Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: Dmitry Baryshkov <dbaryshkov@gmail.com>, gnutls28@packages.debian.org Hello, as requested in #1011246 I would like fix miscalculation of SHA384 in the SSA accelarated implementation. It is a one-line change and was part of the 3.7.3 release. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru gnutls28-3.7.1/debian/changelog gnutls28-3.7.1/debian/changelog --- gnutls28-3.7.1/debian/changelog 2021-05-29 12:14:30.000000000 +0200 +++ gnutls28-3.7.1/debian/changelog 2022-05-22 13:04:01.000000000 +0200 @@ -1,3 +1,10 @@ +gnutls28 (3.7.1-5+deb11u1) bullseye; urgency=medium + + * 56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch: Backport SSSE3 SHA384 + miscalculation fix from 3.7.3. Closes: #1011246 + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 May 2022 13:04:01 +0200 + gnutls28 (3.7.1-5) unstable; urgency=medium * Another fix from 3.7.2: diff -Nru gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch --- gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch 2022-05-22 13:04:01.000000000 +0200 @@ -0,0 +1,34 @@ +From acdfeb4b3f0c64ad20f28513618e9903bfb81426 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar <mlichvar@redhat.com> +Date: Wed, 1 Sep 2021 15:48:27 +0200 +Subject: [PATCH] fix SSSE3 SHA384 to work more than once + +The output function called sha512_digest() instead of sha384_digest(), +which caused the hash context to be reinitialized for SHA512 instead of +SHA384 and all following digests using the hash handle were wrong. + +Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> +--- + lib/accelerated/x86/sha-x86-ssse3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c +index 8ea4e54aee..1d442e97e7 100644 +--- a/lib/accelerated/x86/sha-x86-ssse3.c ++++ b/lib/accelerated/x86/sha-x86-ssse3.c +@@ -258,11 +258,11 @@ static int _ctx_init(gnutls_digest_algorithm_t algo, + ctx->length = SHA256_DIGEST_SIZE; + break; + case GNUTLS_DIG_SHA384: + sha384_init(&ctx->ctx.sha384); + ctx->update = (update_func) x86_sha512_update; +- ctx->digest = (digest_func) sha512_digest; ++ ctx->digest = (digest_func) sha384_digest; + ctx->init = (init_func) sha384_init; + ctx->ctx_ptr = &ctx->ctx.sha384; + ctx->length = SHA384_DIGEST_SIZE; + break; + case GNUTLS_DIG_SHA512: +-- +2.35.1 + diff -Nru gnutls28-3.7.1/debian/patches/series gnutls28-3.7.1/debian/patches/series --- gnutls28-3.7.1/debian/patches/series 2021-05-29 11:37:38.000000000 +0200 +++ gnutls28-3.7.1/debian/patches/series 2022-05-22 13:04:01.000000000 +0200 @@ -18,3 +18,4 @@ 56_28-handshake-fix-timing-of-sending-early-data.patch 56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch 56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch +56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch
Attachment:
signature.asc
Description: PGP signature