diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c -index 99f908460..399fb4da1 100644 ---- a/lib/auth/rsa_psk.c -+++ b/lib/auth/rsa_psk.c -@@ -256,7 +256,6 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, - int ret, dsize; - ssize_t data_size = _data_size; - gnutls_psk_server_credentials_t cred; -- gnutls_datum_t premaster_secret = { NULL, 0 }; - volatile uint8_t ver_maj, ver_min; - - cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( -@@ -318,24 +317,49 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, - ver_maj = _gnutls_get_adv_version_major(session); - ver_min = _gnutls_get_adv_version_minor(session); - -- premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE); -- if (premaster_secret.data == NULL) { -+ /* Find the key of this username. A random value will be -+ * filled in if the key is not found. -+ */ -+ ret = _gnutls_psk_pwd_find_entry(session, info->username, -+ strlen(info->username), &pwd_psk, -+ NULL); -+ if (ret < 0) -+ return gnutls_assert_val(ret); -+ -+ /* Allocate memory for premaster secret, and fill in the -+ * fields except the decryption result. -+ */ -+ session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size; -+ session->key.key.data = gnutls_malloc(session->key.key.size); -+ if (session->key.key.data == NULL) { - gnutls_assert(); -+ _gnutls_free_key_datum(&pwd_psk); -+ /* No need to zeroize, as the secret is not copied in yet */ -+ _gnutls_free_datum(&session->key.key); - return GNUTLS_E_MEMORY_ERROR; - } -- premaster_secret.size = GNUTLS_MASTER_SIZE; - - /* Fallback value when decryption fails. Needs to be unpredictable. */ -- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data, -- premaster_secret.size); -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2, -+ GNUTLS_MASTER_SIZE); - if (ret < 0) { - gnutls_assert(); -- goto cleanup; -+ _gnutls_free_key_datum(&pwd_psk); -+ /* No need to zeroize, as the secret is not copied in yet */ -+ _gnutls_free_datum(&session->key.key); -+ return ret; - } - -+ _gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data); -+ _gnutls_write_uint16(pwd_psk.size, -+ &session->key.key.data[2 + GNUTLS_MASTER_SIZE]); -+ memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2], pwd_psk.data, -+ pwd_psk.size); -+ _gnutls_free_key_datum(&pwd_psk); -+ - gnutls_privkey_decrypt_data2(session->internals.selected_key, 0, -- &ciphertext, premaster_secret.data, -- premaster_secret.size); -+ &ciphertext, session->key.key.data + 2, -+ GNUTLS_MASTER_SIZE); - /* After this point, any conditional on failure that cause differences - * in execution may create a timing or cache access pattern side - * channel that can be used as an oracle, so tread carefully */ -@@ -354,31 +378,10 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, - /* This is here to avoid the version check attack - * discussed above. - */ -- premaster_secret.data[0] = ver_maj; -- premaster_secret.data[1] = ver_min; -- -- /* find the key of this username -- */ -- ret = _gnutls_psk_pwd_find_entry(session, info->username, -- strlen(info->username), &pwd_psk, -- NULL); -- if (ret < 0) { -- gnutls_assert(); -- goto cleanup; -- } -+ session->key.key.data[2] = ver_maj; -+ session->key.key.data[3] = ver_min; - -- ret = set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret); -- if (ret < 0) { -- gnutls_assert(); -- goto cleanup; -- } -- -- ret = 0; --cleanup: -- _gnutls_free_key_datum(&pwd_psk); -- _gnutls_free_temp_key_datum(&premaster_secret); -- -- return ret; -+ return 0; - } - - static int _gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, --- -2.33.0 - diff --git a/backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch b/backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch deleted file mode 100644 index 4da3b7e0c96b8bf850d8aa3b04ea4b980cf29495..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch +++ /dev/null @@ -1,187 +0,0 @@ -From 9edbdaa84e38b1bfb53a7d72c1de44f8de373405 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Thu, 11 Jan 2024 15:45:11 +0900 -Subject: [PATCH] x509: detect loop in certificate chain -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There can be a loop in a certificate chain, when multiple CA -certificates are cross-signed with each other, such as A → B, B → C, -and C → A. Previously, the verification logic was not capable of -handling this scenario while sorting the certificates in the chain in -_gnutls_sort_clist, resulting in an assertion failure. This patch -properly detects such loop and aborts further processing in a graceful -manner. - -Signed-off-by: Daiki Ueno - -Reference: https://gitlab.com/gnutls/gnutls/-/commit/9edbdaa84e38b1bfb53a7d72c1de44f8de373405 -Conflict: NA - ---- - lib/x509/common.c | 4 ++ - tests/test-chains.h | 125 ++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 129 insertions(+) - -diff --git a/lib/x509/common.c b/lib/x509/common.c -index 861cace4c..d749a062c 100644 ---- a/lib/x509/common.c -+++ b/lib/x509/common.c -@@ -1741,6 +1741,10 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist, - break; - } - -+ if (insorted[prev]) { /* loop detected */ -+ break; -+ } -+ - sorted[i] = clist[prev]; - insorted[prev] = 1; - } -diff --git a/tests/test-chains.h b/tests/test-chains.h -index 9ce23764d..3e559fecd 100644 ---- a/tests/test-chains.h -+++ b/tests/test-chains.h -@@ -4260,6 +4260,129 @@ static const char *rsa_sha1_not_in_trusted_ca[] = { - NULL - }; - -+static const char *cross_signed[] = { -+ /* server (signed by A1) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBqDCCAVqgAwIBAgIUejlil+8DBffazcnMNwyOOP6yCCowBQYDK2VwMBoxGDAW\n" -+ "BgNVBAMTD0ludGVybWVkaWF0ZSBBMTAgFw0yNDAxMTEwNjI3MjJaGA85OTk5MTIz\n" -+ "MTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYDVQQD\n" -+ "Ew90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQA1ZVS0PcNeTPQMZ+FuVz82AHrj\n" -+ "qL5hWEpCDgpG4M4fxaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3Rl\n" -+ "c3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMC\n" -+ "B4AwHQYDVR0OBBYEFGtEUv+JSt+zPoO3lu0IiObZVoiNMB8GA1UdIwQYMBaAFPnY\n" -+ "v6Pw0IvKSqIlb6ewHyEAmTA3MAUGAytlcANBAAS2lyc87kH/aOvNKzPjqDwUYxPA\n" -+ "CfYjyaKea2d0DZLBM5+Bjnj/4aWwTKgVTJzWhLJcLtaSdVHrXqjr9NhEhQ0=\n" -+ "-----END CERTIFICATE-----\n", -+ /* A1 (signed by A) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBUjCCAQSgAwIBAgIUe/R+NVp04e74ySw2qgI6KZgFR20wBQYDK2VwMBExDzAN\n" -+ "BgNVBAMTBlJvb3QgQTAgFw0yNDAxMTEwNjI1MDFaGA85OTk5MTIzMTIzNTk1OVow\n" -+ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEExMCowBQYDK2VwAyEAlkTNqwz973sy\n" -+ "u3whMjSiUMs77CZu5YA7Gi5KcakExrKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n" -+ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT52L+j8NCLykqiJW+nsB8hAJkwNzAfBgNV\n" -+ "HSMEGDAWgBRbYgOkRGsd3Z74+CauX4htzLg0lzAFBgMrZXADQQBM0NBaFVPd3cTJ\n" -+ "DSaZNT34fsHuJk4eagpn8mBxKQpghq4s8Ap+nYtp2KiXjcizss53PeLXVnkfyLi0\n" -+ "TLVBHvUJ\n" -+ "-----END CERTIFICATE-----\n", -+ /* A (signed by B) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBSDCB+6ADAgECAhQtdJpg+qlPcLoRW8iiztJUD4xNvDAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MTk1OVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2hBs32p\n" -+ "WbnINkmOSNmOiZlGHKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMB8GA1UdIwQYMBaAFJFA\n" -+ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBAPv674p9ek5GjRcRfVQhgN+kQlHU\n" -+ "u774wL3Vx3fWA1E7+WchdMzcHrPoa5OKtKmxjIKUTO4SeDZL/AVpvulrWwk=\n" -+ "-----END CERTIFICATE-----\n", -+ /* A (signed by C) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n" -+ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFEh/\n" -+ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb0+EBv\n" -+ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8=\n" -+ "-----END CERTIFICATE-----\n", -+ /* B1 (signed by B) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBUjCCAQSgAwIBAgIUfpmrVDc1XBA5/7QYMyGBuB9mTtUwBQYDK2VwMBExDzAN\n" -+ "BgNVBAMTBlJvb3QgQjAgFw0yNDAxMTEwNjI1MjdaGA85OTk5MTIzMTIzNTk1OVow\n" -+ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEIxMCowBQYDK2VwAyEAh6ZTuJWsweVB\n" -+ "a5fsye5iq89kWDC2Y/Hlc0htLmjzMP+jYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n" -+ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTMQu37PKyLjKfPODZgxYCaayff+jAfBgNV\n" -+ "HSMEGDAWgBSRQLNq4Oo/MPQCiLUZzjjoxthRujAFBgMrZXADQQBblmguY+lnYvOK\n" -+ "rAZJnqpEUGfm1tIFyu3rnlE7WOVcXRXMIoNApLH2iHIipQjlvNWuSBFBTC1qdewh\n" -+ "/e+0cgQB\n" -+ "-----END CERTIFICATE-----\n", -+ /* B (signed by A) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBSDCB+6ADAgECAhRpEm+dWNX6DMZh/nottkFfFFrXXDAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTcyNloYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n" -+ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFFti\n" -+ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAFvmcK3Ida5ViVYDzxKVLPcPsCHe\n" -+ "3hxz99lBrerJC9iJSvRYTJoPBvjTxDYnBn5EFrQYMrUED+6i71lmGXNU9gs=\n" -+ "-----END CERTIFICATE-----\n", -+ /* B (signed by C) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n" -+ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFEh/\n" -+ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb0+EBv\n" -+ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8=\n" -+ "-----END CERTIFICATE-----\n", -+ /* C1 (signed by C) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBUjCCAQSgAwIBAgIUSKsfY1wD3eD2VmaaK1wt5naPckMwBQYDK2VwMBExDzAN\n" -+ "BgNVBAMTBlJvb3QgQzAgFw0yNDAxMTEwNjI1NDdaGA85OTk5MTIzMTIzNTk1OVow\n" -+ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEMxMCowBQYDK2VwAyEA/t7i1chZlKkV\n" -+ "qxJOrmmyATn8XnpK+nV/iT4OMHSHfAyjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n" -+ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRmpF3JjoP3NiBzE5J5ANT0bvfRmjAfBgNV\n" -+ "HSMEGDAWgBRIf1yoyLjHhGr1+UFaMt/UPhoZ8DAFBgMrZXADQQAeRBXv6WCTOp0G\n" -+ "3wgd8bbEGrrILfpi+qH7aj/MywgkPIlppDYRQ3jL6ASd+So/408dlE0DV9DXKBi0\n" -+ "725XUUYO\n" -+ "-----END CERTIFICATE-----\n", -+ /* C (signed by A) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBSDCB+6ADAgECAhRvbZv3SRTjDOiAbyFWHH4y0yMZkjAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTg1MVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e+qZEH\n" -+ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBaAFFti\n" -+ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAPl+SyiOfXJnjSWx8hFMhJ7w92mn\n" -+ "tkGifCFHBpUhYcBIMeMtLw0RBLXqaaN0EKlTFimiEkLClsU7DKYrpEEJegs=\n" -+ "-----END CERTIFICATE-----\n", -+ /* C (signed by B) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBSDCB+6ADAgECAhQU1OJWRVOLrGrgJiLwexd1/MwKkTAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MjAzMFoYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e+qZEH\n" -+ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBaAFJFA\n" -+ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBALXeyuj8vj6Q8j4l17VzZwmJl0gN\n" -+ "bCGoKMl0J/0NiN/fQRIsdbwQDh0RUN/RN3I6DTtB20ER6f3VdnzAh8nXkQ4=\n" -+ "-----END