gnutls/gnutls-FIPS-disable-mac-sha1.patch

commit c4eba74d4745e3a97b443abae1431658a826d2eb
Author: Angel Yankov <angel.yankov@suse.com>
Date:   Thu Nov 28 11:02:07 2024 +0200

    SHA-1 is not allowed in FIPS-140-3 anymore after 2030. Mark it as
    unapproved
    
    Signed-off-by: Angel Yankov <angel.yankov@suse.com>

Index: gnutls-3.8.10/lib/crypto-api.c
===================================================================
--- gnutls-3.8.10.orig/lib/crypto-api.c
+++ gnutls-3.8.10/lib/crypto-api.c
@@ -33,6 +33,7 @@
 #include "crypto-api.h"
 #include "iov.h"
 #include "intprops.h"
+#include <gnutls/gnutls.h>
 
 typedef struct api_cipher_hd_st {
 	cipher_hd_st ctx_enc;
@@ -597,7 +598,9 @@ int gnutls_hmac_init(gnutls_hmac_hd_t *d
 	bool not_approved = false;
 
 	/* MD5 is only allowed internally for TLS */
-	if (!is_mac_algo_allowed(algorithm)) {
+	if (algorithm == GNUTLS_MAC_SHA1) 
+		not_approved = true;
+	else if (!is_mac_algo_allowed(algorithm)) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 	} else if (!is_mac_algo_approved_in_fips(algorithm)) {
@@ -757,8 +760,9 @@ int gnutls_hmac_fast(gnutls_mac_algorith
 {
 	int ret;
 	bool not_approved = false;
-
-	if (!is_mac_algo_allowed(algorithm)) {
+	if (algorithm == GNUTLS_MAC_SHA1) 
+		not_approved = true;
+	else if (!is_mac_algo_allowed(algorithm)) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 	} else if (!is_mac_algo_approved_in_fips(algorithm)) {
@@ -839,8 +843,9 @@ int gnutls_hash_init(gnutls_hash_hd_t *d
 {
 	int ret;
 	bool not_approved = false;
-
-	if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
+	if (algorithm == GNUTLS_MAC_SHA1) 
+		not_approved = true;
+	else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 	} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {
@@ -957,8 +962,9 @@ int gnutls_hash_fast(gnutls_digest_algor
 {
 	int ret;
 	bool not_approved = false;
-
-	if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
+	if (algorithm == GNUTLS_MAC_SHA1) 
+		not_approved = true;
+	else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 	} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {
@@ -2173,7 +2179,9 @@ int gnutls_pbkdf2(gnutls_mac_algorithm_t
 	bool not_approved = false;
 
 	/* MD5 is only allowed internally for TLS */
-	if (!is_mac_algo_allowed(mac)) {
+	if (mac == GNUTLS_MAC_SHA1) 
+		not_approved = true;
+	else if (!is_mac_algo_allowed(mac)) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 	} else if (!is_mac_algo_hmac_approved_in_fips(mac)) {
Index: gnutls-3.8.10/lib/crypto-selftests.c
===================================================================
--- gnutls-3.8.10.orig/lib/crypto-selftests.c
+++ gnutls-3.8.10/lib/crypto-selftests.c
@@ -2891,7 +2891,7 @@ int gnutls_mac_self_test(unsigned flags,
 	case GNUTLS_MAC_UNKNOWN:
 		NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors);
 		FALLTHROUGH;
-		CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);
+		NON_FIPS_CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);
 		FALLTHROUGH;
 		CASE(GNUTLS_MAC_SHA224, test_mac, hmac_sha224_vectors);
 		FALLTHROUGH;
Index: gnutls-3.8.10/lib/fips.h
===================================================================
--- gnutls-3.8.10.orig/lib/fips.h
+++ gnutls-3.8.10/lib/fips.h
@@ -79,7 +79,6 @@ inline static bool
 is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)
 {
 	switch (algo) {
-	case GNUTLS_MAC_SHA1:
 	case GNUTLS_MAC_SHA256:
 	case GNUTLS_MAC_SHA384:
 	case GNUTLS_MAC_SHA512:
Index: gnutls-3.8.10/tests/fips-test.c
===================================================================
--- gnutls-3.8.10.orig/tests/fips-test.c
+++ gnutls-3.8.10/tests/fips-test.c
@@ -397,11 +397,12 @@ void doit(void)
 	}
 	FIPS_POP_CONTEXT(ERROR);
 
+	FIPS_PUSH_CONTEXT();
 	ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
 	if (ret < 0) {
-		fail("gnutls_hmac_init failed\n");
+		fail("gnutls_hmac_init failed for sha1\n");
 	}
-	gnutls_hmac_deinit(mh, NULL);
+	FIPS_POP_CONTEXT(NOT_APPROVED);
 
 	ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size);
 	if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
@@ -736,7 +737,7 @@ void doit(void)
 	}
 	hashed_data.data = hash;
 	hashed_data.size = 20;
-	FIPS_POP_CONTEXT(APPROVED);
+	FIPS_POP_CONTEXT(NOT_APPROVED);
 
