--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gnutl...@packages.debian.org, t...@security.debian.org,
gnutl...@packages.debian.org
Control: affects -1 + src:gnutls28
Hello,
I would like to fix both CVE-2024-0567 and CVE-2024-0553 via a
stable-updates since they do not require a DSA.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
cu Andreas
diff -Nru gnutls28-3.7.9/debian/changelog gnutls28-3.7.9/debian/changelog
--- gnutls28-3.7.9/debian/changelog 2023-11-30 07:50:48.000000000 +0100
+++ gnutls28-3.7.9/debian/changelog 2024-01-19 18:28:37.000000000 +0100
@@ -1,3 +1,13 @@
+gnutls28 (3.7.9-2+deb12u2) bookworm; urgency=medium
+
+ * Cherrypick two CVE fixes from 3.8.3:
+ Fix assertion failure when verifying a certificate chain with a cycle of
+ cross signatures. CVE-2024-0567 GNUTLS-SA-2024-01-09 Closes: #1061045
+ Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553
+ GNUTLS-SA-2024-01-14 Closes: #1061046
+
+ -- Andreas Metzler <ametz...@debian.org> Fri, 19 Jan 2024 18:28:37 +0100
+
gnutls28 (3.7.9-2+deb12u1) bookworm; urgency=medium
* Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel
diff -Nru gnutls28-3.7.9/debian/patches/61-x509-detect-loop-in-certificate-chain.patch gnutls28-3.7.9/debian/patches/61-x509-detect-loop-in-certificate-chain.patch
--- gnutls28-3.7.9/debian/patches/61-x509-detect-loop-in-certificate-chain.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.7.9/debian/patches/61-x509-detect-loop-in-certificate-chain.patch 2024-01-19 18:28:07.000000000 +0100
@@ -0,0 +1,188 @@
+From 9edbdaa84e38b1bfb53a7d72c1de44f8de373405 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <u...@gnu.org>
+Date: Thu, 11 Jan 2024 15:45:11 +0900
+Subject: [PATCH 1/2] x509: detect loop in certificate chain
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There can be a loop in a certificate chain, when multiple CA
+certificates are cross-signed with each other, such as A → B, B → C,
+and C → A. Previously, the verification logic was not capable of
+handling this scenario while sorting the certificates in the chain in
+_gnutls_sort_clist, resulting in an assertion failure. This patch
+properly detects such loop and aborts further processing in a graceful
+manner.
+
+Signed-off-by: Daiki Ueno <u...@gnu.org>
+---
+ lib/x509/common.c | 4 ++
+ tests/test-chains.h | 125 ++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 129 insertions(+)
+
+--- a/lib/x509/common.c
++++ b/lib/x509/common.c
+@@ -1794,10 +1794,14 @@ unsigned int _gnutls_sort_clist(gnutls_x
+ prev = issuer[prev];
+ if (prev < 0) { /* no issuer */
+ break;
+ }
+
++ if (insorted[prev]) { /* loop detected */
++ break;
++ }
++
+ sorted[i] = clist[prev];
+ insorted[prev] = 1;
+ }
+
+ /* append the remaining certs */
+--- a/tests/test-chains.h
++++ b/tests/test-chains.h
+@@ -4261,10 +4261,133 @@ static const char *rsa_sha1_not_in_trust
+ "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n"
+ "-----END CERTIFICATE-----\n",
+ NULL
+ };
+
++static const char *cross_signed[] = {
++ /* server (signed by A1) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBqDCCAVqgAwIBAgIUejlil+8DBffazcnMNwyOOP6yCCowBQYDK2VwMBoxGDAW\n"
++ "BgNVBAMTD0ludGVybWVkaWF0ZSBBMTAgFw0yNDAxMTEwNjI3MjJaGA85OTk5MTIz\n"
++ "MTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYDVQQD\n"
++ "Ew90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQA1ZVS0PcNeTPQMZ+FuVz82AHrj\n"
++ "qL5hWEpCDgpG4M4fxaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3Rl\n"
