commit ad26b40408cca2262ba805b35d48ea5e8a6da84a Author: CentOS Sources Date: Tue Oct 11 03:13:05 2022 -0400 import gnutls-3.7.6-12.el9_0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d82cdcb --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +SOURCES/gmp-6.2.1.tar.xz +SOURCES/gnutls-3.7.6.tar.xz +SOURCES/gnutls-release-keyring.gpg diff --git a/.gnutls.metadata b/.gnutls.metadata new file mode 100644 index 0000000..0e7b56f --- /dev/null +++ b/.gnutls.metadata @@ -0,0 +1,3 @@ +0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz +47591374259451fe2cd86c5fe7c345e769a6c79b SOURCES/gnutls-3.7.6.tar.xz +befcf25b9dcd1d36b8bdb754c80c639eca45baa0 SOURCES/gnutls-release-keyring.gpg diff --git a/SOURCES/gmp-6.2.1-intel-cet.patch b/SOURCES/gmp-6.2.1-intel-cet.patch new file mode 100644 index 0000000..137b06c --- /dev/null +++ b/SOURCES/gmp-6.2.1-intel-cet.patch @@ -0,0 +1,3515 @@ +From 4faa667ce4e1a318db2c55ce83084cbe4924a892 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Thu, 18 Aug 2022 15:55:31 +0900 +Subject: [PATCH] gmp-intel-cet.patch + +--- + acinclude.m4 | 100 +++++++++++++++++++++++++ + configure.ac | 1 + + mpn/x86/aors_n.asm | 5 +- + mpn/x86/aorsmul_1.asm | 1 + + mpn/x86/atom/sse2/aorsmul_1.asm | 1 + + mpn/x86/atom/sse2/mul_basecase.asm | 1 + + mpn/x86/atom/sse2/sqr_basecase.asm | 1 + + mpn/x86/bdiv_dbm1c.asm | 1 + + mpn/x86/copyd.asm | 1 + + mpn/x86/copyi.asm | 1 + + mpn/x86/divrem_1.asm | 1 + + mpn/x86/divrem_2.asm | 1 + + mpn/x86/k6/aors_n.asm | 1 + + mpn/x86/k6/aorsmul_1.asm | 1 + + mpn/x86/k6/divrem_1.asm | 1 + + mpn/x86/k6/k62mmx/copyd.asm | 1 + + mpn/x86/k6/k62mmx/lshift.asm | 1 + + mpn/x86/k6/k62mmx/rshift.asm | 1 + + mpn/x86/k6/mmx/com.asm | 1 + + mpn/x86/k6/mmx/logops_n.asm | 1 + + mpn/x86/k6/mmx/lshift.asm | 1 + + mpn/x86/k6/mmx/popham.asm | 1 + + mpn/x86/k6/mmx/rshift.asm | 1 + + mpn/x86/k6/mod_34lsub1.asm | 1 + + mpn/x86/k6/mul_1.asm | 1 + + mpn/x86/k6/mul_basecase.asm | 1 + + mpn/x86/k6/pre_mod_1.asm | 1 + + mpn/x86/k6/sqr_basecase.asm | 1 + + mpn/x86/k7/aors_n.asm | 1 + + mpn/x86/k7/mmx/com.asm | 1 + + mpn/x86/k7/mmx/copyd.asm | 1 + + mpn/x86/k7/mmx/copyi.asm | 1 + + mpn/x86/k7/mmx/divrem_1.asm | 1 + + mpn/x86/k7/mmx/lshift.asm | 1 + + mpn/x86/k7/mmx/popham.asm | 1 + + mpn/x86/k7/mmx/rshift.asm | 1 + + mpn/x86/k7/mod_1_1.asm | 1 + + mpn/x86/k7/mod_1_4.asm | 1 + + mpn/x86/k7/mod_34lsub1.asm | 1 + + mpn/x86/k7/mul_basecase.asm | 1 + + mpn/x86/k7/sqr_basecase.asm | 1 + + mpn/x86/lshift.asm | 1 + + mpn/x86/mmx/sec_tabselect.asm | 1 + + mpn/x86/mod_34lsub1.asm | 1 + + mpn/x86/mul_1.asm | 1 + + mpn/x86/mul_basecase.asm | 1 + + mpn/x86/p6/aors_n.asm | 3 +- + mpn/x86/p6/aorsmul_1.asm | 3 +- + mpn/x86/p6/copyd.asm | 1 + + mpn/x86/p6/gcd_11.asm | 1 + + mpn/x86/p6/lshsub_n.asm | 3 +- + mpn/x86/p6/mmx/divrem_1.asm | 1 + + mpn/x86/p6/mod_34lsub1.asm | 1 + + mpn/x86/p6/mul_basecase.asm | 3 +- + mpn/x86/p6/sqr_basecase.asm | 3 +- + mpn/x86/pentium/aors_n.asm | 1 + + mpn/x86/pentium/aorsmul_1.asm | 1 + + mpn/x86/pentium/com.asm | 1 + + mpn/x86/pentium/copyd.asm | 1 + + mpn/x86/pentium/copyi.asm | 1 + + mpn/x86/pentium/logops_n.asm | 1 + + mpn/x86/pentium/lshift.asm | 1 + + mpn/x86/pentium/mmx/lshift.asm | 1 + + mpn/x86/pentium/mmx/mul_1.asm | 1 + + mpn/x86/pentium/mmx/rshift.asm | 1 + + mpn/x86/pentium/mod_34lsub1.asm | 1 + + mpn/x86/pentium/mul_1.asm | 1 + + mpn/x86/pentium/mul_2.asm | 1 + + mpn/x86/pentium/mul_basecase.asm | 1 + + mpn/x86/pentium/rshift.asm | 1 + + mpn/x86/pentium/sqr_basecase.asm | 1 + + mpn/x86/pentium4/copyd.asm | 1 + + mpn/x86/pentium4/copyi.asm | 1 + + mpn/x86/pentium4/mmx/popham.asm | 1 + + mpn/x86/pentium4/sse2/add_n.asm | 1 + + mpn/x86/pentium4/sse2/addlsh1_n.asm | 1 + + mpn/x86/pentium4/sse2/addmul_1.asm | 1 + + mpn/x86/pentium4/sse2/cnd_add_n.asm | 1 + + mpn/x86/pentium4/sse2/cnd_sub_n.asm | 1 + + mpn/x86/pentium4/sse2/divrem_1.asm | 1 + + mpn/x86/pentium4/sse2/mod_1_1.asm | 1 + + mpn/x86/pentium4/sse2/mod_1_4.asm | 1 + + mpn/x86/pentium4/sse2/mod_34lsub1.asm | 1 + + mpn/x86/pentium4/sse2/mul_1.asm | 1 + + mpn/x86/pentium4/sse2/mul_basecase.asm | 1 + + mpn/x86/pentium4/sse2/rsh1add_n.asm | 1 + + mpn/x86/pentium4/sse2/sqr_basecase.asm | 1 + + mpn/x86/pentium4/sse2/sub_n.asm | 1 + + mpn/x86/pentium4/sse2/submul_1.asm | 1 + + mpn/x86/rshift.asm | 1 + + mpn/x86/sec_tabselect.asm | 1 + + mpn/x86/sqr_basecase.asm | 1 + + mpn/x86/udiv.asm | 1 + + mpn/x86/umul.asm | 1 + + mpn/x86/x86-defs.m4 | 7 +- + mpn/x86_64/addaddmul_1msb0.asm | 1 + + mpn/x86_64/aorrlsh1_n.asm | 1 + + mpn/x86_64/aorrlshC_n.asm | 1 + + mpn/x86_64/aorrlsh_n.asm | 1 + + mpn/x86_64/aors_err1_n.asm | 1 + + mpn/x86_64/aors_err2_n.asm | 1 + + mpn/x86_64/aors_err3_n.asm | 1 + + mpn/x86_64/aors_n.asm | 1 + + mpn/x86_64/aorsmul_1.asm | 1 + + mpn/x86_64/atom/addmul_2.asm | 1 + + mpn/x86_64/atom/aorrlsh1_n.asm | 1 + + mpn/x86_64/atom/aorrlsh2_n.asm | 1 + + mpn/x86_64/atom/lshift.asm | 1 + + mpn/x86_64/atom/lshiftc.asm | 1 + + mpn/x86_64/atom/mul_2.asm | 1 + + mpn/x86_64/atom/rsh1aors_n.asm | 1 + + mpn/x86_64/atom/rshift.asm | 1 + + mpn/x86_64/atom/sublsh1_n.asm | 1 + + mpn/x86_64/bd1/addmul_2.asm | 1 + + mpn/x86_64/bd1/hamdist.asm | 1 + + mpn/x86_64/bd1/mul_2.asm | 1 + + mpn/x86_64/bd1/mul_basecase.asm | 1 + + mpn/x86_64/bd1/popcount.asm | 1 + + mpn/x86_64/bd2/gcd_11.asm | 1 + + mpn/x86_64/bd2/gcd_22.asm | 1 + + mpn/x86_64/bd4/gcd_11.asm | 1 + + mpn/x86_64/bdiv_dbm1c.asm | 1 + + mpn/x86_64/bdiv_q_1.asm | 1 + + mpn/x86_64/bt1/aors_n.asm | 1 + + mpn/x86_64/bt1/aorsmul_1.asm | 1 + + mpn/x86_64/bt1/copyd.asm | 1 + + mpn/x86_64/bt1/copyi.asm | 1 + + mpn/x86_64/bt1/gcd_11.asm | 1 + + mpn/x86_64/bt1/mul_1.asm | 1 + + mpn/x86_64/bt1/mul_basecase.asm | 1 + + mpn/x86_64/bt1/sqr_basecase.asm | 1 + + mpn/x86_64/cnd_aors_n.asm | 1 + + mpn/x86_64/com.asm | 1 + + mpn/x86_64/copyd.asm | 1 + + mpn/x86_64/copyi.asm | 1 + + mpn/x86_64/core2/aors_err1_n.asm | 1 + + mpn/x86_64/core2/aors_n.asm | 1 + + mpn/x86_64/core2/aorsmul_1.asm | 1 + + mpn/x86_64/core2/divrem_1.asm | 1 + + mpn/x86_64/core2/gcd_11.asm | 1 + + mpn/x86_64/core2/gcd_22.asm | 1 + + mpn/x86_64/core2/hamdist.asm | 1 + + mpn/x86_64/core2/logops_n.asm | 1 + + mpn/x86_64/core2/lshift.asm | 1 + + mpn/x86_64/core2/lshiftc.asm | 1 + + mpn/x86_64/core2/mul_basecase.asm | 5 ++ + mpn/x86_64/core2/mullo_basecase.asm | 1 + + mpn/x86_64/core2/popcount.asm | 1 + + mpn/x86_64/core2/rsh1aors_n.asm | 1 + + mpn/x86_64/core2/rshift.asm | 1 + + mpn/x86_64/core2/sqr_basecase.asm | 1 + + mpn/x86_64/core2/sublshC_n.asm | 1 + + mpn/x86_64/coreibwl/addmul_1.asm | 24 ++++-- + mpn/x86_64/coreibwl/mul_1.asm | 24 ++++-- + mpn/x86_64/coreibwl/mul_basecase.asm | 47 ++++++++---- + mpn/x86_64/coreibwl/mullo_basecase.asm | 1 + + mpn/x86_64/coreibwl/sqr_basecase.asm | 49 ++++++++---- + mpn/x86_64/coreihwl/addmul_2.asm | 1 + + mpn/x86_64/coreihwl/aors_n.asm | 1 + + mpn/x86_64/coreihwl/aorsmul_1.asm | 1 + + mpn/x86_64/coreihwl/gcd_22.asm | 1 + + mpn/x86_64/coreihwl/mul_2.asm | 1 + + mpn/x86_64/coreihwl/mul_basecase.asm | 1 + + mpn/x86_64/coreihwl/mullo_basecase.asm | 1 + + mpn/x86_64/coreihwl/redc_1.asm | 1 + + mpn/x86_64/coreihwl/sqr_basecase.asm | 1 + + mpn/x86_64/coreinhm/aorrlsh_n.asm | 1 + + mpn/x86_64/coreinhm/hamdist.asm | 1 + + mpn/x86_64/coreinhm/popcount.asm | 1 + + mpn/x86_64/coreisbr/addmul_2.asm | 1 + + mpn/x86_64/coreisbr/aorrlshC_n.asm | 1 + + mpn/x86_64/coreisbr/aorrlsh_n.asm | 1 + + mpn/x86_64/coreisbr/aors_n.asm | 1 + + mpn/x86_64/coreisbr/cnd_add_n.asm | 1 + + mpn/x86_64/coreisbr/cnd_sub_n.asm | 1 + + mpn/x86_64/coreisbr/mul_1.asm | 1 + + mpn/x86_64/coreisbr/mul_2.asm | 1 + + mpn/x86_64/coreisbr/mul_basecase.asm | 1 + + mpn/x86_64/coreisbr/mullo_basecase.asm | 1 + + mpn/x86_64/coreisbr/rsh1aors_n.asm | 1 + + mpn/x86_64/coreisbr/sqr_basecase.asm | 1 + + mpn/x86_64/div_qr_1n_pi1.asm | 1 + + mpn/x86_64/div_qr_2n_pi1.asm | 1 + + mpn/x86_64/div_qr_2u_pi1.asm | 1 + + mpn/x86_64/dive_1.asm | 1 + + mpn/x86_64/divrem_1.asm | 1 + + mpn/x86_64/divrem_2.asm | 1 + + mpn/x86_64/fastavx/copyd.asm | 1 + + mpn/x86_64/fastavx/copyi.asm | 1 + + mpn/x86_64/fastsse/com-palignr.asm | 1 + + mpn/x86_64/fastsse/com.asm | 1 + + mpn/x86_64/fastsse/copyd-palignr.asm | 1 + + mpn/x86_64/fastsse/copyd.asm | 1 + + mpn/x86_64/fastsse/copyi-palignr.asm | 1 + + mpn/x86_64/fastsse/copyi.asm | 1 + + mpn/x86_64/fastsse/lshift-movdqu2.asm | 1 + + mpn/x86_64/fastsse/lshift.asm | 1 + + mpn/x86_64/fastsse/lshiftc-movdqu2.asm | 1 + + mpn/x86_64/fastsse/lshiftc.asm | 1 + + mpn/x86_64/fastsse/rshift-movdqu2.asm | 1 + + mpn/x86_64/fastsse/sec_tabselect.asm | 1 + + mpn/x86_64/fat/fat_entry.asm | 1 + + mpn/x86_64/gcd_11.asm | 1 + + mpn/x86_64/gcd_22.asm | 1 + + mpn/x86_64/k10/gcd_22.asm | 1 + + mpn/x86_64/k10/hamdist.asm | 1 + + mpn/x86_64/k10/popcount.asm | 5 +- + mpn/x86_64/k8/addmul_2.asm | 1 + + mpn/x86_64/k8/aorrlsh_n.asm | 1 + + mpn/x86_64/k8/bdiv_q_1.asm | 1 + + mpn/x86_64/k8/div_qr_1n_pi1.asm | 1 + + mpn/x86_64/k8/mul_basecase.asm | 8 ++ + mpn/x86_64/k8/mullo_basecase.asm | 12 ++- + mpn/x86_64/k8/mulmid_basecase.asm | 9 +++ + mpn/x86_64/k8/redc_1.asm | 18 +++-- + mpn/x86_64/k8/sqr_basecase.asm | 18 +++-- + mpn/x86_64/logops_n.asm | 1 + + mpn/x86_64/lshift.asm | 1 + + mpn/x86_64/lshiftc.asm | 1 + + mpn/x86_64/lshsub_n.asm | 1 + + mpn/x86_64/missing.asm | 1 + + mpn/x86_64/mod_1_2.asm | 1 + + mpn/x86_64/mod_1_4.asm | 1 + + mpn/x86_64/mod_34lsub1.asm | 28 ++++--- + mpn/x86_64/mode1o.asm | 1 + + mpn/x86_64/mul_1.asm | 1 + + mpn/x86_64/mul_2.asm | 1 + + mpn/x86_64/nano/dive_1.asm | 1 + + mpn/x86_64/pentium4/aors_n.asm | 1 + + mpn/x86_64/pentium4/mod_34lsub1.asm | 1 + + mpn/x86_64/pentium4/rsh1aors_n.asm | 1 + + mpn/x86_64/pentium4/rshift.asm | 1 + + mpn/x86_64/popham.asm | 1 + + mpn/x86_64/rsh1aors_n.asm | 1 + + mpn/x86_64/rshift.asm | 1 + + mpn/x86_64/sec_tabselect.asm | 1 + + mpn/x86_64/sqr_diag_addlsh1.asm | 1 + + mpn/x86_64/sublsh1_n.asm | 1 + + mpn/x86_64/x86_64-defs.m4 | 5 ++ + mpn/x86_64/zen/aorrlsh_n.asm | 25 +++++-- + mpn/x86_64/zen/mul_basecase.asm | 1 + + mpn/x86_64/zen/mullo_basecase.asm | 1 + + mpn/x86_64/zen/sbpi1_bdiv_r.asm | 1 + + mpn/x86_64/zen/sqr_basecase.asm | 1 + + 244 files changed, 537 insertions(+), 89 deletions(-) + +diff --git a/acinclude.m4 b/acinclude.m4 +index 86175ce..84e880b 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -3135,6 +3135,106 @@ __sparc_get_pc_thunk.l7: + GMP_DEFINE_RAW(["define(,<$gmp_cv_asm_sparc_shared_thunks>)"]) + ]) + ++dnl GMP_ASM_X86_CET_MACROS(ABI) ++dnl ------------ ++dnl Define ++dnl 1. X86_ENDBR for endbr32/endbr64. ++dnl 2. X86_NOTRACK for notrack prefix. ++dnl 3. X86_GNU_PROPERTY to add a .note.gnu.property section to mark ++dnl Intel CET support if needed. ++dnl .section ".note.gnu.property", "a" ++dnl .p2align POINTER-ALIGN ++dnl .long 1f - 0f ++dnl .long 4f - 1f ++dnl .long 5 ++dnl 0: ++dnl .asciz "GNU" ++dnl 1: ++dnl .p2align POINTER-ALIGN ++dnl .long 0xc0000002 ++dnl .long 3f - 2f ++dnl 2: ++dnl .long 3 ++dnl 3: ++dnl .p2align POINTER-ALIGN ++dnl 4: ++AC_DEFUN([GMP_ASM_X86_CET_MACROS],[ ++dnl AC_REQUIRE([AC_PROG_CC]) GMP uses something else ++AC_CACHE_CHECK([if Intel CET is enabled], ++ gmp_cv_asm_x86_intel_cet, [dnl ++ cat > conftest.c </dev/null]) ++ then ++ gmp_cv_asm_x86_intel_cet=yes ++ else ++ gmp_cv_asm_x86_intel_cet=no ++ fi ++ rm -f conftest*]) ++ if test "$gmp_cv_asm_x86_intel_cet" = yes; then ++ case $1 in ++ 32) ++ endbr=endbr32 ++ p2align=2 ++ ;; ++ 64) ++ endbr=endbr64 ++ p2align=3 ++ ;; ++ x32) ++ endbr=endbr64 ++ p2align=2 ++ ;; ++ esac ++ AC_CACHE_CHECK([if .note.gnu.property section is needed], ++ gmp_cv_asm_x86_gnu_property, [dnl ++ cat > conftest.c </dev/null]) ++ then ++ gmp_cv_asm_x86_gnu_property=yes ++ else ++ gmp_cv_asm_x86_gnu_property=no ++ fi ++ rm -f conftest*]) ++ echo ["define(,<$endbr>)"] >> $gmp_tmpconfigm4 ++ echo ["define(,)"] >> $gmp_tmpconfigm4 ++ else ++ gmp_cv_asm_x86_gnu_property=no ++ echo ["define(,<>)"] >> $gmp_tmpconfigm4 ++ echo ["define(,<>)"] >> $gmp_tmpconfigm4 ++ fi ++ if test "$gmp_cv_asm_x86_gnu_property" = yes; then ++ echo ["define(, < ++ .section \".note.gnu.property\", \"a\" ++ .p2align $p2align ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz \"GNU\" ++1: ++ .p2align $p2align ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align $p2align ++4:>)"] >> $gmp_tmpconfigm4 ++ else ++ echo ["define(,<>)"] >> $gmp_tmpconfigm4 ++ fi ++]) ++ + + dnl GMP_C_ATTRIBUTE_CONST + dnl --------------------- +diff --git a/configure.ac b/configure.ac +index cafdb3c..0fb8b21 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3813,6 +3813,7 @@ yes + esac + ;; + esac ++ GMP_ASM_X86_CET_MACROS($ABI) + ;; + esac + fi +diff --git a/mpn/x86/aors_n.asm b/mpn/x86/aors_n.asm +index 5d359f5..7ea7814 100644 +--- a/mpn/x86/aors_n.asm ++++ b/mpn/x86/aors_n.asm +@@ -112,7 +112,7 @@ L(0a): leal (%eax,%eax,8),%eax + shrl %ebp C shift bit 0 into carry + popl %ebp FRAME_popl() + +- jmp *%eax C jump into loop ++ X86_NOTRACK jmp *%eax C jump into loop + + EPILOGUE() + +@@ -153,7 +153,7 @@ L(0b): leal (%eax,%eax,8),%eax + C Calculate start address in loop for non-PIC. + leal L(oop)-3(%eax,%eax,8),%eax + ') +- jmp *%eax C jump into loop ++ X86_NOTRACK jmp *%eax C jump into loop + + L(oopgo): + pushl %ebp FRAME_pushl() +@@ -200,3 +200,4 @@ L(oop): movl (%esi),%eax + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/aorsmul_1.asm b/mpn/x86/aorsmul_1.asm +index 54a8905..0ab1e01 100644 +--- a/mpn/x86/aorsmul_1.asm ++++ b/mpn/x86/aorsmul_1.asm +@@ -154,3 +154,4 @@ L(end): movl %ebx,%eax + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/atom/sse2/aorsmul_1.asm b/mpn/x86/atom/sse2/aorsmul_1.asm +index 969a14a..20658e1 100644 +--- a/mpn/x86/atom/sse2/aorsmul_1.asm ++++ b/mpn/x86/atom/sse2/aorsmul_1.asm +@@ -172,3 +172,4 @@ PROLOGUE(func_1c) + mov 20(%esp), %edx C carry + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/atom/sse2/mul_basecase.asm b/mpn/x86/atom/sse2/mul_basecase.asm +index 97d3aeb..74171aa 100644 +--- a/mpn/x86/atom/sse2/mul_basecase.asm ++++ b/mpn/x86/atom/sse2/mul_basecase.asm +@@ -499,3 +499,4 @@ L(done): + pop %edi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/atom/sse2/sqr_basecase.asm b/mpn/x86/atom/sse2/sqr_basecase.asm +index af19ed8..0031812 100644 +--- a/mpn/x86/atom/sse2/sqr_basecase.asm ++++ b/mpn/x86/atom/sse2/sqr_basecase.asm +@@ -632,3 +632,4 @@ L(one): pmuludq %mm7, %mm7 + pop %edi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/bdiv_dbm1c.asm b/mpn/x86/bdiv_dbm1c.asm +index 0288c47..7a3b1a6 100644 +--- a/mpn/x86/bdiv_dbm1c.asm ++++ b/mpn/x86/bdiv_dbm1c.asm +@@ -127,3 +127,4 @@ L(b1): add $-4, %ebp + pop %esi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/copyd.asm b/mpn/x86/copyd.asm +index 51fa195..0e588d9 100644 +--- a/mpn/x86/copyd.asm ++++ b/mpn/x86/copyd.asm +@@ -89,3 +89,4 @@ PROLOGUE(mpn_copyd) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/copyi.asm b/mpn/x86/copyi.asm +index f6b0354..6efbb90 100644 +--- a/mpn/x86/copyi.asm ++++ b/mpn/x86/copyi.asm +@@ -97,3 +97,4 @@ PROLOGUE(mpn_copyi) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/divrem_1.asm b/mpn/x86/divrem_1.asm +index 255d493..b1af920 100644 +--- a/mpn/x86/divrem_1.asm ++++ b/mpn/x86/divrem_1.asm +@@ -231,3 +231,4 @@ deflit(`FRAME',8) + popl %edi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/divrem_2.asm b/mpn/x86/divrem_2.asm +index 4c38ad0..c2920c2 100644 +--- a/mpn/x86/divrem_2.asm ++++ b/mpn/x86/divrem_2.asm +@@ -197,3 +197,4 @@ L(35): sub 20(%esp), %ebp + movl $1, 32(%esp) + jmp L(8) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/aors_n.asm b/mpn/x86/k6/aors_n.asm +index 168f9b4..257ba59 100644 +--- a/mpn/x86/k6/aors_n.asm ++++ b/mpn/x86/k6/aors_n.asm +@@ -335,3 +335,4 @@ L(inplace_done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/aorsmul_1.asm b/mpn/x86/k6/aorsmul_1.asm +index eaa92eb..78be9d2 100644 +--- a/mpn/x86/k6/aorsmul_1.asm ++++ b/mpn/x86/k6/aorsmul_1.asm +@@ -389,3 +389,4 @@ Zdisp( M4_inst,%ecx, disp0,(%edi)) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/divrem_1.asm b/mpn/x86/k6/divrem_1.asm +index b4cea4f..ca41a3f 100644 +--- a/mpn/x86/k6/divrem_1.asm ++++ b/mpn/x86/k6/divrem_1.asm +@@ -201,3 +201,4 @@ deflit(`FRAME',8) + popl %edi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/k62mmx/copyd.asm b/mpn/x86/k6/k62mmx/copyd.asm +index f80a5a1..fc329f5 100644 +--- a/mpn/x86/k6/k62mmx/copyd.asm ++++ b/mpn/x86/k6/k62mmx/copyd.asm +@@ -116,3 +116,4 @@ L(zero): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/k62mmx/lshift.asm b/mpn/x86/k6/k62mmx/lshift.asm +index c86575f..728fb5b 100644 +--- a/mpn/x86/k6/k62mmx/lshift.asm ++++ b/mpn/x86/k6/k62mmx/lshift.asm +@@ -292,3 +292,4 @@ deflit(`FRAME',4) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/k62mmx/rshift.asm b/mpn/x86/k6/k62mmx/rshift.asm +index f604a7b..bd673f3 100644 +--- a/mpn/x86/k6/k62mmx/rshift.asm ++++ b/mpn/x86/k6/k62mmx/rshift.asm +@@ -291,3 +291,4 @@ L(finish_even): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mmx/com.asm b/mpn/x86/k6/mmx/com.asm +index b747454..646d16b 100644 +--- a/mpn/x86/k6/mmx/com.asm ++++ b/mpn/x86/k6/mmx/com.asm +@@ -101,3 +101,4 @@ L(no_extra): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mmx/logops_n.asm b/mpn/x86/k6/mmx/logops_n.asm +index e17930b..acfd7df 100644 +--- a/mpn/x86/k6/mmx/logops_n.asm ++++ b/mpn/x86/k6/mmx/logops_n.asm +@@ -224,3 +224,4 @@ L(no_extra): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mmx/lshift.asm b/mpn/x86/k6/mmx/lshift.asm +index 45be582..eee1eb8 100644 +--- a/mpn/x86/k6/mmx/lshift.asm ++++ b/mpn/x86/k6/mmx/lshift.asm +@@ -128,3 +128,4 @@ L(top): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mmx/popham.asm b/mpn/x86/k6/mmx/popham.asm +index 2b19d0b..efeb1b4 100644 +--- a/mpn/x86/k6/mmx/popham.asm ++++ b/mpn/x86/k6/mmx/popham.asm +@@ -234,3 +234,4 @@ HAM(` nop C code alignment') + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mmx/rshift.asm b/mpn/x86/k6/mmx/rshift.asm +index cd0382f..ae53711 100644 +--- a/mpn/x86/k6/mmx/rshift.asm ++++ b/mpn/x86/k6/mmx/rshift.asm +@@ -128,3 +128,4 @@ Zdisp( movd, %mm0, 0,(%ecx,%eax,4)) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mod_34lsub1.asm b/mpn/x86/k6/mod_34lsub1.asm +index 7e30503..05f8979 100644 +--- a/mpn/x86/k6/mod_34lsub1.asm ++++ b/mpn/x86/k6/mod_34lsub1.asm +@@ -188,3 +188,4 @@ L(combine): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mul_1.asm b/mpn/x86/k6/mul_1.asm +index 3ef7ec2..2139f36 100644 +--- a/mpn/x86/k6/mul_1.asm ++++ b/mpn/x86/k6/mul_1.asm +@@ -290,3 +290,4 @@ L(finish_not_one): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/mul_basecase.asm b/mpn/x86/k6/mul_basecase.asm +index 7030001..ab202a2 100644 +--- a/mpn/x86/k6/mul_basecase.asm ++++ b/mpn/x86/k6/mul_basecase.asm +@@ -610,3 +610,4 @@ Zdisp( addl, %ecx, disp0,(%edi)) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/pre_mod_1.asm b/mpn/x86/k6/pre_mod_1.asm +index 34db20d..1e4cb17 100644 +--- a/mpn/x86/k6/pre_mod_1.asm ++++ b/mpn/x86/k6/pre_mod_1.asm +@@ -144,3 +144,4 @@ L(q1_ff): + + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k6/sqr_basecase.asm b/mpn/x86/k6/sqr_basecase.asm +index b7ecb5c..f3a101a 100644 +--- a/mpn/x86/k6/sqr_basecase.asm ++++ b/mpn/x86/k6/sqr_basecase.asm +@@ -678,3 +678,4 @@ L(pic_calc): + + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/aors_n.asm b/mpn/x86/k7/aors_n.asm +index 1a08072..bfdf3d4 100644 +--- a/mpn/x86/k7/aors_n.asm ++++ b/mpn/x86/k7/aors_n.asm +@@ -256,3 +256,4 @@ L(even): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/com.asm b/mpn/x86/k7/mmx/com.asm +index a258c22..cf48fac 100644 +--- a/mpn/x86/k7/mmx/com.asm ++++ b/mpn/x86/k7/mmx/com.asm +@@ -123,3 +123,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/copyd.asm b/mpn/x86/k7/mmx/copyd.asm +index 59ece40..3bc9ff8 100644 +--- a/mpn/x86/k7/mmx/copyd.asm ++++ b/mpn/x86/k7/mmx/copyd.asm +@@ -142,3 +142,4 @@ L(done): + + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/copyi.asm b/mpn/x86/k7/mmx/copyi.asm +index 9a28f92..f0648fa 100644 +--- a/mpn/x86/k7/mmx/copyi.asm ++++ b/mpn/x86/k7/mmx/copyi.asm +@@ -155,3 +155,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/divrem_1.asm b/mpn/x86/k7/mmx/divrem_1.asm +index cf34328..370bfbb 100644 +--- a/mpn/x86/k7/mmx/divrem_1.asm ++++ b/mpn/x86/k7/mmx/divrem_1.asm +@@ -830,3 +830,4 @@ L(fraction_entry): + jmp L(fraction_done) + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/lshift.asm b/mpn/x86/k7/mmx/lshift.asm +index b3383cf..4140e82 100644 +--- a/mpn/x86/k7/mmx/lshift.asm ++++ b/mpn/x86/k7/mmx/lshift.asm +@@ -479,3 +479,4 @@ L(end_even_unaligned): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/popham.asm b/mpn/x86/k7/mmx/popham.asm +index 95965b7..f29540a 100644 +--- a/mpn/x86/k7/mmx/popham.asm ++++ b/mpn/x86/k7/mmx/popham.asm +@@ -211,3 +211,4 @@ L(loaded): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mmx/rshift.asm b/mpn/x86/k7/mmx/rshift.asm +index 345d23a..0da1f93 100644 +--- a/mpn/x86/k7/mmx/rshift.asm ++++ b/mpn/x86/k7/mmx/rshift.asm +@@ -478,3 +478,4 @@ L(end_even_unaligned): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mod_1_1.asm b/mpn/x86/k7/mod_1_1.asm +index 1bbe6f9..8da9519 100644 +--- a/mpn/x86/k7/mod_1_1.asm ++++ b/mpn/x86/k7/mod_1_1.asm +@@ -219,3 +219,4 @@ PROLOGUE(mpn_mod_1_1p_cps) + pop %ebp + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mod_1_4.asm b/mpn/x86/k7/mod_1_4.asm +index bb7597e..fe1da5b 100644 +--- a/mpn/x86/k7/mod_1_4.asm ++++ b/mpn/x86/k7/mod_1_4.asm +@@ -258,3 +258,4 @@ C CAUTION: This is the same code as in pentium4/sse2/mod_1_4.asm + pop %ebp + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mod_34lsub1.asm b/mpn/x86/k7/mod_34lsub1.asm +index ee3ad04..0c1b8c8 100644 +--- a/mpn/x86/k7/mod_34lsub1.asm ++++ b/mpn/x86/k7/mod_34lsub1.asm +@@ -186,3 +186,4 @@ L(combine): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/mul_basecase.asm b/mpn/x86/k7/mul_basecase.asm +index 4dfb500..b96fda7 100644 +--- a/mpn/x86/k7/mul_basecase.asm ++++ b/mpn/x86/k7/mul_basecase.asm +@@ -600,3 +600,4 @@ deflit(`disp1', eval(disp0-0 + 4)) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/k7/sqr_basecase.asm b/mpn/x86/k7/sqr_basecase.asm +index 7b6a97e..df47ee4 100644 +--- a/mpn/x86/k7/sqr_basecase.asm ++++ b/mpn/x86/k7/sqr_basecase.asm +@@ -633,3 +633,4 @@ L(diag): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/lshift.asm b/mpn/x86/lshift.asm +index 6ee6153..95f5321 100644 +--- a/mpn/x86/lshift.asm ++++ b/mpn/x86/lshift.asm +@@ -104,3 +104,4 @@ L(end): shll %cl,%ebx C compute least significant limb + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/mmx/sec_tabselect.asm b/mpn/x86/mmx/sec_tabselect.asm +index aae158a..543dec1 100644 +--- a/mpn/x86/mmx/sec_tabselect.asm ++++ b/mpn/x86/mmx/sec_tabselect.asm +@@ -161,3 +161,4 @@ L(b00): pop %ebp + emms + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/mod_34lsub1.asm b/mpn/x86/mod_34lsub1.asm +index e09e702..df52d37 100644 +--- a/mpn/x86/mod_34lsub1.asm ++++ b/mpn/x86/mod_34lsub1.asm +@@ -181,3 +181,4 @@ L(combine): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/mul_1.asm b/mpn/x86/mul_1.asm +index 421de62..dbbc0e3 100644 +--- a/mpn/x86/mul_1.asm ++++ b/mpn/x86/mul_1.asm +@@ -138,3 +138,4 @@ L(end): movl %ebx,%eax + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/mul_basecase.asm b/mpn/x86/mul_basecase.asm +index 8339732..c32fd7e 100644 +--- a/mpn/x86/mul_basecase.asm ++++ b/mpn/x86/mul_basecase.asm +@@ -221,3 +221,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/aors_n.asm b/mpn/x86/p6/aors_n.asm +index df51c2e..ab172df 100644 +--- a/mpn/x86/p6/aors_n.asm ++++ b/mpn/x86/p6/aors_n.asm +@@ -90,7 +90,7 @@ L(here): + ') + + shr %edx C set cy flag +- jmp *%eax ++ X86_NOTRACK jmp *%eax + + ifdef(`PIC',` + L(pic_calc): +@@ -154,3 +154,4 @@ PROLOGUE(func_nc) + movl 20(%esp), %edx + jmp L(start) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/aorsmul_1.asm b/mpn/x86/p6/aorsmul_1.asm +index bc8c49c..2a3b122 100644 +--- a/mpn/x86/p6/aorsmul_1.asm ++++ b/mpn/x86/p6/aorsmul_1.asm +@@ -240,7 +240,7 @@ L(here): + cmovnz( %ebx, %ecx) C high,low carry other way around + cmovnz( %eax, %ebx) + +- jmp *%edx ++ X86_NOTRACK jmp *%edx + + + ifdef(`PIC',` +@@ -318,3 +318,4 @@ deflit(`disp0', eval(UNROLL_BYTES ifelse(UNROLL_BYTES,256,-128))) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/copyd.asm b/mpn/x86/p6/copyd.asm +index 1be7636..bd42da1 100644 +--- a/mpn/x86/p6/copyd.asm ++++ b/mpn/x86/p6/copyd.asm +@@ -176,3 +176,4 @@ L(zero): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/gcd_11.asm b/mpn/x86/p6/gcd_11.asm +index 80e055e..a7fc6a8 100644 +--- a/mpn/x86/p6/gcd_11.asm ++++ b/mpn/x86/p6/gcd_11.asm +@@ -81,3 +81,4 @@ L(end): mov %edx, %eax + pop %edi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/lshsub_n.asm b/mpn/x86/p6/lshsub_n.asm +index 7ada213..17db5d5 100644 +--- a/mpn/x86/p6/lshsub_n.asm ++++ b/mpn/x86/p6/lshsub_n.asm +@@ -82,7 +82,7 @@ L(here): + pxor %mm1, %mm1 + pxor %mm0, %mm0 + +- jmp *%eax ++ X86_NOTRACK jmp *%eax + + ifdef(`PIC',` + L(pic_calc): +@@ -167,3 +167,4 @@ L(ent): mov 0(up,n,4), %eax + jmp L(top) + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/mmx/divrem_1.asm b/mpn/x86/p6/mmx/divrem_1.asm +index 5300616..b6057dd 100644 +--- a/mpn/x86/p6/mmx/divrem_1.asm ++++ b/mpn/x86/p6/mmx/divrem_1.asm +@@ -765,3 +765,4 @@ L(fraction_top): + jmp L(fraction_done) + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/mod_34lsub1.asm b/mpn/x86/p6/mod_34lsub1.asm +index b88ab5d..46b3806 100644 +--- a/mpn/x86/p6/mod_34lsub1.asm ++++ b/mpn/x86/p6/mod_34lsub1.asm +@@ -188,3 +188,4 @@ L(done_0): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/mul_basecase.asm b/mpn/x86/p6/mul_basecase.asm +index d87bc12..521b31e 100644 +--- a/mpn/x86/p6/mul_basecase.asm ++++ b/mpn/x86/p6/mul_basecase.asm +@@ -524,7 +524,7 @@ L(unroll_outer_entry): + xorl %eax, %ebx C carries other way for odd index + xorl %eax, %ecx + +- jmp *%edx ++ X86_NOTRACK jmp *%edx + + + C ----------------------------------------------------------------------------- +@@ -605,3 +605,4 @@ deflit(`disp1', eval(disp0 + 4)) + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/p6/sqr_basecase.asm b/mpn/x86/p6/sqr_basecase.asm +index 8fc7fdf..f71304f 100644 +--- a/mpn/x86/p6/sqr_basecase.asm ++++ b/mpn/x86/p6/sqr_basecase.asm +@@ -447,7 +447,7 @@ define(cmovX,`ifelse(eval(UNROLL_COUNT%2),1,`cmovz($@)',`cmovnz($@)')') + cmovX( %ebx, %ecx) C high carry reverse + cmovX( %eax, %ebx) C low carry reverse + movl %edx, VAR_JMP +- jmp *%edx ++ X86_NOTRACK jmp *%edx + + + C Must be on an even address here so the low bit of the jump address +@@ -647,3 +647,4 @@ L(pic_calc): + + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/aors_n.asm b/mpn/x86/pentium/aors_n.asm +index 01ebfb9..ca124a5 100644 +--- a/mpn/x86/pentium/aors_n.asm ++++ b/mpn/x86/pentium/aors_n.asm +@@ -201,3 +201,4 @@ L(end2): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/aorsmul_1.asm b/mpn/x86/pentium/aorsmul_1.asm +index d83cc45..5cec8b3 100644 +--- a/mpn/x86/pentium/aorsmul_1.asm ++++ b/mpn/x86/pentium/aorsmul_1.asm +@@ -142,3 +142,4 @@ L(top): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/com.asm b/mpn/x86/pentium/com.asm +index b080545..00064ff 100644 +--- a/mpn/x86/pentium/com.asm ++++ b/mpn/x86/pentium/com.asm +@@ -179,3 +179,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/copyd.asm b/mpn/x86/pentium/copyd.asm +index 72a543b..c7f74b5 100644 +--- a/mpn/x86/pentium/copyd.asm ++++ b/mpn/x86/pentium/copyd.asm +@@ -144,3 +144,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/copyi.asm b/mpn/x86/pentium/copyi.asm +index d983d6b..bc7744e 100644 +--- a/mpn/x86/pentium/copyi.asm ++++ b/mpn/x86/pentium/copyi.asm +@@ -162,3 +162,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/logops_n.asm b/mpn/x86/pentium/logops_n.asm +index 1877317..41a9477 100644 +--- a/mpn/x86/pentium/logops_n.asm ++++ b/mpn/x86/pentium/logops_n.asm +@@ -174,3 +174,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/lshift.asm b/mpn/x86/pentium/lshift.asm +index 2a31f36..68cba52 100644 +--- a/mpn/x86/pentium/lshift.asm ++++ b/mpn/x86/pentium/lshift.asm +@@ -241,3 +241,4 @@ L(L1): movl %edx,(%edi) C store last limb + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mmx/lshift.asm b/mpn/x86/pentium/mmx/lshift.asm +index 04b0ddc..9e18c86 100644 +--- a/mpn/x86/pentium/mmx/lshift.asm ++++ b/mpn/x86/pentium/mmx/lshift.asm +@@ -461,3 +461,4 @@ L(finish_zero_unaligned): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mmx/mul_1.asm b/mpn/x86/pentium/mmx/mul_1.asm +index 4ced577..b04a718 100644 +--- a/mpn/x86/pentium/mmx/mul_1.asm ++++ b/mpn/x86/pentium/mmx/mul_1.asm +@@ -369,3 +369,4 @@ L(small_done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mmx/rshift.asm b/mpn/x86/pentium/mmx/rshift.asm +index e3b274b..5493d20 100644 +--- a/mpn/x86/pentium/mmx/rshift.asm ++++ b/mpn/x86/pentium/mmx/rshift.asm +@@ -466,3 +466,4 @@ L(finish_zero_unaligned): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mod_34lsub1.asm b/mpn/x86/pentium/mod_34lsub1.asm +index 2d88223..0945de8 100644 +--- a/mpn/x86/pentium/mod_34lsub1.asm ++++ b/mpn/x86/pentium/mod_34lsub1.asm +@@ -190,3 +190,4 @@ L(combine): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mul_1.asm b/mpn/x86/pentium/mul_1.asm +index a0858af..2c49130 100644 +--- a/mpn/x86/pentium/mul_1.asm ++++ b/mpn/x86/pentium/mul_1.asm +@@ -175,3 +175,4 @@ L(top): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mul_2.asm b/mpn/x86/pentium/mul_2.asm +index 4c7beb5..e94e071 100644 +--- a/mpn/x86/pentium/mul_2.asm ++++ b/mpn/x86/pentium/mul_2.asm +@@ -148,3 +148,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/mul_basecase.asm b/mpn/x86/pentium/mul_basecase.asm +index e1d0f05..ff269bb 100644 +--- a/mpn/x86/pentium/mul_basecase.asm ++++ b/mpn/x86/pentium/mul_basecase.asm +@@ -140,3 +140,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/rshift.asm b/mpn/x86/pentium/rshift.asm +index 2105c4c..d98080d 100644 +--- a/mpn/x86/pentium/rshift.asm ++++ b/mpn/x86/pentium/rshift.asm +@@ -241,3 +241,4 @@ L(L1): movl %edx,(%edi) C store last limb + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium/sqr_basecase.asm b/mpn/x86/pentium/sqr_basecase.asm +index b11d767..ee64eb3 100644 +--- a/mpn/x86/pentium/sqr_basecase.asm ++++ b/mpn/x86/pentium/sqr_basecase.asm +@@ -526,3 +526,4 @@ L(diag): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/copyd.asm b/mpn/x86/pentium4/copyd.asm +index 82af81c..bf06a05 100644 +--- a/mpn/x86/pentium4/copyd.asm ++++ b/mpn/x86/pentium4/copyd.asm +@@ -69,3 +69,4 @@ L(end): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/copyi.asm b/mpn/x86/pentium4/copyi.asm +index b614887..acbb3f4 100644 +--- a/mpn/x86/pentium4/copyi.asm ++++ b/mpn/x86/pentium4/copyi.asm +@@ -91,3 +91,4 @@ L(replmovs): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/mmx/popham.asm b/mpn/x86/pentium4/mmx/popham.asm +index 9563cb5..f7a6124 100644 +--- a/mpn/x86/pentium4/mmx/popham.asm ++++ b/mpn/x86/pentium4/mmx/popham.asm +@@ -201,3 +201,4 @@ L(loaded): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/add_n.asm b/mpn/x86/pentium4/sse2/add_n.asm +index 8e2380e..e329635 100644 +--- a/mpn/x86/pentium4/sse2/add_n.asm ++++ b/mpn/x86/pentium4/sse2/add_n.asm +@@ -99,3 +99,4 @@ L(top): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/addlsh1_n.asm b/mpn/x86/pentium4/sse2/addlsh1_n.asm +index 93b63b2..e801f7b 100644 +--- a/mpn/x86/pentium4/sse2/addlsh1_n.asm ++++ b/mpn/x86/pentium4/sse2/addlsh1_n.asm +@@ -106,3 +106,4 @@ L(top): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/addmul_1.asm b/mpn/x86/pentium4/sse2/addmul_1.asm +index 7810207..62a7675 100644 +--- a/mpn/x86/pentium4/sse2/addmul_1.asm ++++ b/mpn/x86/pentium4/sse2/addmul_1.asm +@@ -187,3 +187,4 @@ PROLOGUE(mpn_addmul_1c) + movd 20(%esp), %mm6 + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/cnd_add_n.asm b/mpn/x86/pentium4/sse2/cnd_add_n.asm +index b3f3474..7183b94 100644 +--- a/mpn/x86/pentium4/sse2/cnd_add_n.asm ++++ b/mpn/x86/pentium4/sse2/cnd_add_n.asm +@@ -93,3 +93,4 @@ L(top): movd (%ebx,%ecx,4), %mm2 + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/cnd_sub_n.asm b/mpn/x86/pentium4/sse2/cnd_sub_n.asm +index 339a23e..ba0fc47 100644 +--- a/mpn/x86/pentium4/sse2/cnd_sub_n.asm ++++ b/mpn/x86/pentium4/sse2/cnd_sub_n.asm +@@ -112,3 +112,4 @@ L(done_mm1): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/divrem_1.asm b/mpn/x86/pentium4/sse2/divrem_1.asm +index 0146fab..d8619e0 100644 +--- a/mpn/x86/pentium4/sse2/divrem_1.asm ++++ b/mpn/x86/pentium4/sse2/divrem_1.asm +@@ -643,3 +643,4 @@ L(fraction_top): + jmp L(fraction_done) + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/mod_1_1.asm b/mpn/x86/pentium4/sse2/mod_1_1.asm +index ee88bab..2e5a514 100644 +--- a/mpn/x86/pentium4/sse2/mod_1_1.asm ++++ b/mpn/x86/pentium4/sse2/mod_1_1.asm +@@ -164,3 +164,4 @@ C CAUTION: This is the same code as in k7/mod_1_1.asm + pop %ebp + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/mod_1_4.asm b/mpn/x86/pentium4/sse2/mod_1_4.asm +index eb2edb6..5ef3c4a 100644 +--- a/mpn/x86/pentium4/sse2/mod_1_4.asm ++++ b/mpn/x86/pentium4/sse2/mod_1_4.asm +@@ -267,3 +267,4 @@ C CAUTION: This is the same code as in k7/mod_1_4.asm + pop %ebp + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/mod_34lsub1.asm b/mpn/x86/pentium4/sse2/mod_34lsub1.asm +index 31e25b7..5b6b9a7 100644 +--- a/mpn/x86/pentium4/sse2/mod_34lsub1.asm ++++ b/mpn/x86/pentium4/sse2/mod_34lsub1.asm +@@ -173,3 +173,4 @@ L(combine): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/mul_1.asm b/mpn/x86/pentium4/sse2/mul_1.asm +index 6347b8b..9e4f3fc 100644 +--- a/mpn/x86/pentium4/sse2/mul_1.asm ++++ b/mpn/x86/pentium4/sse2/mul_1.asm +@@ -162,3 +162,4 @@ PROLOGUE(mpn_mul_1c) + movd 20(%esp), %mm6 + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/mul_basecase.asm b/mpn/x86/pentium4/sse2/mul_basecase.asm +index 6e3775a..0bad756 100644 +--- a/mpn/x86/pentium4/sse2/mul_basecase.asm ++++ b/mpn/x86/pentium4/sse2/mul_basecase.asm +@@ -660,3 +660,4 @@ L(oel3): + pop %esi C 3 + ret C 3 + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/rsh1add_n.asm b/mpn/x86/pentium4/sse2/rsh1add_n.asm +index f421d13..543a637 100644 +--- a/mpn/x86/pentium4/sse2/rsh1add_n.asm ++++ b/mpn/x86/pentium4/sse2/rsh1add_n.asm +@@ -124,3 +124,4 @@ L(done): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/sqr_basecase.asm b/mpn/x86/pentium4/sse2/sqr_basecase.asm +index 2dd57d2..9695d42 100644 +--- a/mpn/x86/pentium4/sse2/sqr_basecase.asm ++++ b/mpn/x86/pentium4/sse2/sqr_basecase.asm +@@ -703,3 +703,4 @@ L(diag): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/sub_n.asm b/mpn/x86/pentium4/sse2/sub_n.asm +index 5ba1c01..2cd5b22 100644 +--- a/mpn/x86/pentium4/sse2/sub_n.asm ++++ b/mpn/x86/pentium4/sse2/sub_n.asm +@@ -117,3 +117,4 @@ L(done_mm1): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/pentium4/sse2/submul_1.asm b/mpn/x86/pentium4/sse2/submul_1.asm +index 020675b..1172f0a 100644 +--- a/mpn/x86/pentium4/sse2/submul_1.asm ++++ b/mpn/x86/pentium4/sse2/submul_1.asm +@@ -180,3 +180,4 @@ L(eod): paddq %mm6, %mm4 C add 0xFFFFFFFE00000001 + movd %mm0, 8(%edx) C result + jmp L(rt) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/rshift.asm b/mpn/x86/rshift.asm +index a60dcaa..1cedc0d 100644 +--- a/mpn/x86/rshift.asm ++++ b/mpn/x86/rshift.asm +@@ -106,3 +106,4 @@ L(end): shrl %cl,%ebx C compute most significant limb + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/sec_tabselect.asm b/mpn/x86/sec_tabselect.asm +index c7c2e05..3a8fa17 100644 +--- a/mpn/x86/sec_tabselect.asm ++++ b/mpn/x86/sec_tabselect.asm +@@ -113,3 +113,4 @@ L(outer_end): + pop %edi + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/sqr_basecase.asm b/mpn/x86/sqr_basecase.asm +index 39f8a89..3414b05 100644 +--- a/mpn/x86/sqr_basecase.asm ++++ b/mpn/x86/sqr_basecase.asm +@@ -357,3 +357,4 @@ L(diag): + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/udiv.asm b/mpn/x86/udiv.asm +index a3ee088..2531ef7 100644 +--- a/mpn/x86/udiv.asm ++++ b/mpn/x86/udiv.asm +@@ -50,3 +50,4 @@ deflit(`FRAME',0) + movl %edx, (%ecx) + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/umul.asm b/mpn/x86/umul.asm +index 34fe434..5c1da35 100644 +--- a/mpn/x86/umul.asm ++++ b/mpn/x86/umul.asm +@@ -49,3 +49,4 @@ deflit(`FRAME',0) + movl %edx, %eax + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86/x86-defs.m4 b/mpn/x86/x86-defs.m4 +index 81309b2..b3520d2 100644 +--- a/mpn/x86/x86-defs.m4 ++++ b/mpn/x86/x86-defs.m4 +@@ -123,6 +123,7 @@ m4_assert_defined(`WANT_PROFILING') + TYPE($1,`function') + COFF_TYPE($1) + $1: ++ X86_ENDBR + ifelse(WANT_PROFILING,`prof', ` call_mcount') + ifelse(WANT_PROFILING,`gprof', ` call_mcount') + ifelse(WANT_PROFILING,`instrument',` call_instrument(enter)') +@@ -992,7 +993,11 @@ L(movl_eip_`'substr($2,1)): + + dnl ASM_END + +-define(`ASM_END',`load_eip') ++define(`ASM_END', ++`load_eip ++X86_GNU_PROPERTY ++') ++ + + define(`load_eip', `') dnl updated in LEA/LEAL + +diff --git a/mpn/x86_64/addaddmul_1msb0.asm b/mpn/x86_64/addaddmul_1msb0.asm +index 87c21b4..2d03ddb 100644 +--- a/mpn/x86_64/addaddmul_1msb0.asm ++++ b/mpn/x86_64/addaddmul_1msb0.asm +@@ -168,3 +168,4 @@ L(end): cmp $1, R32(n) + pop %r12 + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aorrlsh1_n.asm b/mpn/x86_64/aorrlsh1_n.asm +index 6ee0872..1441a6c 100644 +--- a/mpn/x86_64/aorrlsh1_n.asm ++++ b/mpn/x86_64/aorrlsh1_n.asm +@@ -168,3 +168,4 @@ ifdef(`OPERATION_rsblsh1_n',` + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aorrlshC_n.asm b/mpn/x86_64/aorrlshC_n.asm +index de00154..691abde 100644 +--- a/mpn/x86_64/aorrlshC_n.asm ++++ b/mpn/x86_64/aorrlshC_n.asm +@@ -170,3 +170,4 @@ ifelse(ADDSUB,add,` + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aorrlsh_n.asm b/mpn/x86_64/aorrlsh_n.asm +index 5ca128f..57f0e77 100644 +--- a/mpn/x86_64/aorrlsh_n.asm ++++ b/mpn/x86_64/aorrlsh_n.asm +@@ -174,3 +174,4 @@ L(end): add R32(%rbx), R32(%rbx) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aors_err1_n.asm b/mpn/x86_64/aors_err1_n.asm +index 54d0b3f..8c42ea1 100644 +--- a/mpn/x86_64/aors_err1_n.asm ++++ b/mpn/x86_64/aors_err1_n.asm +@@ -223,3 +223,4 @@ L(end): + pop %rbx + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aors_err2_n.asm b/mpn/x86_64/aors_err2_n.asm +index ce5c2a4..0227e5d 100644 +--- a/mpn/x86_64/aors_err2_n.asm ++++ b/mpn/x86_64/aors_err2_n.asm +@@ -170,3 +170,4 @@ L(end): + pop %rbx + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aors_err3_n.asm b/mpn/x86_64/aors_err3_n.asm +index bb6d0c5..37047db 100644 +--- a/mpn/x86_64/aors_err3_n.asm ++++ b/mpn/x86_64/aors_err3_n.asm +@@ -154,3 +154,4 @@ L(end): + pop %rbx + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aors_n.asm b/mpn/x86_64/aors_n.asm +index d5a314a..b516c4d 100644 +--- a/mpn/x86_64/aors_n.asm ++++ b/mpn/x86_64/aors_n.asm +@@ -176,3 +176,4 @@ L(end): lea 32(up), up + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/aorsmul_1.asm b/mpn/x86_64/aorsmul_1.asm +index dfe4dc4..e3bb2f9 100644 +--- a/mpn/x86_64/aorsmul_1.asm ++++ b/mpn/x86_64/aorsmul_1.asm +@@ -188,3 +188,4 @@ IFDOS(``pop %rdi '') + IFDOS(``pop %rsi '') + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/addmul_2.asm b/mpn/x86_64/atom/addmul_2.asm +index c1dcdc4..c1d9451 100644 +--- a/mpn/x86_64/atom/addmul_2.asm ++++ b/mpn/x86_64/atom/addmul_2.asm +@@ -184,3 +184,4 @@ L(end): mul v1 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/aorrlsh1_n.asm b/mpn/x86_64/atom/aorrlsh1_n.asm +index f44de19..693a302 100644 +--- a/mpn/x86_64/atom/aorrlsh1_n.asm ++++ b/mpn/x86_64/atom/aorrlsh1_n.asm +@@ -236,3 +236,4 @@ IFDOS(` mov 56(%rsp), %r8 ') + sbb R32(%rbp), R32(%rbp) C save acy + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/aorrlsh2_n.asm b/mpn/x86_64/atom/aorrlsh2_n.asm +index 02fb29d..c6ded74 100644 +--- a/mpn/x86_64/atom/aorrlsh2_n.asm ++++ b/mpn/x86_64/atom/aorrlsh2_n.asm +@@ -189,3 +189,4 @@ ifdef(`OPERATION_rsblsh2_n',` + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/lshift.asm b/mpn/x86_64/atom/lshift.asm +index 1b37d5d..894b912 100644 +--- a/mpn/x86_64/atom/lshift.asm ++++ b/mpn/x86_64/atom/lshift.asm +@@ -121,3 +121,4 @@ L(end): shl R8(%rcx), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/lshiftc.asm b/mpn/x86_64/atom/lshiftc.asm +index 7385f8f..40d8fff 100644 +--- a/mpn/x86_64/atom/lshiftc.asm ++++ b/mpn/x86_64/atom/lshiftc.asm +@@ -125,3 +125,4 @@ L(end): shl R8(%rcx), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/mul_2.asm b/mpn/x86_64/atom/mul_2.asm +index 4bc22cd..87414d9 100644 +--- a/mpn/x86_64/atom/mul_2.asm ++++ b/mpn/x86_64/atom/mul_2.asm +@@ -188,3 +188,4 @@ L(end): mul v1 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/rsh1aors_n.asm b/mpn/x86_64/atom/rsh1aors_n.asm +index 6f5f638..f3952c0 100644 +--- a/mpn/x86_64/atom/rsh1aors_n.asm ++++ b/mpn/x86_64/atom/rsh1aors_n.asm +@@ -285,3 +285,4 @@ L(cj1): pop %r15 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/rshift.asm b/mpn/x86_64/atom/rshift.asm +index 29c027d..f4c59e1 100644 +--- a/mpn/x86_64/atom/rshift.asm ++++ b/mpn/x86_64/atom/rshift.asm +@@ -119,3 +119,4 @@ L(end): shr R8(cnt), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/atom/sublsh1_n.asm b/mpn/x86_64/atom/sublsh1_n.asm +index 1306acd..762e1ee 100644 +--- a/mpn/x86_64/atom/sublsh1_n.asm ++++ b/mpn/x86_64/atom/sublsh1_n.asm +@@ -240,3 +240,4 @@ IFDOS(` mov 56(%rsp), %r8 ') + sbb R32(%rbp), R32(%rbp) C save acy + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bd1/addmul_2.asm b/mpn/x86_64/bd1/addmul_2.asm +index b54e91a..b1c149b 100644 +--- a/mpn/x86_64/bd1/addmul_2.asm ++++ b/mpn/x86_64/bd1/addmul_2.asm +@@ -233,3 +233,4 @@ L(end): mul v0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bd1/hamdist.asm b/mpn/x86_64/bd1/hamdist.asm +index 29e78a3..f93ce4d 100644 +--- a/mpn/x86_64/bd1/hamdist.asm ++++ b/mpn/x86_64/bd1/hamdist.asm +@@ -204,3 +204,4 @@ DEF_OBJECT(L(cnsts),16,`JUMPTABSECT') + .byte 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f + END_OBJECT(L(cnsts)) + ') ++ASM_END() +diff --git a/mpn/x86_64/bd1/mul_2.asm b/mpn/x86_64/bd1/mul_2.asm +index 85fa7aa..e910cee 100644 +--- a/mpn/x86_64/bd1/mul_2.asm ++++ b/mpn/x86_64/bd1/mul_2.asm +@@ -193,3 +193,4 @@ L(end): mov -8(up), %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bd1/mul_basecase.asm b/mpn/x86_64/bd1/mul_basecase.asm +index e47ba58..ebae74d 100644 +--- a/mpn/x86_64/bd1/mul_basecase.asm ++++ b/mpn/x86_64/bd1/mul_basecase.asm +@@ -414,3 +414,4 @@ L(ret2):pop %rbp + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bd1/popcount.asm b/mpn/x86_64/bd1/popcount.asm +index 28ce461..063c2cc 100644 +--- a/mpn/x86_64/bd1/popcount.asm ++++ b/mpn/x86_64/bd1/popcount.asm +@@ -189,3 +189,4 @@ DEF_OBJECT(L(cnsts),16,`JUMPTABSECT') + .byte 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f + END_OBJECT(L(cnsts)) + ') ++ASM_END() +diff --git a/mpn/x86_64/bd2/gcd_11.asm b/mpn/x86_64/bd2/gcd_11.asm +index b167077..3d1c788 100644 +--- a/mpn/x86_64/bd2/gcd_11.asm ++++ b/mpn/x86_64/bd2/gcd_11.asm +@@ -94,3 +94,4 @@ L(end): mov v0, %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bd2/gcd_22.asm b/mpn/x86_64/bd2/gcd_22.asm +index 070cb3e..491f0d9 100644 +--- a/mpn/x86_64/bd2/gcd_22.asm ++++ b/mpn/x86_64/bd2/gcd_22.asm +@@ -140,3 +140,4 @@ L(end): C mov v0, %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bd4/gcd_11.asm b/mpn/x86_64/bd4/gcd_11.asm +index 4176b85..d172e32 100644 +--- a/mpn/x86_64/bd4/gcd_11.asm ++++ b/mpn/x86_64/bd4/gcd_11.asm +@@ -94,3 +94,4 @@ L(end): C rax = result + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bdiv_dbm1c.asm b/mpn/x86_64/bdiv_dbm1c.asm +index a53bd52..c383ee3 100644 +--- a/mpn/x86_64/bdiv_dbm1c.asm ++++ b/mpn/x86_64/bdiv_dbm1c.asm +@@ -104,3 +104,4 @@ L(lo1): sub %rax, %r8 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bdiv_q_1.asm b/mpn/x86_64/bdiv_q_1.asm +index 85538c9..c983c7f 100644 +--- a/mpn/x86_64/bdiv_q_1.asm ++++ b/mpn/x86_64/bdiv_q_1.asm +@@ -193,3 +193,4 @@ L(one): shr R8(%rcx), %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/aors_n.asm b/mpn/x86_64/bt1/aors_n.asm +index 9b6b5c7..04d81dd 100644 +--- a/mpn/x86_64/bt1/aors_n.asm ++++ b/mpn/x86_64/bt1/aors_n.asm +@@ -157,3 +157,4 @@ PROLOGUE(func_nc) + IFDOS(` mov 56(%rsp), %r8 ') + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/aorsmul_1.asm b/mpn/x86_64/bt1/aorsmul_1.asm +index 41e1d8a..d309321 100644 +--- a/mpn/x86_64/bt1/aorsmul_1.asm ++++ b/mpn/x86_64/bt1/aorsmul_1.asm +@@ -189,3 +189,4 @@ IFDOS(` pop %rdi ') + IFDOS(` pop %rsi ') + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/copyd.asm b/mpn/x86_64/bt1/copyd.asm +index 877714e..23fb80b 100644 +--- a/mpn/x86_64/bt1/copyd.asm ++++ b/mpn/x86_64/bt1/copyd.asm +@@ -89,3 +89,4 @@ L(end): cmp $-4, R32(n) + L(ret): FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/copyi.asm b/mpn/x86_64/bt1/copyi.asm +index ee0f578..25718e6 100644 +--- a/mpn/x86_64/bt1/copyi.asm ++++ b/mpn/x86_64/bt1/copyi.asm +@@ -92,3 +92,4 @@ L(end): cmp $4, R32(n) + L(ret): FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/gcd_11.asm b/mpn/x86_64/bt1/gcd_11.asm +index ef53392..03bc06d 100644 +--- a/mpn/x86_64/bt1/gcd_11.asm ++++ b/mpn/x86_64/bt1/gcd_11.asm +@@ -117,3 +117,4 @@ L(count_better): + bsf u0, cnt + jmp L(shr) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/mul_1.asm b/mpn/x86_64/bt1/mul_1.asm +index 4394d6e..634cb35 100644 +--- a/mpn/x86_64/bt1/mul_1.asm ++++ b/mpn/x86_64/bt1/mul_1.asm +@@ -239,3 +239,4 @@ IFDOS(` pop %rdi ') + IFDOS(` pop %rsi ') + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/mul_basecase.asm b/mpn/x86_64/bt1/mul_basecase.asm +index e7d46bf..1726190 100644 +--- a/mpn/x86_64/bt1/mul_basecase.asm ++++ b/mpn/x86_64/bt1/mul_basecase.asm +@@ -484,3 +484,4 @@ L(ret): pop %r13 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/bt1/sqr_basecase.asm b/mpn/x86_64/bt1/sqr_basecase.asm +index 0e417a1..8f665d1 100644 +--- a/mpn/x86_64/bt1/sqr_basecase.asm ++++ b/mpn/x86_64/bt1/sqr_basecase.asm +@@ -563,3 +563,4 @@ L(esd): add %rbx, w0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/cnd_aors_n.asm b/mpn/x86_64/cnd_aors_n.asm +index 13a2ab3..b720ecb 100644 +--- a/mpn/x86_64/cnd_aors_n.asm ++++ b/mpn/x86_64/cnd_aors_n.asm +@@ -181,3 +181,4 @@ L(end): neg R32(%rax) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/com.asm b/mpn/x86_64/com.asm +index 006acaf..ec72e19 100644 +--- a/mpn/x86_64/com.asm ++++ b/mpn/x86_64/com.asm +@@ -93,3 +93,4 @@ L(e10): movq 24(up,n,8), %r9 + L(ret): FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/copyd.asm b/mpn/x86_64/copyd.asm +index a5e6e59..02ab53f 100644 +--- a/mpn/x86_64/copyd.asm ++++ b/mpn/x86_64/copyd.asm +@@ -91,3 +91,4 @@ L(end): shr R32(n) + mov %r9, -16(rp) + 1: ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/copyi.asm b/mpn/x86_64/copyi.asm +index bafce7a..8c6dbdc 100644 +--- a/mpn/x86_64/copyi.asm ++++ b/mpn/x86_64/copyi.asm +@@ -90,3 +90,4 @@ L(end): shr R32(n) + mov %r9, 16(rp) + 1: ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/aors_err1_n.asm b/mpn/x86_64/core2/aors_err1_n.asm +index 3f875ae..c9c6c36 100644 +--- a/mpn/x86_64/core2/aors_err1_n.asm ++++ b/mpn/x86_64/core2/aors_err1_n.asm +@@ -223,3 +223,4 @@ L(end): + pop %rbx + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/aors_n.asm b/mpn/x86_64/core2/aors_n.asm +index f9e0039..7981b7f 100644 +--- a/mpn/x86_64/core2/aors_n.asm ++++ b/mpn/x86_64/core2/aors_n.asm +@@ -148,3 +148,4 @@ PROLOGUE(func_nc) + IFDOS(` mov 56(%rsp), %r8 ') + jmp L(start) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/aorsmul_1.asm b/mpn/x86_64/core2/aorsmul_1.asm +index a7a5d6e..b2b067a 100644 +--- a/mpn/x86_64/core2/aorsmul_1.asm ++++ b/mpn/x86_64/core2/aorsmul_1.asm +@@ -186,3 +186,4 @@ L(n1): mov 8(rp), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/divrem_1.asm b/mpn/x86_64/core2/divrem_1.asm +index 1b3f139..d41c494 100644 +--- a/mpn/x86_64/core2/divrem_1.asm ++++ b/mpn/x86_64/core2/divrem_1.asm +@@ -241,3 +241,4 @@ L(ret): pop %rbx + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/gcd_11.asm b/mpn/x86_64/core2/gcd_11.asm +index b00451f..b730a55 100644 +--- a/mpn/x86_64/core2/gcd_11.asm ++++ b/mpn/x86_64/core2/gcd_11.asm +@@ -91,3 +91,4 @@ L(end): C rax = result + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/gcd_22.asm b/mpn/x86_64/core2/gcd_22.asm +index b5aa73b..0ccde8a 100644 +--- a/mpn/x86_64/core2/gcd_22.asm ++++ b/mpn/x86_64/core2/gcd_22.asm +@@ -135,3 +135,4 @@ L(end): C mov v0, %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/hamdist.asm b/mpn/x86_64/core2/hamdist.asm +index a78753d..be451d7 100644 +--- a/mpn/x86_64/core2/hamdist.asm ++++ b/mpn/x86_64/core2/hamdist.asm +@@ -208,3 +208,4 @@ DEF_OBJECT(L(cnsts),16,`JUMPTABSECT') + .byte 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f + .byte 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f + END_OBJECT(L(cnsts)) ++ASM_END() +diff --git a/mpn/x86_64/core2/logops_n.asm b/mpn/x86_64/core2/logops_n.asm +index 5ff174c..451d556 100644 +--- a/mpn/x86_64/core2/logops_n.asm ++++ b/mpn/x86_64/core2/logops_n.asm +@@ -283,3 +283,4 @@ L(ret): FUNC_EXIT() + ret + EPILOGUE() + ') ++ASM_END() +diff --git a/mpn/x86_64/core2/lshift.asm b/mpn/x86_64/core2/lshift.asm +index 9016a71..62053c2 100644 +--- a/mpn/x86_64/core2/lshift.asm ++++ b/mpn/x86_64/core2/lshift.asm +@@ -143,3 +143,4 @@ L(1): shl R8(cnt), %r9 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/lshiftc.asm b/mpn/x86_64/core2/lshiftc.asm +index c428f13..cdd4e11 100644 +--- a/mpn/x86_64/core2/lshiftc.asm ++++ b/mpn/x86_64/core2/lshiftc.asm +@@ -157,3 +157,4 @@ L(1): shl R8(cnt), %r9 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/mul_basecase.asm b/mpn/x86_64/core2/mul_basecase.asm +index d16be85..0dcf0f8 100644 +--- a/mpn/x86_64/core2/mul_basecase.asm ++++ b/mpn/x86_64/core2/mul_basecase.asm +@@ -347,6 +347,7 @@ L(m2e0):mul v1 + jz L(ret2) + + L(do_am0): ++ X86_ENDBR + push %r15 + push vn_param + +@@ -520,6 +521,7 @@ L(m2e1):mul v1 + jz L(ret2) + + L(do_am1): ++ X86_ENDBR + push %r15 + push vn_param + +@@ -693,6 +695,7 @@ L(m2e2):mul v1 + jz L(ret2) + + L(do_am2): ++ X86_ENDBR + push %r15 + push vn_param + +@@ -866,6 +869,7 @@ L(m2e3):mul v1 + jz L(ret2) + + L(do_am3): ++ X86_ENDBR + push %r15 + push vn_param + +@@ -973,3 +977,4 @@ L(lo3): mul v0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/mullo_basecase.asm b/mpn/x86_64/core2/mullo_basecase.asm +index 0f03d86..11814d5 100644 +--- a/mpn/x86_64/core2/mullo_basecase.asm ++++ b/mpn/x86_64/core2/mullo_basecase.asm +@@ -425,3 +425,4 @@ L(n3): mov (vp_param), %r9 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/popcount.asm b/mpn/x86_64/core2/popcount.asm +index 39d8c5d..5e03ef3 100644 +--- a/mpn/x86_64/core2/popcount.asm ++++ b/mpn/x86_64/core2/popcount.asm +@@ -183,3 +183,4 @@ DEF_OBJECT(L(cnsts),16,`JUMPTABSECT') + .byte 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f + .byte 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f + END_OBJECT(L(cnsts)) ++ASM_END() +diff --git a/mpn/x86_64/core2/rsh1aors_n.asm b/mpn/x86_64/core2/rsh1aors_n.asm +index 27eed37..5b4fe7e 100644 +--- a/mpn/x86_64/core2/rsh1aors_n.asm ++++ b/mpn/x86_64/core2/rsh1aors_n.asm +@@ -167,3 +167,4 @@ L(end): shrd $1, %rbx, %rbp + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/rshift.asm b/mpn/x86_64/core2/rshift.asm +index 7578a53..86cc804 100644 +--- a/mpn/x86_64/core2/rshift.asm ++++ b/mpn/x86_64/core2/rshift.asm +@@ -141,3 +141,4 @@ L(1): shr R8(cnt), %r9 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/sqr_basecase.asm b/mpn/x86_64/core2/sqr_basecase.asm +index a112c1b..65286b0 100644 +--- a/mpn/x86_64/core2/sqr_basecase.asm ++++ b/mpn/x86_64/core2/sqr_basecase.asm +@@ -982,3 +982,4 @@ L(n3): mov %rax, %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/core2/sublshC_n.asm b/mpn/x86_64/core2/sublshC_n.asm +index 272700d..e30562b 100644 +--- a/mpn/x86_64/core2/sublshC_n.asm ++++ b/mpn/x86_64/core2/sublshC_n.asm +@@ -156,3 +156,4 @@ L(end): shr $RSH, %r11 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreibwl/addmul_1.asm b/mpn/x86_64/coreibwl/addmul_1.asm +index ee7e4ee..4ea5580 100644 +--- a/mpn/x86_64/coreibwl/addmul_1.asm ++++ b/mpn/x86_64/coreibwl/addmul_1.asm +@@ -110,33 +110,39 @@ L(tab): JMPENT( L(f0), L(tab)) + JMPENT( L(f7), L(tab)) + TEXT + +-L(f0): mulx( (up), %r10, %r8) ++L(f0): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea -8(up), up + lea -8(rp), rp + lea -1(n), n + jmp L(b0) + +-L(f3): mulx( (up), %r9, %rax) ++L(f3): X86_ENDBR ++ mulx( (up), %r9, %rax) + lea 16(up), up + lea -48(rp), rp + jmp L(b3) + +-L(f4): mulx( (up), %r10, %r8) ++L(f4): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 24(up), up + lea -40(rp), rp + jmp L(b4) + +-L(f5): mulx( (up), %r9, %rax) ++L(f5): X86_ENDBR ++ mulx( (up), %r9, %rax) + lea 32(up), up + lea -32(rp), rp + jmp L(b5) + +-L(f6): mulx( (up), %r10, %r8) ++L(f6): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 40(up), up + lea -24(rp), rp + jmp L(b6) + +-L(f1): mulx( (up), %r9, %rax) ++L(f1): X86_ENDBR ++ mulx( (up), %r9, %rax) + jrcxz L(1) + jmp L(b1) + L(1): add (rp), %r9 +@@ -156,7 +162,8 @@ ifdef(`PIC', + ` nop;nop;nop;nop', + ` nop;nop;nop;nop;nop;nop;nop;nop;nop;nop;nop') + +-L(f2): mulx( (up), %r10, %r8) ++L(f2): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 8(up), up + lea 8(rp), rp + mulx( (up), %r9, %rax) +@@ -200,7 +207,8 @@ L(b3): adox( 48,(rp), %r9) + mulx( (up), %r9, %rax) + jmp L(top) + +-L(f7): mulx( (up), %r9, %rax) ++L(f7): X86_ENDBR ++ mulx( (up), %r9, %rax) + lea -16(up), up + lea -16(rp), rp + jmp L(b7) +diff --git a/mpn/x86_64/coreibwl/mul_1.asm b/mpn/x86_64/coreibwl/mul_1.asm +index b7fae2f..77121a5 100644 +--- a/mpn/x86_64/coreibwl/mul_1.asm ++++ b/mpn/x86_64/coreibwl/mul_1.asm +@@ -108,48 +108,56 @@ L(tab): JMPENT( L(f0), L(tab)) + JMPENT( L(f7), L(tab)) + TEXT + +-L(f0): mulx( (up), %r10, %r8) ++L(f0): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 56(up), up + lea -8(rp), rp + jmp L(b0) + +-L(f3): mulx( (up), %r9, %rax) ++L(f3): X86_ENDBR ++ mulx( (up), %r9, %rax) + lea 16(up), up + lea 16(rp), rp + inc n + jmp L(b3) + +-L(f4): mulx( (up), %r10, %r8) ++L(f4): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 24(up), up + lea 24(rp), rp + inc n + jmp L(b4) + +-L(f5): mulx( (up), %r9, %rax) ++L(f5): X86_ENDBR ++ mulx( (up), %r9, %rax) + lea 32(up), up + lea 32(rp), rp + inc n + jmp L(b5) + +-L(f6): mulx( (up), %r10, %r8) ++L(f6): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 40(up), up + lea 40(rp), rp + inc n + jmp L(b6) + +-L(f7): mulx( (up), %r9, %rax) ++L(f7): X86_ENDBR ++ mulx( (up), %r9, %rax) + lea 48(up), up + lea 48(rp), rp + inc n + jmp L(b7) + +-L(f1): mulx( (up), %r9, %rax) ++L(f1): X86_ENDBR ++ mulx( (up), %r9, %rax) + test n, n + jnz L(b1) + L(1): mov %r9, (rp) + ret + +-L(f2): mulx( (up), %r10, %r8) ++L(f2): X86_ENDBR ++ mulx( (up), %r10, %r8) + lea 8(up), up + lea 8(rp), rp + mulx( (up), %r9, %rax) +diff --git a/mpn/x86_64/coreibwl/mul_basecase.asm b/mpn/x86_64/coreibwl/mul_basecase.asm +index 42ca976..c5e60e7 100644 +--- a/mpn/x86_64/coreibwl/mul_basecase.asm ++++ b/mpn/x86_64/coreibwl/mul_basecase.asm +@@ -157,45 +157,53 @@ ifdef(`PIC', + jmp *(%r10,%rax,8) + ') + +-L(mf0): mulx( (up), w2, w3) ++L(mf0): X86_ENDBR ++ mulx( (up), w2, w3) + lea 56(up), up + lea -8(rp), rp + jmp L(mb0) + +-L(mf3): mulx( (up), w0, w1) ++L(mf3): X86_ENDBR ++ mulx( (up), w0, w1) + lea 16(up), up + lea 16(rp), rp + inc n + jmp L(mb3) + +-L(mf4): mulx( (up), w2, w3) ++L(mf4): X86_ENDBR ++ mulx( (up), w2, w3) + lea 24(up), up + lea 24(rp), rp + inc n + jmp L(mb4) + +-L(mf5): mulx( (up), w0, w1) ++L(mf5): X86_ENDBR ++ mulx( (up), w0, w1) + lea 32(up), up + lea 32(rp), rp + inc n + jmp L(mb5) + +-L(mf6): mulx( (up), w2, w3) ++L(mf6): X86_ENDBR ++ mulx( (up), w2, w3) + lea 40(up), up + lea 40(rp), rp + inc n + jmp L(mb6) + +-L(mf7): mulx( (up), w0, w1) ++L(mf7): X86_ENDBR ++ mulx( (up), w0, w1) + lea 48(up), up + lea 48(rp), rp + inc n + jmp L(mb7) + +-L(mf1): mulx( (up), w0, w1) ++L(mf1): X86_ENDBR ++ mulx( (up), w0, w1) + jmp L(mb1) + +-L(mf2): mulx( (up), w2, w3) ++L(mf2): X86_ENDBR ++ mulx( (up), w2, w3) + lea 8(up), up + lea 8(rp), rp + mulx( (up), w0, w1) +@@ -256,32 +264,39 @@ L(outer): + lea 8(vp), vp + jmp *jaddr + +-L(f0): mulx( 8,(up), w2, w3) ++L(f0): X86_ENDBR ++ mulx( 8,(up), w2, w3) + lea 8(rp,unneg,8), rp + lea -1(n), n + jmp L(b0) + +-L(f3): mulx( -16,(up), w0, w1) ++L(f3): X86_ENDBR ++ mulx( -16,(up), w0, w1) + lea -56(rp,unneg,8), rp + jmp L(b3) + +-L(f4): mulx( -24,(up), w2, w3) ++L(f4): X86_ENDBR ++ mulx( -24,(up), w2, w3) + lea -56(rp,unneg,8), rp + jmp L(b4) + +-L(f5): mulx( -32,(up), w0, w1) ++L(f5): X86_ENDBR ++ mulx( -32,(up), w0, w1) + lea -56(rp,unneg,8), rp + jmp L(b5) + +-L(f6): mulx( -40,(up), w2, w3) ++L(f6): X86_ENDBR ++ mulx( -40,(up), w2, w3) + lea -56(rp,unneg,8), rp + jmp L(b6) + +-L(f7): mulx( 16,(up), w0, w1) ++L(f7): X86_ENDBR ++ mulx( 16,(up), w0, w1) + lea 8(rp,unneg,8), rp + jmp L(b7) + +-L(f1): mulx( (up), w0, w1) ++L(f1): X86_ENDBR ++ mulx( (up), w0, w1) + lea 8(rp,unneg,8), rp + jmp L(b1) + +@@ -303,6 +318,7 @@ L(done): + ret + + L(f2): ++ X86_ENDBR + mulx( -8,(up), w2, w3) + lea 8(rp,unneg,8), rp + mulx( (up), w0, w1) +@@ -367,3 +383,4 @@ L(atab):JMPENT( L(f0), L(atab)) + JMPENT( L(f7), L(atab)) + TEXT + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreibwl/mullo_basecase.asm b/mpn/x86_64/coreibwl/mullo_basecase.asm +index 5cdb209..b3e435b 100644 +--- a/mpn/x86_64/coreibwl/mullo_basecase.asm ++++ b/mpn/x86_64/coreibwl/mullo_basecase.asm +@@ -393,3 +393,4 @@ L(mtab):JMPENT( L(mf7), L(mtab)) + JMPENT( L(mf4), L(mtab)) + JMPENT( L(mf5), L(mtab)) + JMPENT( L(mf6), L(mtab)) ++ASM_END() +diff --git a/mpn/x86_64/coreibwl/sqr_basecase.asm b/mpn/x86_64/coreibwl/sqr_basecase.asm +index e81b01b..cd523cf 100644 +--- a/mpn/x86_64/coreibwl/sqr_basecase.asm ++++ b/mpn/x86_64/coreibwl/sqr_basecase.asm +@@ -181,14 +181,16 @@ ifdef(`PIC', + jmp *(%r10,%rax,8) + ') + +-L(mf0): mulx( u0, w0, w1) C up[0]^2 ++L(mf0): X86_ENDBR ++ mulx( u0, w0, w1) C up[0]^2 + add u0, u0 + mulx( 8,(up), w2, w3) + lea 64(up), up + add w1, w2 + jmp L(mb0) + +-L(mf3): mulx( u0, w2, w3) C up[0]^2 ++L(mf3): X86_ENDBR ++ mulx( u0, w2, w3) C up[0]^2 + add u0, u0 + mov w2, (rp) + mulx( 8,(up), w0, w1) +@@ -197,7 +199,8 @@ L(mf3): mulx( u0, w2, w3) C up[0]^2 + add w3, w0 + jmp L(mb3) + +-L(mf4): mulx( u0, w0, w1) C up[0]^2 ++L(mf4): X86_ENDBR ++ mulx( u0, w0, w1) C up[0]^2 + add u0, u0 + mulx( 8,(up), w2, w3) + mov w0, (rp) +@@ -206,7 +209,8 @@ L(mf4): mulx( u0, w0, w1) C up[0]^2 + add w1, w2 + jmp L(mb4) + +-L(mf5): mulx( u0, w2, w3) C up[0]^2 ++L(mf5): X86_ENDBR ++ mulx( u0, w2, w3) C up[0]^2 + add u0, u0 + mulx( 8,(up), w0, w1) + mov w2, (rp) +@@ -215,7 +219,8 @@ L(mf5): mulx( u0, w2, w3) C up[0]^2 + add w3, w0 + jmp L(mb5) + +-L(mf6): mulx( u0, w0, w1) C up[0]^2 ++L(mf6): X86_ENDBR ++ mulx( u0, w0, w1) C up[0]^2 + add u0, u0 + mulx( 8,(up), w2, w3) + mov w0, (rp) +@@ -224,7 +229,8 @@ L(mf6): mulx( u0, w0, w1) C up[0]^2 + add w1, w2 + jmp L(mb6) + +-L(mf7): mulx( u0, w2, w3) C up[0]^2 ++L(mf7): X86_ENDBR ++ mulx( u0, w2, w3) C up[0]^2 + add u0, u0 + mulx( 8,(up), w0, w1) + mov w2, (rp) +@@ -233,7 +239,8 @@ L(mf7): mulx( u0, w2, w3) C up[0]^2 + add w3, w0 + jmp L(mb7) + +-L(mf1): mulx( u0, w2, w3) C up[0]^2 ++L(mf1): X86_ENDBR ++ mulx( u0, w2, w3) C up[0]^2 + add u0, u0 + mulx( 8,(up), w0, w1) + mov w2, (rp) +@@ -242,7 +249,8 @@ L(mf1): mulx( u0, w2, w3) C up[0]^2 + add w3, w0 + jmp L(mb1) + +-L(mf2): mulx( u0, w0, w1) C up[0]^2 ++L(mf2): X86_ENDBR ++ mulx( u0, w0, w1) C up[0]^2 + add u0, u0 + mulx( 8,(up), w2, w3) + mov w0, (rp) +@@ -300,7 +308,8 @@ ifdef(`PIC', + + L(ed0): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f7): mov w0, (rp) ++L(f7): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea -64(up,un_save,8), up +@@ -356,7 +365,8 @@ L(b0): mov w0, (rp) + + L(ed1): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f0): mov w0, (rp) ++L(f0): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea -64(up,un_save,8), up +@@ -415,7 +425,8 @@ L(b1): mulx( 8,(up), w2, w3) + + L(ed2): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f1): mov w0, (rp) ++L(f1): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea (up,un_save,8), up +@@ -477,7 +488,8 @@ L(b2): adox( 48,(rp), w0) + + L(ed3): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f2): mov w0, (rp) ++L(f2): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea (up,un_save,8), up +@@ -535,7 +547,8 @@ L(b3): mulx( -16,(up), w0, w1) + + L(ed4): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f3): mov w0, (rp) ++L(f3): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea (up,un_save,8), up +@@ -592,7 +605,8 @@ L(b4): mulx( -24,(up), w2, w3) + + L(ed5): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f4): mov w0, (rp) ++L(f4): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea (up,un_save,8), up +@@ -649,7 +663,8 @@ L(b5): mulx( -32,(up), w0, w1) + + L(ed6): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f5): mov w0, (rp) ++L(f5): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea (up,un_save,8), up +@@ -706,7 +721,8 @@ L(b6): adcx( w1, w2) + + L(ed7): adox( (rp), w0) + adox( %rcx, w1) C relies on rcx = 0 +-L(f6): mov w0, (rp) ++L(f6): X86_ENDBR ++ mov w0, (rp) + adc %rcx, w1 C relies on rcx = 0 + mov w1, 8(rp) + lea (up,un_save,8), up +@@ -837,3 +853,4 @@ L(atab):JMPENT( L(f6), L(atab)) + JMPENT( L(f5), L(atab)) + TEXT + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/addmul_2.asm b/mpn/x86_64/coreihwl/addmul_2.asm +index 9d1c405..322037e 100644 +--- a/mpn/x86_64/coreihwl/addmul_2.asm ++++ b/mpn/x86_64/coreihwl/addmul_2.asm +@@ -239,3 +239,4 @@ L(end): mulx( v0, %rax, w3) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/aors_n.asm b/mpn/x86_64/coreihwl/aors_n.asm +index fc99627..f9d89f7 100644 +--- a/mpn/x86_64/coreihwl/aors_n.asm ++++ b/mpn/x86_64/coreihwl/aors_n.asm +@@ -259,3 +259,4 @@ L(tab): JMPENT( L(0), L(tab)) + JMPENT( L(5), L(tab)) + JMPENT( L(6), L(tab)) + JMPENT( L(7), L(tab)) ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/aorsmul_1.asm b/mpn/x86_64/coreihwl/aorsmul_1.asm +index 3f43afa..d01c941 100644 +--- a/mpn/x86_64/coreihwl/aorsmul_1.asm ++++ b/mpn/x86_64/coreihwl/aorsmul_1.asm +@@ -199,3 +199,4 @@ L(ret): pop %r13 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/gcd_22.asm b/mpn/x86_64/coreihwl/gcd_22.asm +index b5863b6..e41731e 100644 +--- a/mpn/x86_64/coreihwl/gcd_22.asm ++++ b/mpn/x86_64/coreihwl/gcd_22.asm +@@ -136,3 +136,4 @@ L(end): mov v0, %rax + L(ret): FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/mul_2.asm b/mpn/x86_64/coreihwl/mul_2.asm +index f1f044f..f48e5d8 100644 +--- a/mpn/x86_64/coreihwl/mul_2.asm ++++ b/mpn/x86_64/coreihwl/mul_2.asm +@@ -174,3 +174,4 @@ L(end): mulx( v1, %rdx, %rax) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/mul_basecase.asm b/mpn/x86_64/coreihwl/mul_basecase.asm +index b2656c8..14826e8 100644 +--- a/mpn/x86_64/coreihwl/mul_basecase.asm ++++ b/mpn/x86_64/coreihwl/mul_basecase.asm +@@ -439,3 +439,4 @@ L(ret2):pop %rbp + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/mullo_basecase.asm b/mpn/x86_64/coreihwl/mullo_basecase.asm +index e65559b..b29352c 100644 +--- a/mpn/x86_64/coreihwl/mullo_basecase.asm ++++ b/mpn/x86_64/coreihwl/mullo_basecase.asm +@@ -420,3 +420,4 @@ L(n3): mov (vp), %r9 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/redc_1.asm b/mpn/x86_64/coreihwl/redc_1.asm +index b1d6c0a..3b09a73 100644 +--- a/mpn/x86_64/coreihwl/redc_1.asm ++++ b/mpn/x86_64/coreihwl/redc_1.asm +@@ -435,3 +435,4 @@ L(ret): pop %r15 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreihwl/sqr_basecase.asm b/mpn/x86_64/coreihwl/sqr_basecase.asm +index 641cdf3..b6ea890 100644 +--- a/mpn/x86_64/coreihwl/sqr_basecase.asm ++++ b/mpn/x86_64/coreihwl/sqr_basecase.asm +@@ -504,3 +504,4 @@ L(dend):adc %rbx, %rdx + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreinhm/aorrlsh_n.asm b/mpn/x86_64/coreinhm/aorrlsh_n.asm +index eed64e7..3f25eea 100644 +--- a/mpn/x86_64/coreinhm/aorrlsh_n.asm ++++ b/mpn/x86_64/coreinhm/aorrlsh_n.asm +@@ -198,3 +198,4 @@ IFDOS(` mov 64(%rsp), %r9 ') C cy + sbb R32(%rbx), R32(%rbx) C initialise CF save register + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreinhm/hamdist.asm b/mpn/x86_64/coreinhm/hamdist.asm +index a5a63e4..a84bcbc 100644 +--- a/mpn/x86_64/coreinhm/hamdist.asm ++++ b/mpn/x86_64/coreinhm/hamdist.asm +@@ -194,3 +194,4 @@ L(tab): JMPENT( L(0), L(tab)) + JMPENT( L(1), L(tab)) + JMPENT( L(2), L(tab)) + JMPENT( L(3), L(tab)) ++ASM_END() +diff --git a/mpn/x86_64/coreinhm/popcount.asm b/mpn/x86_64/coreinhm/popcount.asm +index 0a3c867..24c4ebc 100644 +--- a/mpn/x86_64/coreinhm/popcount.asm ++++ b/mpn/x86_64/coreinhm/popcount.asm +@@ -180,3 +180,4 @@ L(tab): JMPENT( L(0), L(tab)) + JMPENT( L(5), L(tab)) + JMPENT( L(6), L(tab)) + JMPENT( L(7), L(tab)) ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/addmul_2.asm b/mpn/x86_64/coreisbr/addmul_2.asm +index 21f0bf4..45c7b15 100644 +--- a/mpn/x86_64/coreisbr/addmul_2.asm ++++ b/mpn/x86_64/coreisbr/addmul_2.asm +@@ -222,3 +222,4 @@ L(end): mul v1 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/aorrlshC_n.asm b/mpn/x86_64/coreisbr/aorrlshC_n.asm +index 23ace41..6af7da8 100644 +--- a/mpn/x86_64/coreisbr/aorrlshC_n.asm ++++ b/mpn/x86_64/coreisbr/aorrlshC_n.asm +@@ -171,3 +171,4 @@ L(end): shr $RSH, %rbp + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/aorrlsh_n.asm b/mpn/x86_64/coreisbr/aorrlsh_n.asm +index db8ee68..56ca497 100644 +--- a/mpn/x86_64/coreisbr/aorrlsh_n.asm ++++ b/mpn/x86_64/coreisbr/aorrlsh_n.asm +@@ -213,3 +213,4 @@ IFDOS(` mov 64(%rsp), %r9 ') C cy + sbb R32(%rbx), R32(%rbx) C initialise CF save register + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/aors_n.asm b/mpn/x86_64/coreisbr/aors_n.asm +index 61fee3e..d466248 100644 +--- a/mpn/x86_64/coreisbr/aors_n.asm ++++ b/mpn/x86_64/coreisbr/aors_n.asm +@@ -201,3 +201,4 @@ PROLOGUE(func_nc) + IFDOS(` mov 56(%rsp), %r8 ') + jmp L(ent) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/cnd_add_n.asm b/mpn/x86_64/coreisbr/cnd_add_n.asm +index 43abcc8..3d72bf8 100644 +--- a/mpn/x86_64/coreisbr/cnd_add_n.asm ++++ b/mpn/x86_64/coreisbr/cnd_add_n.asm +@@ -172,3 +172,4 @@ L(end): neg R32(%rax) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/cnd_sub_n.asm b/mpn/x86_64/coreisbr/cnd_sub_n.asm +index f55492b..3371269 100644 +--- a/mpn/x86_64/coreisbr/cnd_sub_n.asm ++++ b/mpn/x86_64/coreisbr/cnd_sub_n.asm +@@ -198,3 +198,4 @@ L(end): neg R32(%rax) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/mul_1.asm b/mpn/x86_64/coreisbr/mul_1.asm +index a43a117..1f17293 100644 +--- a/mpn/x86_64/coreisbr/mul_1.asm ++++ b/mpn/x86_64/coreisbr/mul_1.asm +@@ -197,3 +197,4 @@ L(00c): add cin, %r10 + mov 8(up,n,8), %rax + jmp L(L0c) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/mul_2.asm b/mpn/x86_64/coreisbr/mul_2.asm +index 781534d..10f1769 100644 +--- a/mpn/x86_64/coreisbr/mul_2.asm ++++ b/mpn/x86_64/coreisbr/mul_2.asm +@@ -165,3 +165,4 @@ L(end): mul v0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/mul_basecase.asm b/mpn/x86_64/coreisbr/mul_basecase.asm +index 35fd1cc..d5c7e5b 100644 +--- a/mpn/x86_64/coreisbr/mul_basecase.asm ++++ b/mpn/x86_64/coreisbr/mul_basecase.asm +@@ -405,3 +405,4 @@ L(ret2):pop %rbp + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/mullo_basecase.asm b/mpn/x86_64/coreisbr/mullo_basecase.asm +index a41a8ac..acf7776 100644 +--- a/mpn/x86_64/coreisbr/mullo_basecase.asm ++++ b/mpn/x86_64/coreisbr/mullo_basecase.asm +@@ -382,3 +382,4 @@ L(n3): mov (vp_param), %r9 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/rsh1aors_n.asm b/mpn/x86_64/coreisbr/rsh1aors_n.asm +index fd2eaea..eefad99 100644 +--- a/mpn/x86_64/coreisbr/rsh1aors_n.asm ++++ b/mpn/x86_64/coreisbr/rsh1aors_n.asm +@@ -191,3 +191,4 @@ L(end): shrd $1, %rbx, %rbp + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/coreisbr/sqr_basecase.asm b/mpn/x86_64/coreisbr/sqr_basecase.asm +index 46a3612..1600e25 100644 +--- a/mpn/x86_64/coreisbr/sqr_basecase.asm ++++ b/mpn/x86_64/coreisbr/sqr_basecase.asm +@@ -482,3 +482,4 @@ L(dend):add %r8, %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/div_qr_1n_pi1.asm b/mpn/x86_64/div_qr_1n_pi1.asm +index b3d45e2..9fd2633 100644 +--- a/mpn/x86_64/div_qr_1n_pi1.asm ++++ b/mpn/x86_64/div_qr_1n_pi1.asm +@@ -245,3 +245,4 @@ L(q_incr_loop): + lea 8(U1), U1 + jmp L(q_incr_loop) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/div_qr_2n_pi1.asm b/mpn/x86_64/div_qr_2n_pi1.asm +index 5e59a0a..c189c33 100644 +--- a/mpn/x86_64/div_qr_2n_pi1.asm ++++ b/mpn/x86_64/div_qr_2n_pi1.asm +@@ -156,3 +156,4 @@ L(fix): C Unlikely update. u2 >= d1 + sbb d1, u2 + jmp L(bck) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/div_qr_2u_pi1.asm b/mpn/x86_64/div_qr_2u_pi1.asm +index 85af96f..f2ac526 100644 +--- a/mpn/x86_64/div_qr_2u_pi1.asm ++++ b/mpn/x86_64/div_qr_2u_pi1.asm +@@ -198,3 +198,4 @@ L(fix_qh): C Unlikely update. u2 >= d1 + sbb d1, u2 + jmp L(bck_qh) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/dive_1.asm b/mpn/x86_64/dive_1.asm +index 988bdab..1929091 100644 +--- a/mpn/x86_64/dive_1.asm ++++ b/mpn/x86_64/dive_1.asm +@@ -156,3 +156,4 @@ L(one): shr R8(%rcx), %rax + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/divrem_1.asm b/mpn/x86_64/divrem_1.asm +index d4d61ad..edfd893 100644 +--- a/mpn/x86_64/divrem_1.asm ++++ b/mpn/x86_64/divrem_1.asm +@@ -312,3 +312,4 @@ L(ret): pop %rbx + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/divrem_2.asm b/mpn/x86_64/divrem_2.asm +index 20811cc..e10f328 100644 +--- a/mpn/x86_64/divrem_2.asm ++++ b/mpn/x86_64/divrem_2.asm +@@ -190,3 +190,4 @@ L(fix): seta %dl + sbb %r11, %rbx + jmp L(bck) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastavx/copyd.asm b/mpn/x86_64/fastavx/copyd.asm +index 56d472f..a69a624 100644 +--- a/mpn/x86_64/fastavx/copyd.asm ++++ b/mpn/x86_64/fastavx/copyd.asm +@@ -170,3 +170,4 @@ L(bc): test $4, R8(n) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastavx/copyi.asm b/mpn/x86_64/fastavx/copyi.asm +index 7607747..f50aa47 100644 +--- a/mpn/x86_64/fastavx/copyi.asm ++++ b/mpn/x86_64/fastavx/copyi.asm +@@ -167,3 +167,4 @@ L(bc): test $4, R8(n) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/com-palignr.asm b/mpn/x86_64/fastsse/com-palignr.asm +index 69027bc..50cd40f 100644 +--- a/mpn/x86_64/fastsse/com-palignr.asm ++++ b/mpn/x86_64/fastsse/com-palignr.asm +@@ -309,3 +309,4 @@ L(end): test $1, R8(n) + 1: FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/com.asm b/mpn/x86_64/fastsse/com.asm +index c867222..aec7d25 100644 +--- a/mpn/x86_64/fastsse/com.asm ++++ b/mpn/x86_64/fastsse/com.asm +@@ -173,3 +173,4 @@ IFDOS(` add $56, %rsp ') + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/copyd-palignr.asm b/mpn/x86_64/fastsse/copyd-palignr.asm +index fac6f8a..fa1e4a4 100644 +--- a/mpn/x86_64/fastsse/copyd-palignr.asm ++++ b/mpn/x86_64/fastsse/copyd-palignr.asm +@@ -252,3 +252,4 @@ L(end): test $1, R8(n) + 1: FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/copyd.asm b/mpn/x86_64/fastsse/copyd.asm +index b3c4706..ce820c5 100644 +--- a/mpn/x86_64/fastsse/copyd.asm ++++ b/mpn/x86_64/fastsse/copyd.asm +@@ -164,3 +164,4 @@ L(sma): test $8, R8(n) + L(don): FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/copyi-palignr.asm b/mpn/x86_64/fastsse/copyi-palignr.asm +index 9876a47..fb4655f 100644 +--- a/mpn/x86_64/fastsse/copyi-palignr.asm ++++ b/mpn/x86_64/fastsse/copyi-palignr.asm +@@ -298,3 +298,4 @@ L(end): test $1, R8(n) + 1: FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/copyi.asm b/mpn/x86_64/fastsse/copyi.asm +index 97f7865..826caad 100644 +--- a/mpn/x86_64/fastsse/copyi.asm ++++ b/mpn/x86_64/fastsse/copyi.asm +@@ -183,3 +183,4 @@ dnl jnc 1b + L(ret): FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/lshift-movdqu2.asm b/mpn/x86_64/fastsse/lshift-movdqu2.asm +index a05e850..217f2cd 100644 +--- a/mpn/x86_64/fastsse/lshift-movdqu2.asm ++++ b/mpn/x86_64/fastsse/lshift-movdqu2.asm +@@ -180,3 +180,4 @@ L(end8):movq (ap), %xmm0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/lshift.asm b/mpn/x86_64/fastsse/lshift.asm +index 6a17b93..79a5554 100644 +--- a/mpn/x86_64/fastsse/lshift.asm ++++ b/mpn/x86_64/fastsse/lshift.asm +@@ -171,3 +171,4 @@ L(end8):movq (ap), %xmm0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/lshiftc-movdqu2.asm b/mpn/x86_64/fastsse/lshiftc-movdqu2.asm +index 8250910..9f14435 100644 +--- a/mpn/x86_64/fastsse/lshiftc-movdqu2.asm ++++ b/mpn/x86_64/fastsse/lshiftc-movdqu2.asm +@@ -191,3 +191,4 @@ L(end8):movq (ap), %xmm0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/lshiftc.asm b/mpn/x86_64/fastsse/lshiftc.asm +index a616075..a6630cb 100644 +--- a/mpn/x86_64/fastsse/lshiftc.asm ++++ b/mpn/x86_64/fastsse/lshiftc.asm +@@ -181,3 +181,4 @@ L(end8):movq (ap), %xmm0 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/rshift-movdqu2.asm b/mpn/x86_64/fastsse/rshift-movdqu2.asm +index 1e270b1..15bcc02 100644 +--- a/mpn/x86_64/fastsse/rshift-movdqu2.asm ++++ b/mpn/x86_64/fastsse/rshift-movdqu2.asm +@@ -199,3 +199,4 @@ L(bc): dec R32(n) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fastsse/sec_tabselect.asm b/mpn/x86_64/fastsse/sec_tabselect.asm +index e7b7feb..f3b76eb 100644 +--- a/mpn/x86_64/fastsse/sec_tabselect.asm ++++ b/mpn/x86_64/fastsse/sec_tabselect.asm +@@ -202,3 +202,4 @@ IFDOS(` add $88, %rsp ') + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/fat/fat_entry.asm b/mpn/x86_64/fat/fat_entry.asm +index 5f244ac..2322be8 100644 +--- a/mpn/x86_64/fat/fat_entry.asm ++++ b/mpn/x86_64/fat/fat_entry.asm +@@ -207,3 +207,4 @@ PROLOGUE(__gmpn_cpuid) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/gcd_11.asm b/mpn/x86_64/gcd_11.asm +index f9b3bcc..1e5ac68 100644 +--- a/mpn/x86_64/gcd_11.asm ++++ b/mpn/x86_64/gcd_11.asm +@@ -112,3 +112,4 @@ L(shift_alot): + mov u0, %rdx + jmp L(mid) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/gcd_22.asm b/mpn/x86_64/gcd_22.asm +index 78f985f..c3b0b89 100644 +--- a/mpn/x86_64/gcd_22.asm ++++ b/mpn/x86_64/gcd_22.asm +@@ -161,3 +161,4 @@ L(end): C mov v0, %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k10/gcd_22.asm b/mpn/x86_64/k10/gcd_22.asm +index f58b4cc..c7fe668 100644 +--- a/mpn/x86_64/k10/gcd_22.asm ++++ b/mpn/x86_64/k10/gcd_22.asm +@@ -140,3 +140,4 @@ L(end): C mov v0, %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k10/hamdist.asm b/mpn/x86_64/k10/hamdist.asm +index f70494a..d885e2d 100644 +--- a/mpn/x86_64/k10/hamdist.asm ++++ b/mpn/x86_64/k10/hamdist.asm +@@ -107,3 +107,4 @@ L(top): mov (ap,n,8), %r8 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k10/popcount.asm b/mpn/x86_64/k10/popcount.asm +index 3814aea..45bcba5 100644 +--- a/mpn/x86_64/k10/popcount.asm ++++ b/mpn/x86_64/k10/popcount.asm +@@ -79,7 +79,7 @@ C neg R32(%rcx) + + lea L(top)(%rip), %rdx + lea (%rdx,%rcx,2), %rdx +- jmp *%rdx ++ X86_NOTRACK jmp *%rdx + ',` + lea (up,n,8), up + +@@ -101,7 +101,7 @@ C lea (%rcx,%rcx,4), %rcx C 10x + + lea L(top)(%rip), %rdx + add %rcx, %rdx +- jmp *%rdx ++ X86_NOTRACK jmp *%rdx + ') + + ALIGN(32) +@@ -136,3 +136,4 @@ C 1 = n mod 8 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/addmul_2.asm b/mpn/x86_64/k8/addmul_2.asm +index 78bcba1..38caa4d 100644 +--- a/mpn/x86_64/k8/addmul_2.asm ++++ b/mpn/x86_64/k8/addmul_2.asm +@@ -193,3 +193,4 @@ L(end): xor R32(w1), R32(w1) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/aorrlsh_n.asm b/mpn/x86_64/k8/aorrlsh_n.asm +index ff3a184..3ab7050 100644 +--- a/mpn/x86_64/k8/aorrlsh_n.asm ++++ b/mpn/x86_64/k8/aorrlsh_n.asm +@@ -215,3 +215,4 @@ L(cj1): mov %r9, 8(rp,n,8) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/bdiv_q_1.asm b/mpn/x86_64/k8/bdiv_q_1.asm +index 1172b0d..606d54f 100644 +--- a/mpn/x86_64/k8/bdiv_q_1.asm ++++ b/mpn/x86_64/k8/bdiv_q_1.asm +@@ -177,3 +177,4 @@ L(one): shr R8(%rcx), %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/div_qr_1n_pi1.asm b/mpn/x86_64/k8/div_qr_1n_pi1.asm +index 86de08c..e91b809 100644 +--- a/mpn/x86_64/k8/div_qr_1n_pi1.asm ++++ b/mpn/x86_64/k8/div_qr_1n_pi1.asm +@@ -247,3 +247,4 @@ L(q_incr_loop): + lea 8(U1), U1 + jmp L(q_incr_loop) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/mul_basecase.asm b/mpn/x86_64/k8/mul_basecase.asm +index ca2efb9..9126c2b 100644 +--- a/mpn/x86_64/k8/mul_basecase.asm ++++ b/mpn/x86_64/k8/mul_basecase.asm +@@ -335,8 +335,10 @@ C addmul_2 for remaining vp's + C adjusted value of n that is reloaded on each iteration + + L(addmul_outer_0): ++ X86_ENDBR + add $3, un + lea 0(%rip), outer_addr ++ X86_ENDBR + + mov un, n + mov -24(up,un,8), %rax +@@ -348,6 +350,7 @@ L(addmul_outer_0): + jmp L(addmul_entry_0) + + L(addmul_outer_1): ++ X86_ENDBR + mov un, n + mov (up,un,8), %rax + mul v0 +@@ -358,8 +361,10 @@ L(addmul_outer_1): + jmp L(addmul_entry_1) + + L(addmul_outer_2): ++ X86_ENDBR + add $1, un + lea 0(%rip), outer_addr ++ X86_ENDBR + + mov un, n + mov -8(up,un,8), %rax +@@ -372,8 +377,10 @@ L(addmul_outer_2): + jmp L(addmul_entry_2) + + L(addmul_outer_3): ++ X86_ENDBR + add $2, un + lea 0(%rip), outer_addr ++ X86_ENDBR + + mov un, n + mov -16(up,un,8), %rax +@@ -467,3 +474,4 @@ L(ret): pop %r15 + ret + + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/mullo_basecase.asm b/mpn/x86_64/k8/mullo_basecase.asm +index fa00f42..4a931a5 100644 +--- a/mpn/x86_64/k8/mullo_basecase.asm ++++ b/mpn/x86_64/k8/mullo_basecase.asm +@@ -99,12 +99,14 @@ dnl JMPENT( L(2m4), L(tab)) C 10 + dnl JMPENT( L(3m4), L(tab)) C 11 + TEXT + +-L(1): imul %r8, %rax ++L(1): X86_ENDBR ++ imul %r8, %rax + mov %rax, (rp) + FUNC_EXIT() + ret + +-L(2): mov 8(vp_param), %r11 ++L(2): X86_ENDBR ++ mov 8(vp_param), %r11 + imul %rax, %r11 C u0 x v1 + mul %r8 C u0 x v0 + mov %rax, (rp) +@@ -115,7 +117,8 @@ L(2): mov 8(vp_param), %r11 + FUNC_EXIT() + ret + +-L(3): mov 8(vp_param), %r9 C v1 ++L(3): X86_ENDBR ++ mov 8(vp_param), %r9 C v1 + mov 16(vp_param), %r11 + mul %r8 C u0 x v0 -> + mov %rax, (rp) C r0 +@@ -335,6 +338,7 @@ L(mul_2_entry_1): + + + L(addmul_outer_1): ++ X86_ENDBR + lea -2(n), j + mov -16(up,n,8), %rax + mul v0 +@@ -346,6 +350,7 @@ L(addmul_outer_1): + jmp L(addmul_entry_1) + + L(addmul_outer_3): ++ X86_ENDBR + lea 0(n), j + mov -16(up,n,8), %rax + xor R32(w3), R32(w3) +@@ -434,3 +439,4 @@ L(ret): pop %r15 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/mulmid_basecase.asm b/mpn/x86_64/k8/mulmid_basecase.asm +index 86f1414..7d5f158 100644 +--- a/mpn/x86_64/k8/mulmid_basecase.asm ++++ b/mpn/x86_64/k8/mulmid_basecase.asm +@@ -329,6 +329,7 @@ C addmul_2 for remaining vp's + + ALIGN(16) + L(addmul_prologue_0): ++ X86_ENDBR + mov -8(up,n,8), %rax + mul v1 + mov %rax, w1 +@@ -338,6 +339,7 @@ L(addmul_prologue_0): + + ALIGN(16) + L(addmul_prologue_1): ++ X86_ENDBR + mov 16(up,n,8), %rax + mul v1 + mov %rax, w0 +@@ -348,6 +350,7 @@ L(addmul_prologue_1): + + ALIGN(16) + L(addmul_prologue_2): ++ X86_ENDBR + mov 8(up,n,8), %rax + mul v1 + mov %rax, w3 +@@ -357,6 +360,7 @@ L(addmul_prologue_2): + + ALIGN(16) + L(addmul_prologue_3): ++ X86_ENDBR + mov (up,n,8), %rax + mul v1 + mov %rax, w2 +@@ -471,6 +475,7 @@ L(diag_prologue_0): + mov vp, vp_inner + mov vn, n + lea 0(%rip), outer_addr ++ X86_ENDBR + mov -8(up,n,8), %rax + jmp L(diag_entry_0) + +@@ -480,6 +485,7 @@ L(diag_prologue_1): + add $3, vn + mov vn, n + lea 0(%rip), outer_addr ++ X86_ENDBR + mov -8(vp_inner), %rax + jmp L(diag_entry_1) + +@@ -489,6 +495,7 @@ L(diag_prologue_2): + add $2, vn + mov vn, n + lea 0(%rip), outer_addr ++ X86_ENDBR + mov 16(vp_inner), %rax + jmp L(diag_entry_2) + +@@ -507,6 +514,7 @@ L(diag_entry_0): + adc %rdx, w1 + adc $0, w2 + L(diag_entry_3): ++ X86_ENDBR + mov -16(up,n,8), %rax + mulq 8(vp_inner) + add %rax, w0 +@@ -557,3 +565,4 @@ L(ret): pop %r15 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/redc_1.asm b/mpn/x86_64/k8/redc_1.asm +index 9327b21..3e241af 100644 +--- a/mpn/x86_64/k8/redc_1.asm ++++ b/mpn/x86_64/k8/redc_1.asm +@@ -125,7 +125,8 @@ L(tab): JMPENT( L(0), L(tab)) + TEXT + + ALIGN(16) +-L(1): mov (mp_param), %rax ++L(1): X86_ENDBR ++ mov (mp_param), %rax + mul q0 + add 8(up), %rax + adc 16(up), %rdx +@@ -136,7 +137,8 @@ L(1): mov (mp_param), %rax + + + ALIGN(16) +-L(2): mov (mp_param), %rax ++L(2): X86_ENDBR ++ mov (mp_param), %rax + mul q0 + xor R32(%r14), R32(%r14) + mov %rax, %r10 +@@ -171,7 +173,8 @@ L(2): mov (mp_param), %rax + jmp L(ret) + + +-L(3): mov (mp_param), %rax ++L(3): X86_ENDBR ++ mov (mp_param), %rax + mul q0 + mov %rax, %rbx + mov %rdx, %r10 +@@ -248,7 +251,7 @@ L(3): mov (mp_param), %rax + + + ALIGN(16) +-L(2m4): ++L(2m4): X86_ENDBR + L(lo2): mov (mp,nneg,8), %rax + mul q0 + xor R32(%r14), R32(%r14) +@@ -324,7 +327,7 @@ L(le2): add %r10, (up) + + + ALIGN(16) +-L(1m4): ++L(1m4): X86_ENDBR + L(lo1): mov (mp,nneg,8), %rax + xor %r9, %r9 + xor R32(%rbx), R32(%rbx) +@@ -398,7 +401,7 @@ L(le1): add %r10, (up) + + ALIGN(16) + L(0): +-L(0m4): ++L(0m4): X86_ENDBR + L(lo0): mov (mp,nneg,8), %rax + mov nneg, i + mul q0 +@@ -463,7 +466,7 @@ L(le0): add %r10, (up) + + + ALIGN(16) +-L(3m4): ++L(3m4): X86_ENDBR + L(lo3): mov (mp,nneg,8), %rax + mul q0 + mov %rax, %rbx +@@ -589,3 +592,4 @@ L(ret): pop %r15 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/k8/sqr_basecase.asm b/mpn/x86_64/k8/sqr_basecase.asm +index 60cf945..37858b4 100644 +--- a/mpn/x86_64/k8/sqr_basecase.asm ++++ b/mpn/x86_64/k8/sqr_basecase.asm +@@ -131,7 +131,8 @@ L(tab): JMPENT( L(4), L(tab)) + JMPENT( L(3m4), L(tab)) + TEXT + +-L(1): mov (up), %rax ++L(1): X86_ENDBR ++ mov (up), %rax + mul %rax + add $40, %rsp + mov %rax, (rp) +@@ -139,7 +140,8 @@ L(1): mov (up), %rax + FUNC_EXIT() + ret + +-L(2): mov (up), %rax ++L(2): X86_ENDBR ++ mov (up), %rax + mov %rax, %r8 + mul %rax + mov 8(up), %r11 +@@ -165,7 +167,8 @@ L(2): mov (up), %rax + FUNC_EXIT() + ret + +-L(3): mov (up), %rax ++L(3): X86_ENDBR ++ mov (up), %rax + mov %rax, %r10 + mul %rax + mov 8(up), %r11 +@@ -210,7 +213,8 @@ L(3): mov (up), %rax + FUNC_EXIT() + ret + +-L(4): mov (up), %rax ++L(4): X86_ENDBR ++ mov (up), %rax + mov %rax, %r11 + mul %rax + mov 8(up), %rbx +@@ -282,6 +286,7 @@ L(4): mov (up), %rax + + + L(0m4): ++ X86_ENDBR + lea -16(rp,n,8), tp C point tp in middle of result operand + mov (up), v0 + mov 8(up), %rax +@@ -340,6 +345,7 @@ L(L3): xor R32(w1), R32(w1) + + + L(1m4): ++ X86_ENDBR + lea 8(rp,n,8), tp C point tp in middle of result operand + mov (up), v0 C u0 + mov 8(up), %rax C u1 +@@ -418,6 +424,7 @@ L(m2x): mov (up,j,8), %rax + + + L(2m4): ++ X86_ENDBR + lea -16(rp,n,8), tp C point tp in middle of result operand + mov (up), v0 + mov 8(up), %rax +@@ -474,7 +481,7 @@ L(L1): xor R32(w0), R32(w0) + jmp L(dowhile_mid) + + +-L(3m4): ++L(3m4): X86_ENDBR + lea 8(rp,n,8), tp C point tp in middle of result operand + mov (up), v0 C u0 + mov 8(up), %rax C u1 +@@ -805,3 +812,4 @@ L(d1): mov %r11, 24(rp,j,8) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/logops_n.asm b/mpn/x86_64/logops_n.asm +index e25854d..b3969ba 100644 +--- a/mpn/x86_64/logops_n.asm ++++ b/mpn/x86_64/logops_n.asm +@@ -258,3 +258,4 @@ L(ret): FUNC_EXIT() + ret + EPILOGUE() + ') ++ASM_END() +diff --git a/mpn/x86_64/lshift.asm b/mpn/x86_64/lshift.asm +index fff3152..4187bdc 100644 +--- a/mpn/x86_64/lshift.asm ++++ b/mpn/x86_64/lshift.asm +@@ -170,3 +170,4 @@ L(ast): mov (up), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/lshiftc.asm b/mpn/x86_64/lshiftc.asm +index c4ba04a..f6fe4c9 100644 +--- a/mpn/x86_64/lshiftc.asm ++++ b/mpn/x86_64/lshiftc.asm +@@ -180,3 +180,4 @@ L(ast): mov (up), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/lshsub_n.asm b/mpn/x86_64/lshsub_n.asm +index 4d428c0..62877d7 100644 +--- a/mpn/x86_64/lshsub_n.asm ++++ b/mpn/x86_64/lshsub_n.asm +@@ -170,3 +170,4 @@ L(end): + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/missing.asm b/mpn/x86_64/missing.asm +index 9b65c89..22dac17 100644 +--- a/mpn/x86_64/missing.asm ++++ b/mpn/x86_64/missing.asm +@@ -128,3 +128,4 @@ PROLOGUE(__gmp_adcx) + ret + EPILOGUE() + PROTECT(__gmp_adcx) ++ASM_END() +diff --git a/mpn/x86_64/mod_1_2.asm b/mpn/x86_64/mod_1_2.asm +index 40fcaeb..fbaae3b 100644 +--- a/mpn/x86_64/mod_1_2.asm ++++ b/mpn/x86_64/mod_1_2.asm +@@ -239,3 +239,4 @@ ifdef(`SHLD_SLOW',` + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/mod_1_4.asm b/mpn/x86_64/mod_1_4.asm +index 6cf304c..8969e42 100644 +--- a/mpn/x86_64/mod_1_4.asm ++++ b/mpn/x86_64/mod_1_4.asm +@@ -270,3 +270,4 @@ ifdef(`SHLD_SLOW',` + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/mod_34lsub1.asm b/mpn/x86_64/mod_34lsub1.asm +index 75421a6..70282b6 100644 +--- a/mpn/x86_64/mod_34lsub1.asm ++++ b/mpn/x86_64/mod_34lsub1.asm +@@ -145,46 +145,55 @@ L(tab): JMPENT( L(0), L(tab)) + JMPENT( L(8), L(tab)) + TEXT + +-L(6): add (ap), %rax ++L(6): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + adc 16(ap), %rdx + adc $0, %r9 + add $24, ap +-L(3): add (ap), %rax ++L(3): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + adc 16(ap), %rdx + jmp L(cj1) + +-L(7): add (ap), %rax ++L(7): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + adc 16(ap), %rdx + adc $0, %r9 + add $24, ap +-L(4): add (ap), %rax ++L(4): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + adc 16(ap), %rdx + adc $0, %r9 + add $24, ap +-L(1): add (ap), %rax ++L(1): X86_ENDBR ++ add (ap), %rax + adc $0, %rcx + jmp L(cj2) + +-L(8): add (ap), %rax ++L(8): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + adc 16(ap), %rdx + adc $0, %r9 + add $24, ap +-L(5): add (ap), %rax ++L(5): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + adc 16(ap), %rdx + adc $0, %r9 + add $24, ap +-L(2): add (ap), %rax ++L(2): X86_ENDBR ++ add (ap), %rax + adc 8(ap), %rcx + + L(cj2): adc $0, %rdx + L(cj1): adc $0, %r9 +-L(0): add %r9, %rax ++L(0): X86_ENDBR ++ add %r9, %rax + adc $0, %rcx + adc $0, %rdx + adc $0, %rax +@@ -213,3 +222,4 @@ L(0): add %r9, %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/mode1o.asm b/mpn/x86_64/mode1o.asm +index 2cd2b08..3377435 100644 +--- a/mpn/x86_64/mode1o.asm ++++ b/mpn/x86_64/mode1o.asm +@@ -169,3 +169,4 @@ L(one): + + EPILOGUE(mpn_modexact_1c_odd) + EPILOGUE(mpn_modexact_1_odd) ++ASM_END() +diff --git a/mpn/x86_64/mul_1.asm b/mpn/x86_64/mul_1.asm +index e1ba89b..44764dd 100644 +--- a/mpn/x86_64/mul_1.asm ++++ b/mpn/x86_64/mul_1.asm +@@ -190,3 +190,4 @@ IFDOS(``pop %rdi '') + IFDOS(``pop %rsi '') + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/mul_2.asm b/mpn/x86_64/mul_2.asm +index d64313b..b6c6bf1 100644 +--- a/mpn/x86_64/mul_2.asm ++++ b/mpn/x86_64/mul_2.asm +@@ -202,3 +202,4 @@ L(m22): mul v1 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/nano/dive_1.asm b/mpn/x86_64/nano/dive_1.asm +index e9a0763..aead4d5 100644 +--- a/mpn/x86_64/nano/dive_1.asm ++++ b/mpn/x86_64/nano/dive_1.asm +@@ -164,3 +164,4 @@ L(one): shr R8(%rcx), %rax + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/pentium4/aors_n.asm b/mpn/x86_64/pentium4/aors_n.asm +index 8e6ee1b..3751e38 100644 +--- a/mpn/x86_64/pentium4/aors_n.asm ++++ b/mpn/x86_64/pentium4/aors_n.asm +@@ -194,3 +194,4 @@ L(ret): mov R32(%rbx), R32(%rax) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/pentium4/mod_34lsub1.asm b/mpn/x86_64/pentium4/mod_34lsub1.asm +index f34b3f0..bf83f62 100644 +--- a/mpn/x86_64/pentium4/mod_34lsub1.asm ++++ b/mpn/x86_64/pentium4/mod_34lsub1.asm +@@ -165,3 +165,4 @@ L(combine): + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/pentium4/rsh1aors_n.asm b/mpn/x86_64/pentium4/rsh1aors_n.asm +index 5528ce4..219a809 100644 +--- a/mpn/x86_64/pentium4/rsh1aors_n.asm ++++ b/mpn/x86_64/pentium4/rsh1aors_n.asm +@@ -332,3 +332,4 @@ L(cj1): or %r14, %rbx + L(c3): mov $1, R8(%rax) + jmp L(rc3) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/pentium4/rshift.asm b/mpn/x86_64/pentium4/rshift.asm +index b7c1ee2..848045f 100644 +--- a/mpn/x86_64/pentium4/rshift.asm ++++ b/mpn/x86_64/pentium4/rshift.asm +@@ -167,3 +167,4 @@ L(ast): movq (up), %mm2 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/popham.asm b/mpn/x86_64/popham.asm +index 3a29b2e..b7ceb17 100644 +--- a/mpn/x86_64/popham.asm ++++ b/mpn/x86_64/popham.asm +@@ -161,3 +161,4 @@ L(end): + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/rsh1aors_n.asm b/mpn/x86_64/rsh1aors_n.asm +index a3e9cc5..797e250 100644 +--- a/mpn/x86_64/rsh1aors_n.asm ++++ b/mpn/x86_64/rsh1aors_n.asm +@@ -187,3 +187,4 @@ L(end): mov %rbx, (rp) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/rshift.asm b/mpn/x86_64/rshift.asm +index 3f344f1..0fc5877 100644 +--- a/mpn/x86_64/rshift.asm ++++ b/mpn/x86_64/rshift.asm +@@ -174,3 +174,4 @@ L(ast): mov (up), %r10 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/sec_tabselect.asm b/mpn/x86_64/sec_tabselect.asm +index e8aed26..5dce3c1 100644 +--- a/mpn/x86_64/sec_tabselect.asm ++++ b/mpn/x86_64/sec_tabselect.asm +@@ -174,3 +174,4 @@ L(b00): pop %r15 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/sqr_diag_addlsh1.asm b/mpn/x86_64/sqr_diag_addlsh1.asm +index f486125..a1d8767 100644 +--- a/mpn/x86_64/sqr_diag_addlsh1.asm ++++ b/mpn/x86_64/sqr_diag_addlsh1.asm +@@ -114,3 +114,4 @@ L(end): add %r10, %r8 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/sublsh1_n.asm b/mpn/x86_64/sublsh1_n.asm +index c6d829f..c18f32a 100644 +--- a/mpn/x86_64/sublsh1_n.asm ++++ b/mpn/x86_64/sublsh1_n.asm +@@ -158,3 +158,4 @@ L(end): add R32(%rbp), R32(%rax) + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/x86_64-defs.m4 b/mpn/x86_64/x86_64-defs.m4 +index 4e08f2a..9fe328e 100644 +--- a/mpn/x86_64/x86_64-defs.m4 ++++ b/mpn/x86_64/x86_64-defs.m4 +@@ -95,6 +95,7 @@ m4_assert_numargs(1) + TYPE($1,`function') + COFF_TYPE($1) + $1: ++ X86_ENDBR + ') + + +@@ -167,6 +168,10 @@ ifdef(`PIC', + `lea $1(%rip), $2') + ') + ++dnl ASM_END ++ ++define(`ASM_END', `X86_GNU_PROPERTY') ++ + + define(`DEF_OBJECT', + m4_assert_numargs_range(2,3) +diff --git a/mpn/x86_64/zen/aorrlsh_n.asm b/mpn/x86_64/zen/aorrlsh_n.asm +index e049b2f..6e6783f 100644 +--- a/mpn/x86_64/zen/aorrlsh_n.asm ++++ b/mpn/x86_64/zen/aorrlsh_n.asm +@@ -102,26 +102,30 @@ ifdef(`PIC',` + jmp *(%r11,%rax,8) + ') + +-L(0): lea 32(up), up ++L(0): X86_ENDBR ++ lea 32(up), up + lea 32(vp), vp + lea 32(rp), rp + xor R32(%r11), R32(%r11) + jmp L(e0) + +-L(7): mov %r10, %r11 ++L(7): X86_ENDBRmov ++ %r10, %r11 + lea 24(up), up + lea 24(vp), vp + lea 24(rp), rp + xor R32(%r10), R32(%r10) + jmp L(e7) + +-L(6): lea 16(up), up ++L(6): X86_ENDBR ++ movlea 16(up), up + lea 16(vp), vp + lea 16(rp), rp + xor R32(%r11), R32(%r11) + jmp L(e6) + +-L(5): mov %r10, %r11 ++L(5): X86_ENDBRmov ++ mov %r10, %r11 + lea 8(up), up + lea 8(vp), vp + lea 8(rp), rp +@@ -191,23 +195,27 @@ L(e1): shlx( cnt, %r11, %rax) + lea (%r10,%rax), %rax + jmp L(top) + +-L(4): xor R32(%r11), R32(%r11) ++L(4): X86_ENDBRmov ++ xor R32(%r11), R32(%r11) + jmp L(e4) + +-L(3): mov %r10, %r11 ++L(3): X86_ENDBRmov ++ mov %r10, %r11 + lea -8(up), up + lea -8(vp), vp + lea -8(rp), rp + xor R32(%r10), R32(%r10) + jmp L(e3) + +-L(2): lea -16(up), up ++L(2): X86_ENDBRmov ++ lea -16(up), up + lea -16(vp), vp + lea -16(rp), rp + xor R32(%r11), R32(%r11) + jmp L(e2) + +-L(1): mov %r10, %r11 ++L(1): X86_ENDBRmov ++ mov %r10, %r11 + lea -24(up), up + lea 40(vp), vp + lea 40(rp), rp +@@ -224,3 +232,4 @@ L(tab): JMPENT( L(0), L(tab)) + JMPENT( L(5), L(tab)) + JMPENT( L(6), L(tab)) + JMPENT( L(7), L(tab)) ++ASM_END() +diff --git a/mpn/x86_64/zen/mul_basecase.asm b/mpn/x86_64/zen/mul_basecase.asm +index affa3b6..c70d548 100644 +--- a/mpn/x86_64/zen/mul_basecase.asm ++++ b/mpn/x86_64/zen/mul_basecase.asm +@@ -453,3 +453,4 @@ L(wd3): adc %r11, 8(rp) + jne L(3) + jmp L(end) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/zen/mullo_basecase.asm b/mpn/x86_64/zen/mullo_basecase.asm +index 2ae729a..c081698 100644 +--- a/mpn/x86_64/zen/mullo_basecase.asm ++++ b/mpn/x86_64/zen/mullo_basecase.asm +@@ -297,3 +297,4 @@ L(lo0): .byte 0xc4,0xe2,0xe3,0xf6,0x44,0xce,0x18 C mulx 24(up,n,8), %rbx, %rax + inc %r14 + jmp L(outer) + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/zen/sbpi1_bdiv_r.asm b/mpn/x86_64/zen/sbpi1_bdiv_r.asm +index f6e8f9c..277b3c3 100644 +--- a/mpn/x86_64/zen/sbpi1_bdiv_r.asm ++++ b/mpn/x86_64/zen/sbpi1_bdiv_r.asm +@@ -505,3 +505,4 @@ L(ret): mov %rbp, %rax + pop %r15 + ret + EPILOGUE() ++ASM_END() +diff --git a/mpn/x86_64/zen/sqr_basecase.asm b/mpn/x86_64/zen/sqr_basecase.asm +index a7c6127..d185deb 100644 +--- a/mpn/x86_64/zen/sqr_basecase.asm ++++ b/mpn/x86_64/zen/sqr_basecase.asm +@@ -480,3 +480,4 @@ C pop %r14 + FUNC_EXIT() + ret + EPILOGUE() ++ASM_END() +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.2.7-rpath.patch b/SOURCES/gnutls-3.2.7-rpath.patch new file mode 100644 index 0000000..4e6aed3 --- /dev/null +++ b/SOURCES/gnutls-3.2.7-rpath.patch @@ -0,0 +1,12 @@ +diff -ur gnutls-3.2.7.orig/configure gnutls-3.2.7/configure +--- gnutls-3.2.7.orig/configure 2013-11-23 11:09:49.000000000 +0100 ++++ gnutls-3.2.7/configure 2013-11-25 16:53:05.559440656 +0100 +@@ -39652,7 +39652,7 @@ + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + diff --git a/SOURCES/gnutls-3.6.7-no-now-guile.patch b/SOURCES/gnutls-3.6.7-no-now-guile.patch new file mode 100644 index 0000000..d14e8df --- /dev/null +++ b/SOURCES/gnutls-3.6.7-no-now-guile.patch @@ -0,0 +1,11 @@ +--- a/guile/src/Makefile.in 2019-03-27 11:51:55.984398001 +0100 ++++ b/guile/src/Makefile.in 2019-03-27 11:52:27.259626076 +0100 +@@ -1472,7 +1472,7 @@ + # Use '-module' to build a "dlopenable module", in Libtool terms. + # Use '-undefined' to placate Libtool on Windows; see + # . +-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined ++guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy + + # Linking against GnuTLS. + GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la diff --git a/SOURCES/gnutls-3.7.2-enable-intel-cet.patch b/SOURCES/gnutls-3.7.2-enable-intel-cet.patch new file mode 100644 index 0000000..b7e1063 --- /dev/null +++ b/SOURCES/gnutls-3.7.2-enable-intel-cet.patch @@ -0,0 +1,2565 @@ +From 71b1812bf9a785b66e3f17175580d3d20cea9c0c Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 12 Oct 2021 13:33:31 +0200 +Subject: [PATCH] x86: port Intel CET support + +Signed-off-by: Daiki Ueno +--- + lib/accelerated/x86/elf/aes-ssse3-x86.s | 30 ++++++++++++++ + lib/accelerated/x86/elf/aes-ssse3-x86_64.s | 26 +++++++++++++ + lib/accelerated/x86/elf/aesni-gcm-x86_64.s | 21 ++++++++++ + lib/accelerated/x86/elf/aesni-x86.s | 39 +++++++++++++++++++ + lib/accelerated/x86/elf/aesni-x86_64.s | 32 +++++++++++++++ + lib/accelerated/x86/elf/ghash-x86_64.s | 27 +++++++++++++ + lib/accelerated/x86/elf/sha1-ssse3-x86.s | 18 +++++++++ + lib/accelerated/x86/elf/sha1-ssse3-x86_64.s | 21 ++++++++++ + lib/accelerated/x86/elf/sha256-ssse3-x86.s | 18 +++++++++ + lib/accelerated/x86/elf/sha256-ssse3-x86_64.s | 21 ++++++++++ + lib/accelerated/x86/elf/sha512-ssse3-x86.s | 18 +++++++++ + lib/accelerated/x86/elf/sha512-ssse3-x86_64.s | 21 ++++++++++ + 12 files changed, 292 insertions(+) + +diff --git a/lib/accelerated/x86/elf/aes-ssse3-x86.s b/lib/accelerated/x86/elf/aes-ssse3-x86.s +index 265e28a7ef..7be53059f7 100644 +--- a/lib/accelerated/x86/elf/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/aes-ssse3-x86.s +@@ -71,6 +71,7 @@ + .type _vpaes_preheat,@function + .align 16 + _vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 +@@ -79,6 +80,7 @@ _vpaes_preheat: + .type _vpaes_encrypt_core,@function + .align 16 + _vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -156,6 +158,7 @@ _vpaes_encrypt_core: + .type _vpaes_decrypt_core,@function + .align 16 + _vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -244,6 +247,7 @@ _vpaes_decrypt_core: + .type _vpaes_schedule_core,@function + .align 16 + _vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -338,6 +342,7 @@ _vpaes_schedule_core: + .type _vpaes_schedule_192_smear,@function + .align 16 + _vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -350,6 +355,7 @@ _vpaes_schedule_192_smear: + .type _vpaes_schedule_round,@function + .align 16 + _vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -399,6 +405,7 @@ _vpaes_schedule_round: + .type _vpaes_schedule_transform,@function + .align 16 + _vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -414,6 +421,7 @@ _vpaes_schedule_transform: + .type _vpaes_schedule_mangle,@function + .align 16 + _vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -475,6 +483,7 @@ _vpaes_schedule_mangle: + .align 16 + vpaes_set_encrypt_key: + .L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -508,6 +517,7 @@ vpaes_set_encrypt_key: + .align 16 + vpaes_set_decrypt_key: + .L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -546,6 +556,7 @@ vpaes_set_decrypt_key: + .align 16 + vpaes_encrypt: + .L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -575,6 +586,7 @@ vpaes_encrypt: + .align 16 + vpaes_decrypt: + .L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -604,6 +616,7 @@ vpaes_decrypt: + .align 16 + vpaes_cbc_encrypt: + .L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -671,4 +684,21 @@ vpaes_cbc_encrypt: + ret + .size vpaes_cbc_encrypt,.-.L_vpaes_cbc_encrypt_begin + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aes-ssse3-x86_64.s b/lib/accelerated/x86/elf/aes-ssse3-x86_64.s +index ea1216baf7..5a3f336f26 100644 +--- a/lib/accelerated/x86/elf/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/aes-ssse3-x86_64.s +@@ -635,6 +635,7 @@ _vpaes_schedule_mangle: + .align 16 + vpaes_set_encrypt_key: + .cfi_startproc ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -653,6 +654,7 @@ vpaes_set_encrypt_key: + .align 16 + vpaes_set_decrypt_key: + .cfi_startproc ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -676,6 +678,7 @@ vpaes_set_decrypt_key: + .align 16 + vpaes_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_encrypt_core +@@ -689,6 +692,7 @@ vpaes_encrypt: + .align 16 + vpaes_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_decrypt_core +@@ -701,6 +705,7 @@ vpaes_decrypt: + .align 16 + vpaes_cbc_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc .Lcbc_abort +@@ -863,5 +868,26 @@ _vpaes_consts: + .byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 + .align 64 + .size _vpaes_consts,.-_vpaes_consts ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-gcm-x86_64.s b/lib/accelerated/x86/elf/aesni-gcm-x86_64.s +index 461dd026b9..ea5398bc2c 100644 +--- a/lib/accelerated/x86/elf/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/elf/aesni-gcm-x86_64.s +@@ -826,5 +826,26 @@ aesni_gcm_encrypt: + .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + .byte 65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-x86.s b/lib/accelerated/x86/elf/aesni-x86.s +index 6e4860209f..f41d5f9ef3 100644 +--- a/lib/accelerated/x86/elf/aesni-x86.s ++++ b/lib/accelerated/x86/elf/aesni-x86.s +@@ -43,6 +43,7 @@ + .align 16 + aesni_encrypt: + .L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -70,6 +71,7 @@ aesni_encrypt: + .align 16 + aesni_decrypt: + .L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -95,6 +97,7 @@ aesni_decrypt: + .type _aesni_encrypt2,@function + .align 16 + _aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -122,6 +125,7 @@ _aesni_encrypt2: + .type _aesni_decrypt2,@function + .align 16 + _aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -149,6 +153,7 @@ _aesni_decrypt2: + .type _aesni_encrypt3,@function + .align 16 + _aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -181,6 +186,7 @@ _aesni_encrypt3: + .type _aesni_decrypt3,@function + .align 16 + _aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -213,6 +219,7 @@ _aesni_decrypt3: + .type _aesni_encrypt4,@function + .align 16 + _aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -251,6 +258,7 @@ _aesni_encrypt4: + .type _aesni_decrypt4,@function + .align 16 + _aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -289,6 +297,7 @@ _aesni_decrypt4: + .type _aesni_encrypt6,@function + .align 16 + _aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -343,6 +352,7 @@ _aesni_encrypt6: + .type _aesni_decrypt6,@function + .align 16 + _aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -399,6 +409,7 @@ _aesni_decrypt6: + .align 16 + aesni_ecb_encrypt: + .L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -634,6 +645,7 @@ aesni_ecb_encrypt: + .align 16 + aesni_ccm64_encrypt_blocks: + .L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -722,6 +734,7 @@ aesni_ccm64_encrypt_blocks: + .align 16 + aesni_ccm64_decrypt_blocks: + .L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -845,6 +858,7 @@ aesni_ccm64_decrypt_blocks: + .align 16 + aesni_ctr32_encrypt_blocks: + .L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1083,6 +1097,7 @@ aesni_ctr32_encrypt_blocks: + .align 16 + aesni_xts_encrypt: + .L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1443,6 +1458,7 @@ aesni_xts_encrypt: + .align 16 + aesni_xts_decrypt: + .L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1833,6 +1849,7 @@ aesni_xts_decrypt: + .align 16 + aesni_ocb_encrypt: + .L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2228,6 +2245,7 @@ aesni_ocb_encrypt: + .align 16 + aesni_ocb_decrypt: + .L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2623,6 +2641,7 @@ aesni_ocb_decrypt: + .align 16 + aesni_cbc_encrypt: + .L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2882,6 +2901,7 @@ aesni_cbc_encrypt: + .type _aesni_set_encrypt_key,@function + .align 16 + _aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3217,6 +3237,7 @@ _aesni_set_encrypt_key: + .align 16 + aesni_set_encrypt_key: + .L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3228,6 +3249,7 @@ aesni_set_encrypt_key: + .align 16 + aesni_set_decrypt_key: + .L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3275,4 +3297,21 @@ aesni_set_decrypt_key: + .byte 115,108,46,111,114,103,62,0 + .comm _gnutls_x86_cpuid_s,16,4 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-x86_64.s b/lib/accelerated/x86/elf/aesni-x86_64.s +index acc7c2c555..e3f9d5a995 100644 +--- a/lib/accelerated/x86/elf/aesni-x86_64.s ++++ b/lib/accelerated/x86/elf/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .align 16 + aesni_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -70,6 +71,7 @@ aesni_encrypt: + .align 16 + aesni_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -557,6 +559,7 @@ _aesni_decrypt8: + .align 16 + aesni_ecb_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + andq $-16,%rdx + jz .Lecb_ret + +@@ -901,6 +904,7 @@ aesni_ecb_encrypt: + .align 16 + aesni_ccm64_encrypt_blocks: + .cfi_startproc ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movdqu (%r8),%xmm6 + movdqa .Lincrement64(%rip),%xmm9 +@@ -966,6 +970,7 @@ aesni_ccm64_encrypt_blocks: + .align 16 + aesni_ccm64_decrypt_blocks: + .cfi_startproc ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movups (%r8),%xmm6 + movdqu (%r9),%xmm3 +@@ -1065,6 +1070,7 @@ aesni_ccm64_decrypt_blocks: + .align 16 + aesni_ctr32_encrypt_blocks: + .cfi_startproc ++.byte 243,15,30,250 + cmpq $1,%rdx + jne .Lctr32_bulk + +@@ -1643,6 +1649,7 @@ aesni_ctr32_encrypt_blocks: + .align 16 + aesni_xts_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%r11 + .cfi_def_cfa_register %r11 + pushq %rbp +@@ -2113,6 +2120,7 @@ aesni_xts_encrypt: + .align 16 + aesni_xts_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%r11 + .cfi_def_cfa_register %r11 + pushq %rbp +@@ -2620,6 +2628,7 @@ aesni_xts_decrypt: + .align 32 + aesni_ocb_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + .cfi_adjust_cfa_offset 8 +@@ -3047,6 +3056,7 @@ __ocb_encrypt1: + .align 32 + aesni_ocb_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + .cfi_adjust_cfa_offset 8 +@@ -3484,6 +3494,7 @@ __ocb_decrypt1: + .align 16 + aesni_cbc_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + testq %rdx,%rdx + jz .Lcbc_ret + +@@ -4511,5 +4522,26 @@ __aesni_set_encrypt_key: + + .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/ghash-x86_64.s b/lib/accelerated/x86/elf/ghash-x86_64.s +index 1e4d18b341..8da3f294c7 100644 +--- a/lib/accelerated/x86/elf/ghash-x86_64.s ++++ b/lib/accelerated/x86/elf/ghash-x86_64.s +@@ -45,6 +45,7 @@ + .align 16 + gcm_gmult_4bit: + .cfi_startproc ++.byte 243,15,30,250 + pushq %rbx + .cfi_adjust_cfa_offset 8 + .cfi_offset %rbx,-16 +@@ -156,6 +157,7 @@ gcm_gmult_4bit: + .align 16 + gcm_ghash_4bit: + .cfi_startproc ++.byte 243,15,30,250 + pushq %rbx + .cfi_adjust_cfa_offset 8 + .cfi_offset %rbx,-16 +@@ -903,6 +905,7 @@ gcm_init_clmul: + .align 16 + gcm_gmult_clmul: + .cfi_startproc ++.byte 243,15,30,250 + .L_gmult_clmul: + movdqu (%rdi),%xmm0 + movdqa .Lbswap_mask(%rip),%xmm5 +@@ -956,6 +959,7 @@ gcm_gmult_clmul: + .align 32 + gcm_ghash_clmul: + .cfi_startproc ++.byte 243,15,30,250 + .L_ghash_clmul: + movdqa .Lbswap_mask(%rip),%xmm10 + +@@ -1450,6 +1454,7 @@ gcm_init_avx: + .align 32 + gcm_gmult_avx: + .cfi_startproc ++.byte 243,15,30,250 + jmp .L_gmult_clmul + .cfi_endproc + .size gcm_gmult_avx,.-gcm_gmult_avx +@@ -1458,6 +1463,7 @@ gcm_gmult_avx: + .align 32 + gcm_ghash_avx: + .cfi_startproc ++.byte 243,15,30,250 + vzeroupper + + vmovdqu (%rdi),%xmm10 +@@ -1884,5 +1890,26 @@ gcm_ghash_avx: + + .byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha1-ssse3-x86.s b/lib/accelerated/x86/elf/sha1-ssse3-x86.s +index 8bfbcb6b39..57b6ba58f6 100644 +--- a/lib/accelerated/x86/elf/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha1-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha1_block_data_order: + .L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1417,4 +1418,21 @@ sha1_block_data_order: + .byte 89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112 + .byte 114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s +index d34f34497c..54095050c8 100644 +--- a/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s +@@ -5487,5 +5487,26 @@ K_XX_XX: + .