开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 2

_service:tar_scm:gnutls.spec Changed

@@ -1,6 +1,6 @@
 Name: gnutls
 Version: 3.8.2
-Release: 1
+Release: 3
 Summary: The GNU Secure Communication Protocol Library
 
 License: LGPLv2.1+ and GPLv3+
@@ -11,6 +11,8 @@
 Patch0: fix-ipv6-handshake-failed.patch
 Patch1: backport-CVE-2024-0553-rsa-psk-minimize-branching-after-decryption.patch
 Patch2: backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch
+Patch3: backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch
+Patch4: backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch 
 
 %bcond_without dane
 %bcond_with guile
@@ -36,12 +38,8 @@
 Recommends: trousers >= 0.3.11.2
 
 Provides: bundled(gnulib) = 20130424
-Provides: gnutls-utils = %{version}-%{release}
 Provides: gnutls-c++ = %{version}-%{release}
-Provides: gnutls-dane = %{version}-%{release}
-Obsoletes: gnutls-utils < %{version}-%{release} 
-Obsoletes: gnutls-c++ < %{version}-%{release} 
-Obsoletes: gnutls-dane < %{version}-%{release}
+Obsoletes: gnutls-c++ < %{version}-%{release}
 
 %description
 GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
@@ -57,11 +55,47 @@
 %package devel
 Summary: Development files for %{name}
 Requires: %{name}%{?_isa} = %{version}-%{release}
+%if %{with dane}
+Requires: %{name}-dane%{?_isa} = %{version}-%{release}
+%endif
 Requires: pkgconf
 
 %description devel
 This package contains files needed for developing applications with %{name}.
 
+%package utils
+License: GPL-3.0-or-later
+Summary: Command line tools for TLS protocol
+Requires: %{name}%{?_isa} = %{version}-%{release}
+%if %{with dane}
+Requires: %{name}-dane%{?_isa} = %{version}-%{release}
+%endif
+
+%description utils
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
+This package contains command line TLS client and server and certificate
+manipulation tools.
+
+%if %{with dane}
+%package dane
+Summary: A DANE protocol implementation for GnuTLS
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description dane
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
+This package contains library that implements the DANE protocol for verifying
+TLS certificates through DNSSEC.
+
+%endif
+
 %package_help
 
 %if %{with guile}
@@ -158,22 +192,31 @@
 %defattr(-,root,root)
 %doc README.md AUTHORS
 %license LICENSE doc/COPYING doc/COPYING.LESSER
+%{_libdir}/libgnutls.so.30*
+%{_libdir}/libgnutlsxx.so.*
+%if %{with fips}
+%{_libdir}/.libgnutls.so.*.hmac
+%endif
+
+%files utils
 %{_bindir}/certtool
 %{_bindir}/tpmtool
 %{_bindir}/ocsptool
 %{_bindir}/psktool
 %{_bindir}/p11tool
-%{_bindir}/gnutls*
 %if %{with dane}
 %{_bindir}/danetool
-%{_libdir}/libgnutls-dane.so.*
 %endif
-%{_libdir}/libgnutls.so.30*
-%{_libdir}/libgnutlsxx.so.*
-%if %{with fips}
-%{_libdir}/.libgnutls.so.*.hmac
+%{_bindir}/gnutls*
+%{_mandir}/man1/*
+%doc doc/certtool.cfg
+
+%if %{with dane}
+%files dane
+%{_libdir}/libgnutls-dane.so.*
 %endif
 
+
 %files devel
 %defattr(-,root,root)
 %{_libdir}/pkgconfig/*.pc
@@ -200,6 +243,12 @@
 %endif
 
 %changelog
+* Fri Mar 22 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-3
+- fix CVE-2024-28834 and CVE-2024-28835
+
+* Wed Feb 28 2024 duyiwei <duyiwei@kylinos.cn> - 3.8.2-2
+- detach the sub package gnutls-utils and gnutls-dane from gnutls
+
 * Mon Jan 29 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-1
 - update to 3.8.2
 - some API and ABI modifications, see NEWS for details

_service:tar_scm:backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch Added

