File 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch of Package gnutls.18748
From 57d22ddc85a1fde180c0a5b0178eeb128792e636 Mon Sep 17 00:00:00 2001
From: Petr Pavlu <petr.pavlu@suse.com>
Date: Wed, 8 Jul 2020 10:12:30 +0200
Subject: [PATCH] pubkey: avoid spurious audit messages from
_gnutls_pubkey_compatible_with_sig()
When checking in _gnutls_pubkey_compatible_with_sig() whether a public
key is compatible with a signature algorithm, run first
pubkey_supports_sig() before performing weaker checks that can accept
the given algorithm but with an audit-log warning. This avoids an issue
when a weaker check would log an audit message for some signature
algorithm that would then be determined as incompatible by the
pubkey_supports_sig() check anyway.
For instance, a GnuTLS server might have a certificate with a SECP384R1
public key and a client can report that it supports
ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the
GnuTLS server will eventually find that it must use
ECDSA-SECP384R1-SHA384 with this public key. However, the code would
first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is
compatible with ECDSA-SECP256R1-SHA256. The function would report the
audit warning "The hash size used in signature (32) is less than the
expected (48)" but then reject the signature algorithm in
pubkey_supports_sig() as incompatible because it has a different curve.
Since the algorithm gets rejected it is not necessary to inform about
its hash size difference in the audit log.
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
---
lib/pubkey.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/pubkey.c b/lib/pubkey.c
index de95a04c3..6f9d54f11 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -2092,10 +2092,16 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
unsigned int sig_hash_size;
const mac_entry_st *me;
const gnutls_sign_entry_st *se;
+ int ret;
se = _gnutls_sign_to_entry(sign);
- if (se == NULL && _gnutls_version_has_selectable_sighash(ver))
+ if (se != NULL) {
+ ret = pubkey_supports_sig(pubkey, se);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else if (_gnutls_version_has_selectable_sighash(ver)) {
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
if (pubkey->params.algo == GNUTLS_PK_DSA) {
me = _gnutls_dsa_q_to_hash(&pubkey->params, &hash_size);
@@ -2158,9 +2164,6 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
}
}
- if (se != NULL)
- return pubkey_supports_sig(pubkey, se);
-
return 0;
}
--
2.29.2