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 + .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha256-ssse3-x86.s b/lib/accelerated/x86/elf/sha256-ssse3-x86.s +index 8d9aaa4a81..6d16b9140e 100644 +--- a/lib/accelerated/x86/elf/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha256-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha256_block_data_order: + .L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -3384,4 +3385,21 @@ sha256_block_data_order: + ret + .size sha256_block_data_order,.-.L_sha256_block_data_order_begin + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s +index d196c6a793..1514ee45c0 100644 +--- a/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s +@@ -5493,5 +5493,26 @@ sha256_block_data_order_avx2: + .byte 0xf3,0xc3 + .cfi_endproc + .size sha256_block_data_order_avx2,.-sha256_block_data_order_avx2 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha512-ssse3-x86.s b/lib/accelerated/x86/elf/sha512-ssse3-x86.s +index 481c777154..afca4eae7b 100644 +--- a/lib/accelerated/x86/elf/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha512-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha512_block_data_order: + .L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -602,4 +603,21 @@ sha512_block_data_order: + .byte 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 + .byte 62,0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s +index 446c06a3e6..a7be2cd444 100644 +--- a/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s +@@ -5498,5 +5498,26 @@ sha512_block_data_order_avx2: + .byte 0xf3,0xc3 + .cfi_endproc + .size sha512_block_data_order_avx2,.-sha512_block_data_order_avx2 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +-- +2.31.1 + +diff --git a/lib/accelerated/x86/elf/e_padlock-x86.s b/lib/accelerated/x86/elf/e_padlock-x86.s +index ed8681ee4..dd56518f6 100644 +--- a/lib/accelerated/x86/elf/e_padlock-x86.s ++++ b/lib/accelerated/x86/elf/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,13 +37,13 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl padlock_capability + .type padlock_capability,@function + .align 16 + padlock_capability: + .L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -60,11 +60,20 @@ padlock_capability: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne .L000noluck ++ jne .L001zhaoxin + cmpl $0x48727561,%edx + jne .L000noluck + cmpl $0x736c7561,%ecx + jne .L000noluck ++ jmp .L002zhaoxinEnd ++.L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne .L000noluck ++ cmpl $0x68676e61,%edx ++ jne .L000noluck ++ cmpl $0x20206961,%ecx ++ jne .L000noluck ++.L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -95,15 +104,16 @@ padlock_capability: + .align 16 + padlock_key_bswap: + .L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-.L001bswap_loop: ++.L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz .L001bswap_loop ++ jnz .L003bswap_loop + ret + .size padlock_key_bswap,.-.L_padlock_key_bswap_begin + .globl padlock_verify_context +@@ -111,25 +121,27 @@ padlock_key_bswap: + .align 16 + padlock_verify_context: + .L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx +- leal .Lpadlock_saved_context-.L002verify_pic_point,%eax ++ leal .Lpadlock_saved_context-.L004verify_pic_point,%eax + pushfl + call _padlock_verify_ctx +-.L002verify_pic_point: ++.L004verify_pic_point: + leal 4(%esp),%esp + ret + .size padlock_verify_context,.-.L_padlock_verify_context_begin + .type _padlock_verify_ctx,@function + .align 16 + _padlock_verify_ctx: ++.byte 243,15,30,251 + addl (%esp),%eax + btl $30,4(%esp) +- jnc .L003verified ++ jnc .L005verified + cmpl (%eax),%edx +- je .L003verified ++ je .L005verified + pushfl + popfl +-.L003verified: ++.L005verified: + movl %edx,(%eax) + ret + .size _padlock_verify_ctx,.-_padlock_verify_ctx +@@ -138,6 +150,7 @@ _padlock_verify_ctx: + .align 16 + padlock_reload_key: + .L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -147,6 +160,7 @@ padlock_reload_key: + .align 16 + padlock_aes_block: + .L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -167,6 +181,7 @@ padlock_aes_block: + .align 16 + padlock_ecb_encrypt: + .L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -176,25 +191,25 @@ padlock_ecb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + testl $15,%ecx +- jnz .L004ecb_abort +- leal .Lpadlock_saved_context-.L005ecb_pic_point,%eax ++ jnz .L006ecb_abort ++ leal .Lpadlock_saved_context-.L007ecb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L005ecb_pic_point: ++.L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -213,7 +228,7 @@ padlock_ecb_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L007ecb_loop ++ ja .L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -224,10 +239,10 @@ padlock_ecb_encrypt: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L008ecb_unaligned_tail +- jmp .L007ecb_loop ++ jz .L010ecb_unaligned_tail ++ jmp .L009ecb_loop + .align 16 +-.L007ecb_loop: ++.L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -236,13 +251,13 @@ padlock_ecb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L009ecb_inp_aligned ++ jz .L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L009ecb_inp_aligned: ++.L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -250,23 +265,23 @@ padlock_ecb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L010ecb_out_aligned ++ jz .L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L010ecb_out_aligned: ++.L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L011ecb_break ++ jz .L013ecb_break + cmpl %ebx,%ecx +- jae .L007ecb_loop +-.L008ecb_unaligned_tail: ++ jae .L009ecb_loop ++.L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -279,24 +294,24 @@ padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop ++ jmp .L009ecb_loop + .align 16 +-.L011ecb_break: ++.L013ecb_break: + cmpl %ebp,%esp +- je .L012ecb_done ++ je .L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L013ecb_bzero: ++.L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L013ecb_bzero +-.L012ecb_done: ++ ja .L015ecb_bzero ++.L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L014ecb_exit ++ jmp .L016ecb_exit + .align 16 +-.L006ecb_aligned: ++.L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -306,14 +321,14 @@ padlock_ecb_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L015ecb_aligned_tail ++ jz .L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz .L014ecb_exit +-.L015ecb_aligned_tail: ++ jz .L016ecb_exit ++.L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -330,11 +345,11 @@ padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop +-.L014ecb_exit: ++ jmp .L009ecb_loop ++.L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L004ecb_abort: ++.L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -346,6 +361,7 @@ padlock_ecb_encrypt: + .align 16 + padlock_cbc_encrypt: + .L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -355,25 +371,25 @@ padlock_cbc_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + testl $15,%ecx +- jnz .L016cbc_abort +- leal .Lpadlock_saved_context-.L017cbc_pic_point,%eax ++ jnz .L018cbc_abort ++ leal .Lpadlock_saved_context-.L019cbc_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L017cbc_pic_point: ++.L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -392,7 +408,7 @@ padlock_cbc_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L019cbc_loop ++ ja .L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -403,10 +419,10 @@ padlock_cbc_encrypt: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L020cbc_unaligned_tail +- jmp .L019cbc_loop ++ jz .L022cbc_unaligned_tail ++ jmp .L021cbc_loop + .align 16 +-.L019cbc_loop: ++.L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -415,13 +431,13 @@ padlock_cbc_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L021cbc_inp_aligned ++ jz .L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L021cbc_inp_aligned: ++.L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -431,23 +447,23 @@ padlock_cbc_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L022cbc_out_aligned ++ jz .L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L022cbc_out_aligned: ++.L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L023cbc_break ++ jz .L025cbc_break + cmpl %ebx,%ecx +- jae .L019cbc_loop +-.L020cbc_unaligned_tail: ++ jae .L021cbc_loop ++.L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -460,24 +476,24 @@ padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop ++ jmp .L021cbc_loop + .align 16 +-.L023cbc_break: ++.L025cbc_break: + cmpl %ebp,%esp +- je .L024cbc_done ++ je .L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L025cbc_bzero: ++.L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L025cbc_bzero +-.L024cbc_done: ++ ja .L027cbc_bzero ++.L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L026cbc_exit ++ jmp .L028cbc_exit + .align 16 +-.L018cbc_aligned: ++.L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -487,7 +503,7 @@ padlock_cbc_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L027cbc_aligned_tail ++ jz .L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -495,8 +511,8 @@ padlock_cbc_encrypt: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz .L026cbc_exit +-.L027cbc_aligned_tail: ++ jz .L028cbc_exit ++.L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -513,11 +529,11 @@ padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop +-.L026cbc_exit: ++ jmp .L021cbc_loop ++.L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L016cbc_abort: ++.L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -529,6 +545,7 @@ padlock_cbc_encrypt: + .align 16 + padlock_cfb_encrypt: + .L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -538,25 +555,25 @@ padlock_cfb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + testl $15,%ecx +- jnz .L028cfb_abort +- leal .Lpadlock_saved_context-.L029cfb_pic_point,%eax ++ jnz .L030cfb_abort ++ leal .Lpadlock_saved_context-.L031cfb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L029cfb_pic_point: ++.L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -574,9 +591,9 @@ padlock_cfb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L031cfb_loop ++ jmp .L033cfb_loop + .align 16 +-.L031cfb_loop: ++.L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -585,13 +602,13 @@ padlock_cfb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L032cfb_inp_aligned ++ jz .L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L032cfb_inp_aligned: ++.L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -601,45 +618,45 @@ padlock_cfb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L033cfb_out_aligned ++ jz .L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L033cfb_out_aligned: ++.L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L031cfb_loop ++ jnz .L033cfb_loop + cmpl %ebp,%esp +- je .L034cfb_done ++ je .L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L035cfb_bzero: ++.L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L035cfb_bzero +-.L034cfb_done: ++ ja .L037cfb_bzero ++.L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L036cfb_exit ++ jmp .L038cfb_exit + .align 16 +-.L030cfb_aligned: ++.L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L036cfb_exit: ++.L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L028cfb_abort: ++.L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -651,6 +668,7 @@ padlock_cfb_encrypt: + .align 16 + padlock_ofb_encrypt: + .L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -660,25 +678,25 @@ padlock_ofb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + testl $15,%ecx +- jnz .L037ofb_abort +- leal .Lpadlock_saved_context-.L038ofb_pic_point,%eax ++ jnz .L039ofb_abort ++ leal .Lpadlock_saved_context-.L040ofb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L038ofb_pic_point: ++.L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -696,9 +714,9 @@ padlock_ofb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L040ofb_loop ++ jmp .L042ofb_loop + .align 16 +-.L040ofb_loop: ++.L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -707,13 +725,13 @@ padlock_ofb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L041ofb_inp_aligned ++ jz .L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L041ofb_inp_aligned: ++.L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -723,45 +741,45 @@ padlock_ofb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L042ofb_out_aligned ++ jz .L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L042ofb_out_aligned: ++.L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L040ofb_loop ++ jnz .L042ofb_loop + cmpl %ebp,%esp +- je .L043ofb_done ++ je .L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L044ofb_bzero: ++.L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L044ofb_bzero +-.L043ofb_done: ++ ja .L046ofb_bzero ++.L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L045ofb_exit ++ jmp .L047ofb_exit + .align 16 +-.L039ofb_aligned: ++.L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L045ofb_exit: ++.L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L037ofb_abort: ++.L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -773,6 +791,7 @@ padlock_ofb_encrypt: + .align 16 + padlock_ctr32_encrypt: + .L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -782,14 +801,14 @@ padlock_ctr32_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + testl $15,%ecx +- jnz .L046ctr32_abort +- leal .Lpadlock_saved_context-.L047ctr32_pic_point,%eax ++ jnz .L048ctr32_abort ++ leal .Lpadlock_saved_context-.L049ctr32_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L047ctr32_pic_point: ++.L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -809,9 +828,9 @@ padlock_ctr32_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L048ctr32_loop ++ jmp .L050ctr32_loop + .align 16 +-.L048ctr32_loop: ++.L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -820,7 +839,7 @@ padlock_ctr32_encrypt: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-.L049ctr32_prepare: ++.L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -829,7 +848,7 @@ padlock_ctr32_encrypt: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb .L049ctr32_prepare ++ jb .L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -842,33 +861,33 @@ padlock_ctr32_encrypt: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-.L050ctr32_xor: ++.L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb .L050ctr32_xor ++ jb .L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L048ctr32_loop ++ jnz .L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L051ctr32_bzero: ++.L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L051ctr32_bzero +-.L052ctr32_done: ++ ja .L053ctr32_bzero ++.L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-.L046ctr32_abort: ++.L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -880,6 +899,7 @@ padlock_ctr32_encrypt: + .align 16 + padlock_xstore: + .L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -890,14 +910,15 @@ padlock_xstore: + .type _win32_segv_handler,@function + .align 16 + _win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne .L053ret ++ jne .L055ret + addl $4,184(%ecx) + movl $0,%eax +-.L053ret: ++.L055ret: + ret + .size _win32_segv_handler,.-_win32_segv_handler + .globl padlock_sha1_oneshot +@@ -905,6 +926,7 @@ _win32_segv_handler: + .align 16 + padlock_sha1_oneshot: + .L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -936,6 +958,7 @@ padlock_sha1_oneshot: + .align 16 + padlock_sha1_blocks: + .L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -966,6 +989,7 @@ padlock_sha1_blocks: + .align 16 + padlock_sha256_oneshot: + .L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -997,6 +1021,7 @@ padlock_sha256_oneshot: + .align 16 + padlock_sha256_blocks: + .L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1027,6 +1052,7 @@ padlock_sha256_blocks: + .align 16 + padlock_sha512_blocks: + .L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1069,7 +1095,21 @@ padlock_sha512_blocks: + .Lpadlock_saved_context: + .long 0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: + + .section .note.GNU-stack,"",%progbits +- +- +diff --git a/lib/accelerated/x86/elf/e_padlock-x86_64.s b/lib/accelerated/x86/elf/e_padlock-x86_64.s +index c161f0a73..f92da756c 100644 +--- a/lib/accelerated/x86/elf/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/elf/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + .type padlock_capability,@function + .align 16 + padlock_capability: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne .Lzhaoxin ++ cmpl $0x48727561,%edx + jne .Lnoluck +- cmpl $1215460705,%edx ++ cmpl $0x736c7561,%ecx + jne .Lnoluck +- cmpl $1936487777,%ecx ++ jmp .LzhaoxinEnd ++.Lzhaoxin: ++ cmpl $0x68532020,%ebx + jne .Lnoluck +- movl $3221225472,%eax ++ cmpl $0x68676e61,%edx ++ jne .Lnoluck ++ cmpl $0x20206961,%ecx ++ jne .Lnoluck ++.LzhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb .Lnoluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + .Lnoluck: + movq %r8,%rbx + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_capability,.-padlock_capability + + .globl padlock_key_bswap + .type padlock_key_bswap,@function + .align 16 + padlock_key_bswap: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rdi),%edx + .Lbswap_loop: + movl (%rdi),%eax +@@ -81,23 +95,29 @@ padlock_key_bswap: + subl $1,%edx + jnz .Lbswap_loop + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_key_bswap,.-padlock_key_bswap + + .globl padlock_verify_context + .type padlock_verify_context,@function + .align 16 + padlock_verify_context: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdi,%rdx + pushf + leaq .Lpadlock_saved_context(%rip),%rax + call _padlock_verify_ctx + leaq 8(%rsp),%rsp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_verify_context,.-padlock_verify_context + + .type _padlock_verify_ctx,@function + .align 16 + _padlock_verify_ctx: ++.cfi_startproc ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc .Lverified +@@ -108,43 +128,55 @@ _padlock_verify_ctx: + .Lverified: + movq %rdx,(%rax) + .byte 0xf3,0xc3 ++.cfi_endproc + .size _padlock_verify_ctx,.-_padlock_verify_ctx + + .globl padlock_reload_key + .type padlock_reload_key,@function + .align 16 + padlock_reload_key: ++.cfi_startproc ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_reload_key,.-padlock_reload_key + + .globl padlock_aes_block + .type padlock_aes_block,@function + .align 16 + padlock_aes_block: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_aes_block,.-padlock_aes_block + + .globl padlock_xstore + .type padlock_xstore,@function + .align 16 + padlock_xstore: ++.cfi_startproc ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_xstore,.-padlock_xstore + + .globl padlock_sha1_oneshot + .type padlock_sha1_oneshot,@function + .align 16 + padlock_sha1_oneshot: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -154,19 +186,22 @@ padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp + movups %xmm0,(%rdx) + movl %eax,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha1_oneshot,.-padlock_sha1_oneshot + + .globl padlock_sha1_blocks + .type padlock_sha1_blocks,@function + .align 16 + padlock_sha1_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -176,19 +211,22 @@ padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp + movups %xmm0,(%rdx) + movl %eax,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha1_blocks,.-padlock_sha1_blocks + + .globl padlock_sha256_oneshot + .type padlock_sha256_oneshot,@function + .align 16 + padlock_sha256_oneshot: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -198,19 +236,22 @@ padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp + movups %xmm0,(%rdx) + movups %xmm1,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha256_oneshot,.-padlock_sha256_oneshot + + .globl padlock_sha256_blocks + .type padlock_sha256_blocks,@function + .align 16 + padlock_sha256_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -220,19 +261,22 @@ padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp + movups %xmm0,(%rdx) + movups %xmm1,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha256_blocks,.-padlock_sha256_blocks + + .globl padlock_sha512_blocks + .type padlock_sha512_blocks,@function + .align 16 + padlock_sha512_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +289,7 @@ padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -256,11 +300,14 @@ padlock_sha512_blocks: + movups %xmm2,32(%rdx) + movups %xmm3,48(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha512_blocks,.-padlock_sha512_blocks + .globl padlock_ecb_encrypt + .type padlock_ecb_encrypt,@function + .align 16 + padlock_ecb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -278,9 +325,9 @@ padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lecb_aligned +@@ -304,7 +351,7 @@ padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -320,12 +367,12 @@ padlock_ecb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -333,15 +380,15 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lecb_out_aligned: + movq %r9,%rsi +@@ -362,7 +409,7 @@ padlock_ecb_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -388,7 +435,7 @@ padlock_ecb_encrypt: + .Lecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -399,7 +446,7 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz .Lecb_exit + +@@ -411,7 +458,7 @@ padlock_ecb_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -423,11 +470,14 @@ padlock_ecb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ecb_encrypt,.-padlock_ecb_encrypt + .globl padlock_cbc_encrypt + .type padlock_cbc_encrypt,@function + .align 16 + padlock_cbc_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -445,9 +495,9 @@ padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcbc_aligned +@@ -471,7 +521,7 @@ padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -487,12 +537,12 @@ padlock_cbc_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -500,17 +550,17 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcbc_out_aligned: + movq %r9,%rsi +@@ -531,7 +581,7 @@ padlock_cbc_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -557,7 +607,7 @@ padlock_cbc_encrypt: + .Lcbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -568,7 +618,7 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -582,7 +632,7 @@ padlock_cbc_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -594,11 +644,14 @@ padlock_cbc_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_cbc_encrypt,.-padlock_cbc_encrypt + .globl padlock_cfb_encrypt + .type padlock_cfb_encrypt,@function + .align 16 + padlock_cfb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -616,9 +669,9 @@ padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcfb_aligned +@@ -645,12 +698,12 @@ padlock_cfb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -658,17 +711,17 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcfb_out_aligned: + movq %r9,%rsi +@@ -698,7 +751,7 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lcfb_exit: +@@ -708,11 +761,14 @@ padlock_cfb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_cfb_encrypt,.-padlock_cfb_encrypt + .globl padlock_ofb_encrypt + .type padlock_ofb_encrypt,@function + .align 16 + padlock_ofb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -730,9 +786,9 @@ padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lofb_aligned +@@ -759,12 +815,12 @@ padlock_ofb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -772,17 +828,17 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lofb_out_aligned: + movq %r9,%rsi +@@ -812,7 +868,7 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lofb_exit: +@@ -822,11 +878,14 @@ padlock_ofb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ofb_encrypt,.-padlock_ofb_encrypt + .globl padlock_ctr32_encrypt + .type padlock_ctr32_encrypt,@function + .align 16 + padlock_ctr32_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -844,9 +903,9 @@ padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lctr32_aligned +@@ -881,7 +940,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -897,12 +956,12 @@ padlock_ctr32_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -910,23 +969,23 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz .Lctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + .Lctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lctr32_out_aligned: + movq %r9,%rsi +@@ -944,7 +1003,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -959,7 +1018,7 @@ padlock_ctr32_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -986,7 +1045,7 @@ padlock_ctr32_encrypt: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1003,11 +1062,11 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1021,7 +1080,7 @@ padlock_ctr32_encrypt: + .Lctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1032,7 +1091,7 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz .Lctr32_exit + +@@ -1044,7 +1103,7 @@ padlock_ctr32_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1056,6 +1115,7 @@ padlock_ctr32_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ctr32_encrypt,.-padlock_ctr32_encrypt + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 16 +@@ -1063,8 +1123,26 @@ padlock_ctr32_encrypt: + .align 8 + .Lpadlock_saved_context: + .quad 0 +- ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +- +- diff --git a/SOURCES/gnutls-3.7.2-no-explicit-init.patch b/SOURCES/gnutls-3.7.2-no-explicit-init.patch new file mode 100644 index 0000000..6424174 --- /dev/null +++ b/SOURCES/gnutls-3.7.2-no-explicit-init.patch @@ -0,0 +1,32 @@ +From 36a92d984020df16296784a7ad613c9693469d23 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 21 Dec 2021 16:28:09 +0100 +Subject: [PATCH 1/2] Remove GNUTLS_NO_EXPLICIT_INIT compatibility + +Signed-off-by: rpm-build +--- + lib/global.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/lib/global.c b/lib/global.c +index 3731418..1384045 100644 +--- a/lib/global.c ++++ b/lib/global.c +@@ -500,14 +500,6 @@ static void _CONSTRUCTOR lib_init(void) + return; + } + +- e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT"); +- if (e != NULL) { +- _gnutls_debug_log("GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n"); +- ret = atoi(e); +- if (ret == 1) +- return; +- } +- + ret = _gnutls_global_init(1); + if (ret < 0) { + fprintf(stderr, "Error in GnuTLS initialization: %s\n", gnutls_strerror(ret)); +-- +2.31.1 + diff --git a/SOURCES/gnutls-3.7.3-disable-config-reload.patch b/SOURCES/gnutls-3.7.3-disable-config-reload.patch new file mode 100644 index 0000000..29d806a --- /dev/null +++ b/SOURCES/gnutls-3.7.3-disable-config-reload.patch @@ -0,0 +1,26 @@ +diff --git a/lib/priority.c b/lib/priority.c +index 9feec47fe2..40511710fd 100644 +--- a/lib/priority.c ++++ b/lib/priority.c +@@ -2001,13 +2001,14 @@ char *_gnutls_resolve_priorities(const char* priorities) + additional++; + } + +- /* Always try to refresh the cached data, to allow it to be +- * updated without restarting all applications. +- */ +- ret = _gnutls_update_system_priorities(false /* defer_system_wide */); +- if (ret < 0) { +- _gnutls_debug_log("failed to update system priorities: %s\n", +- gnutls_strerror(ret)); ++ /* If priority string is not constructed yet, construct and finalize */ ++ if (!system_wide_config.priority_string) { ++ ret = _gnutls_update_system_priorities(false ++ /* defer_system_wide */); ++ if (ret < 0) { ++ _gnutls_debug_log("failed to update system priorities: " ++ " %s\n", gnutls_strerror(ret)); ++ } + } + + do { diff --git a/SOURCES/gnutls-3.7.3-fips-dsa-post.patch b/SOURCES/gnutls-3.7.3-fips-dsa-post.patch new file mode 100644 index 0000000..7d1aea2 --- /dev/null +++ b/SOURCES/gnutls-3.7.3-fips-dsa-post.patch @@ -0,0 +1,29 @@ +From 0a29639ad24072afbd79b2ceede9976e51b9e2af Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 1 Jul 2022 16:46:07 +0900 +Subject: [PATCH] fips: don't run POST for DSA + +Signed-off-by: rpm-build <> +--- + lib/fips.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/lib/fips.c b/lib/fips.c +index 656d43e..c776690 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -523,11 +523,6 @@ int _gnutls_fips_perform_self_checks2(void) + return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + +- ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA); +- if (ret < 0) { +- return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); +- } +- + ret = gnutls_pk_self_test(0, GNUTLS_PK_EC); + if (ret < 0) { + return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); +-- +2.36.1 + diff --git a/SOURCES/gnutls-3.7.6-aes-gcm-pt-limit.patch b/SOURCES/gnutls-3.7.6-aes-gcm-pt-limit.patch new file mode 100644 index 0000000..dd32866 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-aes-gcm-pt-limit.patch @@ -0,0 +1,720 @@ +From 2f61f102169e4d6652c9b82246353cd276366809 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 27 Jun 2022 11:14:50 +0900 +Subject: [PATCH] cipher: limit plaintext length supplied to AES-GCM + +According to SP800-38D 5.2.1.1, input data length of AES-GCM +encryption function must be less than or equal to 2^39-256 bits. + +Signed-off-by: Daiki Ueno +--- + NEWS | 3 + + lib/accelerated/aarch64/aes-aarch64.h | 15 ++++ + lib/accelerated/aarch64/aes-gcm-aarch64.c | 9 +++ + lib/accelerated/x86/aes-gcm-padlock.c | 29 ++++--- + lib/accelerated/x86/aes-gcm-x86-aesni.c | 30 +++++--- + lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c | 9 +++ + lib/accelerated/x86/aes-gcm-x86-pclmul.c | 9 +++ + lib/accelerated/x86/aes-gcm-x86-ssse3.c | 30 +++++--- + lib/accelerated/x86/aes-x86.h | 15 ++++ + lib/nettle/cipher.c | 41 ++++++++++ + tests/slow/cipher-api-test.c | 79 ++++++++++++++++++++ + 11 files changed, 240 insertions(+), 29 deletions(-) + +diff --git a/lib/accelerated/aarch64/aes-aarch64.h b/lib/accelerated/aarch64/aes-aarch64.h +index 692d8620d7..0e64f4ed8d 100644 +--- a/lib/accelerated/aarch64/aes-aarch64.h ++++ b/lib/accelerated/aarch64/aes-aarch64.h +@@ -20,6 +20,21 @@ typedef struct { + if (s != 16 && s != 24 && s != 32) \ + return GNUTLS_E_INVALID_REQUEST + ++#include ++#define AES_GCM_ENCRYPT_MAX_BYTES ((1ULL << 36) - 32) ++static inline int ++record_aes_gcm_encrypt_size(size_t *counter, size_t size) { ++ size_t sum; ++ ++ if (!INT_ADD_OK(*counter, size, &sum) || ++ sum > AES_GCM_ENCRYPT_MAX_BYTES) { ++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ } ++ *counter = sum; ++ ++ return 0; ++} ++ + int aes_v8_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); + int aes_v8_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); + void aes_v8_cbc_encrypt(const unsigned char *in, unsigned char *out, +diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c b/lib/accelerated/aarch64/aes-gcm-aarch64.c +index 901bd9f60f..be1e69c784 100644 +--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c ++++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c +@@ -62,6 +62,7 @@ struct aes_gcm_ctx { + struct gcm128_context gcm; + unsigned finished; + unsigned auth_finished; ++ size_t rekey_counter; + }; + + void gcm_init_v8(u128 Htable[16], const uint64_t Xi[2]); +@@ -116,6 +117,7 @@ aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) + ctx->gcm.H.u[1] = bswap_64(ctx->gcm.H.u[1]); + + gcm_init_v8(ctx->gcm.Htable, ctx->gcm.H.u); ++ ctx->rekey_counter = 0; + + return 0; + } +@@ -141,6 +143,7 @@ static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) + ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2; + ctx->finished = 0; + ctx->auth_finished = 0; ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -229,6 +232,7 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + int exp_blocks = blocks * GCM_BLOCK_SIZE; + int rest = src_size - (exp_blocks); + uint32_t counter; ++ int ret; + + if (unlikely(ctx->finished)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +@@ -236,6 +240,11 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); ++ if (ret < 0) { ++ return gnutls_assert_val(ret); ++ } ++ + if (blocks > 0) { + ctr32_encrypt_blocks(src, dst, + blocks, +diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c +index a9c7441d65..739883ab1b 100644 +--- a/lib/accelerated/x86/aes-gcm-padlock.c ++++ b/lib/accelerated/x86/aes-gcm-padlock.c +@@ -43,7 +43,10 @@ + * Actually padlock doesn't include GCM mode. We just use + * the ECB part of padlock and nettle for everything else. + */ +-struct gcm_padlock_aes_ctx GCM_CTX(struct padlock_ctx); ++struct gcm_padlock_aes_ctx { ++ struct GCM_CTX(struct padlock_ctx) inner; ++ size_t rekey_counter; ++}; + + static void padlock_aes_encrypt(const void *_ctx, + size_t length, uint8_t * dst, +@@ -78,7 +81,7 @@ static void padlock_aes256_set_encrypt_key(struct padlock_ctx *_ctx, + + static void aes_gcm_deinit(void *_ctx) + { +- struct padlock_ctx *ctx = _ctx; ++ struct gcm_padlock_aes_ctx *ctx = _ctx; + + zeroize_temp_key(ctx, sizeof(*ctx)); + gnutls_free(ctx); +@@ -108,14 +111,15 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize) + struct gcm_padlock_aes_ctx *ctx = _ctx; + + if (keysize == 16) { +- GCM_SET_KEY(ctx, padlock_aes128_set_encrypt_key, padlock_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, padlock_aes128_set_encrypt_key, padlock_aes_encrypt, + key); + } else if (keysize == 32) { +- GCM_SET_KEY(ctx, padlock_aes256_set_encrypt_key, padlock_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, padlock_aes256_set_encrypt_key, padlock_aes_encrypt, + key); + } else + return GNUTLS_E_INVALID_REQUEST; + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -126,8 +130,9 @@ static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) + if (iv_size != GCM_BLOCK_SIZE - 4) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + +- GCM_SET_IV(ctx, iv_size, iv); ++ GCM_SET_IV(&ctx->inner, iv_size, iv); + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -136,11 +141,17 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t length) + { + struct gcm_padlock_aes_ctx *ctx = _ctx; ++ int ret; + + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + +- GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src); ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); ++ if (ret < 0) { ++ return gnutls_assert_val(ret); ++ } ++ ++ GCM_ENCRYPT(&ctx->inner, padlock_aes_encrypt, src_size, dst, src); + + return 0; + } +@@ -154,7 +165,7 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + +- GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src); ++ GCM_DECRYPT(&ctx->inner, padlock_aes_encrypt, src_size, dst, src); + return 0; + } + +@@ -162,7 +173,7 @@ static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) + { + struct gcm_padlock_aes_ctx *ctx = _ctx; + +- GCM_UPDATE(ctx, src_size, src); ++ GCM_UPDATE(&ctx->inner, src_size, src); + + return 0; + } +@@ -171,7 +182,7 @@ static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) + { + struct gcm_padlock_aes_ctx *ctx = _ctx; + +- GCM_DIGEST(ctx, padlock_aes_encrypt, tagsize, tag); ++ GCM_DIGEST(&ctx->inner, padlock_aes_encrypt, tagsize, tag); + } + + #include "aes-gcm-aead.h" +diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c +index b0edaebfba..3be63ddd97 100644 +--- a/lib/accelerated/x86/aes-gcm-x86-aesni.c ++++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c +@@ -36,12 +36,14 @@ + #include + #include + #include +-#include + + /* GCM mode + * It is used when the CPU