2 files changed, 300 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch b/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch
new file mode 100644
index 0000000000..fa98c1dcd5
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch
@@ -0,0 +1,299 @@
+From 23135619773e6ec087ff2abc65405bd4d5676bad Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 7 Jul 2025 11:15:45 +0900
+Subject: [PATCH] handshake: clear HSK_PSK_SELECTED is when resetting
+ binders
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
+second Client Hello omits PSK, the server would result in a NULL
+pointer dereference as the PSK binder information is cleared while the
+HSK_PSK_SELECTED flag is still set. This makes sure that
+HSK_PSK_SELECTED flag is always cleared when the PSK binders are
+reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
+only during a handshake; after that, whether PSK is used can be
+checked with gnutls_auth_client_get_type.
+Reported by Stefan Bühler.
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+CVE: CVE-2025-6395
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ NEWS                                  |   4 +
+ lib/handshake.c                       |  25 +++-
+ lib/state.c                           |   4 +-
+ tests/Makefile.am                     |   2 +
+ tests/tls13/hello_retry_request_psk.c | 173 ++++++++++++++++++++++++++
+ 5 files changed, 204 insertions(+), 4 deletions(-)
+ create mode 100644 tests/tls13/hello_retry_request_psk.c
+diff --git a/NEWS b/NEWS
+index 1334516c6..d800e83b0 100644
+--- a/NEWS
+++ b/NEWS
+@@ -5,6 +5,10 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
+ Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
+ See the end for copying conditions.
+ 
+** libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
+   Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
+   [CVE-2025-6395]
+
+ ** libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
+    Spotted by oss-fuzz and reported by OpenAI Security Research Team,
+    and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
+diff --git a/lib/handshake.c b/lib/handshake.c
+index 722307be7..489d02194 100644
+--- a/lib/handshake.c
+++ b/lib/handshake.c
+@@ -589,9 +589,28 @@ static int set_auth_types(gnutls_session_t session)
+                /* Under TLS1.3 this returns a KX which matches the negotiated
+                 * groups from the key shares; if we are resuming then the KX seen
+                 * here doesn't match the original session. */
+-               if (!session->internals.resumed)
+-                       kx = gnutls_kx_get(session);
+-               else
+               if (!session->internals.resumed) {
+                       const gnutls_group_entry_st *group = get_group(session);
+
+                       if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+                               if (group) {
+                                       kx = group->pk == GNUTLS_PK_DH ?
+                                                    GNUTLS_KX_DHE_PSK :
+                                                    GNUTLS_KX_ECDHE_PSK;
+                               } else {
+                                       kx = GNUTLS_KX_PSK;
+                               }
+                       } else if (group) {
+                               /* Not necessarily be RSA, but just to
+                                * make _gnutls_map_kx_get_cred below
+                                * work.
+                                */
+                               kx = group->pk == GNUTLS_PK_DH ?
+                                            GNUTLS_KX_DHE_RSA :
+                                            GNUTLS_KX_ECDHE_RSA;
+                       } else
+                               kx = GNUTLS_KX_UNKNOWN;
+               } else
+                        kx = GNUTLS_KX_UNKNOWN;
+        } else {
+                /* TLS1.2 or earlier, kx is associated with ciphersuite */
+diff --git a/lib/state.c b/lib/state.c
+index ec514c0cd..10ec0eadb 100644
+--- a/lib/state.c
+++ b/lib/state.c
+@@ -202,7 +202,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
+                const gnutls_group_entry_st *group = get_group(session);
+ 
+                if (ver->tls13_sem) {
+-                       if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
+                       if (gnutls_auth_client_get_type(session) ==
+                           GNUTLS_CRD_PSK) {
+                                if (group) {
+                                        if (group->pk == GNUTLS_PK_DH)
+                                                return GNUTLS_KX_DHE_PSK;
+@@ -349,6 +350,7 @@ void reset_binders(gnutls_session_t session)