@@ -0,0 +1,422 @@
+From 1c4701ffc342259fc5965d5a0de90d87f780e3e5 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 12 Jan 2024 17:56:58 +0900
+Subject: PATCH nettle: avoid normalization of mpz_t in deterministic ECDSA
+
+This removes function calls that potentially leak bit-length of a
+private key used to calculate a nonce in deterministic ECDSA.  Namely:
+
+- _gnutls_dsa_compute_k has been rewritten to work on always
+  zero-padded mp_limb_t arrays instead of mpz_t
+- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
+  by a byte array instead of an mpz_t value
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+
+Reference: https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5
+Conflict: NA
+
+---
+ lib/nettle/int/dsa-compute-k.c    | 70 +++++++++++++++++++++----------
+ lib/nettle/int/dsa-compute-k.h    | 23 +++++++++-
+ lib/nettle/int/ecdsa-compute-k.c  | 28 +++----------
+ lib/nettle/int/ecdsa-compute-k.h  |  4 +-
+ lib/nettle/pk.c                   | 65 +++++++++++++++++++++-------
+ tests/sign-verify-deterministic.c |  2 +-
+ 6 files changed, 127 insertions(+), 65 deletions(-)
+
+diff --git a/lib/nettle/int/dsa-compute-k.c b/lib/nettle/int/dsa-compute-k.c
+index 8ff5739c2..2fcb2bb80 100644
+--- a/lib/nettle/int/dsa-compute-k.c
++++ b/lib/nettle/int/dsa-compute-k.c
+@@ -31,19 +31,30 @@
+ #include "mpn-base256.h"
+ #include <string.h>
+ 
+-#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
++/* For mini-gmp */
++#ifndef GMP_LIMB_BITS
++#define GMP_LIMB_BITS GMP_NUMB_BITS
++#endif
+ 
+-/* The maximum size of q, chosen from the fact that we support
+- * 521-bit elliptic curve generator and 512-bit DSA subgroup at
+- * maximum. */
+-#define MAX_Q_BITS 521
+-#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
+-#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
++static inline int is_zero_limb(mp_limb_t x)
++{
++	x |= (x << 1);
++	return ((x >> 1) - 1) >> (GMP_LIMB_BITS - 1);
++}
++
++static int sec_zero_p(const mp_limb_t *ap, mp_size_t n)
++{
++	volatile mp_limb_t w;
++	mp_size_t i;
+ 
+-#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
+-#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
++	for (i = 0, w = 0; i < n; i++)
++		w |= api;
+ 
+-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
++	return is_zero_limb(w);
++}
++
++int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
++			  mp_size_t qn, mp_bitcnt_t q_bits,
+ 			  gnutls_mac_algorithm_t mac, const uint8_t *digest,
+ 			  size_t length)
+ {
+@@ -51,9 +62,6 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ 	uint8_t KMAX_HASH_SIZE;
+ 	uint8_t xpMAX_Q_SIZE;
+ 	uint8_t tpMAX_Q_SIZE;
+-	mp_limb_t hMAX(MAX_Q_LIMBS, MAX_HASH_LIMBS);
+-	mp_bitcnt_t q_bits = mpz_sizeinbase(q, 2);
+-	mp_size_t qn = mpz_size(q);
+ 	mp_bitcnt_t h_bits = length * 8;
+ 	mp_size_t hn = BITS_TO_LIMBS(h_bits);
+ 	size_t nbytes = (q_bits + 7) / 8;
+@@ -62,6 +70,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ 	mp_limb_t cy;
+ 	gnutls_hmac_hd_t hd;
+ 	int ret = 0;
++	mp_limb_t scratchMAX_Q_LIMBS;
+ 
+ 	if (unlikely(q_bits > MAX_Q_BITS))
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+@@ -69,7 +78,7 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ 
+ 	/* int2octets(x) */
+-	mpn_get_base256(xp, nbytes, mpz_limbs_read(x), qn);
++	mpn_get_base256(xp, nbytes, x, qn);
+ 
+ 	/* bits2octets(h) */
+ 	mpn_set_base256(h, hn, digest, length);