doesn't include the PCLMUL instructions. + */ +-struct gcm_x86_aes_ctx GCM_CTX(AES_KEY); ++struct gcm_x86_aes_ctx { ++ struct GCM_CTX(AES_KEY) inner; ++ size_t rekey_counter; ++}; + + static void x86_aes_encrypt(const void *_ctx, + size_t length, uint8_t * dst, +@@ -101,17 +103,18 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length) + struct gcm_x86_aes_ctx *ctx = _ctx; + + if (length == 16) { +- GCM_SET_KEY(ctx, x86_aes128_set_encrypt_key, x86_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, x86_aes128_set_encrypt_key, x86_aes_encrypt, + key); + } else if (length == 24) { +- GCM_SET_KEY(ctx, x86_aes192_set_encrypt_key, x86_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, x86_aes192_set_encrypt_key, x86_aes_encrypt, + key); + } else if (length == 32) { +- GCM_SET_KEY(ctx, x86_aes256_set_encrypt_key, x86_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, x86_aes256_set_encrypt_key, x86_aes_encrypt, + key); + } else + return GNUTLS_E_INVALID_REQUEST; + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -122,8 +125,9 @@ static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) + if (iv_size != GCM_BLOCK_SIZE - 4) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + +- GCM_SET_IV(ctx, iv_size, iv); ++ GCM_SET_IV(&ctx->inner, iv_size, iv); + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -132,11 +136,17 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t length) + { + struct gcm_x86_aes_ctx *ctx = _ctx; ++ int ret; + + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + +- GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src); ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); ++ if (ret < 0) { ++ return gnutls_assert_val(ret); ++ } ++ ++ GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src); + + return 0; + } +@@ -150,7 +160,7 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + +- GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src); ++ GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src); + return 0; + } + +@@ -158,7 +168,7 @@ static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) + { + struct gcm_x86_aes_ctx *ctx = _ctx; + +- GCM_UPDATE(ctx, src_size, src); ++ GCM_UPDATE(&ctx->inner, src_size, src); + + return 0; + } +@@ -167,7 +177,7 @@ static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) + { + struct gcm_x86_aes_ctx *ctx = _ctx; + +- GCM_DIGEST(ctx, x86_aes_encrypt, tagsize, tag); ++ GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag); + } + + static void aes_gcm_deinit(void *_ctx) +diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c b/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c +index 21aef94440..fbefe432f4 100644 +--- a/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c ++++ b/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c +@@ -61,6 +61,7 @@ struct aes_gcm_ctx { + struct gcm128_context gcm; + unsigned finished; + unsigned auth_finished; ++ size_t rekey_counter; + }; + + void gcm_init_avx(u128 Htable[16], const uint64_t Xi[2]); +@@ -116,6 +117,7 @@ aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) + + gcm_init_avx(ctx->gcm.Htable, ctx->gcm.H.u); + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -140,6 +142,7 @@ static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) + ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2; + ctx->finished = 0; + ctx->auth_finished = 0; ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -184,6 +187,7 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + int exp_blocks = blocks * GCM_BLOCK_SIZE; + int rest = src_size - (exp_blocks); + uint32_t counter; ++ int ret; + + if (unlikely(ctx->finished)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +@@ -191,6 +195,11 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); ++ if (ret < 0) { ++ return gnutls_assert_val(ret); ++ } ++ + if (blocks > 0) { + aesni_ctr32_encrypt_blocks(src, dst, + blocks, +diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul.c b/lib/accelerated/x86/aes-gcm-x86-pclmul.c +index e6b4990cbf..5385acbb6b 100644 +--- a/lib/accelerated/x86/aes-gcm-x86-pclmul.c ++++ b/lib/accelerated/x86/aes-gcm-x86-pclmul.c +@@ -60,6 +60,7 @@ struct aes_gcm_ctx { + struct gcm128_context gcm; + unsigned finished; + unsigned auth_finished; ++ size_t rekey_counter; + }; + + void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]); +@@ -116,6 +117,7 @@ aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) + + gcm_init_clmul(ctx->gcm.Htable, ctx->gcm.H.u); + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -140,6 +142,7 @@ static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) + ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2; + ctx->finished = 0; + ctx->auth_finished = 0; ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -184,6 +187,7 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + int exp_blocks = blocks * GCM_BLOCK_SIZE; + int rest = src_size - (exp_blocks); + uint32_t counter; ++ int ret; + + if (unlikely(ctx->finished)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +@@ -191,6 +195,11 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); ++ if (ret < 0) { ++ return gnutls_assert_val(ret); ++ } ++ + if (blocks > 0) { + aesni_ctr32_encrypt_blocks(src, dst, + blocks, +diff --git a/lib/accelerated/x86/aes-gcm-x86-ssse3.c b/lib/accelerated/x86/aes-gcm-x86-ssse3.c +index 7a2ac50869..f074cb1096 100644 +--- a/lib/accelerated/x86/aes-gcm-x86-ssse3.c ++++ b/lib/accelerated/x86/aes-gcm-x86-ssse3.c +@@ -36,13 +36,15 @@ + #include + #include + #include +-#include + #include + + /* GCM mode + * It is used when the CPU doesn't include the PCLMUL instructions. + */ +-struct gcm_x86_aes_ctx GCM_CTX(AES_KEY); ++struct gcm_x86_aes_ctx { ++ struct GCM_CTX(AES_KEY) inner; ++ size_t rekey_counter; ++}; + + static void x86_aes_encrypt(const void *_ctx, + size_t length, uint8_t * dst, +@@ -110,17 +112,18 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize) + struct gcm_x86_aes_ctx *ctx = _ctx; + + if (keysize == 16) { +- GCM_SET_KEY(ctx, x86_aes_128_set_encrypt_key, x86_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, x86_aes_128_set_encrypt_key, x86_aes_encrypt, + key); + } else if (keysize == 24) { +- GCM_SET_KEY(ctx, x86_aes_192_set_encrypt_key, x86_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, x86_aes_192_set_encrypt_key, x86_aes_encrypt, + key); + } else if (keysize == 32) { +- GCM_SET_KEY(ctx, x86_aes_256_set_encrypt_key, x86_aes_encrypt, ++ GCM_SET_KEY(&ctx->inner, x86_aes_256_set_encrypt_key, x86_aes_encrypt, + key); + } else + return GNUTLS_E_INVALID_REQUEST; + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -131,8 +134,9 @@ static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) + if (iv_size != GCM_BLOCK_SIZE - 4) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + +- GCM_SET_IV(ctx, iv_size, iv); ++ GCM_SET_IV(&ctx->inner, iv_size, iv); + ++ ctx->rekey_counter = 0; + return 0; + } + +@@ -141,11 +145,17 @@ aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t length) + { + struct gcm_x86_aes_ctx *ctx = _ctx; ++ int ret; + + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + +- GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src); ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); ++ if (ret < 0) { ++ return gnutls_assert_val(ret); ++ } ++ ++ GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src); + + return 0; + } +@@ -159,7 +169,7 @@ aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + +- GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src); ++ GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src); + return 0; + } + +@@ -167,7 +177,7 @@ static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) + { + struct gcm_x86_aes_ctx *ctx = _ctx; + +- GCM_UPDATE(ctx, src_size, src); ++ GCM_UPDATE(&ctx->inner, src_size, src); + + return 0; + } +@@ -176,7 +186,7 @@ static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) + { + struct gcm_x86_aes_ctx *ctx = _ctx; + +- GCM_DIGEST(ctx, x86_aes_encrypt, tagsize, tag); ++ GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag); + } + + static void aes_gcm_deinit(void *_ctx) +diff --git a/lib/accelerated/x86/aes-x86.h b/lib/accelerated/x86/aes-x86.h +index 023b5f7be6..349d3d5d9c 100644 +--- a/lib/accelerated/x86/aes-x86.h ++++ b/lib/accelerated/x86/aes-x86.h +@@ -22,6 +22,21 @@ typedef struct { + if (s != 16 && s != 24 && s != 32) \ + return GNUTLS_E_INVALID_REQUEST + ++#include ++#define AES_GCM_ENCRYPT_MAX_BYTES ((1ULL << 36) - 32) ++static inline int ++record_aes_gcm_encrypt_size(size_t *counter, size_t size) { ++ size_t sum; ++ ++ if (!INT_ADD_OK(*counter, size, &sum) || ++ sum > AES_GCM_ENCRYPT_MAX_BYTES) { ++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ } ++ *counter = sum; ++ ++ return 0; ++} ++ + void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY * key, int enc); + +diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c +index ab4c46d2d0..b41862d1ea 100644 +--- a/lib/nettle/cipher.c ++++ b/lib/nettle/cipher.c +@@ -63,6 +63,7 @@ + #include + #include + #include ++#include + + struct nettle_cipher_ctx; + +@@ -120,8 +121,23 @@ struct nettle_cipher_ctx { + unsigned iv_size; + + bool enc; ++ size_t rekey_counter; + }; + ++#define AES_GCM_ENCRYPT_MAX_BYTES ((1ULL << 36) - 32) ++static inline int ++record_aes_gcm_encrypt_size(size_t *counter, size_t size) { ++ size_t sum; ++ ++ if (!INT_ADD_OK(*counter, size, &sum) || ++ sum > AES_GCM_ENCRYPT_MAX_BYTES) { ++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ } ++ *counter = sum; ++ ++ return 0; ++} ++ + static void + _stream_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, + const uint8_t * src) +@@ -1133,6 +1149,16 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) + else + ctx->cipher->set_decrypt_key(ctx->ctx_ptr, key); + ++ switch (ctx->cipher->algo) { ++ case GNUTLS_CIPHER_AES_128_GCM: ++ case GNUTLS_CIPHER_AES_192_GCM: ++ case GNUTLS_CIPHER_AES_256_GCM: ++ ctx->rekey_counter = 0; ++ break; ++ default: ++ break; ++ } ++ + return 0; + } + +@@ -1147,6 +1173,7 @@ wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t iv_size) + case GNUTLS_CIPHER_AES_192_GCM: + case GNUTLS_CIPHER_AES_256_GCM: + FIPS_RULE(iv_size < GCM_IV_SIZE, GNUTLS_E_INVALID_REQUEST, "access to short GCM nonce size\n"); ++ ctx->rekey_counter = 0; + break; + case GNUTLS_CIPHER_SALSA20_256: + case GNUTLS_CIPHER_ESTREAM_SALSA20_256: +@@ -1207,10 +1234,24 @@ wrap_nettle_cipher_encrypt(void *_ctx, const void *plain, size_t plain_size, + void *encr, size_t encr_size) + { + struct nettle_cipher_ctx *ctx = _ctx; ++ int ret; + + if (unlikely(ctx->cipher->encrypt == NULL)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + ++ switch (ctx->cipher->algo) { ++ case GNUTLS_CIPHER_AES_128_GCM: ++ case GNUTLS_CIPHER_AES_192_GCM: ++ case GNUTLS_CIPHER_AES_256_GCM: ++ ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, plain_size); ++ if (ret < 0) { ++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ } ++ break; ++ default: ++ break; ++ } ++ + ctx->cipher->encrypt(ctx, plain_size, encr, plain); + + return 0; +diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c +index fc880bcc9f..1d267ce312 100644 +--- a/tests/slow/cipher-api-test.c ++++ b/tests/slow/cipher-api-test.c +@@ -21,6 +21,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -48,6 +49,11 @@ int main(int argc, char **argv) + #include + #include + ++#define AES_GCM_ENCRYPT_PLAINTEXT_MAX ((1ULL << 36) - 32) ++#if SIZE_MAX >= AES_GCM_ENCRYPT_PLAINTEXT_MAX ++#define TEST_AES_GCM_ENCRYPT_PLAINTEXT_SIZE 1 ++#endif ++ + static void tls_log_func(int level, const char *str) + { + fprintf(stderr, "<%d>| %s", level, str); +@@ -401,6 +407,74 @@ static void test_aead_invalid_short_decrypt(int algo) + return; + } + ++#ifdef TEST_AES_GCM_ENCRYPT_PLAINTEXT_SIZE ++/* Test whether an invalid call to gnutls_cipher_encrypt() with too ++ * long message is caught */ ++static void test_aead_invalid_too_long_encrypt(int algo) ++{ ++ int ret; ++ gnutls_cipher_hd_t ch; ++ uint8_t key16[64]; ++ uint8_t iv16[32]; ++ uint8_t data[128]; ++ gnutls_datum_t key, iv; ++ ++ if (algo != GNUTLS_CIPHER_AES_128_GCM && ++ algo != GNUTLS_CIPHER_AES_192_GCM && ++ algo != GNUTLS_CIPHER_AES_256_GCM) { ++ return; ++ } ++ ++ key.data = key16; ++ key.size = gnutls_cipher_get_key_size(algo); ++ assert(key.size <= sizeof(key16)); ++ ++ iv.data = iv16; ++ iv.size = gnutls_cipher_get_iv_size(algo); ++ assert(iv.size <= sizeof(iv16)); ++ ++ memset(iv.data, 0xff, iv.size); ++ memset(key.data, 0xfe, key.size); ++ memset(data, 0xfa, sizeof(data)); ++ ++ gnutls_global_set_log_function(tls_log_func); ++ if (debug) ++ gnutls_global_set_log_level(4711); ++ ++ ret = global_init(); ++ if (ret < 0) { ++ fail("Cannot initialize library\n"); /*errcode 1 */ ++ } ++ ++ ret = gnutls_cipher_init(&ch, algo, &key, &iv); ++ if (ret < 0) ++ fail("gnutls_cipher_init failed\n"); /*errcode 1 */ ++ ++ /* Test exceeding AES-GCM plaintext limit */ ++ ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); ++ if (ret < 0) ++ fail("could not encrypt data\n"); ++ ++ /* A few blocks larger than AES_GCM_ENCRYPT_PLAINTEXT_MAX combined with ++ * the previous call. Use NULL for PLAINTEXT so the access to the first ++ * block always results in page fault (in case the limit is not ++ * enforced). ++ */ ++ ret = gnutls_cipher_encrypt(ch, NULL, AES_GCM_ENCRYPT_PLAINTEXT_MAX); ++ if (ret >= 0) ++ fail("succeeded in encrypting too long data\n"); ++ if (ret != GNUTLS_E_INVALID_REQUEST) ++ fail("wrong kind of error on encrypting too long data," ++ "%s instead of GNUTLS_E_INVALID_REQUEST\n", ++ gnutls_strerror_name(ret)); ++ ++ gnutls_cipher_deinit(ch); ++ ++ gnutls_global_deinit(); ++ return; ++} ++#endif ++ + static void check_status(int status) + { + if (WEXITSTATUS(status) != 0 || +@@ -464,6 +538,11 @@ void start(const char *name, int algo, unsigned aead) + + success("trying %s: test_aead_invalid_short_decrypt\n", name); + fork_subtest(test_aead_invalid_short_decrypt, algo); ++ ++#if TEST_AES_GCM_ENCRYPT_PLAINTEXT_SIZE ++ success("trying %s: test_aead_invalid_too_long_encrypt\n", name); ++ fork_subtest(test_aead_invalid_too_long_encrypt, algo); ++#endif + } + } + +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.7.6-cpuid-fixes.patch b/SOURCES/gnutls-3.7.6-cpuid-fixes.patch new file mode 100644 index 0000000..a77c84d --- /dev/null +++ b/SOURCES/gnutls-3.7.6-cpuid-fixes.patch @@ -0,0 +1,119 @@ +From 8ff391fa011e02c88b0d099061ca62e88ab68011 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 15 Aug 2022 09:39:18 +0900 +Subject: [PATCH] accelerated: clear AVX bits if it cannot be queried through + XSAVE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32 +Architectures Software Developer’s Manual". + +GnuTLS previously only followed that algorithm when registering the +crypto backend, while the CRYPTOGAMS derived SHA code assembly expects +that the extension bits are propagated to _gnutls_x86_cpuid_s. + +Signed-off-by: Daiki Ueno +--- + lib/accelerated/x86/x86-common.c | 49 +++++++++++++++++++++++++------- + 1 file changed, 38 insertions(+), 11 deletions(-) + +diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c +index 7ddaa594e6..b7a88ddeca 100644 +--- a/lib/accelerated/x86/x86-common.c ++++ b/lib/accelerated/x86/x86-common.c +@@ -81,6 +81,26 @@ unsigned int _gnutls_x86_cpuid_s[4]; + # define bit_AVX 0x10000000 + #endif + ++#ifndef bit_AVX2 ++# define bit_AVX2 0x00000020 ++#endif ++ ++#ifndef bit_AVX512F ++# define bit_AVX512F 0x00010000 ++#endif ++ ++#ifndef bit_AVX512IFMA ++# define bit_AVX512IFMA 0x00200000 ++#endif ++ ++#ifndef bit_AVX512BW ++# define bit_AVX512BW 0x40000000 ++#endif ++ ++#ifndef bit_AVX512VL ++# define bit_AVX512VL 0x80000000 ++#endif ++ + #ifndef bit_OSXSAVE + # define bit_OSXSAVE 0x8000000 + #endif +@@ -89,10 +109,6 @@ unsigned int _gnutls_x86_cpuid_s[4]; + # define bit_MOVBE 0x00400000 + #endif + +-#ifndef OSXSAVE_MASK +-# define OSXSAVE_MASK (bit_OSXSAVE|bit_MOVBE) +-#endif +- + #define bit_PADLOCK (0x3 << 6) + #define bit_PADLOCK_PHE (0x3 << 10) + #define bit_PADLOCK_PHE_SHA512 (0x3 << 25) +@@ -148,7 +164,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx) + { + uint32_t xcr0; + +- if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK) ++ if ((ecx & bit_OSXSAVE) != bit_OSXSAVE) + return 0; + + #if defined(_MSC_VER) && !defined(__clang__) +@@ -190,8 +206,9 @@ static void capabilities_to_intel_cpuid(unsigned capabilities) + } + + if (capabilities & INTEL_AVX) { +- if ((a[1] & bit_AVX) && check_4th_gen_intel_features(a[1])) { +- _gnutls_x86_cpuid_s[1] |= bit_AVX|OSXSAVE_MASK; ++ if ((a[1] & bit_AVX) && (a[1] & bit_MOVBE) && ++ check_4th_gen_intel_features(a[1])) { ++ _gnutls_x86_cpuid_s[1] |= bit_AVX|bit_MOVBE; + } else { + _gnutls_debug_log + ("AVX acceleration requested but not available\n"); +@@ -236,10 +253,7 @@ static unsigned check_sha(void) + #ifdef ASM_X86_64 + static unsigned check_avx_movbe(void) + { +- if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0) +- return 0; +- +- return ((_gnutls_x86_cpuid_s[1] & bit_AVX)); ++ return (_gnutls_x86_cpuid_s[1] & (bit_AVX|bit_MOVBE)) == (bit_AVX|bit_MOVBE); + } + + static unsigned check_pclmul(void) +@@ -884,6 +898,19 @@ void register_x86_intel_crypto(unsigned capabilities) + if (capabilities == 0) { + if (!read_cpuid_vals(_gnutls_x86_cpuid_s)) + return; ++ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) { ++ _gnutls_x86_cpuid_s[1] &= ~bit_AVX; ++ ++ /* Clear AVX2 bits as well, according to what ++ * OpenSSL does. Should we clear ++ * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, ++ * and bit_AVX512CD? */ ++ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2| ++ bit_AVX512F| ++ bit_AVX512IFMA| ++ bit_AVX512BW| ++ bit_AVX512BW); ++ } + } else { + capabilities_to_intel_cpuid(capabilities); + } +-- +2.37.2 + diff --git a/SOURCES/gnutls-3.7.6-drbg-reseed.patch b/SOURCES/gnutls-3.7.6-drbg-reseed.patch new file mode 100644 index 0000000..8fd5f58 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-drbg-reseed.patch @@ -0,0 +1,41 @@ +From 3035e884b3abc68bcebff5adec5bd8819bbc6d7b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 5 Aug 2022 16:16:42 +0900 +Subject: [PATCH] gnutls-3.7.6-drbg-reseed.patch + +Signed-off-by: rpm-build +--- + lib/nettle/sysrng-linux.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/lib/nettle/sysrng-linux.c b/lib/nettle/sysrng-linux.c +index 6b3971c..dae9061 100644 +--- a/lib/nettle/sysrng-linux.c ++++ b/lib/nettle/sysrng-linux.c +@@ -31,6 +31,9 @@ + # include + # include + # include ++# include "fips.h" ++#else ++# define _gnutls_fips_mode_enabled() 0 + #endif + + #include +@@ -103,7 +106,12 @@ static int force_getrandom(void *buf, size_t buflen, unsigned int flags) + static int _rnd_get_system_entropy_getrandom(void* _rnd, size_t size) + { + int ret; +- ret = force_getrandom(_rnd, size, 0); ++ unsigned int flags = 0; ++ ++ if (_gnutls_fips_mode_enabled()) { ++ flags |= 2/*GRND_RANDOM*/; ++ } ++ ret = force_getrandom(_rnd, size, flags); + if (ret == -1) { + int e = errno; + gnutls_assert(); +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.7.6-fips-ecdsa-hash-check.patch b/SOURCES/gnutls-3.7.6-fips-ecdsa-hash-check.patch new file mode 100644 index 0000000..9280bb3 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-fips-ecdsa-hash-check.patch @@ -0,0 +1,427 @@ +From 171b934a8c054e98b110892cae4130e1db64e656 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 29 Sep 2022 21:28:19 +0900 +Subject: [PATCH] gnutls-3.7.6-fips-ecdsa-hash-check.patch + +--- + lib/crypto-backend.h | 12 ++-- + lib/nettle/pk.c | 33 +++++----- + lib/privkey.c | 42 ++++++++---- + lib/pubkey.c | 5 +- + tests/fips-test.c | 150 ++++++++++++++++++++++++++++++++++++++++++- + 5 files changed, 205 insertions(+), 37 deletions(-) + +diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h +index f0f68c3..4dd1ae2 100644 +--- a/lib/crypto-backend.h ++++ b/lib/crypto-backend.h +@@ -247,11 +247,13 @@ typedef enum { + GNUTLS_PK_FLAG_RSA_PSS_FIXED_SALT_LENGTH = 4 + } gnutls_pk_flag_t; + +-#define FIX_SIGN_PARAMS(params, flags, dig) do { \ +- if ((flags) & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) { \ +- (params).flags |= GNUTLS_PK_FLAG_REPRODUCIBLE; \ +- (params).dsa_dig = (dig); \ +- } \ ++#define FIX_SIGN_PARAMS(params, flags, dig) do { \ ++ if ((flags) & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) { \ ++ (params).flags |= GNUTLS_PK_FLAG_REPRODUCIBLE; \ ++ } \ ++ if ((params).pk == GNUTLS_PK_DSA || (params).pk == GNUTLS_PK_ECDSA) { \ ++ (params).dsa_dig = (dig); \ ++ } \ + } while (0) + + void gnutls_pk_params_release(gnutls_pk_params_st * p); +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index f38016b..c098e2a 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -1104,8 +1104,16 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, + me = _gnutls_dsa_q_to_hash(pk_params, + &hash_len); + ++ if (hash_len > vdata->size) { ++ gnutls_assert(); ++ _gnutls_debug_log ++ ("Security level of algorithm requires hash %s(%d) or better\n", ++ _gnutls_mac_get_name(me), hash_len); ++ hash_len = vdata->size; ++ } ++ + /* Only SHA-2 is allowed in FIPS 140-3 */ +- switch (me->id) { ++ switch (DIG_TO_MAC(sign_params->dsa_dig)) { + case GNUTLS_MAC_SHA256: + case GNUTLS_MAC_SHA384: + case GNUTLS_MAC_SHA512: +@@ -1115,14 +1123,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, + not_approved = true; + } + +- if (hash_len > vdata->size) { +- gnutls_assert(); +- _gnutls_debug_log +- ("Security level of algorithm requires hash %s(%d) or better\n", +- _gnutls_mac_get_name(me), hash_len); +- hash_len = vdata->size; +- } +- + mpz_init(k); + if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST || + (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) { +@@ -1545,7 +1545,6 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + struct dsa_signature sig; + int curve_id = pk_params->curve; + const struct ecc_curve *curve; +- const mac_entry_st *me; + + curve = get_supported_nist_curve(curve_id); + if (curve == NULL) { +@@ -1571,11 +1570,14 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + memcpy(sig.r, tmp[0], SIZEOF_MPZT); + memcpy(sig.s, tmp[1], SIZEOF_MPZT); + +- me = _gnutls_dsa_q_to_hash(pk_params, &hash_len); ++ (void)_gnutls_dsa_q_to_hash(pk_params, &hash_len); ++ ++ if (hash_len > vdata->size) ++ hash_len = vdata->size; + + /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy + * mode */ +- switch (me->id) { ++ switch (DIG_TO_MAC(sign_params->dsa_dig)) { + case GNUTLS_MAC_SHA1: + case GNUTLS_MAC_SHA256: + case GNUTLS_MAC_SHA384: +@@ -1586,9 +1588,6 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + not_approved = true; + } + +- if (hash_len > vdata->size) +- hash_len = vdata->size; +- + ret = + ecdsa_verify(&pub, hash_len, vdata->data, + &sig); +@@ -2390,8 +2389,10 @@ static int pct_test(gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* param + + if (algo == GNUTLS_PK_DSA || algo == GNUTLS_PK_EC) { + unsigned hash_len; ++ const mac_entry_st *me; + +- _gnutls_dsa_q_to_hash(params, &hash_len); ++ me = _gnutls_dsa_q_to_hash(params, &hash_len); ++ spki.dsa_dig = MAC_TO_DIG(me->id); + gen_data = gnutls_malloc(hash_len); + gnutls_rnd(GNUTLS_RND_NONCE, gen_data, hash_len); + +diff --git a/lib/privkey.c b/lib/privkey.c +index 0b77443..2069fc0 100644 +--- a/lib/privkey.c ++++ b/lib/privkey.c +@@ -1251,27 +1251,36 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer, + se = _gnutls_sign_to_entry(GNUTLS_SIGN_RSA_RAW); + } else { + se = _gnutls_sign_to_entry(algo); +- if (unlikely(se == NULL)) +- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +- ++ if (unlikely(se == NULL)) { ++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ goto cleanup; ++ } + } + + ret = _gnutls_privkey_get_spki_params(signer, ¶ms); + if (ret < 0) { + gnutls_assert(); +- return ret; ++ goto cleanup; + } + + ret = _gnutls_privkey_update_spki_params(signer, se->pk, se->hash, + flags, ¶ms); + if (ret < 0) { + gnutls_assert(); +- return ret; ++ goto cleanup; + } + + FIX_SIGN_PARAMS(params, flags, se->hash); + +- return privkey_sign_prehashed(signer, se, hash_data, signature, ¶ms); ++ ret = privkey_sign_prehashed(signer, se, hash_data, signature, ¶ms); ++ ++ cleanup: ++ if (ret < 0) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); ++ } else { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); ++ } ++ return ret; + } + + int +@@ -1366,14 +1375,14 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, + ret = _gnutls_privkey_get_spki_params(signer, ¶ms); + if (ret < 0) { + gnutls_assert(); +- return ret; ++ goto cleanup; + } + + ret = _gnutls_privkey_update_spki_params(signer, signer->pk_algorithm, + hash_algo, flags, ¶ms); + if (ret < 0) { + gnutls_assert(); +- return ret; ++ goto cleanup; + } + + /* legacy callers of this API could use a hash algorithm of 0 (unknown) +@@ -1391,13 +1400,22 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, + se = _gnutls_pk_to_sign_entry(params.pk, hash_algo); + } + +- if (unlikely(se == NULL)) +- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ if (unlikely(se == NULL)) { ++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ goto cleanup; ++ } + + FIX_SIGN_PARAMS(params, flags, hash_algo); + +- return privkey_sign_prehashed(signer, se, +- hash_data, signature, ¶ms); ++ ret = privkey_sign_prehashed(signer, se, ++ hash_data, signature, ¶ms); ++ cleanup: ++ if (ret < 0) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); ++ } else { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); ++ } ++ return ret; + } + + static int +diff --git a/lib/pubkey.c b/lib/pubkey.c +index eba1f5b..35126f3 100644 +--- a/lib/pubkey.c ++++ b/lib/pubkey.c +@@ -1985,7 +1985,7 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, + * parameters (if any) with the signature algorithm */ + static + int fixup_spki_params(const gnutls_pk_params_st *key_params, const gnutls_sign_entry_st *se, +- const mac_entry_st *me, gnutls_x509_spki_st *params) ++ const mac_entry_st *me, gnutls_x509_spki_st *params) + { + unsigned bits; + +@@ -2018,6 +2018,9 @@ int fixup_spki_params(const gnutls_pk_params_st *key_params, const gnutls_sign_e + + if (params->rsa_pss_dig != se->hash) + return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); ++ } else if (params->pk == GNUTLS_PK_DSA || ++ params->pk == GNUTLS_PK_ECDSA) { ++ params->dsa_dig = se->hash; + } + + return 0; +diff --git a/tests/fips-test.c b/tests/fips-test.c +index 788f4ab..ec0f4b4 100644 +--- a/tests/fips-test.c ++++ b/tests/fips-test.c +@@ -80,8 +80,22 @@ static const gnutls_datum_t rsa2342_sha1_sig = { + .size = sizeof(rsa2342_sha1_sig_data), + }; + ++static const uint8_t ecc256_sha1_sig_data[] = { ++ 0x30, 0x45, 0x02, 0x21, 0x00, 0x9a, 0x28, 0xc9, 0xbf, 0xc8, 0x70, 0x4f, ++ 0x27, 0x2d, 0xe1, 0x66, 0xc4, 0xa5, 0xc6, 0xf2, 0xdc, 0x33, 0xb9, 0x41, ++ 0xdf, 0x78, 0x98, 0x8a, 0x22, 0x4d, 0x29, 0x37, 0xa0, 0x0f, 0x6f, 0xd4, ++ 0xed, 0x02, 0x20, 0x0b, 0x15, 0xca, 0x30, 0x09, 0x2d, 0x55, 0x44, 0xb4, ++ 0x1d, 0x3f, 0x48, 0x7a, 0xc3, 0xd1, 0x2a, 0xc1, 0x0e, 0x47, 0xfa, 0xe6, ++ 0xe9, 0x0f, 0x03, 0xe2, 0x01, 0x4e, 0xe4, 0x73, 0x37, 0xa7, 0x90, ++}; ++ ++static const gnutls_datum_t ecc256_sha1_sig = { ++ .data = (unsigned char *)ecc256_sha1_sig_data, ++ .size = sizeof(ecc256_sha1_sig_data), ++}; ++ + static void +-rsa_import_keypair(gnutls_privkey_t *privkey, gnutls_pubkey_t *pubkey, ++import_keypair(gnutls_privkey_t *privkey, gnutls_pubkey_t *pubkey, + const char *filename) + { + const char *srcdir; +@@ -274,6 +288,8 @@ void doit(void) + gnutls_datum_t signature; + unsigned int bits; + uint8_t hmac[64]; ++ uint8_t hash[64]; ++ gnutls_datum_t hashed_data; + uint8_t pbkdf2[64]; + gnutls_datum_t temp_key = { NULL, 0 }; + +@@ -473,7 +489,7 @@ void doit(void) + + /* Import 2432-bit RSA key; not a security function */ + FIPS_PUSH_CONTEXT(); +- rsa_import_keypair(&privkey, &pubkey, "rsa-2432.pem"); ++ import_keypair(&privkey, &pubkey, "rsa-2432.pem"); + FIPS_POP_CONTEXT(INITIAL); + + /* Create a signature with 2432-bit RSA and SHA256; approved */ +@@ -519,7 +535,7 @@ void doit(void) + + /* Import 512-bit RSA key; not a security function */ + FIPS_PUSH_CONTEXT(); +- rsa_import_keypair(&privkey, &pubkey, "rsa-512.pem"); ++ import_keypair(&privkey, &pubkey, "rsa-512.pem"); + FIPS_POP_CONTEXT(INITIAL); + + /* Create a signature with 512-bit RSA and SHA256; not approved */ +@@ -543,6 +559,134 @@ void doit(void) + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + ++ /* Import ECDSA key; not a security function */ ++ FIPS_PUSH_CONTEXT(); ++ import_keypair(&privkey, &pubkey, "ecc256.pem"); ++ FIPS_POP_CONTEXT(INITIAL); ++ ++ /* Create a signature with ECDSA and SHA256; approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data2(privkey, GNUTLS_SIGN_ECDSA_SHA256, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_data2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ /* Verify a signature with ECDSA and SHA256; approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA256, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a signature with ECDSA and SHA256 (old API); approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_data failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ /* Create a SHA256 hashed data for 2-pass signature API; not a ++ * crypto operation */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, data.data, data.size, hash); ++ if (ret < 0) { ++ fail("gnutls_hash_fast failed\n"); ++ } ++ hashed_data.data = hash; ++ hashed_data.size = 32; ++ FIPS_POP_CONTEXT(INITIAL); ++ ++ /* Create a signature with ECDSA and SHA256 (2-pass API); not-approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_hash2(privkey, GNUTLS_SIGN_ECDSA_SHA256, 0, ++ &hashed_data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_hash2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a signature with ECDSA and SHA256 (2-pass old API); not-approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA256, 0, ++ &hashed_data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_hash failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a signature with ECDSA and SHA-1; not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data2(privkey, GNUTLS_SIGN_ECDSA_SHA1, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_data2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ ++ /* Verify a signature created with ECDSA and SHA-1; approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA1, ++ GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, &data, ++ &ecc256_sha1_sig); ++ if (ret < 0) { ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a signature with ECDSA and SHA-1 (old API); not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_data failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a SHA1 hashed data for 2-pass signature API; not a ++ * crypto operation */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_hash_fast(GNUTLS_DIG_SHA1, data.data, data.size, hash); ++ if (ret < 0) { ++ fail("gnutls_hash_fast failed\n"); ++ } ++ hashed_data.data = hash; ++ hashed_data.size = 20; ++ FIPS_POP_CONTEXT(INITIAL); ++ ++ /* Create a signature with ECDSA and SHA1 (2-pass API); not-approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_hash2(privkey, GNUTLS_SIGN_ECDSA_SHA1, 0, ++ &hashed_data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_hash2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a signature with ECDSA and SHA1 (2-pass old API); not-approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0, ++ &hashed_data, &signature); ++ if (ret < 0) { ++ fail("gnutls_privkey_sign_hash failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ gnutls_free(signature.data); ++ ++ gnutls_pubkey_deinit(pubkey); ++ gnutls_privkey_deinit(privkey); ++ + /* Test RND functions */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_rnd(GNUTLS_RND_RANDOM, key16, sizeof(key16)); +-- +2.37.3 + diff --git a/SOURCES/gnutls-3.7.6-fips-pkcs12-des-cbc.patch b/SOURCES/gnutls-3.7.6-fips-pkcs12-des-cbc.patch new file mode 100644 index 0000000..0061ea6 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-fips-pkcs12-des-cbc.patch @@ -0,0 +1,58 @@ +From de09280b2a8314eb98ec9a2b84eebe3eec2f49bd Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Thu, 4 Aug 2022 16:37:51 +0900 +Subject: [PATCH] _gnutls_decrypt_pbes1_des_md5_data: use public crypto API + +This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In +the decryption code path with PBES1, algorithm checks for FIPS was not +applied, because it used internal functions that bypass those checks. + +Signed-off-by: Daiki Ueno +--- + lib/x509/privkey_pkcs8_pbes1.