+        _gnutls_free_temp_key_datum(&session->key.binders[0].psk);
+        _gnutls_free_temp_key_datum(&session->key.binders[1].psk);
+        memset(session->key.binders, 0, sizeof(session->key.binders));
+       session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
+ }
+ 
+ /* Check whether certificate credentials of type @cert_type are set
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index c2d226a00..e43faf10f 100644
+--- a/tests/Makefile.am
+++ b/tests/Makefile.am
+@@ -128,6 +128,8 @@ ctests += tls13/hello_retry_request
+ 
+ ctests += tls13/hello_retry_request_resume
+ 
+ctests += tls13/hello_retry_request_psk
+
+ ctests += tls13/psk-ext
+ 
+ ctests += tls13/key_update
+diff --git a/tests/tls13/hello_retry_request_psk.c b/tests/tls13/hello_retry_request_psk.c
+new file mode 100644
+index 000000000..a20cb0d96
+--- /dev/null
+++ b/tests/tls13/hello_retry_request_psk.c
+@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2017-2025 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#include <string.h>
+#include <gnutls/gnutls.h>
+#include <assert.h>
+
+#include "cert-common.h"
+#include "utils.h"
+#include "tls13/ext-parse.h"
+#include "eagain-common.h"
+
+/* This program exercises the case where a TLS 1.3 handshake ends up
+ * with HRR, and the first CH includes PSK while the 2nd CH omits
+ * it */
+
+const char *testname = "hello entry request";
+
+const char *side = "";
+
+#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__)
+
+static void tls_log_func(int level, const char *str)
+{
+       fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+struct ctx_st {
+       unsigned hrr_seen;
+       unsigned hello_counter;
+};
+
+static int pskfunc(gnutls_session_t session, const char *username,
+                  gnutls_datum_t *key)
+{
+       if (debug)
+               printf("psk: username %s\n", username);
+       key->data = gnutls_malloc(4);
+       key->data[0] = 0xDE;
+       key->data[1] = 0xAD;
+       key->data[2] = 0xBE;
+       key->data[3] = 0xEF;
+       key->size = 4;
+       return 0;
+}
+
+static int hello_callback(gnutls_session_t session, unsigned int htype,
+                         unsigned post, unsigned int incoming,
+                         const gnutls_datum_t *msg)
+{
+       struct ctx_st *ctx = gnutls_session_get_ptr(session);
+       assert(ctx != NULL);
+
+       if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST)
+               ctx->hrr_seen = 1;
+
+       if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+               if (post == GNUTLS_HOOK_POST)
+                       ctx->hello_counter++;
+               else {
+                       /* Unset the PSK credential to omit the extension */
+                       gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL);
+               }
+       }
+
+       return 0;
+}
+
+void doit(void)
+{
+       int sret, cret;
+       gnutls_psk_server_credentials_t scred;
+       gnutls_psk_client_credentials_t ccred;
+       gnutls_certificate_credentials_t ccred2;
+       gnutls_session_t server, client;
+       /* Need to enable anonymous KX specifically. */
+       const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
+
+       struct ctx_st ctx;
+       memset(&ctx, 0, sizeof(ctx));
+
+       global_init();
+
+       gnutls_global_set_log_function(tls_log_func);
+       if (debug)
+               gnutls_global_set_log_level(9);
+
+       /* Init server */
+       assert(gnutls_psk_allocate_server_credentials(&scred) >= 0);
+       gnutls_psk_set_server_credentials_function(scred, pskfunc);
+
+       gnutls_init(&server, GNUTLS_SERVER);
+
+       assert(gnutls_priority_set_direct(
+                      server,
+                      "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK",
+                      NULL) >= 0);
+
+       gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred);
+       gnutls_transport_set_push_function(server, server_push);
+       gnutls_transport_set_pull_function(server, server_pull);
+       gnutls_transport_set_ptr(server, server);
+
+       /* Init client */
+       assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0);
+       gnutls_psk_set_client_credentials(ccred, "test", &key,
+                                         GNUTLS_PSK_KEY_HEX);
+       assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0);
+
+       assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_KEY_SHARE_TOP) >= 0);
+
+       gnutls_session_set_ptr(client, &ctx);
+
+       cret = gnutls_priority_set_direct(
+               client,
+               "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK",
+               NULL);
+       if (cret < 0)
+               myfail("cannot set TLS 1.3 priorities\n");