+@@ -93,12 +102,12 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ 			mpn_rshift(h, h, hn, shift % GMP_NUMB_BITS);
+ 	}
+ 
+-	cy = mpn_sub_n(h, h, mpz_limbs_read(q), qn);
++	cy = mpn_sub_n(h, h, q, qn);
+ 	/* Fall back to addmul_1, if nettle is linked with mini-gmp. */
+ #ifdef mpn_cnd_add_n
+-	mpn_cnd_add_n(cy, h, h, mpz_limbs_read(q), qn);
++	mpn_cnd_add_n(cy, h, h, q, qn);
+ #else
+-	mpn_addmul_1(h, mpz_limbs_read(q), qn, cy != 0);
++	mpn_addmul_1(h, q, qn, cy != 0);
+ #endif
+ 	mpn_get_base256(tp, nbytes, h, qn);
+ 
+@@ -174,12 +183,8 @@ int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
+ 		if (tlen * 8 > q_bits)
+ 			mpn_rshift(h, h, qn, tlen * 8 - q_bits);
+ 		/* Check if k is in 1,q-1 */
+-		if (!mpn_zero_p(h, qn) &&
+-		    mpn_cmp(h, mpz_limbs_read(q), qn) < 0) {
+-			mpn_copyi(mpz_limbs_write(k, qn), h, qn);
+-			mpz_limbs_finish(k, qn);
++		if (!sec_zero_p(h, qn) && mpn_sub_n(scratch, h, q, qn))
+ 			break;
+-		}
+ 
+ 		ret = gnutls_hmac_init(&hd, mac, K, length);
+ 		if (ret < 0)
+@@ -203,3 +208,24 @@ out:
+ 
+ 	return ret;
+ }
++
++/* cancel-out dsa_sign's addition of 1 to random data */
++void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				  mp_size_t n)
++{
++	/* Fall back to sub_1, if nettle is linked with mini-gmp. */
++#ifdef mpn_sec_sub_1
++	mp_limb_t tMAX_Q_LIMBS;
++
++	mpn_sec_sub_1(h, h, n, 1, t);
++#else
++	mpn_sub_1(h, h, n, 1);
++#endif
++	mpn_get_base256(k, nbytes, h, n);
++}
++
++void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				    mp_size_t n)
++{
++	mpn_get_base256(k, nbytes, h, n);
++}
+diff --git a/lib/nettle/int/dsa-compute-k.h b/lib/nettle/int/dsa-compute-k.h
+index 49d243acb..2f0667a01 100644
+--- a/lib/nettle/int/dsa-compute-k.h
++++ b/lib/nettle/int/dsa-compute-k.h
+@@ -26,8 +26,29 @@
+ #include <gnutls/gnutls.h>
+ #include <nettle/bignum.h> /* includes gmp.h */
+ 
+-int _gnutls_dsa_compute_k(mpz_t k, const mpz_t q, const mpz_t x,
++#define BITS_TO_LIMBS(bits) (((bits) + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
++
++/* The maximum size of q, chosen from the fact that we support
++ * 521-bit elliptic curve generator and 512-bit DSA subgroup at
++ * maximum. */
++#define MAX_Q_BITS 521
++#define MAX_Q_SIZE ((MAX_Q_BITS + 7) / 8)
++#define MAX_Q_LIMBS BITS_TO_LIMBS(MAX_Q_BITS)
++
++#define MAX_HASH_BITS (MAX_HASH_SIZE * 8)
++#define MAX_HASH_LIMBS BITS_TO_LIMBS(MAX_HASH_BITS)
++
++#define DSA_COMPUTE_K_ITCH MAX(MAX_Q_LIMBS, MAX_HASH_LIMBS)
++
++int _gnutls_dsa_compute_k(mp_limb_t *h, const mp_limb_t *q, const mp_limb_t *x,
++			  mp_size_t qn, mp_bitcnt_t q_bits,
+ 			  gnutls_mac_algorithm_t mac, const uint8_t *digest,
+ 			  size_t length);
+ 
++void _gnutls_dsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				  mp_size_t n);
++
++void _gnutls_ecdsa_compute_k_finish(uint8_t *k, size_t nbytes, mp_limb_t *h,
++				    mp_size_t n);
++
+ #endif /* GNUTLS_LIB_NETTLE_INT_DSA_COMPUTE_K_H */
+diff --git a/lib/nettle/int/ecdsa-compute-k.c b/lib/nettle/int/ecdsa-compute-k.c
+index 3b7f88616..4e25235c4 100644
+--- a/lib/nettle/int/ecdsa-compute-k.c
++++ b/lib/nettle/int/ecdsa-compute-k.c
+@@ -29,38 +29,38 @@
+ #include "dsa-compute-k.h"
+ #include "gnutls_int.h"
+ 
+-static inline int _gnutls_ecc_curve_to_dsa_q(mpz_t *q, gnutls_ecc_curve_t curve)
++int _gnutls_ecc_curve_to_dsa_q(mpz_t q, gnutls_ecc_curve_t curve)

