pool/gnutls
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1127286 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1127286
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=151
This commit is contained in:
Ana Guerrero 2023-11-20 20:18:56 +00:00 committed by Git OBS Bridge
commit 5cd537bccc
8 changed files with 204 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls-3.8.1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c
size 6447056

BIN
gnutls-3.8.1.tar.xz.sig
View File

Binary file not shown.

3
gnutls-3.8.2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77
size 6456540

BIN
gnutls-3.8.2.tar.xz.sig Normal file
View File

Binary file not shown.

324
gnutls-FIPS-140-3-references.patch
View File

@ -1,7 +1,7 @@
Index: gnutls-3.8.1/configure.ac Index: gnutls-3.8.2/configure.ac
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/configure.ac --- gnutls-3.8.2.orig/configure.ac
+++ gnutls-3.8.1/configure.ac +++ gnutls-3.8.2/configure.ac
@@ -623,19 +623,19 @@ LT_INIT([disable-static,win32-dll,shared @@ -623,19 +623,19 @@ LT_INIT([disable-static,win32-dll,shared
AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);]) AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
@ -25,10 +25,10 @@ Index: gnutls-3.8.1/configure.ac
AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
[specify the FIPS140 module name]), [specify the FIPS140 module name]),
Index: gnutls-3.8.1/doc/cha-gtls-app.texi Index: gnutls-3.8.2/doc/cha-gtls-app.texi
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/cha-gtls-app.texi --- gnutls-3.8.2.orig/doc/cha-gtls-app.texi
+++ gnutls-3.8.1/doc/cha-gtls-app.texi +++ gnutls-3.8.2/doc/cha-gtls-app.texi
@@ -222,7 +222,7 @@ CPU. The currently available options are @@ -222,7 +222,7 @@ CPU. The currently available options are
@end itemize @end itemize
@ -38,10 +38,10 @@ Index: gnutls-3.8.1/doc/cha-gtls-app.texi
if set to one it will force the FIPS mode enablement. if set to one it will force the FIPS mode enablement.
@end multitable @end multitable
Index: gnutls-3.8.1/doc/cha-internals.texi Index: gnutls-3.8.2/doc/cha-internals.texi
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/cha-internals.texi --- gnutls-3.8.2.orig/doc/cha-internals.texi
+++ gnutls-3.8.1/doc/cha-internals.texi +++ gnutls-3.8.2/doc/cha-internals.texi
@@ -14,7 +14,7 @@ happens inside the black box. @@ -14,7 +14,7 @@ happens inside the black box.
* TLS Hello Extension Handling:: * TLS Hello Extension Handling::
* Cryptographic Backend:: * Cryptographic Backend::
@ -162,11 +162,11 @@ Index: gnutls-3.8.1/doc/cha-internals.texi
operation. It can be attached to the current execution thread with operation. It can be attached to the current execution thread with
@funcref{gnutls_fips140_push_context} and its internal state will be @funcref{gnutls_fips140_push_context} and its internal state will be
updated until it is detached with updated until it is detached with
Index: gnutls-3.8.1/doc/enums.texi Index: gnutls-3.8.2/doc/enums.texi
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/enums.texi --- gnutls-3.8.2.orig/doc/enums.texi
+++ gnutls-3.8.1/doc/enums.texi +++ gnutls-3.8.2/doc/enums.texi
@@ -1184,7 +1184,7 @@ application traffic secret is installed @@ -1188,7 +1188,7 @@ application traffic secret is installed
@c gnutls_fips_mode_t @c gnutls_fips_mode_t
@table @code @table @code
@item GNUTLS_@-FIPS140_@-DISABLED @item GNUTLS_@-FIPS140_@-DISABLED
@ -175,7 +175,7 @@ Index: gnutls-3.8.1/doc/enums.texi
@item GNUTLS_@-FIPS140_@-STRICT @item GNUTLS_@-FIPS140_@-STRICT
The default mode; all forbidden operations will cause an The default mode; all forbidden operations will cause an
operation failure via error code. operation failure via error code.
@@ -1192,8 +1192,8 @@ operation failure via error code. @@ -1196,8 +1196,8 @@ operation failure via error code.
A transient state during library initialization. That state A transient state during library initialization. That state
cannot be set or seen by applications. cannot be set or seen by applications.
@item GNUTLS_@-FIPS140_@-LAX @item GNUTLS_@-FIPS140_@-LAX
@ -186,10 +186,10 @@ Index: gnutls-3.8.1/doc/enums.texi
application is aware of the followed security policy, and needs application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility). to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG @item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode Index: gnutls-3.8.2/doc/functions/gnutls_fips140_set_mode
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/functions/gnutls_fips140_set_mode --- gnutls-3.8.2.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode +++ gnutls-3.8.2/doc/functions/gnutls_fips140_set_mode
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -215,10 +215,10 @@ Index: gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode. switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.8.1/doc/gnutls.html Index: gnutls-3.8.2/doc/gnutls.html
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/gnutls.html --- gnutls-3.8.2.orig/doc/gnutls.html
+++ gnutls-3.8.1/doc/gnutls.html +++ gnutls-3.8.2/doc/gnutls.html
@@ -484,7 +484,7 @@ Documentation License&rdquo;. @@ -484,7 +484,7 @@ Documentation License&rdquo;.
<li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li> <li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li>
<li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li> <li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li>
@ -237,7 +237,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
if set to one it will force the FIPS mode enablement.</td></tr> if set to one it will force the FIPS mode enablement.</td></tr>
</tbody> </tbody>
</table> </table>
@@ -18437,7 +18437,7 @@ None: @@ -18446,7 +18446,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands --inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library --provider=file Specify the PKCS #11 provider library
- file must pre-exist - file must pre-exist
@ -246,7 +246,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
--list-config Reports the configuration of the library --list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file --logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material --keymatexport=str Label used for exporting keying material
@@ -19445,7 +19445,7 @@ happens inside the black box. @@ -19468,7 +19468,7 @@ happens inside the black box.
<li><a href="#TLS-Hello-Extension-Handling" accesskey="4">TLS Extension Handling</a></li> <li><a href="#TLS-Hello-Extension-Handling" accesskey="4">TLS Extension Handling</a></li>
<li><a href="#Cryptographic-Backend" accesskey="5">Cryptographic Backend</a></li> <li><a href="#Cryptographic-Backend" accesskey="5">Cryptographic Backend</a></li>
<li><a href="#Random-Number-Generators_002dinternals" accesskey="6">Random Number Generators</a></li> <li><a href="#Random-Number-Generators_002dinternals" accesskey="6">Random Number Generators</a></li>