+
+       gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred);
+       gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2);
+       gnutls_transport_set_push_function(client, client_push);
+       gnutls_transport_set_pull_function(client, client_pull);
+       gnutls_transport_set_ptr(client, client);
+
+       gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY,
+                                          GNUTLS_HOOK_BOTH, hello_callback);
+
+       HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
+                        GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+       assert(ctx.hrr_seen != 0);
+
+       gnutls_bye(client, GNUTLS_SHUT_WR);
+       gnutls_bye(server, GNUTLS_SHUT_WR);
+
+       gnutls_deinit(client);
+       gnutls_deinit(server);
+
+       gnutls_psk_free_server_credentials(scred);
+       gnutls_psk_free_client_credentials(ccred);
+       gnutls_certificate_free_credentials(ccred2);
+
+       gnutls_global_deinit();
+       reset_buffers();
+}
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index 3186cb92e3..dde3bc3014 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
           file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \
           file://CVE-2025-32988.patch \
           file://CVE-2025-32990.patch \
+           file://CVE-2025-6395.patch \
           "
 SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch b/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch new file mode 100644 index 0000000000..fa98c1dcd5 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch
@@ -0,0 +1,299 @@
		1	From 23135619773e6ec087ff2abc65405bd4d5676bad Mon Sep 17 00:00:00 2001
		2	From: Daiki Ueno <ueno@gnu.org>
		3	Date: Mon, 7 Jul 2025 11:15:45 +0900
		4	Subject: [PATCH] handshake: clear HSK_PSK_SELECTED is when resetting
		5	binders
		6	MIME-Version: 1.0
		7	Content-Type: text/plain; charset=UTF-8
		8	Content-Transfer-Encoding: 8bit
		9
		10	When a TLS 1.3 handshake involves HRR and resumption or PSK, and the
		11	second Client Hello omits PSK, the server would result in a NULL
		12	pointer dereference as the PSK binder information is cleared while the
		13	HSK_PSK_SELECTED flag is still set. This makes sure that
		14	HSK_PSK_SELECTED flag is always cleared when the PSK binders are
		15	reset. This also makes it clear the HSK_PSK_SELECTED flag is valid
		16	only during a handshake; after that, whether PSK is used can be
		17	checked with gnutls_auth_client_get_type.
		18
		19	Reported by Stefan Bühler.
		20
		21	Signed-off-by: Daiki Ueno <ueno@gnu.org>
		22
		23	CVE: CVE-2025-6395
		24	Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad]
		25	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		26	---
		27	NEWS \| 4 +
		28	lib/handshake.c \| 25 +++-
		29	lib/state.c \| 4 +-
		30	tests/Makefile.am \| 2 +
		31	tests/tls13/hello_retry_request_psk.c \| 173 ++++++++++++++++++++++++++
		32	5 files changed, 204 insertions(+), 4 deletions(-)
		33	create mode 100644 tests/tls13/hello_retry_request_psk.c
		34
		35	diff --git a/NEWS b/NEWS
		36	index 1334516c6..d800e83b0 100644
		37	--- a/NEWS
		38	+++ b/NEWS
		39	@@ -5,6 +5,10 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
		40	Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
		41	See the end for copying conditions.
		42
		43	+** libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
		44	+ Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
		45	+ [CVE-2025-6395]
		46	+
		47	** libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
		48	Spotted by oss-fuzz and reported by OpenAI Security Research Team,
		49	and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
		50	diff --git a/lib/handshake.c b/lib/handshake.c
		51	index 722307be7..489d02194 100644
		52	--- a/lib/handshake.c
		53	+++ b/lib/handshake.c
		54	@@ -589,9 +589,28 @@ static int set_auth_types(gnutls_session_t session)
		55	/* Under TLS1.3 this returns a KX which matches the negotiated
		56	* groups from the key shares; if we are resuming then the KX seen
		57	* here doesn't match the original session. */
		58	- if (!session->internals.resumed)
		59	- kx = gnutls_kx_get(session);
		60	- else
		61	+ if (!session->internals.resumed) {
		62	+ const gnutls_group_entry_st *group = get_group(session);
		63	+
		64	+ if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
		65	+ if (group) {
		66	+ kx = group->pk == GNUTLS_PK_DH ?
		67	+ GNUTLS_KX_DHE_PSK :
		68	+ GNUTLS_KX_ECDHE_PSK;
		69	+ } else {
		70	+ kx = GNUTLS_KX_PSK;
		71	+ }
		72	+ } else if (group) {
		73	+ /* Not necessarily be RSA, but just to
		74	+ * make _gnutls_map_kx_get_cred below
		75	+ * work.
		76	+ */
		77	+ kx = group->pk == GNUTLS_PK_DH ?