_service:tar_scm:backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch Added

@@ -0,0 +1,414 @@
+From e369e67a62f44561d417cb233acc566cc696d82d Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 29 Jan 2024 13:52:46 +0900
+Subject: PATCH gnutls_x509_trust_list_verify_crt2: remove length limit of
+ input
+
+Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the
+chain verification logic crashed with assertion failure.  This patch
+removes the restriction while keeping the maximum number of
+retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+
+Reference: https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d
+Conflict: NA
+
+---
+ lib/gnutls_int.h       |   5 +-
+ lib/x509/common.c      |  10 +-
+ lib/x509/verify-high.c |  51 ++++++----
+ tests/test-chains.h    | 211 ++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 258 insertions(+), 19 deletions(-)
+
+diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
+index d8561ebe3..8cf9a8715 100644
+--- a/lib/gnutls_int.h
++++ b/lib/gnutls_int.h
+@@ -232,7 +232,10 @@ typedef enum record_send_state_t {
+ 
+ #define MAX_PK_PARAM_SIZE 2048
+ 
+-/* defaults for verification functions
++/* Defaults for verification functions.
++ *
++ * update many_icas in tests/test-chains.h when increasing
++ * DEFAULT_MAX_VERIFY_DEPTH.
+  */
+ #define DEFAULT_MAX_VERIFY_DEPTH 16
+ #define DEFAULT_MAX_VERIFY_BITS (MAX_PK_PARAM_SIZE * 8)
+diff --git a/lib/x509/common.c b/lib/x509/common.c
+index 2cc83c915..705aa868b 100644
+--- a/lib/x509/common.c
++++ b/lib/x509/common.c
+@@ -1725,7 +1725,15 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist,
+ 	bool insortedDEFAULT_MAX_VERIFY_DEPTH; /* non zero if clisti used in sorted list */
+ 	gnutls_x509_crt_t sortedDEFAULT_MAX_VERIFY_DEPTH;
+ 
+-	assert(clist_size <= DEFAULT_MAX_VERIFY_DEPTH);
++	/* Limit the number of certificates in the chain, to avoid DoS
++	 * because of the O(n^2) sorting below.  FIXME: Switch to a
++	 * topological sort algorithm which should be linear to the
++	 * number of certificates and subject-issuer relationships.
++	 */
++	if (clist_size > DEFAULT_MAX_VERIFY_DEPTH) {
++		_gnutls_debug_log("too many certificates; skipping sorting\n");
++		return 1;
++	}
+ 
+ 	for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++) {
+ 		issueri = -1;
+diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
+index 4e7361eb6..aacc24a7d 100644
+--- a/lib/x509/verify-high.c
++++ b/lib/x509/verify-high.c
+@@ -25,7 +25,7 @@
+ #include "errors.h"
+ #include <libtasn1.h>
+ #include "global.h"
+-#include "num.h" /* MAX */
++#include "num.h" /* MIN */
+ #include "tls-sig.h"
+ #include "str.h"
+ #include "datum.h"
+@@ -1361,7 +1361,8 @@ int gnutls_x509_trust_list_verify_crt2(
+ 	int ret = 0;
+ 	unsigned int i;
+ 	size_t hash;
+-	gnutls_x509_crt_t sortedDEFAULT_MAX_VERIFY_DEPTH;
++	gnutls_x509_crt_t *cert_list_copy = NULL;
++	unsigned int cert_list_max_size = 0;
+ 	gnutls_x509_crt_t retrievedDEFAULT_MAX_VERIFY_DEPTH;
+ 	unsigned int retrieved_size = 0;
+ 	const char *hostname = NULL, *purpose = NULL, *email = NULL;
+@@ -1421,16 +1422,28 @@ int gnutls_x509_trust_list_verify_crt2(
+ 		}
+ 	}
+ 
+-	memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t));
+-	cert_list = sorted;
++	/* Allocate extra for retrieved certificates. */
++	if (!INT_ADD_OK(cert_list_size, DEFAULT_MAX_VERIFY_DEPTH,
++			&cert_list_max_size))
++		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
++	cert_list_copy = _gnutls_reallocarray(NULL, cert_list_max_size,