@ -255,7 +255,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</ul> </ul>
<hr> <hr>
<div class="section-level-extent" id="The-TLS-Protocol"> <div class="section-level-extent" id="The-TLS-Protocol">
@@ -19974,7 +19974,7 @@ For more information see <a class="ref" @@ -19997,7 +19997,7 @@ For more information see <a class="ref"
<div class="section-level-extent" id="Random-Number-Generators_002dinternals"> <div class="section-level-extent" id="Random-Number-Generators_002dinternals">
<div class="nav-panel"> <div class="nav-panel">
<p> <p>
@ -264,7 +264,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</div> </div>
<h3 class="section" id="Random-Number-Generators">11.6 Random Number Generators</h3> <h3 class="section" id="Random-Number-Generators">11.6 Random Number Generators</h3>
@@ -19982,7 +19982,7 @@ Next: <a href="#FIPS140_002d2-mode" acce @@ -20005,7 +20005,7 @@ Next: <a href="#FIPS140_002d2-mode" acce
<p>GnuTLS provides two random generators. The default, and the AES-DRBG random <p>GnuTLS provides two random generators. The default, and the AES-DRBG random
generator which is only used when the library is compiled with support for generator which is only used when the library is compiled with support for
@ -273,7 +273,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</p> </p>
<h4 class="subheading" id="The-default-generator-_002d-inner-workings">The default generator - inner workings</h4> <h4 class="subheading" id="The-default-generator-_002d-inner-workings">The default generator - inner workings</h4>
@@ -20119,22 +20119,22 @@ on the above paragraph, all levels are i @@ -20142,22 +20142,22 @@ on the above paragraph, all levels are i
<p> <p>
Previous: <a href="#Random-Number-Generators_002dinternals" accesskey="p" rel="prev">Random Number Generators</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> Previous: <a href="#Random-Number-Generators_002dinternals" accesskey="p" rel="prev">Random Number Generators</a>, Up: <a href="#Internal-architecture-of-GnuTLS" accesskey="u" rel="up">Internal Architecture of GnuTLS</a> &nbsp; [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div> </div>
@ -302,7 +302,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
as follows. as follows.
</p> </p>
<ul class="itemize mark-bullet"> <ul class="itemize mark-bullet">
@@ -20143,12 +20143,12 @@ as follows. @@ -20166,12 +20166,12 @@ as follows.
</li><li>Algorithm self-tests are run on library load </li><li>Algorithm self-tests are run on library load
</li></ul> </li></ul>
@ -318,7 +318,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</li><li>Any cryptographic operation will be refused if any of the self-tests failed </li><li>Any cryptographic operation will be refused if any of the self-tests failed
</li></ul> </li></ul>
@@ -20157,7 +20157,7 @@ modified as follows. @@ -20180,7 +20180,7 @@ modified as follows.
environment variable <code class="code">GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS</code> will disable environment variable <code class="code">GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS</code> will disable
the library integrity tests on startup, and the variable the library integrity tests on startup, and the variable
<code class="code">GNUTLS_FORCE_FIPS_MODE</code> can be set to force a value from <code class="code">GNUTLS_FORCE_FIPS_MODE</code> can be set to force a value from
@ -327,7 +327,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
mode, while &rsquo;0&rsquo; will disable it. mode, while &rsquo;0&rsquo; will disable it.
</p> </p>
<p>The integrity checks for the dependent libraries and GnuTLS are performed <p>The integrity checks for the dependent libraries and GnuTLS are performed
@@ -20165,13 +20165,13 @@ using &rsquo;.hmac&rsquo; files which ar @@ -20188,13 +20188,13 @@ using &rsquo;.hmac&rsquo; files which ar
key for the operations can be provided on compile-time with the configure key for the operations can be provided on compile-time with the configure
option &rsquo;&ndash;with-fips140-key&rsquo;. The MAC algorithm used is HMAC-SHA256. option &rsquo;&ndash;with-fips140-key&rsquo;. The MAC algorithm used is HMAC-SHA256.
</p> </p>
@ -344,7 +344,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
the application can relax these requirements via <a class="ref" href="#gnutls_005ffips140_005fset_005fmode">gnutls_fips140_set_mode</a> the application can relax these requirements via <a class="ref" href="#gnutls_005ffips140_005fset_005fmode">gnutls_fips140_set_mode</a>
which can switch to alternative modes as in <a class="ref" href="#gnutls_005ffips_005fmode_005ft">Figure 11.5</a>. which can switch to alternative modes as in <a class="ref" href="#gnutls_005ffips_005fmode_005ft">Figure 11.5</a>.
</p> </p>
@@ -20180,7 +20180,7 @@ which can switch to alternative modes as @@ -20203,7 +20203,7 @@ which can switch to alternative modes as
<dl class="table"> <dl class="table">
<dt><code class="code">GNUTLS_FIPS140_DISABLED</code></dt> <dt><code class="code">GNUTLS_FIPS140_DISABLED</code></dt>
@ -353,7 +353,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</p></dd> </p></dd>
<dt><code class="code">GNUTLS_FIPS140_STRICT</code></dt> <dt><code class="code">GNUTLS_FIPS140_STRICT</code></dt>
<dd><p>The default mode; all forbidden operations will cause an <dd><p>The default mode; all forbidden operations will cause an
@@ -20191,8 +20191,8 @@ operation failure via error code. @@ -20214,8 +20214,8 @@ operation failure via error code.
cannot be set or seen by applications. cannot be set or seen by applications.
</p></dd> </p></dd>
<dt><code class="code">GNUTLS_FIPS140_LAX</code></dt> <dt><code class="code">GNUTLS_FIPS140_LAX</code></dt>
@ -364,7 +364,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
application is aware of the followed security policy, and needs application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility). to utilize disallowed operations for other reasons (e.g., compatibility).
</p></dd> </p></dd>
@@ -20204,7 +20204,7 @@ to a message to the audit callback funct @@ -20227,7 +20227,7 @@ to a message to the audit callback funct
<div class="caption"><p><strong class="strong">Figure 11.5: </strong>The <code class="code">gnutls_fips_mode_t</code> enumeration.</p></div></div> <div class="caption"><p><strong class="strong">Figure 11.5: </strong>The <code class="code">gnutls_fips_mode_t</code> enumeration.</p></div></div>
<p>The intention of this API is to be used by applications which may run in <p>The intention of this API is to be used by applications which may run in
@ -373,7 +373,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
e.g., for non-security related purposes. In these cases applications should e.g., for non-security related purposes. In these cases applications should