CERTIFICATE-----\n", -+ NULL -+}; -+ -+static const char *cross_signed_ca[] = { -+ /* A (self-signed) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBJzCB2qADAgECAhQs1Ur+gzPs1ISxs3Tbs700q0CZcjAFBgMrZXAwETEPMA0G\n" -+ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTYwMFoYDzk5OTkxMjMxMjM1OTU5WjAR\n" -+ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2hBs32p\n" -+ "WbnINkmOSNmOiZlGHKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" -+ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAHrVv7E9\n" -+ "5scuOVCH9gNRRm8Z9SUoLakRHAPnySdg6z/kI3vOgA/OM7reArpnW8l1H2FapgpL\n" -+ "bDeZ2XJH+BdVFwg=\n" -+ "-----END CERTIFICATE-----\n", -+ NULL -+}; -+ - #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wunused-variable" -@@ -4571,6 +4694,8 @@ static struct { - GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), - GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, - 1620118136, 1 }, -+ { "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0, -+ 1704955300 }, - { NULL, NULL, NULL, 0, 0 } - }; - --- -2.33.0 - diff --git a/backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch b/backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch deleted file mode 100644 index f957e36a6ee569f7153978d5e7e1b03654ada05b..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch +++ /dev/null @@ -1,422 +0,0 @@ -From 1c4701ffc342259fc5965d5a0de90d87f780e3e5 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 12 Jan 2024 17:56:58 +0900 -Subject: [PATCH] nettle: avoid normalization of mpz_t in deterministic ECDSA - -This removes function calls that potentially leak bit-length of a -private key used to calculate a nonce in deterministic ECDSA. Namely: - -- _gnutls_dsa_compute_k has been rewritten to work on always - zero-padded mp_limb_t arrays instead of mpz_t -- rnd_mpz_func has been replaced with rnd_datum_func, which is backed - by a byte array instead of an mpz_t value - -Signed-off-by: Daiki Ueno - -Reference: https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5 -Conflict: NA - ---- - lib/nettle/int/dsa-compute-k.c | 70 +++++++++++++++++++++---------- - lib/nettle/int/dsa-compute-k.h | 23 +++++++++- - lib/nettle/int/ecdsa-compute-k.c | 28 +++---------- - lib/nettle/int/ecdsa-compute-k.h | 4 +- - lib/nettle/pk.c | 65 +++++++++++++++++++++------- - tests/sign-verify-deterministic.c | 2 +- - 6 files changed, 127 insertions(+), 65 deletions(-) - -diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c -index 8ff5739c2..2fcb2bb80 100644 ---- a/lib/nettle/int/dsa-compute-k.c -+++ b/lib/nettle/int/dsa-compute-k.c -@@ -31,19 +31,30 @@ - #include "mpn-base256.h" - #include - --#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS) -+/* For mini-gmp */ -+#ifndef GMP_LIMB_BITS -+#define GMP_LIMB_BITS GMP_NUMB_BITS -+#endif - --/* The maximum size of q, chosen from the fact that we support -- * 521-bit elliptic curve generator and 512-bit DSA subgroup at -- * maximum. */ --#define MAX_Q_BITS 521 --#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8) --#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS) -+static inline int is_zero_limb(mp_limb_t x) -+{ -+ x |= (x << 1); -+ return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1); -+} -+ -+static int sec_zero_p(const mp_limb_t *ap, mp_size_t n) -+{ -+ volatile mp_limb_t w; -+ mp_size_t i; - --#define MAX_HASH_BITS (MAX_HASH_SIZE * 8) --#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS) -+ for (i = 0, w = 0; i < n; i++) -+ w |= ap[i]; - --int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, -+ return is_zero_limb(w); -+} -+ -+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x, -+ mp_size_t qn, mp_bitcnt_t q_bits, - gnutls_mac_algorithm_t mac, const uint8_t *digest, - size_t length) - { -@@ -51,9 +62,6 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, - uint8_t K[MAX_HASH_SIZE]; - uint8_t xp[MAX_Q_SIZE]; - uint8_t tp[MAX_Q_SIZE]; -- mp_limb_t h[MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)]; -- mp_bitcnt_t q_bits = mpz_sizeinbase(q, 2); -- mp_size_t qn = mpz_size(q); - mp_bitcnt_t h_bits = length * 8; - mp_size_t hn = BITS_TO_LIMBS(h_bits); - size_t nbytes = (q_bits + 7) / 8; -@@ -62,6 +70,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, - mp_limb_t cy; - gnutls_hmac_hd_t hd; - int ret = 0; -+ mp_limb_t scratch[MAX_Q_LIMBS]; - - if (unlikely(q_bits > MAX_Q_BITS)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -@@ -69,7 +78,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - /* int2octets(x) */ -- mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn); -+ mpn_get_base256(xp, nbytes, x, qn); - - /* bits2octets(h) */ - mpn_set_base256(h, hn, digest, length); -@@ -93,12 +102,12 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, - mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS); - } - -- cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn); -+ cy = mpn_sub_n(h, h, q, qn); - /* Fall back to addmul_1, if nettle is linked with mini-gmp. */ - #ifdef mpn_cnd_add_n -- mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn); -+ mpn_cnd_add_n(cy, h, h, q, qn); - #else -- mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0); -+ mpn_addmul_1(h, q, qn, cy != 0); - #endif - mpn_get_base256(tp, nbytes, h, qn); - -@@ -174,12 +183,8 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, - if (tlen * 8 > q_bits) - mpn_rshift(h, h, qn, tlen * 8 - q_bits); - /* Check if k is in [1,q-1] */ -- if (!mpn_zero_p(h, qn) && -- mpn_cmp(h, mpz_limbs_read(q), qn) < 0) { -- mpn_copyi(mpz_limbs_write(k, qn), h, qn); -- mpz_limbs_finish(k, qn); -+ if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn)) - break; -- } - - ret = gnutls_hmac_init(&hd, mac, K, length); - if (ret < 0) -@@ -203,3 +208,24 @@ out: - - return ret; - } -+ -+/* cancel-out dsa_sign's addition of 1 to random data */ -+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h, -+ mp_size_t n) -+{ -+ /* Fall back to sub_1, if nettle is linked with mini-gmp. */ -+#ifdef mpn_sec_sub_1 -+ mp_limb_t t[MAX_Q_LIMBS]; -+ -+ mpn_sec_sub_1(h, h, n, 1, t); -+#else -+ mpn_sub_1(h, h, n, 1); -+#endif -+ mpn_get_base256(k, nbytes, h, n); -+} -+ -+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h, -+ mp_size_t n) -+{ -+ mpn_get_base256(k, nbytes, h, n); -+} -diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h -index 49d243acb..2f0667a01 100644 ---- a/lib/nettle/int/dsa-compute-k.h -+++ b/lib/nettle/int/dsa-compute-k.h -@@ -26,8 +26,29 @@ - #include - #include /* includes gmp.h */ - --int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x, -+#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS) -+ -+/* The maximum size of q, chosen from the fact that we support -+ * 521-bit elliptic curve generator and 512-bit DSA subgroup at -+ * maximum. */ -+#define MAX_Q_BITS 521 -+#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8) -+#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS) -+ -+#define MAX_HASH_BITS (MAX_HASH_SIZE * 8) -+#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS) -+ -+#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS) -+ -+int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x, -+ mp_size_t qn, mp_bitcnt_t q_bits, - gnutls_mac_algorithm_t mac, const uint8_t *digest, - size_t length); - -+void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h, -+ mp_size_t n); -+ -+void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h, -+ mp_size_t n); -+ - #endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */ -diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c -index 3b7f88616..4e25235c4 100644 ---- a/lib/nettle/int/ecdsa-compute-k.c -+++ b/lib/nettle/int/ecdsa-compute-k.c -@@ -29,38 +29,38 @@ - #include "dsa-compute-k.h" - #include "gnutls_int.h" - --static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve) -+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve) - { - switch (curve) { - #ifdef ENABLE_NON_SUITEB_CURVES - case GNUTLS_ECC_CURVE_SECP192R1: -- mpz_init_set_str(*q, -+ mpz_init_set_str(q, - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836" - "146BC9B1B4D22831", - 16); - return 0; - case GNUTLS_ECC_CURVE_SECP224R1: -- mpz_init_set_str(*q, -+ mpz_init_set_str(q, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2" - "E0B8F03E13DD29455C5C2A3D", - 16); - return 0; - #endif - case GNUTLS_ECC_CURVE_SECP256R1: -- mpz_init_set_str(*q, -+ mpz_init_set_str(q, - "FFFFFFFF00000000FFFFFFFFFFFFFFFF" - "BCE6FAADA7179E84F3B9CAC2FC632551", - 16); - return 0; - case GNUTLS_ECC_CURVE_SECP384R1: -- mpz_init_set_str(*q, -+ mpz_init_set_str(q, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFC7634D81F4372DDF" - "581A0DB248B0A77AECEC196ACCC52973", - 16); - return 0; - case GNUTLS_ECC_CURVE_SECP521R1: -- mpz_init_set_str(*q, -+ mpz_init_set_str(q, - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFA51868783BF2F966B7FCC0148F709A" -@@ -73,19 +73,3 @@ static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve) - GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); - } - } -- --int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x, -- gnutls_mac_algorithm_t mac, const uint8_t *digest, -- size_t length) --{ -- mpz_t q; -- int ret; -- -- ret = _gnutls_ecc_curve_to_dsa_q(&q, curve); -- if (ret < 0) -- return gnutls_assert_val(ret); -- -- ret = _gnutls_dsa_compute_k(k, q, x, mac, digest, length); -- mpz_clear(q); -- return ret; --} -diff --git a/lib/nettle/int/ecdsa-compute-k.h b/lib/nettle/int/ecdsa-compute-k.h -index be8beddb5..207685763 100644 ---- a/lib/nettle/int/ecdsa-compute-k.h -+++ b/lib/nettle/int/ecdsa-compute-k.h -@@ -26,8 +26,6 @@ - #include - #include /* includes gmp.h */ - --int _gnutls_ecdsa_compute_k(mpz_t k, gnutls_ecc_curve_t curve, const mpz_t x, -- gnutls_mac_algorithm_t mac, const uint8_t *digest, -- size_t length); -+int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve); - - #endif /* GNUTLS_LIB_NETTLE_INT_ECDSA_COMPUTE_K_H */ -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 305548f4d..dd6b9936a 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -103,10 +103,16 @@ static void rnd_nonce_func(void *_ctx, size_t length, uint8_t *data) - } - } - --static void rnd_mpz_func(void *_ctx, size_t length, uint8_t *data) -+static void rnd_datum_func(void *ctx, size_t length, uint8_t *data) - { -- mpz_t *k = _ctx; -- nettle_mpz_get_str_256(length, data, *k); -+ gnutls_datum_t *d = ctx; -+ -+ if (length > d->size) { -+ memset(data, 0, length - d->size); -+ memcpy(data + (length - d->size), d->data, d->size); -+ } else { -+ memcpy(data, d->data, length); -+ } - } - - static void rnd_nonce_func_fallback(void *_ctx, size_t length, uint8_t *data) -@@ -1403,7 +1409,10 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - struct dsa_signature sig; - int curve_id = pk_params->curve; - const struct ecc_curve *curve; -- mpz_t k; -+ mpz_t q; -+ /* 521-bit elliptic curve generator at maximum */ -+ uint8_t buf[(521 + 7) / 8]; -+ gnutls_datum_t k = { NULL, 0 }; - void *random_ctx; - nettle_random_func *random_func; - -@@ -1447,17 +1456,32 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - not_approved = true; - } - -- mpz_init(k); -+ mpz_init(q); -+ - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST || - (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) { -- ret = _gnutls_ecdsa_compute_k( -- k, curve_id, pk_params->params[ECC_K], -+ mp_limb_t h[DSA_COMPUTE_K_ITCH]; -+ -+ ret = _gnutls_ecc_curve_to_dsa_q(q, curve_id); -+ if (ret < 0) -+ goto ecdsa_cleanup; -+ -+ ret = _gnutls_dsa_compute_k( -+ h, mpz_limbs_read(q), priv.p, -+ ecc_size(priv.ecc), ecc_bit_size(priv.ecc), - DIG_TO_MAC(sign_params->dsa_dig), vdata->data, - vdata->size); - if (ret < 0) - goto ecdsa_cleanup; -+ -+ k.data = buf; -+ k.size = (ecc_bit_size(priv.ecc) + 7) / 8; -+ -+ _gnutls_ecdsa_compute_k_finish(k.data, k.size, h, -+ ecc_size(priv.ecc)); -+ - random_ctx = &k; -- random_func = rnd_mpz_func; -+ random_func = rnd_datum_func; - } else { - random_ctx = NULL; - random_func = rnd_nonce_func; -@@ -1476,7 +1500,7 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - ecdsa_cleanup: - dsa_signature_clear(&sig); - ecc_scalar_zclear(&priv); -- mpz_clear(k); -+ mpz_clear(q); - - if (ret < 0) { - gnutls_assert(); -@@ -1488,7 +1512,9 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - struct dsa_params pub; - bigint_t priv; - struct dsa_signature sig; -- mpz_t k; -+ /* 512-bit DSA subgroup at maximum */ -+ uint8_t buf[(512 + 7) / 8]; -+ gnutls_datum_t k = { NULL, 0 }; - void *random_ctx; - nettle_random_func *random_func; - -@@ -1515,19 +1541,27 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - hash_len = vdata->size; - } - -- mpz_init(k); - if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST || - (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) { -+ mp_limb_t h[DSA_COMPUTE_K_ITCH]; -+ - ret = _gnutls_dsa_compute_k( -- k, pub.q, TOMPZ(priv), -+ h, mpz_limbs_read(pub.q), -+ mpz_limbs_read(TOMPZ(priv)), mpz_size(pub.q), -+ mpz_sizeinbase(pub.q, 2), - DIG_TO_MAC(sign_params->dsa_dig), vdata->data, - vdata->size); - if (ret < 0) - goto dsa_fail; -- /* cancel-out dsa_sign's addition of 1 to random data */ -- mpz_sub_ui(k, k, 1); -+ -+ k.data = buf; -+ k.size = (mpz_sizeinbase(pub.q, 2) + 7) / 8; -+ -+ _gnutls_dsa_compute_k_finish(k.data, k.size, h, -+ mpz_size(pub.q)); -+ - random_ctx = &k; -- random_func = rnd_mpz_func; -+ random_func = rnd_datum_func; - } else { - random_ctx = NULL; - random_func = rnd_nonce_func; -@@ -1544,7 +1578,6 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, - - dsa_fail: - dsa_signature_clear(&sig); -- mpz_clear(k); - - if (ret < 0) { - gnutls_assert(); -diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c -index 6969b57a1..bdd5a49c7 100644 ---- a/tests/sign-verify-deterministic.c -+++ b/tests/sign-verify-deterministic.c -@@ -198,7 +198,7 @@ void doit(void) - &tests[i].msg, &signature); - if (ret < 0) - testfail("gnutls_pubkey_verify_data2\n"); -- success(" - pass"); -+ success(" - pass\n"); - - next: - gnutls_free(signature.data); --- -2.33.0 - diff --git a/backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch b/backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch deleted file mode 100644 index b43d6f406aa73611a048b54b466d66df11c228ba..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch +++ /dev/null @@ -1,414 +0,0 @@ -From e369e67a62f44561d417cb233acc566cc696d82d Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 29 Jan 2024 13:52:46 +0900 -Subject: [PATCH] gnutls_x509_trust_list_verify_crt2: remove length limit of - input - -Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the -chain verification logic crashed with assertion failure. This patch -removes the restriction while keeping the maximum number of -retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH. - -Signed-off-by: Daiki Ueno - -Reference: https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d -Conflict: NA - ---- - lib/gnutls_int.h | 5 +- - lib/x509/common.c | 10 +- - lib/x509/verify-high.c | 51 ++++++---- - tests/test-chains.h | 211 ++++++++++++++++++++++++++++++++++++++++- - 4 files changed, 258 insertions(+), 19 deletions(-) - -diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h -index d8561ebe3..8cf9a8715 100644 ---- a/lib/gnutls_int.h -+++ b/lib/gnutls_int.h -@@ -232,7 +232,10 @@ typedef enum record_send_state_t { - - #define MAX_PK_PARAM_SIZE 2048 - --/* defaults for verification functions -+/* Defaults for verification functions. -+ * -+ * update many_icas in tests/test-chains.h when increasing -+ * DEFAULT_MAX_VERIFY_DEPTH. - */ - #define DEFAULT_MAX_VERIFY_DEPTH 16 - #define DEFAULT_MAX_VERIFY_BITS (MAX_PK_PARAM_SIZE * 8) -diff --git a/lib/x509/common.c b/lib/x509/common.c -index 2cc83c915..705aa868b 100644 ---- a/lib/x509/common.c -+++ b/lib/x509/common.c -@@ -1725,7 +1725,15 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist, - bool insorted[DEFAULT_MAX_VERIFY_DEPTH]; /* non zero if clist[i] used in sorted list */ - gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH]; - -- assert(clist_size <= DEFAULT_MAX_VERIFY_DEPTH); -+ /* Limit the number of certificates in the chain, to avoid DoS -+ * because of the O(n^2) sorting below. FIXME: Switch to a -+ * topological sort algorithm which should be linear to the -+ * number of certificates and subject-issuer