		78	+ GNUTLS_KX_DHE_RSA :
		79	+ GNUTLS_KX_ECDHE_RSA;
		80	+ } else
		81	+ kx = GNUTLS_KX_UNKNOWN;
		82	+ } else
		83	kx = GNUTLS_KX_UNKNOWN;
		84	} else {
		85	/* TLS1.2 or earlier, kx is associated with ciphersuite */
		86	diff --git a/lib/state.c b/lib/state.c
		87	index ec514c0cd..10ec0eadb 100644
		88	--- a/lib/state.c
		89	+++ b/lib/state.c
		90	@@ -202,7 +202,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
		91	const gnutls_group_entry_st *group = get_group(session);
		92
		93	if (ver->tls13_sem) {
		94	- if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
		95	+ if (gnutls_auth_client_get_type(session) ==
		96	+ GNUTLS_CRD_PSK) {
		97	if (group) {
		98	if (group->pk == GNUTLS_PK_DH)
		99	return GNUTLS_KX_DHE_PSK;
		100	@@ -349,6 +350,7 @@ void reset_binders(gnutls_session_t session)
		101	_gnutls_free_temp_key_datum(&session->key.binders[0].psk);
		102	_gnutls_free_temp_key_datum(&session->key.binders[1].psk);
		103	memset(session->key.binders, 0, sizeof(session->key.binders));
		104	+ session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
		105	}
		106
		107	/* Check whether certificate credentials of type @cert_type are set
		108	diff --git a/tests/Makefile.am b/tests/Makefile.am
		109	index c2d226a00..e43faf10f 100644
		110	--- a/tests/Makefile.am
		111	+++ b/tests/Makefile.am
		112	@@ -128,6 +128,8 @@ ctests += tls13/hello_retry_request
		113
		114	ctests += tls13/hello_retry_request_resume
		115
		116	+ctests += tls13/hello_retry_request_psk
		117	+
		118	ctests += tls13/psk-ext
		119
		120	ctests += tls13/key_update
		121	diff --git a/tests/tls13/hello_retry_request_psk.c b/tests/tls13/hello_retry_request_psk.c
		122	new file mode 100644
		123	index 000000000..a20cb0d96
		124	--- /dev/null
		125	+++ b/tests/tls13/hello_retry_request_psk.c
		126	@@ -0,0 +1,173 @@
		127	+/*
		128	+ * Copyright (C) 2017-2025 Red Hat, Inc.
		129	+ *
		130	+ * Author: Nikos Mavrogiannopoulos, Daiki Ueno
		131	+ *
		132	+ * This file is part of GnuTLS.
		133	+ *
		134	+ * GnuTLS is free software; you can redistribute it and/or modify it
		135	+ * under the terms of the GNU General Public License as published by
		136	+ * the Free Software Foundation; either version 3 of the License, or
		137	+ * (at your option) any later version.
		138	+ *
		139	+ * GnuTLS is distributed in the hope that it will be useful, but
		140	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
		141	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		142	+ * General Public License for more details.
		143	+ *
		144	+ * You should have received a copy of the GNU Lesser General Public License
		145	+ * along with this program. If not, see <https://www.gnu.org/licenses/>
		146	+ */
		147	+
		148	+#ifdef HAVE_CONFIG_H
		149	+#include "config.h"
		150	+#endif
		151	+
		152	+#include <stdio.h>
		153	+#include <stdlib.h>
		154	+#include <stdint.h>
		155	+
		156	+#include <string.h>
		157	+#include <gnutls/gnutls.h>
		158	+#include <assert.h>
		159	+
		160	+#include "cert-common.h"
		161	+#include "utils.h"
		162	+#include "tls13/ext-parse.h"
		163	+#include "eagain-common.h"
		164	+
		165	+/* This program exercises the case where a TLS 1.3 handshake ends up
		166	+ * with HRR, and the first CH includes PSK while the 2nd CH omits
		167	+ * it */
		168	+
		169	+const char *testname = "hello entry request";
		170	+
		171	+const char *side = "";
		172	+
		173	+#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__)
		174	+
		175	+static void tls_log_func(int level, const char *str)
		176	+{
		177	+ fprintf(stderr, "%s\|<%d>\| %s", side, level, str);
		178	+}
		179	+
		180	+struct ctx_st {
		181	+ unsigned hrr_seen;
		182	+ unsigned hello_counter;
		183	+};
		184	+
		185	+static int pskfunc(gnutls_session_t session, const char *username,
		186	+ gnutls_datum_t *key)
		187	+{
		188	+ if (debug)
		189	+ printf("psk: username %s\n", username);
		190	+ key->data = gnutls_malloc(4);
		191	+ key->data[0] = 0xDE;
		192	+ key->data[1] = 0xAD;
		193	+ key->data[2] = 0xBE;
		194	+ key->data[3] = 0xEF;
		195	+ key->size = 4;
		196	+ return 0;
		197	+}
		198	+