wrap the non-compliant code within blocks like the following. wrap the non-compliant code within blocks like the following.
</p> </p>
@@ -20233,9 +20233,9 @@ if (gnutls_fips140_mode_enabled()) @@ -20256,9 +20256,9 @@ if (gnutls_fips140_mode_enabled())
<p>The reason of the <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> flag in the <p>The reason of the <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> flag in the
previous calls is to localize the change in the mode. Note also, that previous calls is to localize the change in the mode. Note also, that
such a block has no effect when the library is not operating such a block has no effect when the library is not operating
@ -385,7 +385,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</p><div class="example"> </p><div class="example">
<pre class="example-preformatted">gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); <pre class="example-preformatted">gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
</pre></div> </pre></div>
@@ -20258,7 +20258,7 @@ performed within a given context. @@ -20281,7 +20281,7 @@ performed within a given context.
<dt><code class="code"><var class="var">int</var> <a class="ref" href="#gnutls_005ffips140_005fpop_005fcontext">gnutls_fips140_pop_context</a> ( <var class="var">void</var>)</code></dt> <dt><code class="code"><var class="var">int</var> <a class="ref" href="#gnutls_005ffips140_005fpop_005fcontext">gnutls_fips140_pop_context</a> ( <var class="var">void</var>)</code></dt>
</dl> </dl>
@ -394,7 +394,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
operation. It can be attached to the current execution thread with operation. It can be attached to the current execution thread with
<a class="ref" href="#gnutls_005ffips140_005fpush_005fcontext">gnutls_fips140_push_context</a> and its internal state will be <a class="ref" href="#gnutls_005ffips140_005fpush_005fcontext">gnutls_fips140_push_context</a> and its internal state will be
updated until it is detached with updated until it is detached with
@@ -20631,8 +20631,8 @@ Previous: <a href="#Contributing" access @@ -20654,8 +20654,8 @@ Previous: <a href="#Contributing" access
to an auditor that the crypto component follows some best practices, such to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives. as unit testing and reliance on well known crypto primitives.
</p> </p>
@ -405,7 +405,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</p> </p>
<hr> <hr>
</div> </div>
@@ -24544,7 +24544,7 @@ unusable. This function is not thread-s @@ -24569,7 +24569,7 @@ unusable. This function is not thread-s
<h4 class="subheading" id="gnutls_005ffips140_005fset_005fmode-1">gnutls_fips140_set_mode</h4> <h4 class="subheading" id="gnutls_005ffips140_005fset_005fmode-1">gnutls_fips140_set_mode</h4>
<a class="anchor" id="gnutls_005ffips140_005fset_005fmode"></a><dl class="first-deftypefn first-deftypefun-alias-first-deftypefn"> <a class="anchor" id="gnutls_005ffips140_005fset_005fmode"></a><dl class="first-deftypefn first-deftypefun-alias-first-deftypefn">
<dt class="deftypefn deftypefun-alias-deftypefn" id="index-gnutls_005ffips140_005fset_005fmode"><span class="category-def">Function: </span><span><code class="def-type">void</code> <strong class="def-name">gnutls_fips140_set_mode</strong> <code class="def-code-arguments">(gnutls_fips_mode_t <var class="var">mode</var>, unsigned <var class="var">flags</var>)</code><a class="copiable-link" href='#index-gnutls_005ffips140_005fset_005fmode'> &para;</a></span></dt> <dt class="deftypefn deftypefun-alias-deftypefn" id="index-gnutls_005ffips140_005fset_005fmode"><span class="category-def">Function: </span><span><code class="def-type">void</code> <strong class="def-name">gnutls_fips140_set_mode</strong> <code class="def-code-arguments">(gnutls_fips_mode_t <var class="var">mode</var>, unsigned <var class="var">flags</var>)</code><a class="copiable-link" href='#index-gnutls_005ffips140_005fset_005fmode'> &para;</a></span></dt>
@ -414,7 +414,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
</p> </p>
<p><var class="var">flags</var>: should be zero or <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> <p><var class="var">flags</var>: should be zero or <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code>
</p> </p>
@@ -24553,13 +24553,13 @@ unusable. This function is not thread-s @@ -24578,13 +24578,13 @@ unusable. This function is not thread-s
behavior with no flags after threads are created is undefined. behavior with no flags after threads are created is undefined.
</p> </p>
<p>When the flag <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> is specified <p>When the flag <code class="code">GNUTLS_FIPS140_SET_MODE_THREAD</code> is specified
@ -430,7 +430,7 @@ Index: gnutls-3.8.1/doc/gnutls.html
values for <code class="code">mode</code> or to <code class="code">GNUTLS_FIPS140_SELFTESTS</code> mode, the library values for <code class="code">mode</code> or to <code class="code">GNUTLS_FIPS140_SELFTESTS</code> mode, the library
switches to <code class="code">GNUTLS_FIPS140_STRICT</code> mode. switches to <code class="code">GNUTLS_FIPS140_STRICT</code> mode.
</p> </p>
@@ -46765,7 +46765,7 @@ Next: <a href="#Concept-Index" accesskey @@ -46924,7 +46924,7 @@ Next: <a href="#Concept-Index" accesskey
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
@ -439,11 +439,11 @@ Index: gnutls-3.8.1/doc/gnutls.html
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td class="printindex-index-entry"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td class="printindex-index-section"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.8.1/doc/gnutls.info-3 Index: gnutls-3.8.2/doc/gnutls.info-3
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/gnutls.info-3 --- gnutls-3.8.2.orig/doc/gnutls.info-3
+++ gnutls-3.8.1/doc/gnutls.info-3 +++ gnutls-3.8.2/doc/gnutls.info-3
@@ -2241,7 +2241,7 @@ to more. Both will exit with a st @@ -2248,7 +2248,7 @@ to more. Both will exit with a st
--inline-commands-prefix=str Change the default delimiter for inline commands --inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library --provider=file Specify the PKCS #11 provider library
- file must pre-exist - file must pre-exist
@ -452,7 +452,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
--list-config Reports the configuration of the library --list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file --logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material --keymatexport=str Label used for exporting keying material
@@ -3379,7 +3379,7 @@ to know what happens inside the black bo @@ -3401,7 +3401,7 @@ to know what happens inside the black bo
* TLS Hello Extension Handling:: * TLS Hello Extension Handling::
* Cryptographic Backend:: * Cryptographic Backend::
* Random Number Generators-internals:: * Random Number Generators-internals::
@ -461,7 +461,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
 