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/lib/x509/privkey_pkcs8_pbes1.c b/lib/x509/privkey_pkcs8_pbes1.c +index c296807974..983530e46a 100644 +--- a/lib/x509/privkey_pkcs8_pbes1.c ++++ b/lib/x509/privkey_pkcs8_pbes1.c +@@ -140,7 +140,7 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, + { + int result; + gnutls_datum_t dkey, d_iv; +- cipher_hd_st ch; ++ gnutls_cipher_hd_t ch; + uint8_t key[16]; + const unsigned block_size = 8; + +@@ -158,16 +158,14 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, + dkey.size = 8; + d_iv.data = &key[8]; + d_iv.size = 8; +- result = +- _gnutls_cipher_init(&ch, cipher_to_entry(GNUTLS_CIPHER_DES_CBC), +- &dkey, &d_iv, 0); ++ result = gnutls_cipher_init(&ch, GNUTLS_CIPHER_DES_CBC, &dkey, &d_iv); + if (result < 0) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(result); + } + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); + +- result = _gnutls_cipher_decrypt(&ch, encrypted_data->data, encrypted_data->size); ++ result = gnutls_cipher_decrypt(ch, encrypted_data->data, encrypted_data->size); + if (result < 0) { + gnutls_assert(); + goto error; +@@ -184,7 +182,7 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, + + result = 0; + error: +- _gnutls_cipher_deinit(&ch); ++ gnutls_cipher_deinit(ch); + + return result; + } +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.7.6-fips-rsa-key-sizes.patch b/SOURCES/gnutls-3.7.6-fips-rsa-key-sizes.patch new file mode 100644 index 0000000..1857591 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-fips-rsa-key-sizes.patch @@ -0,0 +1,476 @@ +From 237695d30c9f716333cfa077554a6e1ae0d2c589 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Sat, 20 Aug 2022 09:52:08 +0900 +Subject: [PATCH] gnutls-3.7.6-fips-rsa-key-sizes.patch + +--- + lib/nettle/pk.c | 54 ++++--- + tests/Makefile.am | 3 +- + tests/fips-rsa-sizes.c | 328 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 361 insertions(+), 24 deletions(-) + create mode 100644 tests/fips-rsa-sizes.c + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index eba246f..f38016b 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -1247,20 +1247,20 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, + + _rsa_params_to_privkey(pk_params, &priv); + +- /* RSA key size should be 2048-bit or larger in FIPS +- * 140-3. In addition to this, only SHA-2 is allowed +- * for SigGen; it is checked in pk_prepare_hash lib/pk.c +- */ +- if (unlikely(priv.size < 256)) { +- not_approved = true; +- } +- + ret = _rsa_params_to_pubkey(pk_params, &pub); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + ++ /* RSA modulus size should be 2048-bit or larger in FIPS ++ * 140-3. In addition to this, only SHA-2 is allowed ++ * for SigGen; it is checked in pk_prepare_hash lib/pk.c ++ */ ++ if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) { ++ not_approved = true; ++ } ++ + mpz_init(s); + + if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) +@@ -1298,22 +1298,22 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, + + _rsa_params_to_privkey(pk_params, &priv); + +- /* RSA key size should be 2048-bit or larger in FIPS ++ ret = _rsa_params_to_pubkey(pk_params, &pub); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto cleanup; ++ } ++ ++ /* RSA modulus size should be 2048-bit or larger in FIPS + * 140-3. In addition to this, only SHA-2 is allowed + * for SigGen; however, Nettle only support SHA256, + * SHA384, and SHA512 for RSA-PSS (see + * _rsa_pss_sign_digest_tr in this file for details). + */ +- if (unlikely(priv.size < 256)) { ++ if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) { + not_approved = true; + } + +- ret = _rsa_params_to_pubkey(pk_params, &pub); +- if (ret < 0) { +- gnutls_assert(); +- goto cleanup; +- } +- + mpz_init(s); + + ret = +@@ -1643,6 +1643,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + case GNUTLS_PK_RSA: + { + struct rsa_public_key pub; ++ size_t bits; + + ret = _rsa_params_to_pubkey(pk_params, &pub); + if (ret < 0) { +@@ -1650,12 +1651,19 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + goto cleanup; + } + +- /* RSA key size should be 2048-bit or larger in FIPS +- * 140-3. In addition to this, only SHA-1 and SHA-2 are +- * allowed for SigVer; it is checked in +- * _pkcs1_rsa_verify_sig in lib/pubkey.c ++ bits = mpz_sizeinbase(pub.n, 2); ++ ++ /* In FIPS 140-3, RSA key size should be larger than ++ * 2048-bit or one of the known lengths (1024, 1280, ++ * 1536, 1792; i.e., multiple of 256-bits). ++ * ++ * In addition to this, only SHA-1 and SHA-2 are allowed ++ * for SigVer; it is checked in _pkcs1_rsa_verify_sig in ++ * lib/pubkey.c. + */ +- if (unlikely(pub.size < 256)) { ++ if (unlikely(bits < 2048 && ++ bits != 1024 && bits != 1280 && ++ bits != 1536 && bits != 1792)) { + not_approved = true; + } + +@@ -1701,13 +1709,13 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, + goto cleanup; + } + +- /* RSA key size should be 2048-bit or larger in FIPS ++ /* RSA modulus size should be 2048-bit or larger in FIPS + * 140-3. In addition to this, only SHA-1 and SHA-2 are + * allowed for SigVer, while Nettle only supports + * SHA256, SHA384, and SHA512 for RSA-PSS (see + * _rsa_pss_verify_digest in this file for the details). + */ +- if (unlikely(pub.size < 256)) { ++ if (unlikely(mpz_sizeinbase(pub.n, 2) < 2048)) { + not_approved = true; + } + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 7a7a4af..dd21e45 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -233,7 +233,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + tls13-without-timeout-func buffer status-request-revoked \ + set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ + x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \ +- x509-upnconstraint pkcs7-verify-double-free ++ x509-upnconstraint pkcs7-verify-double-free \ ++ fips-rsa-sizes + + ctests += tls-channel-binding + +diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c +new file mode 100644 +index 0000000..84b9aff +--- /dev/null ++++ b/tests/fips-rsa-sizes.c +@@ -0,0 +1,328 @@ ++/* ++ * Copyright (C) 2022 Red Hat, Inc. ++ * ++ * Author: Alexander Sosedkin ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define FIPS_PUSH_CONTEXT() do { \ ++ ret = gnutls_fips140_push_context(fips_context); \ ++ if (ret < 0) { \ ++ fail("gnutls_fips140_push_context failed\n"); \ ++ } \ ++} while (0) ++ ++#define FIPS_POP_CONTEXT(state) do { \ ++ ret = gnutls_fips140_pop_context(); \ ++ if (ret < 0) { \ ++ fail("gnutls_fips140_context_pop failed\n"); \ ++ } \ ++ fips_state = gnutls_fips140_get_operation_state(fips_context); \ ++ if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ ++ fail("operation state is not " # state " (%d)\n", \ ++ fips_state); \ ++ } \ ++} while (0) ++ ++ ++void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, ++ unsigned int size); ++void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, ++ unsigned int size); ++void sign_verify_successfully(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey); ++void sign_verify_unsuccessfully(gnutls_privkey_t privkey, ++ gnutls_pubkey_t pubkey); ++void nosign_verify(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey); ++ ++ ++void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, ++ unsigned int size) ++{ ++ int ret; ++ gnutls_x509_privkey_t xprivkey; ++ gnutls_fips140_context_t fips_context; ++ gnutls_fips140_operation_state_t fips_state; ++ assert(gnutls_fips140_context_init(&fips_context) == 0); ++ ++ fprintf(stderr, "%d-bit\n", size); ++ ++ /* x509 generation as well just because why not */ ++ FIPS_PUSH_CONTEXT(); ++ assert(gnutls_x509_privkey_init(&xprivkey) == 0); ++ ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, size, 0); ++ if (ret != GNUTLS_E_SUCCESS) ++ fail("%d-bit x509_privkey_init (%d)\n", size, ret); ++ FIPS_POP_CONTEXT(APPROVED); ++ gnutls_x509_privkey_deinit(xprivkey); ++ ++ FIPS_PUSH_CONTEXT(); ++ assert(gnutls_privkey_init(privkey) == 0); ++ ret = gnutls_privkey_generate(*privkey, GNUTLS_PK_RSA, size, 0); ++ if (ret != GNUTLS_E_SUCCESS) ++ fail("%d-bit privkey_init (%d)\n", size, ret); ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ assert(gnutls_pubkey_init(pubkey) == 0); ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_import_privkey(*pubkey, *privkey, ++ GNUTLS_KEY_DIGITAL_SIGNATURE, 0); ++ if (ret != GNUTLS_E_SUCCESS) ++ fail("%d-bit pubkey_import_privkey (%d)\n", size, ret); ++ FIPS_POP_CONTEXT(INITIAL); ++ ++ gnutls_fips140_context_deinit(fips_context); ++} ++ ++ ++void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, ++ unsigned int size) ++{ ++ int ret; ++ gnutls_x509_privkey_t xprivkey; ++ gnutls_fips140_context_t fips_context; ++ gnutls_fips140_operation_state_t fips_state; ++ assert(gnutls_fips140_context_init(&fips_context) == 0); ++ ++ fprintf(stderr, "%d-bit\n", size); ++ ++ /* short x509 generation: ERROR, blocked */ ++ FIPS_PUSH_CONTEXT(); ++ assert(gnutls_x509_privkey_init(&xprivkey) == 0); ++ ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, size, 0); ++ if (ret != GNUTLS_E_PK_GENERATION_ERROR) ++ fail("%d-bit x509_privkey_init (%d)\n", size, ret); ++ FIPS_POP_CONTEXT(ERROR); ++ gnutls_x509_privkey_deinit(xprivkey); ++ ++ /* short key generation: ERROR, blocked */ ++ FIPS_PUSH_CONTEXT(); ++ assert(gnutls_privkey_init(privkey) == 0); ++ ret = gnutls_privkey_generate(*privkey, GNUTLS_PK_RSA, size, 0); ++ if (ret != GNUTLS_E_PK_GENERATION_ERROR) ++ fail("%d-bit privkey_init (%d)\n", size, ret); ++ FIPS_POP_CONTEXT(ERROR); ++ gnutls_privkey_deinit(*privkey); ++ ++ /* Disable FIPS to generate them anyway */ ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); ++ assert(gnutls_fips140_mode_enabled() == GNUTLS_FIPS140_LAX); ++ ++ assert(gnutls_x509_privkey_init(&xprivkey) == 0); ++ ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, size, 0); ++ if (ret != GNUTLS_E_SUCCESS) ++ fail("%d-bit x509_privkey_init (%d)\n", size, ret); ++ gnutls_x509_privkey_deinit(xprivkey); ++ ++ assert(gnutls_privkey_init(privkey) == 0); ++ ret = gnutls_privkey_generate(*privkey, GNUTLS_PK_RSA, size, 0); ++ if (ret != GNUTLS_E_SUCCESS) ++ fail("%d-bit privkey_init (%d)\n", size, ret); ++ ++ assert(gnutls_pubkey_init(pubkey) == 0); ++ ret = gnutls_pubkey_import_privkey(*pubkey, *privkey, ++ GNUTLS_KEY_DIGITAL_SIGNATURE, 0); ++ if (ret != GNUTLS_E_SUCCESS) ++ fail("%d-bit pubkey_import_privkey (%d)\n", size, ret); ++ ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_STRICT, 0); ++ assert(gnutls_fips140_mode_enabled()); ++ ++ gnutls_fips140_context_deinit(fips_context); ++} ++ ++ ++void sign_verify_successfully(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) { ++ int ret; ++ gnutls_fips140_context_t fips_context; ++ gnutls_fips140_operation_state_t fips_state; ++ ++ gnutls_datum_t signature; ++ gnutls_datum_t plaintext = { ++ .data = (unsigned char* const) "Hello world!", ++ .size = 12 ++ }; ++ assert(gnutls_fips140_context_init(&fips_context) == 0); ++ ++ /* RSA sign: approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_privkey_sign_data failed\n"); ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ /* RSA verify: approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ gnutls_free(signature.data); ++ gnutls_fips140_context_deinit(fips_context); ++} ++ ++ ++void sign_verify_unsuccessfully(gnutls_privkey_t privkey, ++ gnutls_pubkey_t pubkey) { ++ int ret; ++ gnutls_fips140_context_t fips_context; ++ gnutls_fips140_operation_state_t fips_state; ++ ++ gnutls_datum_t signature; ++ gnutls_datum_t plaintext = { ++ .data = (unsigned char* const) "Hello world!", ++ .size = 12 ++ }; ++ assert(gnutls_fips140_context_init(&fips_context) == 0); ++ ++ /* small key RSA sign: not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_privkey_sign_data failed\n"); ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ ++ /* small key RSA verify: not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ ++ gnutls_free(signature.data); ++ gnutls_pubkey_deinit(pubkey); ++ gnutls_privkey_deinit(privkey); ++ gnutls_fips140_context_deinit(fips_context); ++} ++ ++ ++void nosign_verify(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) { ++ int ret; ++ gnutls_fips140_context_t fips_context; ++ gnutls_fips140_operation_state_t fips_state; ++ ++ gnutls_datum_t signature; ++ gnutls_datum_t plaintext = { ++ .data = (unsigned char* const) "Hello world!", ++ .size = 12 ++ }; ++ assert(gnutls_fips140_context_init(&fips_context) == 0); ++ ++ /* 1024, 1280, 1536, 1792 key RSA sign: not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_privkey_sign_data failed\n"); ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ ++ /* Disable FIPS to sign them anyway */ ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); ++ assert(gnutls_fips140_mode_enabled() == GNUTLS_FIPS140_LAX); ++ ++ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_privkey_sign_data failed\n"); ++ ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_STRICT, 0); ++ assert(gnutls_fips140_mode_enabled()); ++ ++ /* 1024, 1280, 1536, 1792 key RSA verify: approved (exception) */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, ++ &plaintext, &signature); ++ if (ret < 0) ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ gnutls_free(signature.data); ++ gnutls_pubkey_deinit(pubkey); ++ gnutls_privkey_deinit(privkey); ++ gnutls_fips140_context_deinit(fips_context); ++} ++ ++ ++void doit(void) ++{ ++ gnutls_fips140_context_t fips_context; ++ gnutls_privkey_t privkey; ++ gnutls_pubkey_t pubkey; ++ ++ if (gnutls_fips140_mode_enabled() == 0) { ++ success("We are not in FIPS140 mode\n"); ++ exit(77); /* SKIP */ ++ } ++ ++ assert(gnutls_fips140_context_init(&fips_context) == 0); ++ ++ /* 512-bit RSA: no generate, no sign, no verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 512); ++ sign_verify_unsuccessfully(privkey, pubkey); ++ /* 512-bit RSA again (to be safer about going in and out of FIPS) */ ++ generate_unsuccessfully(&privkey, &pubkey, 512); ++ sign_verify_unsuccessfully(privkey, pubkey); ++ /* 600-bit RSA: no generate, no sign, no verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 600); ++ sign_verify_unsuccessfully(privkey, pubkey); ++ ++ /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 768); ++ sign_verify_unsuccessfully(privkey, pubkey); ++ /* 1024-bit RSA exception: nogenerate, nosign, verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 1024); ++ nosign_verify(privkey, pubkey); ++ /* 1280-bit RSA exception: nogenerate, nosign, verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 1280); ++ nosign_verify(privkey, pubkey); ++ /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */ ++ generate_unsuccessfully(&privkey, &pubkey, 1500); ++ sign_verify_unsuccessfully(privkey, pubkey); ++ /* 1536-bit RSA exception: nogenerate, nosign, verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 1536); ++ nosign_verify(privkey, pubkey); ++ /* 1792-bit RSA exception: nogenerate, nosign, verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 1792); ++ nosign_verify(privkey, pubkey); ++ /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */ ++ generate_unsuccessfully(&privkey, &pubkey, 2000); ++ sign_verify_unsuccessfully(privkey, pubkey); ++ ++ /* 2048-bit RSA: generate, sign, verify */ ++ generate_successfully(&privkey, &pubkey, 2048); ++ sign_verify_successfully(privkey, pubkey); ++ /* 2432-bit RSA: nogenerate, sign, verify */ ++ generate_unsuccessfully(&privkey, &pubkey, 2432); ++ sign_verify_successfully(privkey, pubkey); ++ /* 3072-bit RSA: generate, sign, verify */ ++ generate_successfully(&privkey, &pubkey, 3072); ++ sign_verify_successfully(privkey, pubkey); ++ ++ gnutls_fips140_context_deinit(fips_context); ++} +-- +2.37.2 + diff --git a/SOURCES/gnutls-3.7.6-fips-run-selftests.patch b/SOURCES/gnutls-3.7.6-fips-run-selftests.patch new file mode 100644 index 0000000..d04a35d --- /dev/null +++ b/SOURCES/gnutls-3.7.6-fips-run-selftests.patch @@ -0,0 +1,640 @@ +From 036fb360e5775f01ef25f5e712024a29930c462e Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 3 Jun 2022 15:43:00 +0900 +Subject: [PATCH] fips: provide function to manually run FIPS self-tests + +FIPS140-3 IG 10.3.E Periodic Self-Testing says: + + At security levels 1 and 2, acceptable means for initiating the + periodic self-tests include a provided service, resetting, rebooting + or power cycling. + +Neither resetting, rebooting, nor power-cycling is suitable because +those involve operations outside of the module. Therefore this patch +adds a new API to manually run the substance of FIPS140 self-tests. + +Suggeested by Richard Costa and Stephan Mueller in: +https://gitlab.com/gnutls/gnutls/-/issues/1364 + +Signed-off-by: Daiki Ueno +--- + NEWS | 5 ++ + devel/libgnutls.abignore | 2 + + devel/symbols.last | 2 + + doc/Makefile.am | 2 + + doc/manpages/Makefile.am | 1 + + lib/fips.c | 139 ++++++++++++++++---------------- + lib/global.c | 14 +++- + lib/includes/gnutls/gnutls.h.in | 2 + + lib/libgnutls.map | 8 ++ + tests/fips-test.c | 7 ++ + 10 files changed, 110 insertions(+), 72 deletions(-) + +diff --git a/NEWS b/NEWS +index 70dd8a12b5..389be8acaa 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,11 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. + Copyright (C) 2013-2019 Nikos Mavrogiannopoulos + See the end for copying conditions. + ++* Version 3.7.7 (unreleased) ++ ++** API and ABI modifications: ++gnutls_fips140_run_self_tests: New function ++ + * Version 3.7.6 (released 2022-05-27) + + ** libgnutls: Fixed invalid write when gnutls_realloc_zero() +diff --git a/doc/Makefile.am b/doc/Makefile.am +index d20a021d97..34ef43866c 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -1096,6 +1096,8 @@ FUNCS += functions/gnutls_fips140_pop_context + FUNCS += functions/gnutls_fips140_pop_context.short + FUNCS += functions/gnutls_fips140_push_context + FUNCS += functions/gnutls_fips140_push_context.short ++FUNCS += functions/gnutls_fips140_run_self_tests ++FUNCS += functions/gnutls_fips140_run_self_tests.short + FUNCS += functions/gnutls_fips140_set_mode + FUNCS += functions/gnutls_fips140_set_mode.short + FUNCS += functions/gnutls_get_library_config +diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am +index d8c5f2854d..90906b0574 100644 +--- a/doc/manpages/Makefile.am ++++ b/doc/manpages/Makefile.am +@@ -380,6 +380,7 @@ APIMANS += gnutls_fips140_get_operation_state.3 + APIMANS += gnutls_fips140_mode_enabled.3 + APIMANS += gnutls_fips140_pop_context.3 + APIMANS += gnutls_fips140_push_context.3 ++APIMANS += gnutls_fips140_run_self_tests.3 + APIMANS += gnutls_fips140_set_mode.3 + APIMANS += gnutls_get_library_config.3 + APIMANS += gnutls_get_system_config_file.3 +diff --git a/lib/fips.c b/lib/fips.c +index e9c27f6df6..656d43e74a 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -419,8 +419,6 @@ int _gnutls_fips_perform_self_checks1(void) + { + int ret; + +- _gnutls_switch_lib_state(LIB_STATE_SELFTEST); +- + /* Tests the FIPS algorithms used by nettle internally. + * In our case we test AES-CBC since nettle's AES is used by + * the DRBG-AES. +@@ -429,193 +427,153 @@ int _gnutls_fips_perform_self_checks1(void) + /* ciphers - one test per cipher */ + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_128_CBC); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + return 0; +- +-error: +- _gnutls_switch_lib_state(LIB_STATE_ERROR); +- _gnutls_audit_log(NULL, "FIPS140-2 self testing part1 failed\n"); +- +- return GNUTLS_E_SELF_TEST_ERROR; + } + + int _gnutls_fips_perform_self_checks2(void) + { + int ret; + +- _gnutls_switch_lib_state(LIB_STATE_SELFTEST); +- + /* Tests the FIPS algorithms */ + + /* ciphers - one test per cipher */ + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_3DES_CBC); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_XTS); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CFB8); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* Digest tests */ + ret = gnutls_digest_self_test(0, GNUTLS_DIG_SHA3_224); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_digest_self_test(0, GNUTLS_DIG_SHA3_256); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_digest_self_test(0, GNUTLS_DIG_SHA3_384); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_digest_self_test(0, GNUTLS_DIG_SHA3_512); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* MAC (includes message digest test) */ + ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA1); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA224); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA256); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA384); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA512); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_mac_self_test(0, GNUTLS_MAC_AES_CMAC_256); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* PK */ + ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_pk_self_test(0, GNUTLS_PK_EC); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + ret = gnutls_pk_self_test(0, GNUTLS_PK_DH); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* HKDF */ + ret = gnutls_hkdf_self_test(0, GNUTLS_MAC_SHA256); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* PBKDF2 */ + ret = gnutls_pbkdf2_self_test(0, GNUTLS_MAC_SHA256); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* TLS-PRF */ + ret = gnutls_tlsprf_self_test(0, GNUTLS_MAC_SHA256); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + if (_gnutls_rnd_ops.self_test == NULL) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + /* this does not require rng initialization */ + ret = _gnutls_rnd_ops.self_test(); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + + if (_skip_integrity_checks == 0) { + ret = check_binary_integrity(); + if (ret < 0) { +- gnutls_assert(); +- goto error; ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + } + + return 0; +- +-error: +- _gnutls_switch_lib_state(LIB_STATE_ERROR); +- _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n"); +- +- return GNUTLS_E_SELF_TEST_ERROR; + } + #endif + +@@ -894,3 +852,48 @@ _gnutls_switch_fips_state(gnutls_fips140_operation_state_t state) + (void)state; + #endif + } ++ ++/** ++ * gnutls_fips140_run_self_tests: ++ * ++ * Manually perform the second round of the FIPS140 self-tests, ++ * including: ++ * ++ * - Known answer tests (KAT) for the selected set of symmetric ++ * cipher, MAC, public key, KDF, and DRBG ++ * - Library integrity checks ++ * ++ * Upon failure with FIPS140 mode enabled, it makes the library ++ * unusable. This function is not thread-safe. ++ * ++ * Returns: 0 upon success, a negative error code otherwise ++ * ++ * Since: 3.7.7 ++ */ ++int ++gnutls_fips140_run_self_tests(void) ++{ ++#ifdef ENABLE_FIPS140 ++ int ret; ++ unsigned prev_lib_state; ++ ++ /* Temporarily switch to LIB_STATE_SELFTEST as some of the ++ * algorithms are implemented using special constructs in ++ * self-tests (such as deterministic variants) */ ++ prev_lib_state = _gnutls_get_lib_state(); ++ _gnutls_switch_lib_state(LIB_STATE_SELFTEST); ++ ++ ret = _gnutls_fips_perform_self_checks2(); ++ if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && ++ ret < 0) { ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n"); ++ } else { ++ /* Restore the previous library state */ ++ _gnutls_switch_lib_state(prev_lib_state); ++ } ++ return ret; ++#else ++ return 0; ++#endif ++} +diff --git a/lib/global.c b/lib/global.c +index faa7f0afb2..1b372c15bd 100644 +--- a/lib/global.c ++++ b/lib/global.c +@@ -336,9 +336,12 @@ static int _gnutls_global_init(unsigned constructor) + + /* first round of self checks, these are done on the + * nettle algorithms which are used internally */ ++ _gnutls_switch_lib_state(LIB_STATE_SELFTEST); + ret = _gnutls_fips_perform_self_checks1(); +- if (res != 2) { +- if (ret < 0) { ++ if (ret < 0) { ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ _gnutls_audit_log(NULL, "FIPS140-2 self testing part1 failed\n"); ++ if (res != 2) { + gnutls_assert(); + goto out; + } +@@ -355,9 +358,12 @@ static int _gnutls_global_init(unsigned constructor) + * (e.g., AESNI overridden AES). They are after _gnutls_register_accel_crypto() + * intentionally */ + if (res != 0) { ++ _gnutls_switch_lib_state(LIB_STATE_SELFTEST); + ret = _gnutls_fips_perform_self_checks2(); +- if (res != 2) { +- if (ret < 0) { ++ if (ret < 0) { ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n"); ++ if (res != 2) { + gnutls_assert(); + goto out; + } +diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in +index f7fc5d114a..5840f331e9 100644 +--- a/lib/includes/gnutls/gnutls.h.in ++++ b/lib/includes/gnutls/gnutls.h.in +@@ -3416,6 +3416,8 @@ gnutls_fips140_get_operation_state(gnutls_fips140_context_t context); + int gnutls_fips140_push_context(gnutls_fips140_context_t context); + int gnutls_fips140_pop_context(void); + ++int gnutls_fips140_run_self_tests(void); ++ + /* Gnutls error codes. The mapping to a TLS alert is also shown in + * comments. + */ +diff --git a/lib/libgnutls.map b/lib/libgnutls.map +index 0241946c8a..f42d5f9fae 100644 +--- a/lib/libgnutls.map ++++ b/lib/libgnutls.map +@@ -1399,6 +1399,14 @@ GNUTLS_3_7_5 + *; + } GNUTLS_3_7_4; + ++GNUTLS_3_7_7 ++{ ++ global: ++ gnutls_fips140_run_self_tests; ++ local: ++ *; ++} GNUTLS_3_7_5; ++ + GNUTLS_FIPS140_3_4 { + global: + gnutls_cipher_self_test; +diff --git a/tests/fips-test.c b/tests/fips-test.c +index a6a283fa67..31a5e26111 100644 +--- a/tests/fips-test.c ++++ b/tests/fips-test.c +@@ -525,6 +525,13 @@ void doit(void) + } + + gnutls_fips140_context_deinit(fips_context); ++ ++ /* run self-tests manually */ ++ ret = gnutls_fips140_run_self_tests(); ++ if (ret < 0) { ++ fail("gnutls_fips140_run_self_tests failed\n"); ++ } ++ + gnutls_global_deinit(); + return; + } +-- +2.36.1 + +From 354027c0c09db60d3083fa48ae791046d336957b Mon Sep 17 00:00:00 2001 +From: Alexander Sosedkin +Date: Tue, 28 Jun 2022 17:22:36 +0200 +Subject: [PATCH] tests/fips-test: minor extension + +Signed-off-by: Alexander Sosedkin +--- + tests/fips-test.c | 36 +++++++++++++++++++++++++++--------- + 1 file changed, 27 insertions(+), 9 deletions(-) + +diff --git a/tests/fips-test.c b/tests/fips-test.c +index 31a5e26111..f9bd34586a 100644 +--- a/tests/fips-test.c ++++ b/tests/fips-test.c +@@ -427,34 +427,43 @@ void doit(void) + rsa_import_keypair(&privkey, &pubkey, "rsa-2432.pem"); + FIPS_POP_CONTEXT(INITIAL); + +- /* Create a signature with SHA256; approved */ ++ /* Create a signature with 2432-bit RSA and SHA256; approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_privkey_sign_data failed\n"); + } +- gnutls_free(signature.data); + FIPS_POP_CONTEXT(APPROVED); + +- /* Create a signature with SHA-1; not approved */ ++ /* Verify a signature with 2432-bit RSA and SHA256; approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ gnutls_free(signature.data); ++ ++ /* Create a signature with 2432-bit RSA and SHA-1; not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_privkey_sign_data failed\n"); + } +- gnutls_free(signature.data); + FIPS_POP_CONTEXT(NOT_APPROVED); + +- /* Verify a signature created with SHA-1; approved */ ++ /* Verify a signature created with 2432-bit RSA and SHA-1; approved */ + FIPS_PUSH_CONTEXT(); +- ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, &data, +- &rsa2342_sha1_sig); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, ++ &data, &rsa2342_sha1_sig); + if (ret < 0) { + fail("gnutls_pubkey_verify_data2 failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); ++ gnutls_free(signature.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + +@@ -463,15 +472,24 @@ void doit(void) + rsa_import_keypair(&privkey, &pubkey, "rsa-512.pem"); + FIPS_POP_CONTEXT(INITIAL); + +- /* Create a signature; not approved */ ++ /* Create a signature with 512-bit RSA and SHA256; not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_privkey_sign_data failed\n"); + } +- gnutls_free(signature.data); + FIPS_POP_CONTEXT(NOT_APPROVED); ++ ++ /* Verify a signature with 512-bit RSA and SHA256; not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, ++ &data, &signature); ++ if (ret < 0) { ++ fail("gnutls_pubkey_verify_data2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ gnutls_free(signature.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + +-- +2.37.3 + +From 5a745120148861d873f47c1428c8c6dcadcf109b Mon Sep 17 00:00:00 2001 +From: Richard Costa +Date: Sat, 9 Jul 2022 00:50:21 +0000 +Subject: [PATCH] Add self-test code inside a FIPS context + +Self-test code exercise lots of different FIPS-related code with +side-effects. So, in order to prevent it from losing information when +executing inside another context, we create an appropriated one. + +If the self-test fails, then the library is placed in error state, so it +doesn't matter for other contexts. + +Signed-off-by: Richard Maciel Costa +--- + lib/fips.c | 19 +++++++++++++++++++ + tests/fips-test.c | 20 ++++++++++++-------- + 2 files changed, 31 insertions(+), 8 deletions(-) + +diff --git a/lib/fips.c b/lib/fips.c +index 31a52a990f..7d143e608e 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -902,6 +902,16 @@ gnutls_fips140_run_self_tests(void) + #ifdef ENABLE_FIPS140 + int ret; + unsigned prev_lib_state; ++ gnutls_fips140_context_t fips_context = NULL; ++ ++ /* Save the FIPS context, because self tests change it */ ++ if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED) { ++ if (gnutls_fips140_context_init(&fips_context) < 0 || ++ gnutls_fips140_push_context(fips_context) < 0) { ++ gnutls_fips140_context_deinit(fips_context); ++ fips_context = NULL; ++ } ++ } + + /* Temporarily switch to LIB_STATE_SELFTEST as some of the + * algorithms are implemented using special constructs in +@@ -918,6 +928,15 @@ gnutls_fips140_run_self_tests(void) + /* Restore the previous library state */ + _gnutls_switch_lib_state(prev_lib_state); + } ++ ++ /* Restore the previous FIPS context */ ++ if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && fips_context) { ++ if (gnutls_fips140_pop_context() < 0) { ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ _gnutls_audit_log(NULL, "FIPS140-2 context restoration failed\n"); ++ } ++ gnutls_fips140_context_deinit(fips_context); ++ } + return ret; + #else + return 0; +diff --git a/tests/fips-test.c b/tests/fips-test.c +index f9bd34586a..475b739197 100644 +--- a/tests/fips-test.c ++++ b/tests/fips-test.c +@@ -457,8 +457,9 @@ void doit(void) + + /* Verify a signature created with 2432-bit RSA and SHA-1; approved */ + FIPS_PUSH_CONTEXT(); +- ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, +- &data, &rsa2342_sha1_sig); ++ ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, ++ GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, &data, ++ &rsa2342_sha1_sig); + if (ret < 0) { + fail("gnutls_pubkey_verify_data2 failed\n"); + } +@@ -501,6 +502,15 @@ void doit(void) + } + FIPS_POP_CONTEXT(APPROVED); + ++ /* run self-tests manually */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, key16, sizeof(key16)); ++ ret = gnutls_fips140_run_self_tests(); ++ if (ret < 0) { ++ fail("gnutls_fips140_run_self_tests failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ + /* Test when FIPS140 is set to error state */ + _gnutls_lib_simulate_error(); + +@@ -544,12 +554,6 @@ void doit(void) + + gnutls_fips140_context_deinit(fips_context); + +- /* run self-tests manually */ +- ret = gnutls_fips140_run_self_tests(); +- if (ret < 0) { +- fail("gnutls_fips140_run_self_tests failed\n"); +- } +- + gnutls_global_deinit(); + return; + } +-- +2.37.3 + diff --git a/SOURCES/gnutls-3.7.6-fips-symkey-limit.patch b/SOURCES/gnutls-3.7.6-fips-symkey-limit.patch new file mode 100644 index 0000000..f9c7952 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-fips-symkey-limit.patch @@ -0,0 +1,310 @@ +From f8a8961cfa176fc74c153cb6e1e68aff5e2d42f2 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 27 Sep 2022 10:52:19 +0900 +Subject: [PATCH] gnutls-3.7.6-fips-symkey-limit.patch + +--- + lib/crypto-api.c | 26 ++++++++++++++++++++++--- + tests/fips-test.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++ + tests/kdf-api.c | 9 ++++++++- + 3 files changed, 80 insertions(+), 4 deletions(-) + +diff --git a/lib/crypto-api.c b/lib/crypto-api.c +index b3e1eec..35200fb 100644 +--- a/lib/crypto-api.c ++++ b/lib/crypto-api.c +@@ -896,6 +896,7 @@ gnutls_hash_hd_t gnutls_hash_copy(gnutls_hash_hd_t handle) + int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size) + { + int ret; ++ bool not_approved = false; + + FAIL_IF_LIB_ERROR; + +@@ -912,17 +913,31 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size) + key->data = gnutls_malloc(key->size); + if (!key->data) { + gnutls_assert(); +- return GNUTLS_E_MEMORY_ERROR; ++ ret = GNUTLS_E_MEMORY_ERROR; ++ goto error; ++ } ++ ++ /* Key lengths of less than 112 bits are not approved */ ++ if (key_size < 14) { ++ not_approved = true; + } + + ret = gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(key); +- return ret; ++ goto error; + } + +- return 0; ++ error: ++ if (ret < 0) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); ++ } else if (not_approved) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); ++ } else { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); ++ } ++ return ret; + } + + /* AEAD API */ +@@ -2058,6 +2073,11 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac, + not_approved = true; + } + ++ /* Key lengths and output sizes of less than 112 bits are not approved */ ++ if (key->size < 14 || length < 14) { ++ not_approved = true; ++ } ++ + ret = _gnutls_kdf_ops.pbkdf2(mac, key->data, key->size, + salt->data, salt->size, iter_count, + output, length); +diff --git a/tests/fips-test.c b/tests/fips-test.c +index 31a5e26..27da414 100644 +--- a/tests/fips-test.c ++++ b/tests/fips-test.c +@@ -274,6 +274,8 @@ void doit(void) + gnutls_datum_t signature; + unsigned int bits; + uint8_t hmac[64]; ++ uint8_t pbkdf2[64]; ++ gnutls_datum_t temp_key = { NULL, 0 }; + + fprintf(stderr, + "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n"); +@@ -371,11 +373,58 @@ void doit(void) + } + FIPS_POP_CONTEXT(NOT_APPROVED); + ++ /* PBKDF2 with key equal to or longer than 112 bits: approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pbkdf2(GNUTLS_MAC_SHA256, &key, &iv, 100, ++ &pbkdf2, sizeof(pbkdf2)); ++ if (ret < 0) { ++ fail("gnutls_pbkdf2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ /* PBKDF2 with key shorter than 112 bits: not approved */ ++ FIPS_PUSH_CONTEXT(); ++ key.size = 13; ++ ret = gnutls_pbkdf2(GNUTLS_MAC_SHA256, &key, &iv, 100, ++ &pbkdf2, sizeof(pbkdf2)); ++ if (ret < 0) { ++ fail("gnutls_pbkdf2 failed\n"); ++ } ++ key.size = sizeof(key16); ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ ++ /* PBKDF2 with output shorter than 112 bits: not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_pbkdf2(GNUTLS_MAC_SHA256, &key, &iv, 100, ++ &pbkdf2, 13); ++ if (ret < 0) { ++ fail("gnutls_pbkdf2 failed\n"); ++ } ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ + ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); + if (ret < 0) { + fail("gnutls_rnd failed\n"); + } + ++ /* Symmetric key generation equal to or longer than 112 bits: approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_key_generate(&temp_key, 14); ++ if (ret < 0) { ++ fail("gnutls_key_generate failed\n"); ++ } ++ gnutls_free(temp_key.data); ++ FIPS_POP_CONTEXT(APPROVED); ++ ++ /* Symmetric key generation shorter than 112 bits: not approved */ ++ FIPS_PUSH_CONTEXT(); ++ ret = gnutls_key_generate(&temp_key, 13); ++ if (ret < 0) { ++ fail("gnutls_key_generate failed\n"); ++ } ++ gnutls_free(temp_key.data); ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) { + fail("gnutls_pubkey_init failed\n"); +diff --git a/tests/kdf-api.c b/tests/kdf-api.c +index 25fbc6a..8a4677c 100644 +--- a/tests/kdf-api.c ++++ b/tests/kdf-api.c +@@ -89,6 +89,7 @@ test_hkdf(gnutls_mac_algorithm_t mac, + + FIPS_PUSH_CONTEXT(); + assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0); ++ /* HKDF outside of TLS usage is not approved */ + FIPS_POP_CONTEXT(NOT_APPROVED); + gnutls_free(ikm.data); + gnutls_free(salt.data); +@@ -110,6 +111,7 @@ test_hkdf(gnutls_mac_algorithm_t mac, + + FIPS_PUSH_CONTEXT(); + assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0); ++ /* HKDF outside of TLS usage is not approved */ + FIPS_POP_CONTEXT(NOT_APPROVED); + gnutls_free(info.data); + +@@ -151,7 +153,12 @@ test_pbkdf2(gnutls_mac_algorithm_t mac, + + FIPS_PUSH_CONTEXT(); + assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0); +- FIPS_POP_CONTEXT(APPROVED); ++ /* Key sizes and output sizes less than 112-bit are not approved. */ ++ if (ikm.size < 14 || length < 14) { ++ FIPS_POP_CONTEXT(NOT_APPROVED); ++ } else { ++ FIPS_POP_CONTEXT(APPROVED); ++ } + gnutls_free(ikm.data); + gnutls_free(salt.data); + +-- +2.37.3 + +From 86eded166f77612c70201c0d85d3abe711edd77d Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Thu, 29 Sep 2022 21:19:26 +0900 +Subject: [PATCH] fips: only mark HMAC as approved in PBKDF2 + +As ACVP only allows HMAC used with PBKDF2[1], this change marks other +hash algorithms not-approved. + +1. https://pages.nist.gov/ACVP/draft-celi-acvp-pbkdf.html + +Signed-off-by: Daiki Ueno +--- + lib/crypto-api.c | 5 ++++- + lib/fips.h | 16 +++++++++++++++- + tests/kdf-api.c | 30 +++++++++++++++++++++++++++++- + 3 files changed, 48 insertions(+), 3 deletions(-) + +diff --git a/lib/crypto-api.c b/lib/crypto-api.c +index d3e601ab3a..9f7e18db11 100644 +--- a/lib/crypto-api.c ++++ b/lib/crypto-api.c +@@ -2229,7 +2229,10 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac, + if (!is_mac_algo_allowed(mac)) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); +- } else if (!is_mac_algo_approved_in_fips(mac)) { ++ } else if (!is_mac_algo_hmac_approved_in_fips(mac)) { ++ /* ACVP only allows HMAC used with PBKDF2: ++ * https://pages.nist.gov/ACVP/draft-celi-acvp-pbkdf.html ++ */ + not_approved = true; + } + +diff --git a/lib/fips.h b/lib/fips.h +index 3a74f254e7..bf61b36741 100644 +--- a/lib/fips.h ++++ b/lib/fips.h +@@ -76,7 +76,7 @@ void _gnutls_lib_simulate_error(void); + void _gnutls_lib_force_operational(void); + + inline static bool +-is_mac_algo_approved_in_fips(gnutls_mac_algorithm_t algo) ++is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo) + { + switch (algo) { + case GNUTLS_MAC_SHA1: +@@ -88,6 +88,20 @@ is_mac_algo_approved_in_fips(gnutls_mac_algorithm_t algo) + case GNUTLS_MAC_SHA3_256: + case GNUTLS_MAC_SHA3_384: + case GNUTLS_MAC_SHA3_512: ++ return true; ++ default: ++ return false; ++ } ++} ++ ++inline static bool ++is_mac_algo_approved_in_fips(gnutls_mac_algorithm_t algo) ++{ ++ if (is_mac_algo_hmac_approved_in_fips(algo)) { ++ return true; ++ } ++ ++ switch (algo) { + case GNUTLS_MAC_AES_CMAC_128: + case GNUTLS_MAC_AES_CMAC_256: + case GNUTLS_MAC_AES_GMAC_128: +diff --git a/tests/kdf-api.c b/tests/kdf-api.c +index 577cbf7a17..4feb22688b 100644 +--- a/tests/kdf-api.c ++++ b/tests/kdf-api.c +@@ -26,6 +26,7 @@ + #include + + #include ++#include + #include + + #include "utils.h" +@@ -133,6 +134,25 @@ test_hkdf(gnutls_mac_algorithm_t mac, + gnutls_free(hex.data); + } + ++inline static bool ++is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo) ++{ ++ switch (algo) { ++ case GNUTLS_MAC_SHA1: ++ case GNUTLS_MAC_SHA256: ++ case GNUTLS_MAC_SHA384: ++ case GNUTLS_MAC_SHA512: ++ case GNUTLS_MAC_SHA224: ++ case GNUTLS_MAC_SHA3_224: ++ case GNUTLS_MAC_SHA3_256: ++ case GNUTLS_MAC_SHA3_384: ++ case GNUTLS_MAC_SHA3_512: ++ return true; ++ default: ++ return false; ++ } ++} ++ + static void + test_pbkdf2(gnutls_mac_algorithm_t mac, + const char *ikm_hex, +@@ -161,7 +181,8 @@ test_pbkdf2(gnutls_mac_algorithm_t mac, + FIPS_PUSH_CONTEXT(); + assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0); + /* Key sizes and output sizes less than 112-bit are not approved. */ +- if (ikm.size < 14 || length < 14) { ++ if (ikm.size < 14 || length < 14 || ++ !is_mac_algo_hmac_approved_in_fips(mac)) { + FIPS_POP_CONTEXT(NOT_APPROVED); + } else { + FIPS_POP_CONTEXT(APPROVED); +@@ -208,5 +229,12 @@ doit(void) + 20, + "4b007901b765489abead49d926f721d065a429c1"); + ++ test_pbkdf2(GNUTLS_MAC_AES_CMAC_128, ++ "70617373776f726470617373776f7264", /* "passwordpassword" */ ++ "73616c74", /* "salt" */ ++ 4096, ++ 20, ++ "c4c112c6e1e3b8757640603dec78825ff87605a7"); ++ + gnutls_fips140_context_deinit(fips_context); + } +-- +2.37.3 + diff --git a/SOURCES/gnutls-3.7.6-gmp-static.patch b/SOURCES/gnutls-3.7.6-gmp-static.patch new file mode 100644 index 0000000..6d4bba4 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-gmp-static.patch @@ -0,0 +1,159 @@ +From 88808f0b8906bdc32579c144a2c44401ee97798a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 19 Aug 2022 12:32:27 +0900 +Subject: [PATCH] build: allow GMP to be statically linked + +Even though we set the custom allocator[1] to zeroize sensitive data, +it can be easily invalidated if the application sets its own custom +allocator. An approach to prevent that is to link against a static +library of GMP, so the use of GMP is privatized and the custom +allocator configuration is not shared with other applications. + +This patch allows libgnutls to be linked with the static library of +GMP. Note that, to this work libgmp.a needs to be compiled with -fPIC +and libhogweed in Nettle is also linked to the static library of GMP. + +1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554 + +Signed-off-by: Daiki Ueno +--- + configure.ac | 14 +++++++++++++- + lib/fips.c | 10 ++++++++++ + lib/fipshmac.c | 5 ++++- + lib/global.c | 2 ++ + 4 files changed, 29 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 96894b0be3..e4cf5eab81 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -742,6 +742,8 @@ AC_CHECK_FUNCS(nettle_cmac_kuznyechik_update) + LIBS=$save_LIBS + + # Check sonames of the linked libraries needed for FIPS selftests. ++save_CFLAGS=$CFLAGS ++CFLAGS="$CFLAGS $GMP_CFLAGS" + save_LIBS=$LIBS + LIBS="$LIBS $GMP_LIBS" + AC_MSG_CHECKING([gmp soname]) +@@ -755,9 +757,14 @@ if test -z "$gmp_so"; then + gmp_so=none + fi + AC_MSG_RESULT($gmp_so) +-AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library]) ++if test "$gmp_so" != none; then ++ AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library]) ++fi + LIBS=$save_LIBS ++CFLAGS=$save_CFLAGS + ++save_CFLAGS=$CFLAGS ++CFLAGS="$CFLAGS $NETTLE_CFLAGS" + save_LIBS=$LIBS + LIBS="$LIBS $NETTLE_LIBS" + AC_MSG_CHECKING([nettle soname]) +@@ -773,7 +780,11 @@ fi + AC_MSG_RESULT($nettle_so) + AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library]) + LIBS=$save_LIBS ++CFLAGS=$save_CFLAGS + ++save_CFLAGS=$CFLAGS ++# includes ++CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS" + save_LIBS=$LIBS + LIBS="$LIBS $HOGWEED_LIBS" + AC_MSG_CHECKING([hogweed soname]) +@@ -789,6 +800,7 @@ fi + AC_MSG_RESULT($hogweed_so) + AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library]) + LIBS=$save_LIBS ++CFLAGS=$save_CFLAGS + + gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"` + AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library]) +diff --git a/lib/fips.c b/lib/fips.c +index 54eb4a37d4..42124ecf4e 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -149,7 +149,11 @@ void _gnutls_fips_mode_reset_zombie(void) + #define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME + #define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME + #define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME ++ ++/* GMP can be statically linked. */ ++#ifdef GMP_LIBRARY_SONAME + #define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME ++#endif + + #define HMAC_SIZE 32 + #define HMAC_ALGO GNUTLS_MAC_SHA256 +@@ -168,7 +172,9 @@ typedef struct + struct hmac_entry gnutls; + struct hmac_entry nettle; + struct hmac_entry hogweed; ++#ifdef GMP_LIBRARY_SONAME + struct hmac_entry gmp; ++#endif + } hmac_file; + + static int get_library_path(const char* lib, const char* symbol, char* path, size_t path_size) +@@ -259,8 +265,10 @@ static int handler(void *user, const char *section, const char *name, const char + return lib_handler(&p->nettle, section, name, value); + } else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) { + return lib_handler(&p->hogweed, section, name, value); ++#ifdef GMP_LIBRARY_SONAME + } else if (!strcmp(section, GMP_LIBRARY_NAME)) { + return lib_handler(&p->gmp, section, name, value); ++#endif + } else { + return 0; + } +@@ -408,9 +416,11 @@ static int check_binary_integrity(void) + ret = check_lib_hmac(&file.hogweed, HOGWEED_LIBRARY_NAME, "nettle_mpz_sizeinbase_256_u"); + if (ret < 0) + return ret; ++#ifdef GMP_LIBRARY_SONAME + ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init"); + if (ret < 0) + return ret; ++#endif + + return 0; + } +diff --git a/lib/fipshmac.c b/lib/fipshmac.c +index b091572bdf..363077f3e2 100644 +--- a/lib/fipshmac.c ++++ b/lib/fipshmac.c +@@ -159,10 +159,13 @@ int main(int argc, char **argv) + ret = print_lib_dl(HOGWEED_LIBRARY_SONAME, "nettle_mpz_sizeinbase_256_u"); + if (ret < 0) + return EXIT_FAILURE; +- ++ ++ /* GMP can be statically linked. */ ++#ifdef GMP_LIBRARY_SONAME + ret = print_lib_dl(GMP_LIBRARY_SONAME, "__gmpz_init"); + if (ret < 0) + return EXIT_FAILURE; ++#endif + + return EXIT_SUCCESS; + } +diff --git a/lib/global.c b/lib/global.c +index 1b372c15bd..9f3c7b22bd 100644 +--- a/lib/global.c ++++ b/lib/global.c +@@ -548,7 +548,9 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = { + { "libgnutls-soname", GNUTLS_LIBRARY_SONAME }, + { "libnettle-soname", NETTLE_LIBRARY_SONAME }, + { "libhogweed-soname", HOGWEED_LIBRARY_SONAME }, ++#ifdef GMP_LIBRARY_SONAME + { "libgmp-soname", GMP_LIBRARY_SONAME }, ++#endif + { "hardware-features", HW_FEATURES }, + { "tls-features", TLS_FEATURES }, + { NULL, NULL } +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.7.6-ktls-disable-by-default.patch b/SOURCES/gnutls-3.7.6-ktls-disable-by-default.patch new file mode 100644 index 0000000..2a88eb3 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-ktls-disable-by-default.patch @@ -0,0 +1,124 @@ +From f41151c8a218f255af08362b74cd6ee0dfd45c00 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Franti=C5=A1ek=20Kren=C5=BEelok?= + +Date: Tue, 14 Jun 2022 16:16:11 +0200 +Subject: [PATCH] KTLS: disable by default enable by config + +KTLS will be disabled by default when build with `--enable-ktls` to +enable it, use config file option `ktls = true` in [global] section. + +Signed-off-by: Frantisek Krenzelok +--- + doc/cha-config.texi | 18 ++++++++---------- + lib/gnutls_int.h | 2 +- + lib/handshake.c | 2 +- + lib/priority.c | 12 ++++++------ + 4 files changed, 16 insertions(+), 18 deletions(-) + +diff --git a/doc/cha-config.texi b/doc/cha-config.texi +index e550f2e4b1..eaab7fd799 100644 +--- a/doc/cha-config.texi ++++ b/doc/cha-config.texi +@@ -26,7 +26,7 @@ used can be queried using @funcref{gnutls_get_system_config_file}. + * Querying for disabled algorithms and protocols:: + * Overriding the parameter verification profile:: + * Overriding the default priority string:: +-* Disabling system/acceleration protocols:: ++* Enabling/Disabling system/acceleration protocols:: + @end menu + + @node Application-specific priority strings +@@ -253,16 +253,14 @@ default-priority-string = SECURE128:-VERS-TLS-ALL:+VERS-TLS1.3 + @end example + + +-@node Disabling system/acceleration protocols +-@section Disabling system/acceleration protocols +-When system/acceleration protocol is enabled during build, it is usually +-enabled by default. The following options can overwrite this behavior +-system-wide. ++@node Enabling/Disabling system/acceleration protocols ++@section Enabling/Disabling system/acceleration protocols ++The following options can overwrite default behavior of protocols system-wide. + @example + [global] +-ktls = false ++ktls = true + + @end example +-@subsection Disabling KTLS +-When GnuTLS is build with -–enable-ktls configuration, it uses KTLS by default. +-This can be overwritten by setting @code{ktls = false} in @code{[global]} section. ++@subsection Enabling KTLS ++When GnuTLS is build with -–enable-ktls configuration, KTLS is disabled by default. ++This can be enabled by setting @code{ktls = true} in @code{[global]} section. +diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h +index 872188696b..8c7bdaa1db 100644 +--- a/lib/gnutls_int.h ++++ b/lib/gnutls_int.h +@@ -1649,6 +1649,6 @@ get_certificate_type(gnutls_session_t session, + + extern unsigned int _gnutls_global_version; + +-bool _gnutls_config_is_ktls_disabled(void); ++bool _gnutls_config_is_ktls_enabled(void); + + #endif /* GNUTLS_LIB_GNUTLS_INT_H */ +diff --git a/lib/handshake.c b/lib/handshake.c +index f3edbbdacb..4dd457bf22 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2815,7 +2815,7 @@ int gnutls_handshake(gnutls_session_t session) + + session->internals.ktls_enabled = 0; + #ifdef ENABLE_KTLS +- if (_gnutls_config_is_ktls_disabled() == false) ++ if (_gnutls_config_is_ktls_enabled() == true) + _gnutls_ktls_enable(session); + #endif + +diff --git a/lib/priority.c b/lib/priority.c +index 7279c03c88..d163d8169f 100644 +--- a/lib/priority.c ++++ b/lib/priority.c +@@ -1027,7 +1027,7 @@ static void dummy_func(gnutls_priority_t c) + + struct cfg { + bool allowlisting; +- bool ktls_disabled; ++ bool ktls_enabled; + + name_val_array_t priority_strings; + char *priority_string; +@@ -1140,7 +1140,7 @@ cfg_steal(struct cfg *dst, struct cfg *src) + src->default_priority_string = NULL; + + dst->allowlisting = src->allowlisting; +- dst->ktls_disabled = src->ktls_disabled; ++ dst->ktls_enabled = src->ktls_enabled; + memcpy(dst->ciphers, src->ciphers, sizeof(src->ciphers)); + memcpy(dst->macs, src->macs, sizeof(src->macs)); + memcpy(dst->groups, src->groups, sizeof(src->groups)); +@@ -1268,8 +1268,8 @@ static int global_ini_handler(void *ctx, const char *section, const char *name, + } + } else if (c_strcasecmp(name, "ktls") == 0) { + p = clear_spaces(value, str); +- if (c_strcasecmp(p, "false") == 0) { +- cfg->ktls_disabled = true; ++ if (c_strcasecmp(p, "true") == 0) { ++ cfg->ktls_enabled = true; + } else { + _gnutls_debug_log("cfg: unknown ktls mode %s\n", + p); +@@ -3490,6 +3490,6 @@ gnutls_priority_string_list(unsigned iter, unsigned int flags) + return NULL; + } + +-bool _gnutls_config_is_ktls_disabled(void){ +- return system_wide_config.ktls_disabled; ++bool _gnutls_config_is_ktls_enabled(void){ ++ return system_wide_config.ktls_enabled; + } +-- +2.36.1 + diff --git a/SOURCES/gnutls-3.7.6-ktls-fixes.patch b/SOURCES/gnutls-3.7.6-ktls-fixes.patch new file mode 100644 index 0000000..2bef420 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-ktls-fixes.patch @@ -0,0 +1,348 @@ +From 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 28 Jun 2022 09:37:22 +0900 +Subject: [PATCH 1/3] tests: enable KTLS config while running gnutls_ktls test + +Signed-off-by: Daiki Ueno +--- + tests/Makefile.am | 9 +++++---- + tests/gnutls_ktls.c | 4 ++-- + tests/ktls.sh | 46 +++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 53 insertions(+), 6 deletions(-) + create mode 100755 tests/ktls.sh + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 4deeb6462b..cba67e8db8 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -441,10 +441,6 @@ ctests += x509self x509dn anonself pskself pskself2 dhepskself \ + resume-with-record-size-limit + endif + +-if ENABLE_KTLS +-ctests += gnutls_ktls +-endif +- + ctests += record-sendfile + + gc_CPPFLAGS = $(AM_CPPFLAGS) \ +@@ -500,6 +496,11 @@ if ENABLE_TPM2 + dist_check_SCRIPTS += tpm2.sh + endif + ++if ENABLE_KTLS ++indirect_tests += gnutls_ktls ++dist_check_SCRIPTS += ktls.sh ++endif ++ + if !WINDOWS + + # +diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c +index 3966e2b10a..8f9c5fa36e 100644 +--- a/tests/gnutls_ktls.c ++++ b/tests/gnutls_ktls.c +@@ -84,7 +84,7 @@ static void client(int fd, const char *prio) + + ret = gnutls_transport_is_ktls_enabled(session); + if (!(ret & GNUTLS_KTLS_RECV)){ +- fail("client: KTLS was not properly inicialized\n"); ++ fail("client: KTLS was not properly initialized\n"); + goto end; + } + +@@ -208,7 +208,7 @@ static void server(int fd, const char *prio) + + ret = gnutls_transport_is_ktls_enabled(session); + if (!(ret & GNUTLS_KTLS_SEND)){ +- fail("server: KTLS was not properly inicialized\n"); ++ fail("server: KTLS was not properly initialized\n"); + goto end; + } + do { +diff --git a/tests/ktls.sh b/tests/ktls.sh +new file mode 100755 +index 0000000000..ba52bd5775 +--- /dev/null ++++ b/tests/ktls.sh +@@ -0,0 +1,46 @@ ++#!/bin/sh ++ ++# Copyright (C) 2022 Red Hat, Inc. ++# ++# Author: Daiki Ueno ++# ++# This file is part of GnuTLS. ++# ++# GnuTLS is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 3 of the License, or (at ++# your option) any later version. ++# ++# GnuTLS is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GnuTLS; if not, write to the Free Software Foundation, ++# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ ++: ${builddir=.} ++ ++. "$srcdir/scripts/common.sh" ++ ++if ! grep '^tls ' /proc/modules 2>1 >& /dev/null; then ++ exit 77 ++fi ++ ++testdir=`create_testdir ktls` ++ ++cfg="$testdir/config" ++ ++cat < "$cfg" ++[global] ++ktls = true ++EOF ++ ++GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 \ ++GNUTLS_SYSTEM_PRIORITY_FILE="$cfg" \ ++"$builddir/gnutls_ktls" "$@" ++rc=$? ++ ++rm -rf "$testdir" ++exit $rc +-- +2.36.1 + + +From 4a492462535a7f3a831685d3cf420b50ef219511 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 28 Jun 2022 10:23:33 +0900 +Subject: [PATCH 2/3] handshake: do not reset KTLS enablement in + gnutls_handshake + +As gnutls_handshake can be repeatedly called upon non-blocking setup, +we shouldn't try to call setsockopt for KTLS upon every call. + +Signed-off-by: Daiki Ueno +--- + lib/handshake.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index 4dd457bf22..3886306eb4 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2813,12 +2813,6 @@ int gnutls_handshake(gnutls_session_t session) + const version_entry_st *vers = get_version(session); + int ret; + +- session->internals.ktls_enabled = 0; +-#ifdef ENABLE_KTLS +- if (_gnutls_config_is_ktls_enabled() == true) +- _gnutls_ktls_enable(session); +-#endif +- + if (unlikely(session->internals.initial_negotiation_completed)) { + if (vers->tls13_sem) { + if (session->security_parameters.entity == GNUTLS_CLIENT) { +@@ -2864,6 +2858,12 @@ int gnutls_handshake(gnutls_session_t session) + end->tv_nsec = + (start->tv_nsec + tmo_ms * 1000000LL) % 1000000000LL; + } ++ ++#ifdef ENABLE_KTLS ++ if (_gnutls_config_is_ktls_enabled()) { ++ _gnutls_ktls_enable(session); ++ } ++#endif + } + + if (session->internals.recv_state == RECV_STATE_FALSE_START) { +-- +2.36.1 + + +From ce13208e13b5dec73993c583d4c64ab7714e4a7a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 28 Jun 2022 10:53:55 +0900 +Subject: [PATCH 3/3] ktls: _gnutls_ktls_enable: fix GNUTLS_KTLS_SEND + calculation + +Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the +same socket is used for both sending and receiving, GNUTLS_KTLS_SEND +was unconditionally set. This fixes the conditions and also adds more +logging. + +Signed-off-by: Daiki Ueno +--- + lib/system/ktls.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/lib/system/ktls.c b/lib/system/ktls.c +index b9f7a73fb5..ddf27fac76 100644 +--- a/lib/system/ktls.c ++++ b/lib/system/ktls.c +@@ -47,7 +47,7 @@ + gnutls_transport_ktls_enable_flags_t + gnutls_transport_is_ktls_enabled(gnutls_session_t session){ + if (unlikely(!session->internals.initial_negotiation_completed)){ +- _gnutls_debug_log("Initial negotiation is not yet complete"); ++ _gnutls_debug_log("Initial negotiation is not yet complete\n"); + return 0; + } + +@@ -57,16 +57,27 @@ gnutls_transport_is_ktls_enabled(gnutls_session_t session){ + void _gnutls_ktls_enable(gnutls_session_t session) + { + int sockin, sockout; ++ + gnutls_transport_get_int2(session, &sockin, &sockout); + +- if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) ++ if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) { + session->internals.ktls_enabled |= GNUTLS_KTLS_RECV; ++ if (sockin == sockout) { ++ session->internals.ktls_enabled |= GNUTLS_KTLS_SEND; ++ } ++ } else { ++ _gnutls_record_log("Unable to set TCP_ULP for read socket: %d\n", ++ errno); ++ } + + if (sockin != sockout) { +- if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) ++ if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) { + session->internals.ktls_enabled |= GNUTLS_KTLS_SEND; +- } else +- session->internals.ktls_enabled |= GNUTLS_KTLS_SEND; ++ } else { ++ _gnutls_record_log("Unable to set TCP_ULP for write socket: %d\n", ++ errno); ++ } ++ } + } + + int _gnutls_ktls_set_keys(gnutls_session_t session) +-- +2.36.1 + +From 2d3cba6bb21acb40141180298f3924c73c7de8f8 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 26 Jul 2022 11:38:41 +0900 +Subject: [PATCH 1/2] handshake: do not enable KTLS if custom pull/push + functions are set + +If gnutls_transport_set_pull_function or +gnutls_transport_set_push_function is used, we can't assume the +underlying transport handle is an FD. + +Signed-off-by: Daiki Ueno +--- + lib/handshake.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index 3886306eb4..cf025a84f6 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2861,7 +2861,14 @@ int gnutls_handshake(gnutls_session_t session) + + #ifdef ENABLE_KTLS + if (_gnutls_config_is_ktls_enabled()) { +- _gnutls_ktls_enable(session); ++ if (session->internals.pull_func || ++ session->internals.push_func) { ++ _gnutls_audit_log(session, ++ "Not enabling KTLS with " ++ "custom pull/push function\n"); ++ } else { ++ _gnutls_ktls_enable(session); ++ } + } + #endif + } +-- +2.37.1 + + +From f7160e4fb970b4ba6f96e85e21f8395eae735d95 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 26 Jul 2022 11:39:57 +0900 +Subject: [PATCH 2/2] socket: only set pull/push functions when --save-*-trace + is used + +This allows gnutls-cli to use KTLS for the transport, unless either +--save-client-trace or --save-server-trace is used. + +Signed-off-by: Daiki Ueno +--- + src/socket.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/socket.c b/src/socket.c +index 39f18dbe18..36ac292700 100644 +--- a/src/socket.c ++++ b/src/socket.c +@@ -586,16 +586,16 @@ socket_open2(socket_st * hd, const char *hostname, const char *service, + gnutls_session_set_data(hd->session, hd->rdata.data, hd->rdata.size); + } + +- if (server_trace) ++ if (client_trace || server_trace) { + hd->server_trace = server_trace; +- +- if (client_trace) + hd->client_trace = client_trace; +- +- gnutls_transport_set_push_function(hd->session, wrap_push); +- gnutls_transport_set_pull_function(hd->session, wrap_pull); +- gnutls_transport_set_pull_timeout_function(hd->session, wrap_pull_timeout_func); +- gnutls_transport_set_ptr(hd->session, hd); ++ gnutls_transport_set_push_function(hd->session, wrap_push); ++ gnutls_transport_set_pull_function(hd->session, wrap_pull); ++ gnutls_transport_set_pull_timeout_function(hd->session, wrap_pull_timeout_func); ++ gnutls_transport_set_ptr(hd->session, hd); ++ } else { ++ gnutls_transport_set_int(hd->session, hd->fd); ++ } + } + + if (!(flags & SOCKET_FLAG_RAW) && !(flags & SOCKET_FLAG_SKIP_INIT)) { +-- +2.37.1 + +From a5b671fc9105cb5dbe6e6a1c0f39fa787d862076 Mon Sep 17 00:00:00 2001 +From: Frantisek Krenzelok +Date: Fri, 29 Jul 2022 10:38:42 +0200 +Subject: [PATCH] KTLS: hotfix + +session->internals.pull_func is set to system_read during gnutls_init() +so check for user set pull/push function added in commit mentioned +bellow will never pass. + +source: 2d3cba6bb21acb40141180298f3924c73c7de8f8 + +Signed-off-by: Frantisek Krenzelok +--- + lib/handshake.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index cf025a84f6..21edc5ece9 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2861,7 +2861,8 @@ int gnutls_handshake(gnutls_session_t session) + + #ifdef ENABLE_KTLS + if (_gnutls_config_is_ktls_enabled()) { +- if (session->internals.pull_func || ++ if ((session->internals.pull_func && ++ session->internals.pull_func != system_read) || + session->internals.push_func) { + _gnutls_audit_log(session, + "Not enabling KTLS with " +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.7.6-pkcs7-verify.patch b/SOURCES/gnutls-3.7.6-pkcs7-verify.patch new file mode 100644 index 0000000..001a6a4 --- /dev/null +++ b/SOURCES/gnutls-3.7.6-pkcs7-verify.patch @@ -0,0 +1,263 @@ +From 57afc290cd3ce2e9752a0ce5cba41ecc78fdc1bd Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Sun, 31 Jul 2022 10:39:53 +0900 +Subject: [PATCH] gnutls-3.7.6-pkcs7-verify.patch + +--- + lib/x509/pkcs7.c | 3 +- + tests/Makefile.am | 2 +- + tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++ + 3 files changed, 218 insertions(+), 2 deletions(-) + create mode 100644 tests/pkcs7-verify-double-free.c + +diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c +index 1f35fab..d5be7f4 100644 +--- a/lib/x509/pkcs7.c ++++ b/lib/x509/pkcs7.c +@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, + issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags); + + if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) { +- if (prev) gnutls_x509_crt_deinit(prev); ++ if (prev && prev != signer) ++ gnutls_x509_crt_deinit(prev); + prev = issuer; + break; + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 26e39fb..7a7a4af 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + tls13-without-timeout-func buffer status-request-revoked \ + set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ + x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \ +- x509-upnconstraint ++ x509-upnconstraint pkcs7-verify-double-free + + ctests += tls-channel-binding + +diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c +new file mode 100644 +index 0000000..fadf307 +--- /dev/null ++++ b/tests/pkcs7-verify-double-free.c +@@ -0,0 +1,215 @@ ++/* ++ * Copyright (C) 2022 Red Hat, Inc. ++ * ++ * Author: Zoltan Fridrich ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software: you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS. If not, see . ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++ ++#include "utils.h" ++ ++static char rca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n" ++ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" ++ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n" ++ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n" ++ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n" ++ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n" ++ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n" ++ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" ++ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n" ++ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n" ++ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n" ++ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n" ++ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n" ++ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n" ++ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n" ++ "LirBWjg89RoAjFQ7bTE=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n" ++ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n" ++ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n" ++ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n" ++ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n" ++ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n" ++ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n" ++ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n" ++ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n" ++ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n" ++ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n" ++ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n" ++ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n" ++ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n" ++ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ee_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n" ++ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n" ++ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n" ++ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n" ++ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n" ++ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n" ++ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n" ++ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n" ++ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n" ++ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n" ++ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n" ++ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n" ++ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n" ++ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n" ++ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n" ++ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char msg_pem[] = ++ "-----BEGIN PKCS7-----\n" ++ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n" ++ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n" ++ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n" ++ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" ++ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n" ++ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n" ++ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n" ++ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n" ++ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n" ++ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n" ++ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n" ++ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n" ++ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n" ++ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n" ++ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n" ++ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n" ++ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n" ++ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n" ++ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n" ++ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n" ++ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n" ++ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n" ++ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n" ++ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n" ++ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n" ++ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n" ++ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n" ++ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n" ++ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n" ++ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n" ++ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n" ++ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n" ++ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n" ++ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n" ++ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n" ++ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n" ++ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n" ++ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n" ++ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n" ++ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n" ++ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n" ++ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n" ++ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n" ++ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n" ++ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n" ++ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n" ++ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n" ++ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n" ++ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n" ++ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n" ++ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n" ++ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n" ++ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n" ++ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n" ++ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n" ++ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n" ++ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n" ++ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n" ++ "-----END PKCS7-----\n"; ++ ++const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 }; ++const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 }; ++const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 }; ++const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 }; ++ ++static void tls_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "%s |<%d>| %s", "err", level, str); ++} ++ ++#define CHECK(X)\ ++{\ ++ r = X;\ ++ if (r < 0)\ ++ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\ ++}\ ++ ++void doit(void) ++{ ++ int r; ++ gnutls_x509_crt_t rca_cert = NULL; ++ gnutls_x509_crt_t ca_cert = NULL; ++ gnutls_x509_crt_t ee_cert = NULL; ++ gnutls_x509_trust_list_t tlist = NULL; ++ gnutls_pkcs7_t pkcs7 = NULL; ++ gnutls_datum_t data = { (unsigned char *)"xxx", 3 }; ++ ++ if (debug) { ++ gnutls_global_set_log_function(tls_log_func); ++ gnutls_global_set_log_level(4711); ++ } ++ ++ // Import certificates ++ CHECK(gnutls_x509_crt_init(&rca_cert)); ++ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ca_cert)); ++ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ee_cert)); ++ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Setup trust store ++ CHECK(gnutls_x509_trust_list_init(&tlist, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0)); ++ ++ // Setup pkcs7 structure ++ CHECK(gnutls_pkcs7_init(&pkcs7)); ++ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Signature verification ++ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0); ++ ++ gnutls_x509_crt_deinit(rca_cert); ++ gnutls_x509_crt_deinit(ca_cert); ++ gnutls_x509_crt_deinit(ee_cert); ++ gnutls_x509_trust_list_deinit(tlist, 0); ++ gnutls_pkcs7_deinit(pkcs7); ++} +-- +2.37.1 + diff --git a/SOURCES/gnutls-3.7.6.tar.xz.sig b/SOURCES/gnutls-3.7.6.tar.xz.sig new file mode 100644 index 0000000..70cb359 Binary files /dev/null and b/SOURCES/gnutls-3.7.6.tar.xz.sig differ diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec new file mode 100644 index 0000000..e6fab98 --- /dev/null +++ b/SPECS/gnutls.spec @@ -0,0 +1,1334 @@ +%define srpmhash() %{lua: +local files = rpm.expand("%_specdir/gnutls.spec") +for i, p in ipairs(patches) do + files = files.." "..p +end +for i, p in ipairs(sources) do + files = files.." "..p +end +local sha256sum = assert(io.popen("cat "..files.."