Bug#1012033: bullseye-pu: package gnutls28/3.7.1-5+deb11u1

Sat, 28 May 2022 22:39:15 -0700 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Dmitry Baryshkov <dbarysh...@gmail.com>, 
gnutl...@packages.debian.org

Hello,

as requested in #1011246 I would like fix miscalculation of SHA384 in
the SSA accelarated implementation.

It is a one-line change and was part of the 3.7.3 release.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru gnutls28-3.7.1/debian/changelog gnutls28-3.7.1/debian/changelog
--- gnutls28-3.7.1/debian/changelog	2021-05-29 12:14:30.000000000 +0200
+++ gnutls28-3.7.1/debian/changelog	2022-05-22 13:04:01.000000000 +0200
@@ -1,3 +1,10 @@
+gnutls28 (3.7.1-5+deb11u1) bullseye; urgency=medium
+
+  * 56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch: Backport SSSE3 SHA384
+    miscalculation fix from 3.7.3.  Closes: #1011246
+
+ -- Andreas Metzler <ametz...@debian.org>  Sun, 22 May 2022 13:04:01 +0200
+
 gnutls28 (3.7.1-5) unstable; urgency=medium
 
   * Another fix from 3.7.2:
diff -Nru gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch
--- gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch	2022-05-22 13:04:01.000000000 +0200
@@ -0,0 +1,34 @@
+From acdfeb4b3f0c64ad20f28513618e9903bfb81426 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlich...@redhat.com>
+Date: Wed, 1 Sep 2021 15:48:27 +0200
+Subject: [PATCH] fix SSSE3 SHA384 to work more than once
+
+The output function called sha512_digest() instead of sha384_digest(),
+which caused the hash context to be reinitialized for SHA512 instead of
+SHA384 and all following digests using the hash handle were wrong.
+
+Signed-off-by: Miroslav Lichvar <mlich...@redhat.com>
+---
+ lib/accelerated/x86/sha-x86-ssse3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c
+index 8ea4e54aee..1d442e97e7 100644
+--- a/lib/accelerated/x86/sha-x86-ssse3.c
++++ b/lib/accelerated/x86/sha-x86-ssse3.c
+@@ -258,11 +258,11 @@ static int _ctx_init(gnutls_digest_algorithm_t algo,
+ 		ctx->length = SHA256_DIGEST_SIZE;
+ 		break;
+ 	case GNUTLS_DIG_SHA384:
+ 		sha384_init(&ctx->ctx.sha384);
+ 		ctx->update = (update_func) x86_sha512_update;
+-		ctx->digest = (digest_func) sha512_digest;
++		ctx->digest = (digest_func) sha384_digest;
+ 		ctx->init = (init_func) sha384_init;
+ 		ctx->ctx_ptr = &ctx->ctx.sha384;
+ 		ctx->length = SHA384_DIGEST_SIZE;
+ 		break;
+ 	case GNUTLS_DIG_SHA512:
+-- 
+2.35.1
+
diff -Nru gnutls28-3.7.1/debian/patches/series gnutls28-3.7.1/debian/patches/series
--- gnutls28-3.7.1/debian/patches/series	2021-05-29 11:37:38.000000000 +0200
+++ gnutls28-3.7.1/debian/patches/series	2022-05-22 13:04:01.000000000 +0200
@@ -18,3 +18,4 @@
 56_28-handshake-fix-timing-of-sending-early-data.patch
 56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch
 56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch
+56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch

Attachment: signature.asc
Description: PGP signature

Reply via email to