File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
@@ -3911,7 +3911,7 @@ and abstract key types::. @@ -3933,7 +3933,7 @@ and abstract key types::.
kernel implementation of /dev/crypto. kernel implementation of /dev/crypto.
 
@ -470,7 +470,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
11.6 Random Number Generators 11.6 Random Number Generators
============================= =============================
@@ -3921,7 +3921,7 @@ About the generators @@ -3943,7 +3943,7 @@ About the generators
GnuTLS provides two random generators. The default, and the AES-DRBG GnuTLS provides two random generators. The default, and the AES-DRBG
random generator which is only used when the library is compiled with random generator which is only used when the library is compiled with
@ -479,7 +479,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
The default generator - inner workings The default generator - inner workings
-------------------------------------- --------------------------------------
@@ -4153,7 +4153,7 @@ in *note Figure 11.5: gnutls_fips_mode_t @@ -4175,7 +4175,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
Figure 11.5: The gnutls_fips_mode_t enumeration. Figure 11.5: The gnutls_fips_mode_t enumeration.
The intention of this API is to be used by applications which may run in The intention of this API is to be used by applications which may run in
@ -488,7 +488,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
set, e.g., for non-security related purposes. In these cases set, e.g., for non-security related purposes. In these cases
applications should wrap the non-compliant code within blocks like the applications should wrap the non-compliant code within blocks like the
following. following.
@@ -4177,10 +4177,10 @@ are macros to simplify the following seq @@ -4199,10 +4199,10 @@ are macros to simplify the following seq
The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous
calls is to localize the change in the mode. Note also, that such a calls is to localize the change in the mode. Note also, that such a
@ -501,7 +501,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
Service indicator Service indicator
@@ -4662,8 +4662,8 @@ There are certifications from national o @@ -4684,8 +4684,8 @@ There are certifications from national o
practices, such as unit testing and reliance on well known crypto practices, such as unit testing and reliance on well known crypto
primitives. primitives.
@ -512,7 +512,7 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
 