relationships. -+ */ -+ if (clist_size > DEFAULT_MAX_VERIFY_DEPTH) { -+ _gnutls_debug_log("too many certificates; skipping sorting\n"); -+ return 1; -+ } - - for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++) { - issuer[i] = -1; -diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c -index 4e7361eb6..aacc24a7d 100644 ---- a/lib/x509/verify-high.c -+++ b/lib/x509/verify-high.c -@@ -25,7 +25,7 @@ - #include "errors.h" - #include - #include "global.h" --#include "num.h" /* MAX */ -+#include "num.h" /* MIN */ - #include "tls-sig.h" - #include "str.h" - #include "datum.h" -@@ -1361,7 +1361,8 @@ int gnutls_x509_trust_list_verify_crt2( - int ret = 0; - unsigned int i; - size_t hash; -- gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH]; -+ gnutls_x509_crt_t *cert_list_copy = NULL; -+ unsigned int cert_list_max_size = 0; - gnutls_x509_crt_t retrieved[DEFAULT_MAX_VERIFY_DEPTH]; - unsigned int retrieved_size = 0; - const char *hostname = NULL, *purpose = NULL, *email = NULL; -@@ -1421,16 +1422,28 @@ int gnutls_x509_trust_list_verify_crt2( - } - } - -- memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t)); -- cert_list = sorted; -+ /* Allocate extra for retrieved certificates. */ -+ if (!INT_ADD_OK(cert_list_size, DEFAULT_MAX_VERIFY_DEPTH, -+ &cert_list_max_size)) -+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ -+ cert_list_copy = _gnutls_reallocarray(NULL, cert_list_max_size, -+ sizeof(gnutls_x509_crt_t)); -+ if (!cert_list_copy) -+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -+ -+ memcpy(cert_list_copy, cert_list, -+ cert_list_size * sizeof(gnutls_x509_crt_t)); -+ cert_list = cert_list_copy; - - records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq, - cert_hashcode, NULL, false); -- if (records == NULL) -- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -+ if (records == NULL) { -+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -+ goto cleanup; -+ } - -- for (i = 0; i < cert_list_size && -- cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) { -+ for (i = 0; i < cert_list_size;) { - unsigned int sorted_size = 1; - unsigned int j, k; - gnutls_x509_crt_t issuer; -@@ -1442,8 +1455,7 @@ int gnutls_x509_trust_list_verify_crt2( - - assert(sorted_size > 0); - -- /* Remove duplicates. Start with index 1, as the first element -- * may be re-checked after issuer retrieval. */ -+ /* Remove duplicates. */ - for (j = 0; j < sorted_size; j++) { - if (gl_list_search(records, cert_list[i + j])) { - if (i + j < cert_list_size - 1) { -@@ -1495,13 +1507,15 @@ int gnutls_x509_trust_list_verify_crt2( - - ret = retrieve_issuers( - list, cert_list[i - 1], &retrieved[retrieved_size], -- DEFAULT_MAX_VERIFY_DEPTH - -- MAX(retrieved_size, cert_list_size)); -+ MIN(DEFAULT_MAX_VERIFY_DEPTH - retrieved_size, -+ cert_list_max_size - cert_list_size)); - if (ret < 0) { - break; - } else if (ret > 0) { - assert((unsigned int)ret <= -- DEFAULT_MAX_VERIFY_DEPTH - cert_list_size); -+ DEFAULT_MAX_VERIFY_DEPTH - retrieved_size); -+ assert((unsigned int)ret <= -+ cert_list_max_size - cert_list_size); - memmove(&cert_list[i + ret], &cert_list[i], - (cert_list_size - i) * - sizeof(gnutls_x509_crt_t)); -@@ -1517,8 +1531,10 @@ int gnutls_x509_trust_list_verify_crt2( - } - - cert_list_size = shorten_clist(list, cert_list, cert_list_size); -- if (cert_list_size <= 0) -- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); -+ if (cert_list_size <= 0) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); -+ goto cleanup; -+ } - - hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data, - cert_list[cert_list_size - 1]->raw_issuer_dn.size); -@@ -1661,10 +1677,13 @@ int gnutls_x509_trust_list_verify_crt2( - } - - cleanup: -+ gnutls_free(cert_list_copy); - for (i = 0; i < retrieved_size; i++) { - gnutls_x509_crt_deinit(retrieved[i]); - } -- gl_list_free(records); -+ if (records) { -+ gl_list_free(records); -+ } - return ret; - } - -diff --git a/tests/test-chains.h b/tests/test-chains.h -index 3e559fecd..a7fe1cdec 100644 ---- a/tests/test-chains.h -+++ b/tests/test-chains.h -@@ -23,7 +23,7 @@ - #ifndef GNUTLS_TESTS_TEST_CHAINS_H - #define GNUTLS_TESTS_TEST_CHAINS_H - --#define MAX_CHAIN 10 -+#define MAX_CHAIN 17 - - static const char *chain_with_no_subject_id_in_ca_ok[] = { - "-----BEGIN CERTIFICATE-----\n" -@@ -4383,6 +4383,213 @@ static const char *cross_signed_ca[] = { - NULL - }; - -+/* This assumes DEFAULT_MAX_VERIFY_DEPTH to be 16 */ -+static const char *many_icas[] = { -+ /* Server */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBqzCCAV2gAwIBAgIUIK3+SD3GmqJlRLZ/ESyhTzkSDL8wBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYD\n" -+ "VQQDEw90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQAWGjx45NIJiKFsNBxxRRjm\n" -+ "NxUT5KYK7xXr5HPVywwgLaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGC\n" -+ "D3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8E\n" -+ "BAMCB4AwHQYDVR0OBBYEFKgNAQWZPx76/vXqQOdIi5mTftsaMB8GA1UdIwQYMBaA\n" -+ "FDaPsY6WAGuRtrhYJE6Gk/bg5qbdMAUGAytlcANBAMIDh8aGcIIFDTUrzfV7tnkX\n" -+ "hHrxyFKBH/cApf6xcJQTfDXm23po627Ibp+WgLaWMY08Fn9Y2V6Ev8ADfqXNbQ8=\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA16 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUSnE0PKdm/dsnZSWBh5Ct4pS6DcwwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAxq9SI8vp0QH1dDBBuZW+t+bLLROppQbjSQ4O1BEonDOjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2j7GOlgBrkba4\n" -+ "WCROhpP24Oam3TAfBgNVHSMEGDAWgBRvdUKX0aw3nfUIdvivXGSfRO7zyjAFBgMr\n" -+ "ZXADQQBsI2Hc7X5hXoHTvk01qMc5a1I27QHAFRARJnvIQ15wxNS2LVLzGk+AUmwr\n" -+ "sOhBKAcVfS55uWtYdjoWQ80h238H\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA15 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUQk4XkgQVImnp6OPZas7ctwgBza4wBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAs3yVKLJd3sKbNVmj6Bxy2j1x025rksyQpZZWnCx5a+CjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRvdUKX0aw3nfUI\n" -+ "dvivXGSfRO7zyjAfBgNVHSMEGDAWgBRhGfUXYPh4YQsdtTWYUozLphGgfzAFBgMr\n" -+ "ZXADQQBXTtm56x6/pHXdW8dTvZLc/8RufNQrMlc23TCgX0apUnrZdTsNAb7OE4Uu\n" -+ "9PBuxK+CC9NL/BL2hXsKvAT+NWME\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA14 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUKfwz7UUYRvYlvqwmnLJlTOS9o1AwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAXbUetQ08t+F4+IcKL++HpeclqTxXZ7cG4mwqvHmTUEWjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRhGfUXYPh4YQsd\n" -+ "tTWYUozLphGgfzAfBgNVHSMEGDAWgBQYRQqO+V1kefF7QvNnFU1fX5H9+jAFBgMr\n" -+ "ZXADQQAiSHNMTLPFP3oa6q13Dj8jSxF9trQDJGM1ArWffFcPZUt2U4/ODHdcMTHx\n" -+ "kGwhIj+ghBlu6ykgu6J2wewCUooC\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA13 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUUKOs59gyCPAZzoC7zMZQSh6AnQgwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAmvqhj5GYqsXIpsr1BXBfD+2mTP/m/TEpKIYSZHM62dijYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQYRQqO+V1kefF7\n" -+ "QvNnFU1fX5H9+jAfBgNVHSMEGDAWgBQ27HzvP5hl2xR+LOzRcPfmY5ndXjAFBgMr\n" -+ "ZXADQQBrB3NkrYC7EQ74qgeesVOE71rW012dPOOKPAV0laR+JLEgsv9sfus+AdBF\n" -+ "WBNwR3KeYBTi/MFDuecxBHU2m5gD\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA12 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUUQooGfH21+sR7/pSgCWm13gg2H4wBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAK2of/B4wMpk6k/KdugC5dMS+jo2fseUM7/PvXkE6HASjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ27HzvP5hl2xR+\n" -+ "LOzRcPfmY5ndXjAfBgNVHSMEGDAWgBSJDHU0Mj1Xr0e8ErCnRK24w7XwTTAFBgMr\n" -+ "ZXADQQDY8d2bAZpj7oGhdl2dBsCE48jEWj49da0PbgN12koAj3gf4hjMPd8G7p5z\n" -+ "8RsURAwQmCkE8ShvdNw/Qr2tDL0E\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA11 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUW9Dw0hU2pfjXhb5Stip+mk9SndIwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAn5ISjLVV6RBWsnxDWHDicpye7SjFwGOTwzF01/psiJ2jYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSJDHU0Mj1Xr0e8\n" -+ "ErCnRK24w7XwTTAfBgNVHSMEGDAWgBSR9UU27RI0XohiEgHDxNo/9HP4djAFBgMr\n" -+ "ZXADQQCfQg6MDHk71vhyrEo4/5PcLb2Li5F/FKURyux7snv2TbkSdInloAqca9UR\n" -+ "DtqHSLCNLXCNdSPr5QwIt5p29rsE\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA10 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUR4uTedG8e6MibKViQ3eX7QzXG1swBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAnslX04kSVOL5LAf1e+Ze3ggNnDJcEAxLDk8I/IhyjTyjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSR9UU27RI0Xohi\n" -+ "EgHDxNo/9HP4djAfBgNVHSMEGDAWgBRC7US5gJYnvd5F7EN+C4anMgd2NzAFBgMr\n" -+ "ZXADQQDo+jHt07Tvz3T5Lbz6apBrSln8xKYfJk2W1wP85XAnf7sZT9apM1bS4EyD\n" -+ "Kckw+KG+9x7myOZz6AXJgZB5OGAO\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA9 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUSIIIRjrNpE+kEPkiJMOqaNAazvQwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAZKy7p1Gn4W/reRxKJN99+QkHt2q9aELktCKe5PqrX5ejYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRC7US5gJYnvd5F\n" -+ "7EN+C4anMgd2NzAfBgNVHSMEGDAWgBSOhR7Ornis2x8g0J+bvTTwMnW60zAFBgMr\n" -+ "ZXADQQA0MEcC4FgKZEAfalVpApU2to0G158MVz/WTNcSc7fnl8ifJ/g56dVHL1jr\n" -+ "REvC/S28dn/CGAlbVXUAgxnHAbgE\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA8 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUGGFSgD95vOTSj7iFxfXA5vq6vsYwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAg3W/bTdW0fR32NeZEVMXICpa30d7rSdddLOYDvqqUO+jYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSOhR7Ornis2x8g\n" -+ "0J+bvTTwMnW60zAfBgNVHSMEGDAWgBT3zK8Hbn9aVTAOOFY6RSxJ2o5x2jAFBgMr\n" -+ "ZXADQQBl4gnzE463iMFg57gPvjHdVzA39sJBpiu0kUGfRcLnoRI/VOaLcx7WnJ9+\n" -+ "c3KxPZBec76EdIoQDkTmI6m2FIAM\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA7 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUGktMGXhNuaMhKyAlecymmLD+/GIwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEA/Z1oc76hOQ0Hi+2hePaGIntnMIDqBlb7RDMjRpYONP2jYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT3zK8Hbn9aVTAO\n" -+ "OFY6RSxJ2o5x2jAfBgNVHSMEGDAWgBSPae3JUN3jP0NgUJqDV3eYxcaM3DAFBgMr\n" -+ "ZXADQQBMkwKaUZlvG/hax8rv3nnDv8kJOr6KVHBnxSx3hZ+8HIBT7GFm1+YDeYOB\n" -+ "jhNg66kyeFPGXXBCe+mvNQFFjCEE\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA6 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUKn3gz5lAUpKqWlHKLKYDbOJ4rygwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAZ/eD4eTe91ddvHusm7YlLPxU4ByGFc6suAmlP1CxXkWjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSPae3JUN3jP0Ng\n" -+ "UJqDV3eYxcaM3DAfBgNVHSMEGDAWgBT9f/qSI/jhxvGI7aMtkpraDcjBnjAFBgMr\n" -+ "ZXADQQAMRnkmRhnLGdmJaY8B42gfyaAsqCMyds/Tw4OHYy+N48XuAxRjKkhf3szC\n" -+ "0lY71oU043mNP1yx/dzAuCTrVSgI\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA5 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUEgEYbBXXEyGv3vOq10JQv1SBiUUwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAs2xEDPw8RVal53nX9GVwUd1blq1wjtVFC8S1V7up7MWjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT9f/qSI/jhxvGI\n" -+ "7aMtkpraDcjBnjAfBgNVHSMEGDAWgBRBVkLu9BmCKz7HNI8md4vPpoE/7jAFBgMr\n" -+ "ZXADQQCCufAyLijtzzmeCuO3K50rBSbGvB3FQfep7g6kVsQKM3bw/olWK5/Ji0dD\n" -+ "ubJ0cFl1FmfAda7aVxLBtJOvO6MI\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA4 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIULj8GkaHw+92HuOTnXnXlxCy3VrEwBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAiedxh4dvtwDellMAHc/pZH0MAOXobRenTUgF1yj5l12jYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRBVkLu9BmCKz7H\n" -+ "NI8md4vPpoE/7jAfBgNVHSMEGDAWgBSDtNRgQ36KwW/ASaMyr6WeDt0STDAFBgMr\n" -+ "ZXADQQDL8U2ckzur7CktdrVUNvfLhVCOz33d/62F28vQFHUa8h/4h+Mi1MMbXOKT\n" -+ "1bL2TvpFpU7Fx/vcIPXDielVqr4C\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA3 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUQXl74TDDw6MQRMbQUSPa6Qrvba8wBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEA7l0jQ0f4fJRw7Qja/Hz2qn8y91SI7CokxhSf+FT+9M6jYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBSDtNRgQ36KwW/A\n" -+ "SaMyr6WeDt0STDAfBgNVHSMEGDAWgBQ2inEK4KH6ATftmybxKE1dZUzOozAFBgMr\n" -+ "ZXADQQCnP7Oqx1epGnFnO7TrTJwcUukXDEYsINve2GeUsi8HEIeKKlMcLZ2Cnaj7\n" -+ "5v9NGuWh3QJpmmSGpEemiv8dJc4A\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA2 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBYTCCAROgAwIBAgIUP7Nmof8H2F1LyDkjqlYIUpGdXE8wBQYDK2VwMB0xGzAZ\n" -+ "BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n" -+ "MTIzMTIzNTk1OVowHTEbMBkGA1UEAwwSR251VExTIHRlc3QgSUNBICRpMCowBQYD\n" -+ "K2VwAyEAkW9Rod3CXAnha6nlaHkDbCOegq94lgmjqclA9sOIt3yjYzBhMA8GA1Ud\n" -+ "EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQ2inEK4KH6ATft\n" -+ "mybxKE1dZUzOozAfBgNVHSMEGDAWgBRPq/CQlK/zuXkjZvTCibu+vejD+jAFBgMr\n" -+ "ZXADQQBU+A+uF0yrtO/yv9cRUdCoL3Y1NKM35INg8BQDnkv724cW9zk1x0q9Fuou\n" -+ "zvfSVb8S3vT8fF5ZDOxarQs6ZH0C\n" -+ "-----END CERTIFICATE-----\n", -+ /* ICA1 */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBXTCCAQ+gAwIBAgIUfUWP+AQHpdFTRKTf21mMzjaJsp0wBQYDK2VwMBkxFzAV\n" -+ "BgNVBAMTDkdudVRMUyB0ZXN0IENBMCAXDTI0MDMxMjIyNTMzOVoYDzk5OTkxMjMx\n" -+ "MjM1OTU5WjAdMRswGQYDVQQDDBJHbnVUTFMgdGVzdCBJQ0EgJGkwKjAFBgMrZXAD\n" -+ "IQAVmfBAvLbT+pTD24pQrr6S0jEIFIV/qOv93yYvAUzpzKNjMGEwDwYDVR0TAQH/\n" -+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFE+r8JCUr/O5eSNm9MKJ\n" -+ "u7696MP6MB8GA1UdIwQYMBaAFAFpt5wrFsqCtHc4PpluPDvwcxQLMAUGAytlcANB\n" -+ "AC6+XZnthjlUD0TbBKRF3qT5if3Pp29Bgvutw8859unzUZW8FkHg5KeDBj9ncgJc\n" -+ "O2tFnNH2hV6LDPJzU0rtLQc=\n" -+ "-----END CERTIFICATE-----\n", -+ NULL -+}; -+ -+static const char *many_icas_ca[] = { -+ /* CA (self-signed) */ -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIIBNzCB6qADAgECAhRjaokcQwcrtW8tjuVFz3A33F8POjAFBgMrZXAwGTEXMBUG\n" -+ "A1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjQwMzEyMjI1MzM5WhgPOTk5OTEyMzEy\n" -+ "MzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMCowBQYDK2VwAyEAvoxP\n" -+ "TNdbWktxA8qQNNH+25Cx9rzP+DxLGeI/7ODwrQGjQjBAMA8GA1UdEwEB/wQFMAMB\n" -+ "Af8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBQBabecKxbKgrR3OD6Zbjw78HMU\n" -+ "CzAFBgMrZXADQQCP5IUD74M7WrUx20uqzrzuj+s2jnBVmLQfWf/Ucetx+oTRFeq4\n" -+ "xZB/adWhycSeJUAB1zKqYUV9hgT8FWHbnHII\n" -+ "-----END CERTIFICATE-----\n", -+ NULL -+}; -+ - #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wunused-variable" -@@ -4696,6 +4903,8 @@ static struct { - 1620118136, 1 }, - { "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0, - 1704955300 }, -+ { "many intermediates - ok", many_icas, many_icas_ca, 0, 0, 0, -+ 1710284400 }, - { NULL, NULL, NULL, 0, 0 } - }; - --- -2.33.0 - diff --git a/gnutls-3.8.2.tar.xz.sig b/gnutls-3.8.2.tar.xz.sig deleted file mode 100644 index 88ecb9b7665d5863ce0ef7137f25f333a5a32a12..0000000000000000000000000000000000000000 Binary files a/gnutls-3.8.2.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.8.2.tar.xz b/gnutls-3.8.8.tar.xz similarity index 45% rename from gnutls-3.8.2.tar.xz rename to gnutls-3.8.8.tar.xz index 914c17adf273b5478f73529b5636409ec8ac7ffc..38da31f63ed4a5ad723e9566085cda26a082637f 100644 Binary files a/gnutls-3.8.2.tar.xz and b/gnutls-3.8.8.tar.xz differ diff --git a/gnutls-3.8.8.tar.xz.sig b/gnutls-3.8.8.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000..c7bfcaf340c624f3d9cd125741532f23f919eab6 Binary files /dev/null and b/gnutls-3.8.8.tar.xz.sig differ diff --git a/gnutls.spec b/gnutls.spec index cb40bbc33858c3a66f85d45adf836ca097f775b5..5c9bba9efe9d1d4febbce60e60c54a959b3889f3 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,6 +1,6 @@ Name: gnutls -Version: 3.8.2 -Release: 5 +Version: 3.8.8 +Release: 1 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ @@ -9,10 +9,6 @@ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig Patch0: fix-ipv6-handshake-failed.patch -Patch1: backport-CVE-2024-0553-rsa-psk-minimize-branching-after-decryption.patch -Patch2: backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch -Patch3: backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch -Patch4: backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch %bcond_without dane %bcond_with guile @@ -244,6 +240,14 @@ make check %{?_smp_mflags} %endif %changelog +* Tue Nov 12 2024 zhangxianjun - 3.8.8-1 +- update to 3.8.8 +- Fixed the check at src/benchmark-tls.c +- devel/generate-dlwrap.sh: remove --clang-resource-dir option +- priority: give KEM groups precedence over EC(DH) groups in TLS 1.3 +- _gnutls_session_supports_group: return boolean instead of error code +- fix CVE-2024-28834,CVE-2024-28835,CVE-2024-0553,CVE-2024-0567 + * Mon Sep 2 2024 xuraoqing - 3.8.2-5 - remove man1 from gnutls-utils