 	/* Create a signature with ECDSA and SHA1 (2-pass API); not-approved */
 	FIPS_PUSH_CONTEXT();
Index: gnutls-3.8.10/tests/gnutls_hmac_fast.c
===================================================================
--- gnutls-3.8.10.orig/tests/gnutls_hmac_fast.c
+++ gnutls-3.8.10/tests/gnutls_hmac_fast.c
@@ -42,6 +42,11 @@ void doit(void)
 	if (debug)
 		gnutls_global_set_log_level(4711);
 
+	/* enable MD5 and SHA1 usage  */
+	if (gnutls_fips140_mode_enabled()) {
+		gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);
+	}
+
 	err = gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
 			       digest);
 	if (err < 0)
@@ -59,11 +64,6 @@ void doit(void)
 		}
 	}
 
-	/* enable MD5 usage */
-	if (gnutls_fips140_mode_enabled()) {
-		gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);
-	}
-
 	err = gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8,
 			       digest);
 	if (err < 0)
Index: gnutls-3.8.10/tests/kdf-api.c
===================================================================
--- gnutls-3.8.10.orig/tests/kdf-api.c
+++ gnutls-3.8.10/tests/kdf-api.c
@@ -108,7 +108,6 @@ inline static bool
 is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)
 {
 	switch (algo) {
-	case GNUTLS_MAC_SHA1:
 	case GNUTLS_MAC_SHA256:
 	case GNUTLS_MAC_SHA384:
 	case GNUTLS_MAC_SHA512:
@@ -145,7 +144,7 @@ static void test_pbkdf2(gnutls_mac_algor
 	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
 
 	fips_push_context(fips_context);
-	assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
+	gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length);
 	fips_pop_context(fips_context, expected_state);
 	gnutls_free(ikm.data);
 	gnutls_free(salt.data);
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`commit c4eba74d4745e3a97b443abae1431658a826d2eb`
			`Author: Angel Yankov <angel.yankov@suse.com>`
			`Date: Thu Nov 28 11:02:07 2024 +0200`

			`SHA-1 is not allowed in FIPS-140-3 anymore after 2030. Mark it as`
			`unapproved`

			`Signed-off-by: Angel Yankov <angel.yankov@suse.com>`

Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`Index: gnutls-3.8.10/lib/crypto-api.c`
			`===================================================================`
			`--- gnutls-3.8.10.orig/lib/crypto-api.c`
			`+++ gnutls-3.8.10/lib/crypto-api.c`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`@@ -33,6 +33,7 @@`
			`#include "crypto-api.h"`
			`#include "iov.h"`
			`#include "intprops.h"`
			`+#include <gnutls/gnutls.h>`

			`typedef struct api_cipher_hd_st {`
			`cipher_hd_st ctx_enc;`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`@@ -597,7 +598,9 @@ int gnutls_hmac_init(gnutls_hmac_hd_t *d`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`bool not_approved = false;`

			`/* MD5 is only allowed internally for TLS */`
			`- if (!is_mac_algo_allowed(algorithm)) {`
			`+ if (algorithm == GNUTLS_MAC_SHA1)`
			`+ not_approved = true;`
			`+ else if (!is_mac_algo_allowed(algorithm)) {`
			`_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);`
			`return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);`
			`} else if (!is_mac_algo_approved_in_fips(algorithm)) {`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`@@ -757,8 +760,9 @@ int gnutls_hmac_fast(gnutls_mac_algorith`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`{`
			`int ret;`
			`bool not_approved = false;`
			`-`
			`- if (!is_mac_algo_allowed(algorithm)) {`
			`+ if (algorithm == GNUTLS_MAC_SHA1)`
			`+ not_approved = true;`
			`+ else if (!is_mac_algo_allowed(algorithm)) {`
			`_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);`
			`return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);`
			`} else if (!is_mac_algo_approved_in_fips(algorithm)) {`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`@@ -839,8 +843,9 @@ int gnutls_hash_init(gnutls_hash_hd_t *d`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`{`
			`int ret;`
			`bool not_approved = false;`
			`-`
			`- if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {`
			`+ if (algorithm == GNUTLS_MAC_SHA1)`
			`+ not_approved = true;`
			`+ else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {`
			`_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);`
			`return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);`
			`} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`@@ -957,8 +962,9 @@ int gnutls_hash_fast(gnutls_digest_algor`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`{`
			`int ret;`
			`bool not_approved = false;`
			`-`
			`- if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {`
			`+ if (algorithm == GNUTLS_MAC_SHA1)`
			`+ not_approved = true;`
			`+ else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) {`
			`_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);`
			`return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);`
			`} else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) {`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`@@ -2173,7 +2179,9 @@ int gnutls_pbkdf2(gnutls_mac_algorithm_t`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`bool not_approved = false;`