++ "c3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMC\n"
++ "B4AwHQYDVR0OBBYEFGtEUv+JSt+zPoO3lu0IiObZVoiNMB8GA1UdIwQYMBaAFPnY\n"
++ "v6Pw0IvKSqIlb6ewHyEAmTA3MAUGAytlcANBAAS2lyc87kH/aOvNKzPjqDwUYxPA\n"
++ "CfYjyaKea2d0DZLBM5+Bjnj/4aWwTKgVTJzWhLJcLtaSdVHrXqjr9NhEhQ0=\n"
++ "-----END CERTIFICATE-----\n",
++ /* A1 (signed by A) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBUjCCAQSgAwIBAgIUe/R+NVp04e74ySw2qgI6KZgFR20wBQYDK2VwMBExDzAN\n"
++ "BgNVBAMTBlJvb3QgQTAgFw0yNDAxMTEwNjI1MDFaGA85OTk5MTIzMTIzNTk1OVow\n"
++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEExMCowBQYDK2VwAyEAlkTNqwz973sy\n"
++ "u3whMjSiUMs77CZu5YA7Gi5KcakExrKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n"
++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT52L+j8NCLykqiJW+nsB8hAJkwNzAfBgNV\n"
++ "HSMEGDAWgBRbYgOkRGsd3Z74+CauX4htzLg0lzAFBgMrZXADQQBM0NBaFVPd3cTJ\n"
++ "DSaZNT34fsHuJk4eagpn8mBxKQpghq4s8Ap+nYtp2KiXjcizss53PeLXVnkfyLi0\n"
++ "TLVBHvUJ\n"
++ "-----END CERTIFICATE-----\n",
++ /* A (signed by B) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBSDCB+6ADAgECAhQtdJpg+qlPcLoRW8iiztJUD4xNvDAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MTk1OVoYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2hBs32p\n"
++ "WbnINkmOSNmOiZlGHKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMB8GA1UdIwQYMBaAFJFA\n"
++ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBAPv674p9ek5GjRcRfVQhgN+kQlHU\n"
++ "u774wL3Vx3fWA1E7+WchdMzcHrPoa5OKtKmxjIKUTO4SeDZL/AVpvulrWwk=\n"
++ "-----END CERTIFICATE-----\n",
++ /* A (signed by C) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n"
++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFEh/\n"
++ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb0+EBv\n"
++ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8=\n"
++ "-----END CERTIFICATE-----\n",
++ /* B1 (signed by B) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBUjCCAQSgAwIBAgIUfpmrVDc1XBA5/7QYMyGBuB9mTtUwBQYDK2VwMBExDzAN\n"
++ "BgNVBAMTBlJvb3QgQjAgFw0yNDAxMTEwNjI1MjdaGA85OTk5MTIzMTIzNTk1OVow\n"
++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEIxMCowBQYDK2VwAyEAh6ZTuJWsweVB\n"
++ "a5fsye5iq89kWDC2Y/Hlc0htLmjzMP+jYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n"
++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTMQu37PKyLjKfPODZgxYCaayff+jAfBgNV\n"
++ "HSMEGDAWgBSRQLNq4Oo/MPQCiLUZzjjoxthRujAFBgMrZXADQQBblmguY+lnYvOK\n"
++ "rAZJnqpEUGfm1tIFyu3rnlE7WOVcXRXMIoNApLH2iHIipQjlvNWuSBFBTC1qdewh\n"
++ "/e+0cgQB\n"
++ "-----END CERTIFICATE-----\n",
++ /* B (signed by A) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBSDCB+6ADAgECAhRpEm+dWNX6DMZh/nottkFfFFrXXDAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTcyNloYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n"
++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFFti\n"
++ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAFvmcK3Ida5ViVYDzxKVLPcPsCHe\n"
++ "3hxz99lBrerJC9iJSvRYTJoPBvjTxDYnBn5EFrQYMrUED+6i71lmGXNU9gs=\n"
++ "-----END CERTIFICATE-----\n",
++ /* B (signed by C) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n"
++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFEh/\n"
++ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb0+EBv\n"
++ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8=\n"
++ "-----END CERTIFICATE-----\n",
++ /* C1 (signed by C) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBUjCCAQSgAwIBAgIUSKsfY1wD3eD2VmaaK1wt5naPckMwBQYDK2VwMBExDzAN\n"
++ "BgNVBAMTBlJvb3QgQzAgFw0yNDAxMTEwNjI1NDdaGA85OTk5MTIzMTIzNTk1OVow\n"