++					      sizeof(gnutls_x509_crt_t));
++	if (!cert_list_copy)
++		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++
++	memcpy(cert_list_copy, cert_list,
++	       cert_list_size * sizeof(gnutls_x509_crt_t));
++	cert_list = cert_list_copy;
+ 
+ 	records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq,
+ 					  cert_hashcode, NULL, false);
+-	if (records == NULL)
+-		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++	if (records == NULL) {
++		ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++		goto cleanup;
++	}
+ 
+-	for (i = 0; i < cert_list_size &&
+-		    cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) {
++	for (i = 0; i < cert_list_size;) {
+ 		unsigned int sorted_size = 1;
+ 		unsigned int j, k;
+ 		gnutls_x509_crt_t issuer;
+@@ -1442,8 +1455,7 @@ int gnutls_x509_trust_list_verify_crt2(
+ 
+ 		assert(sorted_size > 0);
+ 
+-		/* Remove duplicates. Start with index 1, as the first element
+-		 * may be re-checked after issuer retrieval. */
++		/* Remove duplicates. */
+ 		for (j = 0; j < sorted_size; j++) {
+ 			if (gl_list_search(records, cert_listi + j)) {
+ 				if (i + j < cert_list_size - 1) {
+@@ -1495,13 +1507,15 @@ int gnutls_x509_trust_list_verify_crt2(
+ 
+ 		ret = retrieve_issuers(
+ 			list, cert_listi - 1, &retrievedretrieved_size,
+-			DEFAULT_MAX_VERIFY_DEPTH -
+-				MAX(retrieved_size, cert_list_size));
++			MIN(DEFAULT_MAX_VERIFY_DEPTH - retrieved_size,
++			    cert_list_max_size - cert_list_size));
+ 		if (ret < 0) {
+ 			break;
+ 		} else if (ret > 0) {
+ 			assert((unsigned int)ret <=
+-			       DEFAULT_MAX_VERIFY_DEPTH - cert_list_size);
++			       DEFAULT_MAX_VERIFY_DEPTH - retrieved_size);
++			assert((unsigned int)ret <=
++			       cert_list_max_size - cert_list_size);
+ 			memmove(&cert_listi + ret, &cert_listi,
+ 				(cert_list_size - i) *
+ 					sizeof(gnutls_x509_crt_t));
+@@ -1517,8 +1531,10 @@ int gnutls_x509_trust_list_verify_crt2(
+ 	}
+ 
+ 	cert_list_size = shorten_clist(list, cert_list, cert_list_size);
+-	if (cert_list_size <= 0)
+-		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
++	if (cert_list_size <= 0) {
++		ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
++		goto cleanup;
++	}
+ 
+ 	hash = hash_pjw_bare(cert_listcert_list_size - 1->raw_issuer_dn.data,
+ 			     cert_listcert_list_size - 1->raw_issuer_dn.size);
+@@ -1661,10 +1677,13 @@ int gnutls_x509_trust_list_verify_crt2(
+ 	}
+ 
+ cleanup:
++	gnutls_free(cert_list_copy);
+ 	for (i = 0; i < retrieved_size; i++) {
+ 		gnutls_x509_crt_deinit(retrievedi);
+ 	}
+-	gl_list_free(records);
++	if (records) {
++		gl_list_free(records);
++	}
+ 	return ret;
+ }
+ 
+diff --git a/tests/test-chains.h b/tests/test-chains.h
+index 3e559fecd..a7fe1cdec 100644
+--- a/tests/test-chains.h
++++ b/tests/test-chains.h
+@@ -23,7 +23,7 @@
+ #ifndef GNUTLS_TESTS_TEST_CHAINS_H
+ #define GNUTLS_TESTS_TEST_CHAINS_H
+ 
+-#define MAX_CHAIN 10
++#define MAX_CHAIN 17
+ 
+ static const char *chain_with_no_subject_id_in_ca_ok = {
+ 	"-----BEGIN CERTIFICATE-----\n"
+@@ -4383,6 +4383,213 @@ static const char *cross_signed_ca = {
+ 	NULL
+ };
+ 
++/* This assumes DEFAULT_MAX_VERIFY_DEPTH to be 16 */
++static const char *many_icas = {
++	/* Server */
++	"-----BEGIN CERTIFICATE-----\n"
++	"MIIBqzCCAV2gAwIBAgIUIK3+SD3GmqJlRLZ/ESyhTzkSDL8wBQYDK2VwMB0xGzAZ\n"
++	"BgNVBAMMEkdudVRMUyB0ZXN0IElDQSAkaTAgFw0yNDAzMTIyMjUzMzlaGA85OTk5\n"
++	"MTIzMTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYD\n"