| sha256sum")) +local hash = sha256sum:read("*a") +sha256sum:close() +print(string.sub(hash, 0, 16)) +} + +Version: 3.7.6 +Release: 12%{?dist} +# not upstreamed +Patch: gnutls-3.6.7-no-now-guile.patch +Patch: gnutls-3.2.7-rpath.patch +Patch: gnutls-3.7.2-enable-intel-cet.patch +Patch: gnutls-3.7.2-no-explicit-init.patch + +# upstreamed +Patch: gnutls-3.7.6-fips-run-selftests.patch +Patch: gnutls-3.7.6-ktls-disable-by-default.patch +Patch: gnutls-3.7.6-ktls-fixes.patch +Patch: gnutls-3.7.6-aes-gcm-pt-limit.patch +Patch: gnutls-3.7.6-pkcs7-verify.patch +Patch: gnutls-3.7.6-fips-pkcs12-des-cbc.patch +Patch: gnutls-3.7.6-fips-rsa-key-sizes.patch +Patch: gnutls-3.7.6-fips-symkey-limit.patch +Patch: gnutls-3.7.6-fips-ecdsa-hash-check.patch + +# not upstreamed +Patch: gnutls-3.7.3-disable-config-reload.patch +Patch: gnutls-3.7.3-fips-dsa-post.patch +Patch: gnutls-3.7.6-drbg-reseed.patch +Patch: gnutls-3.7.6-cpuid-fixes.patch +Patch: gnutls-3.7.6-gmp-static.patch + +%bcond_without bootstrap +%bcond_without dane +%if 0%{?rhel} +%bcond_with guile +%bcond_without fips +%else +%bcond_without guile +%bcond_without fips +%endif +%bcond_with tpm12 +%bcond_without tpm2 +%bcond_with gost +%bcond_with certificate_compression +%bcond_without tests + +Summary: A TLS protocol implementation +Name: gnutls +# The libraries are LGPLv2.1+, utilities are GPLv3+ +License: GPLv3+ and LGPLv2+ +BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel +BuildRequires: readline-devel, libtasn1-devel >= 4.3 +%if %{with certificate_compression} +BuildRequires: zlib-devel, brotli-devel, libzstd-devel +%endif +%if %{with bootstrap} +BuildRequires: automake, autoconf, gperf, libtool +%endif +BuildRequires: texinfo +BuildRequires: nettle-devel >= 3.5.1 +%if %{with tpm12} +BuildRequires: trousers-devel >= 0.3.11.2 +%endif +%if %{with tpm2} +BuildRequires: tpm2-tss-devel >= 3.0.3 +%endif +BuildRequires: libidn2-devel +BuildRequires: libunistring-devel +BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++ +BuildRequires: gnupg2 +BuildRequires: git-core + +# for a sanity check on cert loading +BuildRequires: p11-kit-trust, ca-certificates +Requires: crypto-policies +Requires: p11-kit-trust +Requires: libtasn1 >= 4.3 +Requires: nettle >= 3.4.1 +%if %{with tpm12} +Recommends: trousers >= 0.3.11.2 +%endif + +%if %{with dane} +BuildRequires: unbound-devel unbound-libs +%endif +%if %{with guile} +BuildRequires: guile22-devel +%endif +BuildRequires: make +URL: http://www.gnutls.org/ +Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz +Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig +Source2: gnutls-release-keyring.gpg + +Source100: gmp-6.2.1.tar.xz +# Taken from the main gmp package +Source101: gmp-6.2.1-intel-cet.patch + +# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) = 20130424 + +%package c++ +Summary: The C++ interface to GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} + +%package devel +Summary: Development files for the %{name} package +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-c++%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif +Requires: pkgconfig + +%package utils +License: GPLv3+ +Summary: Command line tools for TLS protocol +Requires: %{name}%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif + +%if %{with dane} +%package dane +Summary: A DANE protocol implementation for GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif + +%if %{with guile} +%package guile +Summary: Guile bindings for the GNUTLS library +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: guile22 +%endif + +%description +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description c++ +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description devel +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains files needed for developing applications with +the GnuTLS library. + +%description utils +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains command line TLS client and server and certificate +manipulation tools. + +%if %{with dane} +%description dane +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains library that implements the DANE protocol for verifying +TLS certificates through DNSSEC. +%endif + +%if %{with guile} +%description guile +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains Guile bindings for the library. +%endif + +%prep +# Workaround: to allow building the package under FIPS, do not treat +# errors in the GPG check as fatal, where EdDSA signature verification +# is not allowed: +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' || : + +%autosetup -p1 -S git + +%if %{with fips} +mkdir -p bundled_gmp +pushd bundled_gmp +tar --strip-components=1 -xf %{SOURCE100} +patch -p1 < %{SOURCE101} +popd +%endif + +%build +%ifarch aarch64 ppc64le +%define _lto_cflags %{nil} +%endif + +%if %{with fips} +pushd bundled_gmp +autoreconf -ifv +%configure --disable-cxx --disable-shared --enable-fat --with-pic +%make_build +popd + +export GMP_CFLAGS="-I$PWD/bundled_gmp" +export GMP_LIBS="$PWD/bundled_gmp/.libs/libgmp.a" +%endif + +%if %{with bootstrap} +autoreconf -fi +%endif + +sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure +rm -f lib/minitasn1/*.c lib/minitasn1/*.h + +echo "SYSTEM=NORMAL" >> tests/system.prio + +%if %{with guile} +# These should be checked by m4/guile.m4 instead of configure.ac +# taking into account of _guile_suffix +guile_snarf=%{_bindir}/guile-snarf2.2 +export guile_snarf +GUILD=%{_bindir}/guild2.2 +export GUILD +%endif + +%if %{with fips} +eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release) +export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name" +%endif + +%configure \ +%if %{with fips} + --enable-fips140-mode \ + --with-fips140-module-name="$FIPS_MODULE_NAME" \ + --with-fips140-module-version=%{version}-%{srpmhash} \ +%endif +%if %{with gost} + --enable-gost \ +%else + --disable-gost \ +%endif + --enable-sha1-support \ + --disable-static \ + --disable-openssl-compatibility \ + --disable-non-suiteb-curves \ + --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \ + --with-default-trust-store-pkcs11="pkcs11:" \ +%if %{with tpm12} + --with-trousers-lib=%{_libdir}/libtspi.so.1 \ +%else + --without-tpm \ +%endif +%if %{with tpm2} + --with-tpm2 \ +%else + --without-tpm2 \ +%endif + --enable-ktls \ + --htmldir=%{_docdir}/manual \ +%if %{with guile} + --enable-guile \ + --with-guile-extension-dir=%{_libdir}/guile/2.2 \ +%else + --disable-guile \ +%endif +%if %{with dane} + --with-unbound-root-key-file=/var/lib/unbound/root.key \ + --enable-libdane \ +%else + --disable-libdane \ +%endif +%if %{with certificate_compression} + --with-zlib --with-brotli --with-zstd \ +%else + --without-zlib --without-brotli --without-zstd \ +%endif + --disable-rpath \ + --with-default-priority-string="@SYSTEM" + +# build libgnutlsxx.so with older SONAME +make %{?_smp_mflags} V=1 CXX_LT_CURRENT=29 CXX_LT_REVISION=0 CXX_LT_AGE=1 + +%install +make install DESTDIR=$RPM_BUILD_ROOT + +# build libgnutlsxx.so with newer SONAME +pushd lib +rm -f libgnutlsxx.la +make %{?_smp_mflags} V=1 +make install DESTDIR=$RPM_BUILD_ROOT +popd +touch doc/examples/ex-cxx + +make -C doc install-html DESTDIR=$RPM_BUILD_ROOT + +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.la +%if %{without dane} +rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc +%endif + +%if %{with fips} +# doing it twice should be a no-op the second time, +# and this way we avoid redefining it and missing a future change +%{__spec_install_post} +./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac +sed -i "s^$RPM_BUILD_ROOT/usr^^" $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac +%endif + +%if %{with fips} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ +%{nil} +%endif + +%find_lang gnutls + +%check +%if %{with tests} +make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null +%endif + +%files -f gnutls.lang +%{_libdir}/libgnutls.so.30* +%if %{with fips} +%{_libdir}/.gnutls.hmac +%endif +%doc README.md AUTHORS NEWS THANKS +%license LICENSE doc/COPYING doc/COPYING.LESSER + +%files c++ +%{_libdir}/libgnutlsxx.so.* + +%files devel +%{_includedir}/* +%{_libdir}/libgnutls*.so +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* +%{_infodir}/gnutls* +%{_infodir}/pkcs11-vision* +%{_docdir}/manual/* + +%files utils +%{_bindir}/certtool +%if %{with tpm12} +%{_bindir}/tpmtool +%endif +%{_bindir}/ocsptool +%{_bindir}/psktool +%{_bindir}/p11tool +%{_bindir}/srptool +%if %{with dane} +%{_bindir}/danetool +%endif +%{_bindir}/gnutls* +%{_mandir}/man1/* +%doc doc/certtool.cfg + +%if %{with dane} +%files dane +%{_libdir}/libgnutls-dane.so.* +%endif + +%if %{with guile} +%files guile +%{_libdir}/guile/2.2/guile-gnutls*.so* +%{_libdir}/guile/2.2/site-ccache/gnutls.go +%{_libdir}/guile/2.2/site-ccache/gnutls/extra.go +%{_datadir}/guile/site/2.2/gnutls.scm +%{_datadir}/guile/site/2.2/gnutls/extra.scm +%endif + +%changelog +* Tue Sep 27 2022 Daiki Ueno - 3.7.6-12 +- fips: mark PBKDF2 with short key and output sizes non-approved +- fips: only mark HMAC as approved in PBKDF2 +- fips: mark gnutls_key_generate with short key sizes non-approved +- fips: fix checking on hash algorithm used in ECDSA +- fips: preserve operation context around FIPS selftests API + +* Fri Aug 26 2022 Daiki Ueno - 3.7.6-11 +- Supply --with{,out}-{zlib,brotli,zstd} explicitly + +* Thu Aug 25 2022 Daiki Ueno - 3.7.6-10 +- Revert nettle version pinning as it doesn't work well in side-tag + +* Thu Aug 25 2022 Daiki Ueno - 3.7.6-9 +- Pin nettle version in Requires when compiled with FIPS + +* Tue Aug 23 2022 Daiki Ueno - 3.7.6-8 +- Bundle GMP to privatize memory functions +- Disable certificate compression support by default + +* Tue Aug 23 2022 Daiki Ueno - 3.7.6-7 +- Update gnutls-3.7.6-cpuid-fixes.patch + +* Sat Aug 20 2022 Daiki Ueno - 3.7.6-6 +- Mark RSA SigVer operation approved for known modulus sizes (#2119770) +- accelerated: clear AVX bits if it cannot be queried through XSAVE + +* Thu Aug 4 2022 Daiki Ueno - 3.7.6-5 +- Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314) +- sysrng: reseed source DRBG for prediction resistance + +* Fri Jul 29 2022 Daiki Ueno - 3.7.6-4 +- Make gnutls-cli work with KTLS for testing +- Fix double-free in gnutls_pkcs7_verify (#2109789) + +* Mon Jul 25 2022 Daiki Ueno - 3.7.6-3 +- Limit input size for AES-GCM according to SP800-38D (#2108635) +- Do not treat GPG verification errors as fatal +- Remove gnutls-3.7.6-libgnutlsxx-const.patch + +* Tue Jul 19 2022 Daiki Ueno - 3.7.6-2 +- Allow enabling KTLS with config file (#2108532) + +* Fri Jul 1 2022 Daiki Ueno - 3.7.6-1 +- Update to gnutls 3.7.6 (#2102591) + +* Thu Mar 31 2022 Daiki Ueno - 3.7.3-10 +- Use only the first component of VERSION from /etc/os-release (#2076626) +- Don't run power-on self-tests on DSA (#2076627) + +* Fri Feb 25 2022 Daiki Ueno - 3.7.3-9 +- Stop using typeof keyword for tss2 function prototypes (#2057490) +- Ensure allowlist API is called before priority string construction (#1975421) + +* Thu Feb 24 2022 Daiki Ueno - 3.7.3-8 +- Fix previous change for loading libtss2* (#2057490) + +* Wed Feb 23 2022 Daiki Ueno - 3.7.3-7 +- Increase GNUTLS_MAX_ALGORITHM_NUM for allowlisting (#2033220) +- Ensure allowlisting API is called before priority string is constructed (#2042532) +- Use dlopen for loading libtss2* to avoid OpenSSL dependency (#2057490) + +* Tue Feb 22 2022 Daiki Ueno - 3.7.3-6 +- Compile out GOST algorithm IDs (#1945292) + +* Thu Feb 17 2022 Zoltan Fridrich - 3.7.3-5 +- Fix upstream testsuite in fips mode (#2051637) + +* Wed Feb 16 2022 Daiki Ueno - 3.7.3-4 +- Specify FIPS140-3 module name and version +- fips: allow a few more primes in RSA key generation +- fips: tighten PKCS#12 algorithm checks +- Correct return value of KTLS stub API + +* Tue Feb 15 2022 Zoltan Fridrich - 3.7.3-3 +- Disable config reload in order to not break allowlisting (#2042532) + +* Wed Feb 2 2022 Daiki Ueno - 3.7.3-2 +- Build with TPM2 support, patch from Alexander Sosedkin (#2033220) + +* Tue Jan 18 2022 Daiki Ueno - 3.7.3-1 +- Update to gnutls 3.7.3 (#2033220) + +* Wed Dec 22 2021 Daiki Ueno - 3.7.2-10 +- Update gnutls_{hash,hmac}_copy man-pages as well (#1999639) + +* Wed Dec 22 2021 Daiki Ueno - 3.7.2-9 +- Drop support for GNUTLS_NO_EXPLICIT_INIT envvar in favor of + GNUTLS_NO_IMPLICIT_INIT (#1999639) +- Expand documentation of gnutls_{hash,hmac}_copy, mentioning that + those do not always work (#1999639) + +* Tue Dec 21 2021 Daiki Ueno - 3.7.2-9 +- Fix race condition when resolving SYSTEM priority in allowlisting mode (#2012249) + +* Thu Oct 21 2021 Daiki Ueno - 3.7.2-8 +- Fix issues in bundled libopts, spotted by covscan (#1938730) + +* Tue Oct 12 2021 Daiki Ueno - 3.7.2-7 +- Enable Intel CET +- Remove unnecessary CCASFLAGS setting for annocheck + +* Thu Aug 19 2021 Daiki Ueno - 3.7.2-6 +- Reorder doc/invoke-*.texi generation (#1975482) +- Temporarily disable LTO for aarch64 and ppc64le + +* Mon Aug 09 2021 Mohan Boddu - 3.7.2-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Aug 2 2021 Daiki Ueno - 3.7.2-4 +- Disable GOST cryptography by default (#1945292) +- Tighten timestamp adjustment when not bootstrapping (#1975482) +- Re-enable LTO (#1986143) + +* Mon Jun 28 2021 Daiki Ueno - 3.7.2-3 +- Enable allowlisting configuration mode (#1975421) + +* Sat Jun 26 2021 Daiki Ueno - 3.7.2-2 +- Remove %%defattr invocations which are no longer necessary +- libpkcs11mock1.* is not installed anymore +- hobble-gnutls: Remove SRP removal +- Use correct source URL +- Switch to using %%gpgverify macro + +* Fri Jun 25 2021 Daiki Ueno - 3.7.2-1 +- Update to upstream 3.7.2 release (#1966479) + +* Tue Jun 22 2021 Mohan Boddu - 3.7.1-6 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Thu Jun 3 2021 Daiki Ueno - 3.7.1-5 +- Fix typo in TPM 1.2 disablement (#1927370) + +* Thu May 27 2021 Daiki Ueno - 3.7.1-4 +- Disable TPM support by default (#1927370) + +* Thu Apr 15 2021 Mohan Boddu - 3.7.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Mar 16 2021 Daiki Ueno - 3.7.1-2 +- Restore fipscheck dependency + +* Sat Mar 13 2021 Daiki Ueno - 3.7.1-1 +- Update to upstream 3.7.1 release +- Remove fipscheck dependency, as it is now calculated with an + internal tool + +* Fri Mar 5 2021 Daiki Ueno - 3.7.0-4 +- Tolerate duplicate certs in the chain also with PKCS #11 trust store + +* Tue Mar 2 2021 Daiki Ueno - 3.7.0-3 +- Reduce BRs for non-bootstrapping build + +* Wed Feb 10 2021 Daiki Ueno - 3.7.0-2 +- Tolerate duplicate certs in the chain + +* Mon Feb 8 2021 Daiki Ueno - 3.7.0-1 +- Update to upstream 3.7.0 release +- Temporarily disable LTO + +* Tue Jan 26 2021 Daiki Ueno - 3.6.15-4 +- Fix broken tests on rawhide (#1908110) +- Add BuildRequires: make (by Tom Stellard) + +* Tue Jan 26 2021 Fedora Release Engineering - 3.6.15-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Sep 28 2020 Jeff Law - 3.6.15-2 +- Re-enable LTO now that upstream GCC bugs have been fixed + +* Fri Sep 4 2020 Daiki Ueno - 3.6.15-1 +- Update to upstream 3.6.15 release + +* Mon Aug 17 2020 Jeff Law - 3.6.14-7 +- Disable LTO on ppc64le + +* Tue Aug 4 2020 Daiki Ueno - 3.6.14-6 +- Fix underlinking of libpthread + +* Sat Aug 01 2020 Fedora Release Engineering - 3.6.14-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 3.6.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 02 2020 Anderson Sasaki - 3.6.14-3 +- Rebuild with autogen built with guile-2.2 (#1852706) + +* Tue Jun 09 2020 Anderson Sasaki - 3.6.14-2 +- Fix memory leak when serializing iovec_t (#1845083) +- Fix automatic libraries sonames detection (#1845806) + +* Thu Jun 4 2020 Daiki Ueno - 3.6.14-1 +- Update to upstream 3.6.14 release + +* Sun May 31 2020 Daiki Ueno - 3.6.13-6 +- Update gnutls-3.6.13-superseding-chain.patch + +* Sun May 31 2020 Daiki Ueno - 3.6.13-5 +- Fix cert chain validation behavior if the last cert has expired (#1842178) + +* Mon May 25 2020 Anderson Sasaki - 3.6.13-4 +- Add option to gnutls-cli to wait for resumption under TLS 1.3 + +* Tue May 19 2020 Anderson Sasaki - 3.6.13-3 +- Disable RSA blinding during FIPS self-tests + +* Thu May 14 2020 Anderson Sasaki - 3.6.13-2 +- Bump linked libraries soname to fix FIPS selftests (#1835265) + +* Tue Mar 31 2020 Daiki Ueno - 3.6.13-1 +- Update to upstream 3.6.13 release + +* Thu Mar 26 2020 Anderson Sasaki - 3.6.12-2 +- Fix FIPS POST (#1813384) +- Fix gnutls-serv --echo to not exit when a message is received (#1816583) + +* Sun Feb 02 2020 Nikos Mavrogiannopoulos - 3.6.12-1 +- Update to upstream 3.6.12 release + +* Tue Jan 28 2020 Fedora Release Engineering - 3.6.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Dec 02 2019 Nikos Mavrogiannopoulos - 3.6.11-1 +- Update to upstream 3.6.11 release + +* Sun Sep 29 2019 Nikos Mavrogiannopoulos - 3.6.10-1 +- Update to upstream 3.6.10 release + +* Fri Jul 26 2019 Nikos Mavrogiannopoulos - 3.6.9-1 +- Update to upstream 3.6.9 release + +* Thu Jul 25 2019 Fedora Release Engineering - 3.6.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 15 2019 Nikos Mavrogiannopoulos - 3.6.8-2 +- Rebuilt with guile-2.2 + +* Tue May 28 2019 Nikos Mavrogiannopoulos - 3.6.8-1 +- Update to upstream 3.6.8 release + +* Wed Mar 27 2019 Anderson Toshiyuki Sasaki - 3.6.7-1 +- Update to upstream 3.6.7 release +- Fixed CVE-2019-3836 (#1693214) +- Fixed CVE-2019-3829 (#1693210) + +* Fri Feb 1 2019 Nikos Mavrogiannopoulos - 3.6.6-1 +- Update to upstream 3.6.6 release + +* Thu Jan 31 2019 Fedora Release Engineering - 3.6.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 11 2019 Anderson Toshiyuki Sasaki - 3.6.5-2 +- Added explicit Requires for nettle >= 3.4.1 + +* Tue Dec 11 2018 Anderson Toshiyuki Sasaki - 3.6.5-1 +- Update to upstream 3.6.5 release + +* Mon Oct 29 2018 James Antill - 3.6.4-5 +- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc. + +* Wed Oct 17 2018 Nikos Mavrogiannopoulos - 3.6.4-4 +- Fix issue with rehandshake affecting glib-networking (#1634736) + +* Tue Oct 16 2018 Tomáš Mráz - 3.6.4-3 +- Add missing annobin notes for assembler sources + +* Tue Oct 09 2018 Petr Menšík - 3.6.4-2 +- Rebuilt for unbound 1.8 + +* Tue Sep 25 2018 Nikos Mavrogiannopoulos - 3.6.4-1 +- Updated to upstream 3.6.4 release +- Added support for the latest version of the TLS1.3 protocol +- Enabled SHA1 support as SHA1 deprecation is handled via the + fedora crypto policies. + +* Thu Aug 16 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Fixed gnutls-cli input reading +- Ensure that we do not cause issues with version rollback detection + and TLS1.3. + +* Tue Aug 07 2018 Nikos Mavrogiannopoulos - 3.6.3-3 +- Fixed ECDSA public key import (#1612803) + +* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-2 +- Backported regression fixes from 3.6.2 + +* Mon Jul 16 2018 Nikos Mavrogiannopoulos - 3.6.3-1 +- Update to upstream 3.6.3 release + +* Fri Jul 13 2018 Fedora Release Engineering - 3.6.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jun 13 2018 Nikos Mavrogiannopoulos - 3.6.2-4 +- Enable FIPS140-2 mode in Fedora + +* Wed Jun 06 2018 Nikos Mavrogiannopoulos - 3.6.2-3 +- Update to upstream 3.6.2 release + +* Fri May 25 2018 David Abdurachmanov - 3.6.2-2 +- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep + +* Fri Feb 16 2018 Nikos Mavrogiannopoulos - 3.6.2-1 +- Update to upstream 3.6.2 release + +* Wed Feb 07 2018 Fedora Release Engineering - 3.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 2 2018 Nikos Mavrogiannopoulos - 3.6.1-4 +- Rebuilt to address incompatibility with new nettle + +* Thu Nov 30 2017 Nikos Mavrogiannopoulos - 3.6.1-3 +- Corrected regression from 3.6.1-2 which prevented the loading of + arbitrary p11-kit modules (#1507402) + +* Mon Nov 6 2017 Nikos Mavrogiannopoulos - 3.6.1-2 +- Prevent the loading of all PKCS#11 modules on certificate verification + but only restrict to p11-kit trust module (#1507402) + +* Sat Oct 21 2017 Nikos Mavrogiannopoulos - 3.6.1-1 +- Update to upstream 3.6.1 release + +* Mon Aug 21 2017 Nikos Mavrogiannopoulos - 3.6.0-1 +- Update to upstream 3.6.0 release + +* Wed Aug 02 2017 Fedora Release Engineering - 3.5.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.5.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 04 2017 Nikos Mavrogiannopoulos - 3.5.14-1 +- Update to upstream 3.5.14 release + +* Wed Jun 07 2017 Nikos Mavrogiannopoulos - 3.5.13-1 +- Update to upstream 3.5.13 release + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-2 +- Fix issue with p11-kit-trust arch dependency + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-1 +- Update to upstream 3.5.12 release + +* Fri Apr 07 2017 Nikos Mavrogiannopoulos - 3.5.11-1 +- Update to upstream 3.5.11 release + +* Mon Mar 06 2017 Nikos Mavrogiannopoulos - 3.5.10-1 +- Update to upstream 3.5.10 release + +* Wed Feb 15 2017 Nikos Mavrogiannopoulos - 3.5.9-2 +- Work around missing pkg-config file (#1422256) + +* Tue Feb 14 2017 Nikos Mavrogiannopoulos - 3.5.9-1 +- Update to upstream 3.5.9 release + +* Fri Feb 10 2017 Fedora Release Engineering - 3.5.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Feb 4 2017 Nikos Mavrogiannopoulos 3.5.8-2 +- Added patch fix initialization issue in gnutls_pkcs11_obj_list_import_url4 + +* Mon Jan 9 2017 Nikos Mavrogiannopoulos 3.5.8-1 +- New upstream release + +* Tue Dec 13 2016 Nikos Mavrogiannopoulos 3.5.7-3 +- Fix PKCS#8 file loading (#1404084) + +* Thu Dec 8 2016 Nikos Mavrogiannopoulos 3.5.7-1 +- New upstream release + +* Fri Nov 4 2016 Nikos Mavrogiannopoulos 3.5.6-1 +- New upstream release + +* Tue Oct 11 2016 walters@redhat.com - 3.5.5-2 +- Apply patch to fix compatibility with ostree (#1383708) + +* Mon Oct 10 2016 Nikos Mavrogiannopoulos 3.5.5-1 +- New upstream release + +* Thu Sep 8 2016 Nikos Mavrogiannopoulos 3.5.4-1 +- New upstream release + +* Mon Aug 29 2016 Nikos Mavrogiannopoulos 3.5.3-2 +- Work around #1371082 for x86 +- Fixed issue with DTLS sliding window implementation (#1370881) + +* Tue Aug 9 2016 Nikos Mavrogiannopoulos 3.5.3-1 +- New upstream release + +* Wed Jul 6 2016 Nikos Mavrogiannopoulos 3.5.2-1 +- New upstream release + +* Wed Jun 15 2016 Nikos Mavrogiannopoulos 3.5.1-1 +- New upstream release + +* Tue Jun 7 2016 Nikos Mavrogiannopoulos 3.4.13-1 +- New upstream release (#1343258) +- Addresses issue with setuid programs introduced in 3.4.12 (#1343342) + +* Fri May 20 2016 Nikos Mavrogiannopoulos 3.4.12-1 +- New upstream release + +* Mon Apr 11 2016 Nikos Mavrogiannopoulos 3.4.11-1 +- New upstream release + +* Fri Mar 4 2016 Nikos Mavrogiannopoulos 3.4.10-1 +- New upstream release (#1314576) + +* Wed Feb 3 2016 Nikos Mavrogiannopoulos 3.4.9-1 +- Fix broken key usage flags introduced in 3.4.8 (#1303355) + +* Mon Jan 11 2016 Nikos Mavrogiannopoulos 3.4.8-1 +- New upstream release (#1297079) + +* Mon Nov 23 2015 Nikos Mavrogiannopoulos 3.4.7-1 +- New upstream release (#1284300) +- Documentation updates (#1282864) +- Adds interface to set unique IDs in certificates (#1281343) +- Allow arbitrary key sizes with ARCFOUR (#1284401) + +* Wed Oct 21 2015 Nikos Mavrogiannopoulos 3.4.6-1 +- New upstream release (#1273672) +- Enhances p11tool to write CKA_ISSUER and CKA_SERIAL_NUMBER (#1272178) + +* Tue Oct 20 2015 Adam Williamson - 3.4.5-2 +- fix interaction with Chrome 45+ (master secret extension) (#1273102) + +* Mon Sep 14 2015 Nikos Mavrogiannopoulos 3.4.5-1 +- New upstream release (#1252192) +- Eliminates hard limits on CRL parsing of certtool. + +* Mon Aug 10 2015 Nikos Mavrogiannopoulos 3.4.4-1 +- new upstream release +- no longer requires trousers patch +- fixes issue in gnutls_x509_privkey_import (#1250020) + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-2 +- Don't link against trousers but rather dlopen() it when available. + That avoids a dependency on openssl by the main library. + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-1 +- new upstream release + +* Thu Jul 02 2015 Adam Jackson 3.4.2-3 +- Only disable -z now for the guile modules + +* Thu Jun 18 2015 Nikos Mavrogiannopoulos 3.4.2-2 +- rename the symbol version for internal symbols to avoid clashes + with 3.3.x. + +* Wed Jun 17 2015 Nikos Mavrogiannopoulos 3.4.2-1 +- new upstream release + +* Tue May 5 2015 Nikos Mavrogiannopoulos 3.4.1-2 +- Provide missing GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA definition + +* Mon May 4 2015 Nikos Mavrogiannopoulos 3.4.1-1 +- new upstream release + +* Sat May 02 2015 Kalev Lember - 3.3.14-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Mon Mar 30 2015 Nikos Mavrogiannopoulos 3.3.14-1 +- new upstream release +- improved BER decoding of PKCS #12 structures (#1131461) + +* Fri Mar 6 2015 Nikos Mavrogiannopoulos 3.3.13-3 +- Build with hardened flags +- Removed -Wl,--no-add-needed linker flag + +* Fri Feb 27 2015 Till Maas - 3.3.13-2 +- Do not build with hardened flags + +* Thu Feb 26 2015 Nikos Mavrogiannopoulos 3.3.13-1 +- new upstream release + +* Sat Feb 21 2015 Till Maas - 3.3.12-3 +- Make build verbose +- Use %%license + +* Sat Feb 21 2015 Till Maas - 3.3.12-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Mon Jan 19 2015 Nikos Mavrogiannopoulos 3.3.12-1 +- new upstream release + +* Mon Jan 5 2015 Nikos Mavrogiannopoulos 3.3.11-2 +- enabled guile bindings (#1177847) + +* Thu Dec 11 2014 Nikos Mavrogiannopoulos 3.3.11-1 +- new upstream release + +* Mon Nov 10 2014 Nikos Mavrogiannopoulos 3.3.10-1 +- new upstream release + +* Thu Oct 23 2014 Nikos Mavrogiannopoulos 3.3.9-2 +- applied fix for issue in get-issuer (#1155901) + +* Mon Oct 13 2014 Nikos Mavrogiannopoulos 3.3.9-1 +- new upstream release + +* Fri Sep 19 2014 Nikos Mavrogiannopoulos 3.3.8-2 +- strip rpath from library + +* Thu Sep 18 2014 Nikos Mavrogiannopoulos 3.3.8-1 +- new upstream release + +* Mon Aug 25 2014 Nikos Mavrogiannopoulos 3.3.7-1 +- new upstream release + +* Sat Aug 16 2014 Fedora Release Engineering - 3.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 23 2014 Nikos Mavrogiannopoulos 3.3.6-1 +- new upstream release + +* Tue Jul 01 2014 Nikos Mavrogiannopoulos 3.3.5-2 +- Added work-around for s390 builds with gcc 4.9 (#1102324) + +* Mon Jun 30 2014 Nikos Mavrogiannopoulos 3.3.5-1 +- new upstream release + +* Tue Jun 17 2014 Nikos Mavrogiannopoulos 3.3.4-3 +- explicitly depend on p11-kit-trust + +* Sat Jun 07 2014 Fedora Release Engineering - 3.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jun 02 2014 Nikos Mavrogiannopoulos 3.3.4-1 +- new upstream release + +* Fri May 30 2014 Nikos Mavrogiannopoulos 3.3.3-1 +- new upstream release + +* Wed May 21 2014 Nikos Mavrogiannopoulos 3.3.2-2 +- Require crypto-policies + +* Fri May 09 2014 Nikos Mavrogiannopoulos 3.3.2-1 +- new upstream release + +* Mon May 05 2014 Nikos Mavrogiannopoulos 3.3.1-4 +- Replaced /etc/crypto-profiles/apps with /etc/crypto-policies/back-ends. +- Added support for "very weak" profile. + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-2 +- gnutls_global_deinit() will not do anything if the previous + initialization has failed (#1091053) + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-1 +- new upstream release + +* Mon Apr 14 2014 Nikos Mavrogiannopoulos 3.3.0-1 +- new upstream release + +* Tue Apr 08 2014 Nikos Mavrogiannopoulos 3.2.13-1 +- new upstream release + +* Wed Mar 05 2014 Nikos Mavrogiannopoulos 3.2.12.1-1 +- new upstream release + +* Mon Mar 03 2014 Nikos Mavrogiannopoulos 3.2.12-1 +- new upstream release + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-2 +- use p11-kit trust store for certificate verification + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-1 +- new upstream release + +* Tue Jan 14 2014 Tomáš Mráz 3.2.8-2 +- build the crywrap tool + +* Mon Dec 23 2013 Nikos Mavrogiannopoulos 3.2.8-1 +- new upstream release + +* Wed Dec 4 2013 Nikos Mavrogiannopoulos 3.2.7-2 +- Use the correct root key for unbound /var/lib/unbound/root.key (#1012494) +- Pull asm fixes from upstream (#973210) + +* Mon Nov 25 2013 Nikos Mavrogiannopoulos 3.2.7-1 +- new upstream release +- added dependency to autogen-libopts-devel to use the system's + libopts library +- added dependency to trousers-devel to enable TPM support + +* Mon Nov 4 2013 Tomáš Mráz 3.1.16-1 +- new upstream release +- fixes CVE-2013-4466 off-by-one in dane_query_tlsa() + +* Fri Oct 25 2013 Tomáš Mráz 3.1.15-1 +- new upstream release +- fixes CVE-2013-4466 buffer overflow in handling DANE entries + +* Wed Oct 16 2013 Tomáš Mráz 3.1.13-3 +- enable ECC NIST Suite B curves + +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Tomáš Mráz 3.1.13-1 +- new upstream release + +* Mon May 13 2013 Tomáš Mráz 3.1.11-1 +- new upstream release + +* Mon Mar 25 2013 Tomas Mraz 3.1.10-1 +- new upstream release +- license of the library is back to LGPLv2.1+ + +* Fri Mar 15 2013 Tomas Mraz 3.1.9-1 +- new upstream release + +* Thu Mar 7 2013 Tomas Mraz 3.1.8-3 +- drop the temporary old library + +* Tue Feb 26 2013 Tomas Mraz 3.1.8-2 +- don't send ECC algos as supported (#913797) + +* Thu Feb 21 2013 Tomas Mraz 3.1.8-1 +- new upstream version + +* Wed Feb 6 2013 Tomas Mraz 3.1.7-1 +- new upstream version, requires rebuild of dependencies +- this release temporarily includes old compatibility .so + +* Tue Feb 5 2013 Tomas Mraz 2.12.22-2 +- rebuilt with new libtasn1 +- make guile bindings optional - breaks i686 build and there is + no dependent package + +* Tue Jan 8 2013 Tomas Mraz 2.12.22-1 +- new upstream version + +* Wed Nov 28 2012 Tomas Mraz 2.12.21-2 +- use RSA bit sizes supported by libgcrypt in FIPS mode for security + levels (#879643) + +* Fri Nov 9 2012 Tomas Mraz 2.12.21-1 +- new upstream version + +* Thu Nov 1 2012 Tomas Mraz 2.12.20-4 +- negotiate only FIPS approved algorithms in the FIPS mode (#871826) + +* Wed Aug 8 2012 Tomas Mraz 2.12.20-3 +- fix the gnutls-cli-debug manpage - patch by Peter Schiffer + +* Thu Jul 19 2012 Fedora Release Engineering - 2.12.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 18 2012 Tomas Mraz 2.12.20-1 +- new upstream version + +* Fri May 18 2012 Tomas Mraz 2.12.19-1 +- new upstream version + +* Thu Mar 29 2012 Tomas Mraz 2.12.18-1 +- new upstream version + +* Thu Mar 8 2012 Tomas Mraz 2.12.17-1 +- new upstream version +- fix leaks in key generation (#796302) + +* Fri Feb 03 2012 Kevin Fenzi - 2.12.14-3 +- Disable largefile on arm arch. (#787287) + +* Fri Jan 13 2012 Fedora Release Engineering - 2.12.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 8 2011 Tomas Mraz 2.12.14-1 +- new upstream version + +* Mon Oct 24 2011 Tomas Mraz 2.12.12-1 +- new upstream version + +* Thu Sep 29 2011 Tomas Mraz 2.12.11-1 +- new upstream version + +* Fri Aug 26 2011 Tomas Mraz 2.12.9-1 +- new upstream version + +* Tue Aug 16 2011 Tomas Mraz 2.12.8-1 +- new upstream version + +* Mon Jul 25 2011 Tomas Mraz 2.12.7-2 +- fix problem when using new libgcrypt +- split libgnutlsxx to a subpackage (#455146) +- drop libgnutls-openssl (#460310) + +* Tue Jun 21 2011 Tomas Mraz 2.12.7-1 +- new upstream version + +* Mon May 9 2011 Tomas Mraz 2.12.4-1 +- new upstream version + +* Tue Apr 26 2011 Tomas Mraz 2.12.3-1 +- new upstream version + +* Mon Apr 18 2011 Tomas Mraz 2.12.2-1 +- new upstream version + +* Thu Mar 3 2011 Tomas Mraz 2.10.5-1 +- new upstream version + +* Tue Feb 08 2011 Fedora Release Engineering - 2.10.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 8 2010 Tomas Mraz 2.10.4-1 +- new upstream version + +* Thu Dec 2 2010 Tomas Mraz 2.10.3-2 +- fix buffer overflow in gnutls-serv (#659259) + +* Fri Nov 19 2010 Tomas Mraz 2.10.3-1 +- new upstream version + +* Thu Sep 30 2010 Tomas Mraz 2.10.2-1 +- new upstream version + +* Wed Sep 29 2010 jkeating - 2.10.1-4 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Tomas Mraz 2.10.1-3 +- more patching for internal errors regression (#629858) + patch by Vivek Dasmohapatra + +* Tue Sep 21 2010 Tomas Mraz 2.10.1-2 +- backported patch from upstream git hopefully fixing internal errors + (#629858) + +* Wed Aug 4 2010 Tomas Mraz 2.10.1-1 +- new upstream version + +* Wed Jun 2 2010 Tomas Mraz 2.8.6-2 +- add support for safe renegotiation CVE-2009-3555 (#533125) + +* Wed May 12 2010 Tomas Mraz 2.8.6-1 +- upgrade to a new upstream version + +* Mon Feb 15 2010 Rex Dieter 2.8.5-4 +- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624) + +* Thu Jan 28 2010 Tomas Mraz 2.8.5-3 +- drop superfluous rpath from binaries +- do not call autoreconf during build +- specify the license on utils subpackage + +* Mon Jan 18 2010 Tomas Mraz 2.8.5-2 +- do not create static libraries (#556052) + +* Mon Nov 2 2009 Tomas Mraz 2.8.5-1 +- upgrade to a new upstream version + +* Wed Sep 23 2009 Tomas Mraz 2.8.4-1 +- upgrade to a new upstream version + +* Fri Aug 14 2009 Tomas Mraz 2.8.3-1 +- upgrade to a new upstream version + +* Fri Jul 24 2009 Fedora Release Engineering - 2.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Tomas Mraz 2.8.1-1 +- upgrade to a new upstream version + +* Wed Jun 3 2009 Tomas Mraz 2.8.0-1 +- upgrade to a new upstream version + +* Mon May 4 2009 Tomas Mraz 2.6.6-1 +- upgrade to a new upstream version - security fixes + +* Tue Apr 14 2009 Tomas Mraz 2.6.5-1 +- upgrade to a new upstream version, minor bugfixes only + +* Fri Mar 6 2009 Tomas Mraz 2.6.4-1 +- upgrade to a new upstream version + +* Tue Feb 24 2009 Fedora Release Engineering - 2.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 15 2008 Tomas Mraz 2.6.3-1 +- upgrade to a new upstream version + +* Thu Dec 4 2008 Tomas Mraz 2.6.2-1 +- upgrade to a new upstream version + +* Tue Nov 11 2008 Tomas Mraz 2.4.2-3 +- fix chain verification issue CVE-2008-4989 (#470079) + +* Thu Sep 25 2008 Tomas Mraz 2.4.2-2 +- add guile subpackage (#463735) +- force new libtool through autoreconf to drop unnecessary rpaths + +* Tue Sep 23 2008 Tomas Mraz 2.4.2-1 +- new upstream version + +* Tue Jul 1 2008 Tomas Mraz 2.4.1-1 +- new upstream version +- correct the license tag +- explicit --with-included-opencdk not needed +- use external lzo library, internal not included anymore + +* Tue Jun 24 2008 Tomas Mraz 2.4.0-1 +- upgrade to latest upstream + +* Tue May 20 2008 Tomas Mraz 2.0.4-3 +- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 + (#447461, #447462, #447463) + +* Mon Feb 4 2008 Joe Orton 2.0.4-2 +- use system libtasn1 + +* Tue Dec 4 2007 Tomas Mraz 2.0.4-1 +- upgrade to latest upstream + +* Tue Aug 21 2007 Tomas Mraz 1.6.3-2 +- license tag fix + +* Wed Jun 6 2007 Tomas Mraz 1.6.3-1 +- upgrade to latest upstream (#232445) + +* Tue Apr 10 2007 Tomas Mraz 1.4.5-2 +- properly require install-info (patch by Ville Skyttä) +- standard buildroot and use dist tag +- add COPYING and README to doc + +* Wed Feb 7 2007 Tomas Mraz 1.4.5-1 +- new upstream version +- drop libtermcap-devel from buildrequires + +* Thu Sep 14 2006 Tomas Mraz 1.4.1-2 +- detect forged signatures - CVE-2006-4790 (#206411), patch + from upstream + +* Tue Jul 18 2006 Tomas Mraz - 1.4.1-1 +- upgrade to new upstream version, only minor changes + +* Wed Jul 12 2006 Jesse Keating - 1.4.0-1.1 +- rebuild + +* Wed Jun 14 2006 Tomas Mraz - 1.4.0-1 +- upgrade to new upstream version (#192070), rebuild + of dependent packages required + +* Tue May 16 2006 Tomas Mraz - 1.2.10-2 +- added missing buildrequires + +* Mon Feb 13 2006 Tomas Mraz - 1.2.10-1 +- updated to new version (fixes CVE-2006-0645) + +* Fri Feb 10 2006 Jesse Keating - 1.2.9-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.2.9-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 3 2006 Jesse Keating 1.2.9-3 +- rebuilt + +* Fri Dec 9 2005 Tomas Mraz 1.2.9-2 +- replaced *-config scripts with calls to pkg-config to + solve multilib conflicts + +* Wed Nov 23 2005 Tomas Mraz 1.2.9-1 +- upgrade to newest upstream +- removed .la files (#172635) + +* Sun Aug 7 2005 Tomas Mraz 1.2.6-1 +- upgrade to newest upstream (rebuild of dependencies necessary) + +* Mon Jul 4 2005 Tomas Mraz 1.0.25-2 +- split the command line tools to utils subpackage + +* Sat Apr 30 2005 Tomas Mraz 1.0.25-1 +- new upstream version fixes potential DOS attack + +* Sat Apr 23 2005 Tomas Mraz 1.0.24-2 +- readd the version script dropped by upstream + +* Fri Apr 22 2005 Tomas Mraz 1.0.24-1 +- update to the latest upstream version on the 1.0 branch + +* Wed Mar 2 2005 Warren Togami 1.0.20-6 +- gcc4 rebuild + +* Tue Jan 4 2005 Ivana Varekova 1.0.20-5 +- add gnutls Requires zlib-devel (#144069) + +* Mon Nov 08 2004 Colin Walters 1.0.20-4 +- Make gnutls-devel Require libgcrypt-devel + +* Tue Sep 21 2004 Jeff Johnson 1.0.20-3 +- rebuild with release++, otherwise unchanged. + +* Tue Sep 7 2004 Jeff Johnson 1.0.20-2 +- patent tainted SRP code removed. + +* Sun Sep 5 2004 Jeff Johnson 1.0.20-1 +- update to 1.0.20. +- add --with-included-opencdk --with-included-libtasn1 +- add --with-included-libcfg --with-included-lzo +- add --disable-srp-authentication. +- do "make check" after build. + +* Fri Mar 21 2003 Jeff Johnson 0.9.2-1 +- upgrade to 0.9.2 + +* Tue Jun 25 2002 Jeff Johnson 0.4.4-1 +- update to 0.4.4. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sat May 25 2002 Jeff Johnson 0.4.3-1 +- update to 0.4.3. + +* Tue May 21 2002 Jeff Johnson 0.4.2-1 +- update to 0.4.2. +- change license to LGPL. +- include splint annotations patch. + +* Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1 +- update to 0.4.0 + +* Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1 +- update to 0.3.2 + +* Thu Jan 10 2002 Nalin Dahyabhai 0.3.0-1 +- add a URL + +* Thu Dec 20 2001 Nalin Dahyabhai +- initial package