File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top
@@ -9128,7 +9128,7 @@ gnutls_fips140_set_mode @@ -9152,7 +9152,7 @@ gnutls_fips140_set_mode
-- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE, -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE,
unsigned FLAGS) unsigned FLAGS)
@ -521,11 +521,11 @@ Index: gnutls-3.8.1/doc/gnutls.info-3
FLAGS: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD FLAGS: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD
Index: gnutls-3.8.1/doc/invoke-gnutls-cli.texi Index: gnutls-3.8.2/doc/invoke-gnutls-cli.texi
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/invoke-gnutls-cli.texi --- gnutls-3.8.2.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.1/doc/invoke-gnutls-cli.texi +++ gnutls-3.8.2/doc/invoke-gnutls-cli.texi
@@ -99,7 +99,7 @@ None: @@ -102,7 +102,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands --inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library --provider=file Specify the PKCS #11 provider library
- file must pre-exist - file must pre-exist
@ -534,11 +534,11 @@ Index: gnutls-3.8.1/doc/invoke-gnutls-cli.texi
--list-config Reports the configuration of the library --list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file --logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material --keymatexport=str Label used for exporting keying material
Index: gnutls-3.8.1/doc/manpages/gnutls-cli.1 Index: gnutls-3.8.2/doc/manpages/gnutls-cli.1
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/manpages/gnutls-cli.1 --- gnutls-3.8.2.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.1/doc/manpages/gnutls-cli.1 +++ gnutls-3.8.2/doc/manpages/gnutls-cli.1
@@ -389,7 +389,7 @@ Specify the PKCS #11 provider library. @@ -398,7 +398,7 @@ Specify the PKCS #11 provider library.
This will override the default options in /etc/gnutls/pkcs11.conf This will override the default options in /etc/gnutls/pkcs11.conf
.TP .TP
.NOP \f\*[B-Font]\-\-fips140\-mode\f[] .NOP \f\*[B-Font]\-\-fips140\-mode\f[]
@ -547,11 +547,11 @@ Index: gnutls-3.8.1/doc/manpages/gnutls-cli.1
.sp .sp
.TP .TP
.NOP \f\*[B-Font]\-\-list\-config\f[] .NOP \f\*[B-Font]\-\-list\-config\f[]
Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html Index: gnutls-3.8.2/doc/reference/html/gnutls-gnutls.html
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/reference/html/gnutls-gnutls.html --- gnutls-3.8.2.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html +++ gnutls-3.8.2/doc/reference/html/gnutls-gnutls.html
@@ -20862,12 +20862,12 @@ gnutls_fips140_set_mode (<em class="para @@ -20866,12 +20866,12 @@ gnutls_fips140_set_mode (<em class="para
(globally), and should be called prior to creating any threads. Its (globally), and should be called prior to creating any threads. Its
behavior with no flags after threads are created is undefined.</p> behavior with no flags after threads are created is undefined.</p>
<p>When the flag <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SET-MODE-THREAD:CAPS" title="GNUTLS_FIPS140_SET_MODE_THREAD"><code class="literal">GNUTLS_FIPS140_SET_MODE_THREAD</code></a> is specified <p>When the flag <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SET-MODE-THREAD:CAPS" title="GNUTLS_FIPS140_SET_MODE_THREAD"><code class="literal">GNUTLS_FIPS140_SET_MODE_THREAD</code></a> is specified
@ -566,7 +566,7 @@ Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html
values for <em class="parameter"><code>mode</code></em> values for <em class="parameter"><code>mode</code></em>
or to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SELFTESTS:CAPS"><code class="literal">GNUTLS_FIPS140_SELFTESTS</code></a> mode, the library or to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SELFTESTS:CAPS"><code class="literal">GNUTLS_FIPS140_SELFTESTS</code></a> mode, the library
switches to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-STRICT:CAPS"><code class="literal">GNUTLS_FIPS140_STRICT</code></a> mode.</p> switches to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-STRICT:CAPS"><code class="literal">GNUTLS_FIPS140_STRICT</code></a> mode.</p>
@@ -20882,7 +20882,7 @@ switches to <a class="link" href="gnutls @@ -20886,7 +20886,7 @@ switches to <a class="link" href="gnutls
<tbody> <tbody>
<tr> <tr>
<td class="parameter_name"><p>mode</p></td> <td class="parameter_name"><p>mode</p></td>
@ -575,7 +575,7 @@ Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html
<td class="parameter_annotations"> </td> <td class="parameter_annotations"> </td>
</tr> </tr>
<tr> <tr>
@@ -25880,7 +25880,7 @@ encryption</p> @@ -25904,7 +25904,7 @@ encryption</p>
<hr> <hr>
<div class="refsect2"> <div class="refsect2">
<a name="gnutls-fips-mode-t"></a><h3>enum gnutls_fips_mode_t</h3> <a name="gnutls-fips-mode-t"></a><h3>enum gnutls_fips_mode_t</h3>
@ -584,7 +584,7 @@ Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html
<div class="refsect3"> <div class="refsect3">
<a name="gnutls-fips-mode-t.members"></a><h4>Members</h4> <a name="gnutls-fips-mode-t.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0"> <div class="informaltable"><table class="informaltable" width="100%" border="0">
@@ -25893,7 +25893,7 @@ encryption</p> @@ -25917,7 +25917,7 @@ encryption</p>
<tr> <tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-DISABLED:CAPS"></a>GNUTLS_FIPS140_DISABLED</p></td> <td class="enum_member_name"><p><a name="GNUTLS-FIPS140-DISABLED:CAPS"></a>GNUTLS_FIPS140_DISABLED</p></td>
<td class="enum_member_description"> <td class="enum_member_description">
@ -593,7 +593,7 @@ Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html
</td> </td>
<td class="enum_member_annotations"> </td> <td class="enum_member_annotations"> </td>
</tr> </tr>
@@ -25916,8 +25916,8 @@ operation failure via error code.</p> @@ -25940,8 +25940,8 @@ operation failure via error code.</p>
<tr> <tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-LAX:CAPS"></a>GNUTLS_FIPS140_LAX</p></td> <td class="enum_member_name"><p><a name="GNUTLS-FIPS140-LAX:CAPS"></a>GNUTLS_FIPS140_LAX</p></td>
<td class="enum_member_description"> <td class="enum_member_description">
@ -604,17 +604,17 @@ Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html
application is aware of the followed security policy, and needs application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).</p> to utilize disallowed operations for other reasons (e.g., compatibility).</p>
</td> </td>
@@ -27552,4 +27552,4 @@ This is used by <a class="link" href="gn @@ -27575,4 +27575,4 @@ This is used by <a class="link" href="gn
<div class="footer"> <div class="footer">
<hr>Generated by GTK-Doc V1.33.1</div> <hr>Generated by GTK-Doc V1.33.1</div>
</body> </body>
-</html> -</html>
\ No newline at end of file \ No newline at end of file
+</html> +</html>
Index: gnutls-3.8.1/lib/fips.c Index: gnutls-3.8.2/lib/fips.c
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/fips.c --- gnutls-3.8.2.orig/lib/fips.c
+++ gnutls-3.8.1/lib/fips.c +++ gnutls-3.8.2/lib/fips.c
@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void) @@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void)
} }
@ -734,10 +734,10 @@ Index: gnutls-3.8.1/lib/fips.c
} }
gnutls_fips140_context_deinit(fips_context); gnutls_fips140_context_deinit(fips_context);
} }
Index: gnutls-3.8.1/lib/fips.h Index: gnutls-3.8.2/lib/fips.h
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/fips.h --- gnutls-3.8.2.orig/lib/fips.h
+++ gnutls-3.8.1/lib/fips.h +++ gnutls-3.8.2/lib/fips.h
@@ -160,7 +160,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci @@ -160,7 +160,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