++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEMxMCowBQYDK2VwAyEA/t7i1chZlKkV\n"
++ "qxJOrmmyATn8XnpK+nV/iT4OMHSHfAyjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n"
++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRmpF3JjoP3NiBzE5J5ANT0bvfRmjAfBgNV\n"
++ "HSMEGDAWgBRIf1yoyLjHhGr1+UFaMt/UPhoZ8DAFBgMrZXADQQAeRBXv6WCTOp0G\n"
++ "3wgd8bbEGrrILfpi+qH7aj/MywgkPIlppDYRQ3jL6ASd+So/408dlE0DV9DXKBi0\n"
++ "725XUUYO\n"
++ "-----END CERTIFICATE-----\n",
++ /* C (signed by A) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBSDCB+6ADAgECAhRvbZv3SRTjDOiAbyFWHH4y0yMZkjAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTg1MVoYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e+qZEH\n"
++ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBaAFFti\n"
++ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAPl+SyiOfXJnjSWx8hFMhJ7w92mn\n"
++ "tkGifCFHBpUhYcBIMeMtLw0RBLXqaaN0EKlTFimiEkLClsU7DKYrpEEJegs=\n"
++ "-----END CERTIFICATE-----\n",
++ /* C (signed by B) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBSDCB+6ADAgECAhQU1OJWRVOLrGrgJiLwexd1/MwKkTAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MjAzMFoYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e+qZEH\n"
++ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBaAFJFA\n"
++ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBALXeyuj8vj6Q8j4l17VzZwmJl0gN\n"
++ "bCGoKMl0J/0NiN/fQRIsdbwQDh0RUN/RN3I6DTtB20ER6f3VdnzAh8nXkQ4=\n"
++ "-----END CERTIFICATE-----\n",
++ NULL
++};
++
++static const char *cross_signed_ca[] = {
++ /* A (self-signed) */
++ "-----BEGIN CERTIFICATE-----\n"
++ "MIIBJzCB2qADAgECAhQs1Ur+gzPs1ISxs3Tbs700q0CZcjAFBgMrZXAwETEPMA0G\n"
++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTYwMFoYDzk5OTkxMjMxMjM1OTU5WjAR\n"
++ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2hBs32p\n"
++ "WbnINkmOSNmOiZlGHKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n"
++ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAHrVv7E9\n"
++ "5scuOVCH9gNRRm8Z9SUoLakRHAPnySdg6z/kI3vOgA/OM7reArpnW8l1H2FapgpL\n"
++ "bDeZ2XJH+BdVFwg=\n"
++ "-----END CERTIFICATE-----\n",
++ NULL
++};
++
+ #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+ # pragma GCC diagnostic push
+ # pragma GCC diagnostic ignored "-Wunused-variable"
+ #endif
+
+@@ -4440,10 +4563,12 @@ static struct
+ 0, NULL, 1620052390, 1},
+ { "rsa-sha1 not in trusted - not ok",
+ rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca,
+ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM),
+ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1},
++ { "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0,
++ 1704955300 },
+ { NULL, NULL, NULL, 0, 0}
+ };
+
+ #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+ # pragma GCC diagnostic pop
diff -Nru gnutls28-3.7.9/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch gnutls28-3.7.9/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch
--- gnutls28-3.7.9/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.7.9/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch 2024-01-19 18:28:37.000000000 +0100
@@ -0,0 +1,129 @@
+From 40dbbd8de499668590e8af51a15799fbc430595e Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <u...@gnu.org>
+Date: Wed, 10 Jan 2024 19:13:17 +0900
+Subject: [PATCH 2/2] rsa-psk: minimize branching after decryption
+
+This moves any non-trivial code between gnutls_privkey_decrypt_data2
+and the function return in _gnutls_proc_rsa_psk_client_kx up until the
+decryption. This also avoids an extra memcpy to session->key.key.