		199	+static int hello_callback(gnutls_session_t session, unsigned int htype,
		200	+ unsigned post, unsigned int incoming,
		201	+ const gnutls_datum_t *msg)
		202	+{
		203	+ struct ctx_st *ctx = gnutls_session_get_ptr(session);
		204	+ assert(ctx != NULL);
		205	+
		206	+ if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST)
		207	+ ctx->hrr_seen = 1;
		208	+
		209	+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
		210	+ if (post == GNUTLS_HOOK_POST)
		211	+ ctx->hello_counter++;
		212	+ else {
		213	+ /* Unset the PSK credential to omit the extension */
		214	+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL);
		215	+ }
		216	+ }
		217	+
		218	+ return 0;
		219	+}
		220	+
		221	+void doit(void)
		222	+{
		223	+ int sret, cret;
		224	+ gnutls_psk_server_credentials_t scred;
		225	+ gnutls_psk_client_credentials_t ccred;
		226	+ gnutls_certificate_credentials_t ccred2;
		227	+ gnutls_session_t server, client;
		228	+ /* Need to enable anonymous KX specifically. */
		229	+ const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
		230	+
		231	+ struct ctx_st ctx;
		232	+ memset(&ctx, 0, sizeof(ctx));
		233	+
		234	+ global_init();
		235	+
		236	+ gnutls_global_set_log_function(tls_log_func);
		237	+ if (debug)
		238	+ gnutls_global_set_log_level(9);
		239	+
		240	+ /* Init server */
		241	+ assert(gnutls_psk_allocate_server_credentials(&scred) >= 0);
		242	+ gnutls_psk_set_server_credentials_function(scred, pskfunc);
		243	+
		244	+ gnutls_init(&server, GNUTLS_SERVER);
		245	+
		246	+ assert(gnutls_priority_set_direct(
		247	+ server,
		248	+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK",
		249	+ NULL) >= 0);
		250	+
		251	+ gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred);
		252	+ gnutls_transport_set_push_function(server, server_push);
		253	+ gnutls_transport_set_pull_function(server, server_pull);
		254	+ gnutls_transport_set_ptr(server, server);
		255	+
		256	+ /* Init client */
		257	+ assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0);
		258	+ gnutls_psk_set_client_credentials(ccred, "test", &key,
		259	+ GNUTLS_PSK_KEY_HEX);
		260	+ assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0);
		261	+
		262	+ assert(gnutls_init(&client, GNUTLS_CLIENT \| GNUTLS_KEY_SHARE_TOP) >= 0);
		263	+
		264	+ gnutls_session_set_ptr(client, &ctx);
		265	+
		266	+ cret = gnutls_priority_set_direct(
		267	+ client,
		268	+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK",
		269	+ NULL);
		270	+ if (cret < 0)
		271	+ myfail("cannot set TLS 1.3 priorities\n");
		272	+
		273	+ gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred);
		274	+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2);
		275	+ gnutls_transport_set_push_function(client, client_push);
		276	+ gnutls_transport_set_pull_function(client, client_pull);
		277	+ gnutls_transport_set_ptr(client, client);
		278	+
		279	+ gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY,
		280	+ GNUTLS_HOOK_BOTH, hello_callback);
		281	+
		282	+ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
		283	+ GNUTLS_E_INSUFFICIENT_CREDENTIALS);
		284	+
		285	+ assert(ctx.hrr_seen != 0);
		286	+
		287	+ gnutls_bye(client, GNUTLS_SHUT_WR);
		288	+ gnutls_bye(server, GNUTLS_SHUT_WR);
		289	+
		290	+ gnutls_deinit(client);
		291	+ gnutls_deinit(server);
		292	+
		293	+ gnutls_psk_free_server_credentials(scred);
		294	+ gnutls_psk_free_client_credentials(ccred);
		295	+ gnutls_certificate_free_credentials(ccred2);
		296	+
		297	+ gnutls_global_deinit();
		298	+ reset_buffers();
		299	+}


diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb index 3186cb92e3..dde3bc3014 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
32	file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \	32	file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \
33	file://CVE-2025-32988.patch \	33	file://CVE-2025-32988.patch \
34	file://CVE-2025-32990.patch \	34	file://CVE-2025-32990.patch \
		35	file://CVE-2025-6395.patch \
35	"	36	"
36		37
37	SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"	38	SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"