} }
@ -778,10 +778,10 @@ Index: gnutls-3.8.1/lib/fips.h
gnutls_cipher_get_name(algo)); gnutls_cipher_get_name(algo));
FALLTHROUGH; FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED: case GNUTLS_FIPS140_DISABLED:
Index: gnutls-3.8.1/lib/global.c Index: gnutls-3.8.2/lib/global.c
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/global.c --- gnutls-3.8.2.orig/lib/global.c
+++ gnutls-3.8.1/lib/global.c +++ gnutls-3.8.2/lib/global.c
@@ -337,12 +337,12 @@ static int _gnutls_global_init(unsigned @@ -337,12 +337,12 @@ static int _gnutls_global_init(unsigned
#ifdef ENABLE_FIPS140 #ifdef ENABLE_FIPS140
@ -815,11 +815,11 @@ Index: gnutls-3.8.1/lib/global.c
if (res != 2) { if (res != 2) {
gnutls_assert(); gnutls_assert();
goto out; goto out;
Index: gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in Index: gnutls-3.8.2/lib/includes/gnutls/gnutls.h.in
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/includes/gnutls/gnutls.h.in --- gnutls-3.8.2.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in +++ gnutls-3.8.2/lib/includes/gnutls/gnutls.h.in
@@ -3192,16 +3192,16 @@ typedef int (*gnutls_alert_read_func)(gn @@ -3199,16 +3199,16 @@ typedef int (*gnutls_alert_read_func)(gn
void gnutls_alert_set_read_function(gnutls_session_t session, void gnutls_alert_set_read_function(gnutls_session_t session,
gnutls_alert_read_func func); gnutls_alert_read_func func);
@ -840,7 +840,7 @@ Index: gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in
* application is aware of the followed security policy, and needs * application is aware of the followed security policy, and needs
* to utilize disallowed operations for other reasons (e.g., compatibility). * to utilize disallowed operations for other reasons (e.g., compatibility).
* @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results
@@ -3209,7 +3209,7 @@ unsigned gnutls_fips140_mode_enabled(voi @@ -3216,7 +3216,7 @@ unsigned gnutls_fips140_mode_enabled(voi
* @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state
* cannot be set or seen by applications. * cannot be set or seen by applications.
* *
@ -849,11 +849,11 @@ Index: gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in
*/ */
typedef enum gnutls_fips_mode_t { typedef enum gnutls_fips_mode_t {
GNUTLS_FIPS140_DISABLED = 0, GNUTLS_FIPS140_DISABLED = 0,
Index: gnutls-3.8.1/src/cli.c Index: gnutls-3.8.2/src/cli.c
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/src/cli.c --- gnutls-3.8.2.orig/src/cli.c
+++ gnutls-3.8.1/src/cli.c +++ gnutls-3.8.2/src/cli.c
@@ -1634,10 +1634,10 @@ static void cmd_parser(int argc, char ** @@ -1635,10 +1635,10 @@ static void cmd_parser(int argc, char **
if (HAVE_OPT(FIPS140_MODE)) { if (HAVE_OPT(FIPS140_MODE)) {
if (gnutls_fips140_mode_enabled() != 0) { if (gnutls_fips140_mode_enabled() != 0) {
@ -866,11 +866,11 @@ Index: gnutls-3.8.1/src/cli.c
exit(1); exit(1);
} }
Index: gnutls-3.8.1/src/gnutls-cli-options.c Index: gnutls-3.8.2/src/gnutls-cli-options.c
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/src/gnutls-cli-options.c --- gnutls-3.8.2.orig/src/gnutls-cli-options.c
+++ gnutls-3.8.1/src/gnutls-cli-options.c +++ gnutls-3.8.2/src/gnutls-cli-options.c
@@ -791,7 +791,7 @@ usage (FILE *out, int status) @@ -810,7 +810,7 @@ usage (FILE *out, int status)
" --inline-commands-prefix=str Change the default delimiter for inline commands\n" " --inline-commands-prefix=str Change the default delimiter for inline commands\n"
" --provider=file Specify the PKCS #11 provider library\n" " --provider=file Specify the PKCS #11 provider library\n"
" - file must pre-exist\n" " - file must pre-exist\n"
@ -879,10 +879,10 @@ Index: gnutls-3.8.1/src/gnutls-cli-options.c
" --list-config Reports the configuration of the library\n" " --list-config Reports the configuration of the library\n"
" --logfile=str Redirect informational messages to a specific file\n" " --logfile=str Redirect informational messages to a specific file\n"
" --keymatexport=str Label used for exporting keying material\n" " --keymatexport=str Label used for exporting keying material\n"
Index: gnutls-3.8.1/tests/cert-tests/gost.sh Index: gnutls-3.8.2/tests/cert-tests/gost.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/gost.sh --- gnutls-3.8.2.orig/tests/cert-tests/gost.sh
+++ gnutls-3.8.1/tests/cert-tests/gost.sh +++ gnutls-3.8.2/tests/cert-tests/gost.sh
@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then @@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -892,10 +892,10 @@ Index: gnutls-3.8.1/tests/cert-tests/gost.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs12-corner-cases.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-corner-cases.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs12-corner-cases.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -905,10 +905,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs12-encode.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-encode.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs12-encode.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -918,10 +918,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs12-gost.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-gost.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs12-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -931,10 +931,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs12.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs12.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs12.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs12.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -944,10 +944,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs12.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs8-decode.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-decode.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs8-decode.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -957,10 +957,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs8-eddsa.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-eddsa.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs8-eddsa.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -970,10 +970,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs8-gost.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-gost.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs8-gost.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -983,10 +983,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cert-tests/pkcs8.sh Index: gnutls-3.8.2/tests/cert-tests/pkcs8.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8.sh --- gnutls-3.8.2.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.8.1/tests/cert-tests/pkcs8.sh +++ gnutls-3.8.2/tests/cert-tests/pkcs8.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -996,10 +996,10 @@ Index: gnutls-3.8.1/tests/cert-tests/pkcs8.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/cipher-listings.sh Index: gnutls-3.8.2/tests/cipher-listings.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/cipher-listings.sh --- gnutls-3.8.2.orig/tests/cipher-listings.sh
+++ gnutls-3.8.1/tests/cipher-listings.sh +++ gnutls-3.8.2/tests/cipher-listings.sh
@@ -63,7 +63,7 @@ check() @@ -63,7 +63,7 @@ check()
${CLI} --fips140-mode ${CLI} --fips140-mode
@ -1009,10 +1009,10 @@ Index: gnutls-3.8.1/tests/cipher-listings.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/tests/testpkcs11.sh Index: gnutls-3.8.2/tests/testpkcs11.sh
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/tests/testpkcs11.sh --- gnutls-3.8.2.orig/tests/testpkcs11.sh
+++ gnutls-3.8.1/tests/testpkcs11.sh +++ gnutls-3.8.2/tests/testpkcs11.sh