+
+Signed-off-by: Daiki Ueno <u...@gnu.org>
+---
+ lib/auth/rsa_psk.c | 69 ++++++++++++++++++++++++----------------------
+ 1 file changed, 36 insertions(+), 33 deletions(-)
+
+--- a/lib/auth/rsa_psk.c
++++ b/lib/auth/rsa_psk.c
+@@ -267,11 +267,10 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se
+ gnutls_datum_t ciphertext;
+ gnutls_datum_t pwd_psk = { NULL, 0 };
+ int ret, dsize;
+ ssize_t data_size = _data_size;
+ gnutls_psk_server_credentials_t cred;
+- gnutls_datum_t premaster_secret = { NULL, 0 };
+ volatile uint8_t ver_maj, ver_min;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK);
+
+@@ -329,29 +328,52 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se
+ ciphertext.size = dsize;
+
+ ver_maj = _gnutls_get_adv_version_major(session);
+ ver_min = _gnutls_get_adv_version_minor(session);
+
+- premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
+- if (premaster_secret.data == NULL) {
++ /* Find the key of this username. A random value will be
++ * filled in if the key is not found.
++ */
++ ret = _gnutls_psk_pwd_find_entry(session, info->username,
++ strlen(info->username), &pwd_psk);
++ if (ret < 0)
++ return gnutls_assert_val(ret);
+
+- gnutls_assert();
++ /* Allocate memory for premaster secret, and fill in the
++ * fields except the decryption result.
++ */
++ session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size;
++ session->key.key.data = gnutls_malloc(session->key.key.size);
++ if (session->key.key.data == NULL) {
++ gnutls_assert();
++ _gnutls_free_key_datum(&pwd_psk);
++ /* No need to zeroize, as the secret is not copied in yet */
++ _gnutls_free_datum(&session->key.key);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+- premaster_secret.size = GNUTLS_MASTER_SIZE;
+
+ /* Fallback value when decryption fails. Needs to be unpredictable. */
+- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+- premaster_secret.size);
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2,
++ GNUTLS_MASTER_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+- goto cleanup;
++ _gnutls_free_key_datum(&pwd_psk);
++ /* No need to zeroize, as the secret is not copied in yet */
++ _gnutls_free_datum(&session->key.key);
++ return ret;
+ }
+
++ _gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data);
++ _gnutls_write_uint16(pwd_psk.size,
++ &session->key.key.data[2 + GNUTLS_MASTER_SIZE]);
++ memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2], pwd_psk.data,
++ pwd_psk.size);
++ _gnutls_free_key_datum(&pwd_psk);
++
+ gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
+- &ciphertext, premaster_secret.data,
+- premaster_secret.size);
++ &ciphertext, session->key.key.data + 2,
++ GNUTLS_MASTER_SIZE);
+ /* After this point, any conditional on failure that cause differences
+ * in execution may create a timing or cache access pattern side
+ * channel that can be used as an oracle, so tread carefully */
+
+ /* Error handling logic:
+@@ -367,35 +389,14 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+
+- premaster_secret.data[0] = ver_maj;
+- premaster_secret.data[1] = ver_min;
+-
+- /* find the key of this username
+- */
+- ret =
+- _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
+- if (ret < 0) {
+- gnutls_assert();
+- goto cleanup;
+- }
+-
+- ret =
+- set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
+- if (ret < 0) {
+- gnutls_assert();
+- goto cleanup;
+- }
+-
+- ret = 0;
+- cleanup:
+- _gnutls_free_key_datum(&pwd_psk);
+- _gnutls_free_temp_key_datum(&premaster_secret);
++ session->key.key.data[2] = ver_maj;
++ session->key.key.data[3] = ver_min;
+
+- return ret;
++ return 0;
+ }
+
+ static int
+ _gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
diff -Nru gnutls28-3.7.9/debian/patches/series gnutls28-3.7.9/debian/patches/series
--- gnutls28-3.7.9/debian/patches/series 2023-11-30 07:50:48.000000000 +0100
+++ gnutls28-3.7.9/debian/patches/series 2024-01-19 18:21:36.000000000 +0100
@@ -4,3 +4,5 @@
50_Fix-removal-of-duplicate-certs-during-verification.patch
51_add-gnulib-linkedhash-list-module.diff
60-auth-rsa_psk-side-step-potential-side-channel.patch
+61-x509-detect-loop-in-certificate-chain.patch
+62-rsa-psk-minimize-branching-after-decryption.patch
signature.asc
Description: PGP signature
--- End Message ---