			`/* MD5 is only allowed internally for TLS */`
			`- if (!is_mac_algo_allowed(mac)) {`
			`+ if (mac == GNUTLS_MAC_SHA1)`
			`+ not_approved = true;`
			`+ else if (!is_mac_algo_allowed(mac)) {`
			`_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);`
			`return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);`
			`} else if (!is_mac_algo_hmac_approved_in_fips(mac)) {`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`Index: gnutls-3.8.10/lib/crypto-selftests.c`
			`===================================================================`
			`--- gnutls-3.8.10.orig/lib/crypto-selftests.c`
			`+++ gnutls-3.8.10/lib/crypto-selftests.c`
			`@@ -2891,7 +2891,7 @@ int gnutls_mac_self_test(unsigned flags,`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`case GNUTLS_MAC_UNKNOWN:`
			`NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors);`
			`FALLTHROUGH;`
			`- CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);`
			`+ NON_FIPS_CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors);`
			`FALLTHROUGH;`
			`CASE(GNUTLS_MAC_SHA224, test_mac, hmac_sha224_vectors);`
			`FALLTHROUGH;`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`Index: gnutls-3.8.10/lib/fips.h`
			`===================================================================`
			`--- gnutls-3.8.10.orig/lib/fips.h`
			`+++ gnutls-3.8.10/lib/fips.h`
			`@@ -79,7 +79,6 @@ inline static bool`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)`
			`{`
			`switch (algo) {`
			`- case GNUTLS_MAC_SHA1:`
			`case GNUTLS_MAC_SHA256:`
			`case GNUTLS_MAC_SHA384:`
			`case GNUTLS_MAC_SHA512:`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`Index: gnutls-3.8.10/tests/fips-test.c`
			`===================================================================`
			`--- gnutls-3.8.10.orig/tests/fips-test.c`
			`+++ gnutls-3.8.10/tests/fips-test.c`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`@@ -397,11 +397,12 @@ void doit(void)`
			`}`
			`FIPS_POP_CONTEXT(ERROR);`

			`+ FIPS_PUSH_CONTEXT();`
			`ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);`
			`if (ret < 0) {`
			`- fail("gnutls_hmac_init failed\n");`
			`+ fail("gnutls_hmac_init failed for sha1\n");`
			`}`
			`- gnutls_hmac_deinit(mh, NULL);`
			`+ FIPS_POP_CONTEXT(NOT_APPROVED);`

			`ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size);`
			`if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {`
			`@@ -736,7 +737,7 @@ void doit(void)`
			`}`
			`hashed_data.data = hash;`
			`hashed_data.size = 20;`
			`- FIPS_POP_CONTEXT(APPROVED);`
			`+ FIPS_POP_CONTEXT(NOT_APPROVED);`

			`/* Create a signature with ECDSA and SHA1 (2-pass API); not-approved */`
			`FIPS_PUSH_CONTEXT();`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`Index: gnutls-3.8.10/tests/gnutls_hmac_fast.c`
			`===================================================================`
			`--- gnutls-3.8.10.orig/tests/gnutls_hmac_fast.c`
			`+++ gnutls-3.8.10/tests/gnutls_hmac_fast.c`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`@@ -42,6 +42,11 @@ void doit(void)`
			`if (debug)`
			`gnutls_global_set_log_level(4711);`

			`+ /* enable MD5 and SHA1 usage */`
			`+ if (gnutls_fips140_mode_enabled()) {`
			`+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);`
			`+ }`
			`+`
			`err = gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,`
			`digest);`
			`if (err < 0)`
			`@@ -59,11 +64,6 @@ void doit(void)`
			`}`
			`}`

			`- /* enable MD5 usage */`
			`- if (gnutls_fips140_mode_enabled()) {`
			`- gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0);`
			`- }`
			`-`
			`err = gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8,`
			`digest);`
			`if (err < 0)`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`Index: gnutls-3.8.10/tests/kdf-api.c`
			`===================================================================`
			`--- gnutls-3.8.10.orig/tests/kdf-api.c`
			`+++ gnutls-3.8.10/tests/kdf-api.c`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`@@ -108,7 +108,6 @@ inline static bool`
			`is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo)`
			`{`
			`switch (algo) {`
			`- case GNUTLS_MAC_SHA1:`
			`case GNUTLS_MAC_SHA256:`
			`case GNUTLS_MAC_SHA384:`
			`case GNUTLS_MAC_SHA512:`
Sync from SUSE:SLFO:Main gnutls revision 9a9f34dfc7c0524c571afa85e60e40fe 2025-07-28 03:29:58 +02:00			`@@ -145,7 +144,7 @@ static void test_pbkdf2(gnutls_mac_algor`
Sync from SUSE:SLFO:Main gnutls revision 44635863efdcdec03bf67ddcb2f651a8 2025-03-26 11:08:01 +01:00			`assert(gnutls_hex_decode2(&hex, &salt) >= 0);`

			`fips_push_context(fips_context);`
			`- assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);`
			`+ gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length);`
			`fips_pop_context(fips_context, expected_state);`
			`gnutls_free(ikm.data);`
			`gnutls_free(salt.data);`