@@ -26,7 +26,7 @@ @@ -26,7 +26,7 @@
RETCODE=0 RETCODE=0
@ -1022,10 +1022,10 @@ Index: gnutls-3.8.1/tests/testpkcs11.sh
exit 77 exit 77
fi fi
Index: gnutls-3.8.1/doc/enums/gnutls_fips_mode_t Index: gnutls-3.8.2/doc/enums/gnutls_fips_mode_t
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/enums/gnutls_fips_mode_t --- gnutls-3.8.2.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.1/doc/enums/gnutls_fips_mode_t +++ gnutls-3.8.2/doc/enums/gnutls_fips_mode_t
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@c gnutls_fips_mode_t @c gnutls_fips_mode_t
@table @code @table @code
@ -1046,10 +1046,10 @@ Index: gnutls-3.8.1/doc/enums/gnutls_fips_mode_t
application is aware of the followed security policy, and needs application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility). to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG @item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.8.1/doc/gnutls-api.texi Index: gnutls-3.8.2/doc/gnutls-api.texi
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/gnutls-api.texi --- gnutls-3.8.2.orig/doc/gnutls-api.texi
+++ gnutls-3.8.1/doc/gnutls-api.texi +++ gnutls-3.8.2/doc/gnutls-api.texi
@@ -3275,7 +3275,7 @@ unusable. This function is not thread-s @@ -3275,7 +3275,7 @@ unusable. This function is not thread-s
@subheading gnutls_fips140_set_mode @subheading gnutls_fips140_set_mode
@anchor{gnutls_fips140_set_mode} @anchor{gnutls_fips140_set_mode}
@ -1075,10 +1075,10 @@ Index: gnutls-3.8.1/doc/gnutls-api.texi
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode. switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.8.1/lib/ext/session_ticket.c Index: gnutls-3.8.2/lib/ext/session_ticket.c
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/ext/session_ticket.c --- gnutls-3.8.2.orig/lib/ext/session_ticket.c
+++ gnutls-3.8.1/lib/ext/session_ticket.c +++ gnutls-3.8.2/lib/ext/session_ticket.c
@@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g @@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g
{ {
if (_gnutls_fips_mode_enabled()) { if (_gnutls_fips_mode_enabled()) {
@ -1088,11 +1088,11 @@ Index: gnutls-3.8.1/lib/ext/session_ticket.c
* some limits on allowed key size, thus it is not * some limits on allowed key size, thus it is not
* used. These limits do not affect this function as * used. These limits do not affect this function as
* it does not generate a "key" but rather key material * it does not generate a "key" but rather key material
Index: gnutls-3.8.1/lib/libgnutls.map Index: gnutls-3.8.2/lib/libgnutls.map
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/libgnutls.map --- gnutls-3.8.2.orig/lib/libgnutls.map
+++ gnutls-3.8.1/lib/libgnutls.map +++ gnutls-3.8.2/lib/libgnutls.map
@@ -1428,7 +1428,7 @@ GNUTLS_FIPS140_3_4 { @@ -1441,7 +1441,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_hkdf_self_test; gnutls_hkdf_self_test;
gnutls_pbkdf2_self_test; gnutls_pbkdf2_self_test;
gnutls_tlsprf_self_test; gnutls_tlsprf_self_test;
@ -1101,10 +1101,10 @@ Index: gnutls-3.8.1/lib/libgnutls.map
drbg_aes_reseed; drbg_aes_reseed;
drbg_aes_init; drbg_aes_init;
drbg_aes_generate; drbg_aes_generate;
Index: gnutls-3.8.1/lib/nettle/mac.c Index: gnutls-3.8.2/lib/nettle/mac.c
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/lib/nettle/mac.c --- gnutls-3.8.2.orig/lib/nettle/mac.c
+++ gnutls-3.8.1/lib/nettle/mac.c +++ gnutls-3.8.2/lib/nettle/mac.c
@@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx @@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx
static int _mac_ctx_init(gnutls_mac_algorithm_t algo, static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
struct nettle_mac_ctx *ctx) struct nettle_mac_ctx *ctx)
@ -1123,10 +1123,10 @@ Index: gnutls-3.8.1/lib/nettle/mac.c
* gnutls_hash_init() and gnutls_hmac_init() */ * gnutls_hash_init() and gnutls_hmac_init() */
switch (algo) { switch (algo) {
case GNUTLS_DIG_MD5: case GNUTLS_DIG_MD5:
Index: gnutls-3.8.1/config.h.in Index: gnutls-3.8.2/config.h.in
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/config.h.in --- gnutls-3.8.2.orig/config.h.in
+++ gnutls-3.8.1/config.h.in +++ gnutls-3.8.2/config.h.in
@@ -82,7 +82,7 @@ @@ -82,7 +82,7 @@
/* enable DHE */ /* enable DHE */
#undef ENABLE_ECDHE #undef ENABLE_ECDHE
@ -1145,11 +1145,11 @@ Index: gnutls-3.8.1/config.h.in
#undef FIPS_KEY #undef FIPS_KEY
/* The FIPS140 module name */ /* The FIPS140 module name */
Index: gnutls-3.8.1/configure Index: gnutls-3.8.2/configure
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/configure --- gnutls-3.8.2.orig/configure
+++ gnutls-3.8.1/configure +++ gnutls-3.8.2/configure
@@ -3826,7 +3826,7 @@ Optional Features: @@ -3828,7 +3828,7 @@ Optional Features:
--enable-fast-install[=PKGS] --enable-fast-install[=PKGS]
optimize for fast installation [default=yes] optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds) --disable-libtool-lock avoid locking (might break parallel builds)
@ -1158,10 +1158,10 @@ Index: gnutls-3.8.1/configure
--enable-strict-x509 enable stricter sanity checks for x509 certificates --enable-strict-x509 enable stricter sanity checks for x509 certificates
--disable-non-suiteb-curves --disable-non-suiteb-curves
disable curves not in SuiteB disable curves not in SuiteB
Index: gnutls-3.8.1/doc/cha-support.texi Index: gnutls-3.8.2/doc/cha-support.texi
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/cha-support.texi --- gnutls-3.8.2.orig/doc/cha-support.texi
+++ gnutls-3.8.1/doc/cha-support.texi +++ gnutls-3.8.2/doc/cha-support.texi
@@ -134,5 +134,5 @@ There are certifications from national o @@ -134,5 +134,5 @@ There are certifications from national o
to an auditor that the crypto component follows some best practices, such to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives. as unit testing and reliance on well known crypto primitives.
@ -1170,24 +1170,24 @@ Index: gnutls-3.8.1/doc/cha-support.texi
-See @ref{FIPS140-2 mode} for more information. -See @ref{FIPS140-2 mode} for more information.
+GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux.
+See @ref{FIPS140-3 mode} for more information. +See @ref{FIPS140-3 mode} for more information.
Index: gnutls-3.8.1/doc/gnutls.info Index: gnutls-3.8.2/doc/gnutls.info
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/doc/gnutls.info --- gnutls-3.8.2.orig/doc/gnutls.info
+++ gnutls-3.8.1/doc/gnutls.info +++ gnutls-3.8.2/doc/gnutls.info
@@ -618,7 +618,7 @@ Ref: fig-crypto-layers743604 @@ -619,7 +619,7 @@ Ref: fig-crypto-layers744475
Ref: Cryptographic Backend-Footnote-1746916 Ref: Cryptographic Backend-Footnote-1747787
Ref: Cryptographic Backend-Footnote-2747001 Ref: Cryptographic Backend-Footnote-2747872
Node: Random Number Generators-internals747113 Node: Random Number Generators-internals747984
-Node: FIPS140-2 mode754583 -Node: FIPS140-2 mode755454
+Node: FIPS140-3 mode754583 +Node: FIPS140-3 mode755454
Ref: gnutls_fips_mode_t757281 Ref: gnutls_fips_mode_t758152
Node: Upgrading from previous versions760950 Node: Upgrading from previous versions761821
Node: Support775192 Node: Support776063
Index: gnutls-3.8.1/src/gnutls-cli-options.json Index: gnutls-3.8.2/src/gnutls-cli-options.json
=================================================================== ===================================================================
--- gnutls-3.8.1.orig/src/gnutls-cli-options.json --- gnutls-3.8.2.orig/src/gnutls-cli-options.json
+++ gnutls-3.8.1/src/gnutls-cli-options.json +++ gnutls-3.8.2/src/gnutls-cli-options.json
@@ -372,7 +372,7 @@ @@ -384,7 +384,7 @@
}, },
{ {
"long-option": "fips140-mode", "long-option": "fips140-mode",

56
gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
View File

@ -1,56 +0,0 @@
From abfa8634db940115a11a07596ce53c8f9c4f87d2 Mon Sep 17 00:00:00 2001
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 6 Aug 2023 22:46:22 +0300
Subject: [PATCH] Move the GNUTLS_NO_EXTENSIONS compatibility #define to
gnutls.h
Signed-off-by: Adrian Bunk <bunk@debian.org>
---
lib/ext/ext_master_secret.h | 3 ---
lib/includes/gnutls/gnutls.h.in | 3 +++
lib/state.h | 3 ---
3 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/lib/ext/ext_master_secret.h b/lib/ext/ext_master_secret.h
index 45d38178bd..419335b4e3 100644
--- a/lib/ext/ext_master_secret.h
+++ b/lib/ext/ext_master_secret.h
@@ -23,9 +23,6 @@
#ifndef GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
#define GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
-/* Keep backward compatibility */
-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
-
#include <hello_ext.h>
extern const hello_ext_entry_st ext_mod_ext_master_secret;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index ec132cb5c3..fc64c7a228 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -542,6 +542,9 @@ typedef enum {
#define GNUTLS_ENABLE_CERT_TYPE_NEG 0
// Here for compatibility reasons
+/* Keep backward compatibility */
+#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
+
/**
* gnutls_alert_level_t:
* @GNUTLS_AL_WARNING: Alert of warning severity.
diff --git a/lib/state.h b/lib/state.h
index dc086bcf0d..975ceee3a7 100644
--- a/lib/state.h
+++ b/lib/state.h
@@ -110,7 +110,4 @@ inline static int _gnutls_PRF(gnutls_session_t session, const uint8_t *secret,
#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
-/* Keep backward compatibility */
-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
-
#endif /* GNUTLS_LIB_STATE_H */
--
GitLab

38
gnutls.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Fri Nov 17 10:17:02 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.2: [bsc#1217277, CVE-2023-5981]
* libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
[GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]
* libgnutls: Add API functions to perform ECDH and DH key agreement
The functionality has been there for a long time though they were
not available as part of the public API. This enables applications
to implement custom protocols leveraging non-interactive key
agreement with ECDH and DH.
* libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452)
The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and
GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through
the AEAD interface. Note that, unlike
GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is
appended to the ciphertext, not prepended.
* libgnutls: transparent KTLS support is extended to FreeBSD kernel
The kernel TLS feature can now be enabled on FreeBSD as well as
Linux when compiled with the --enable-ktls configure option.
* gnutls-cli: New option --starttls-name
Depending on deployment, application protocols such as XMPP may
require a different origin address than the external address to be
presented prior to STARTTLS negotiation. The --starttls-name can
be used to specify specify the addresses separately.
* API and ABI modifications:
- gnutls_pubkey_import_dh_raw: New function
- gnutls_privkey_import_dh_raw: New function
- gnutls_pubkey_export_dh_raw: New function
- gnutls_privkey_export_dh_raw: New function
- gnutls_x509_privkey_import_dh_raw: New function
- gnutls_privkey_derive_secret: New function
- GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t
- GNUTLS_CIPHER_AES_128_SIV_GCM: Added
- GNUTLS_CIPHER_AES_256_SIV_GCM: Added
* Rebase gnutls-FIPS-140-3-references.patch
* Remove upstream: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 22 15:00:57 UTC 2023 - Pedro Monreal <pmonreal@suse.com> Tue Aug 22 15:00:57 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

4
gnutls.spec
View File

@ -40,7 +40,7 @@
%endif %endif
%bcond_with tpm %bcond_with tpm
Name: gnutls Name: gnutls
Version: 3.8.1 Version: 3.8.2
Release: 0 Release: 0
Summary: The GNU Transport Layer Security Library Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later License: GPL-3.0-or-later AND LGPL-2.1-or-later
@ -58,8 +58,6 @@ Patch1: gnutls-FIPS-TLS_KDF_selftest.patch
Patch2: gnutls-disable-flaky-test-dtls-resume.patch Patch2: gnutls-disable-flaky-test-dtls-resume.patch
# PATCH-FIX-OPENSUSE The srp test fails with SIGPIPE # PATCH-FIX-OPENSUSE The srp test fails with SIGPIPE
Patch3: gnutls-srp-test-SIGPIPE.patch Patch3: gnutls-srp-test-SIGPIPE.patch
# PATCH-FIX-OPENSUSE Fix missing GNUTLS_NO_EXTENSIONS compatibility
Patch4: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
# FIPS 140-3 patches: # FIPS 140-3 patches:
#PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3
Patch100: gnutls-FIPS-140-3-references.patch Patch100: gnutls-FIPS-140-3-references.patch