diff --git a/gnutls-3.7.9.tar.xz b/gnutls-3.7.9.tar.xz deleted file mode 100644 index 8c12498..0000000 --- a/gnutls-3.7.9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aaa03416cdbd54eb155187b359e3ec3ed52ec73df4df35a0edd49429ff64d844 -size 6377212 diff --git a/gnutls-3.7.9.tar.xz.sig b/gnutls-3.7.9.tar.xz.sig deleted file mode 100644 index 5488913..0000000 Binary files a/gnutls-3.7.9.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.8.0.tar.xz b/gnutls-3.8.0.tar.xz new file mode 100644 index 0000000..d57e970 --- /dev/null +++ b/gnutls-3.8.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0ea0d11a1660a1e63f960f157b197abe6d0c8cb3255be24e1fb3815930b9bdc5 +size 6378480 diff --git a/gnutls-3.8.0.tar.xz.sig b/gnutls-3.8.0.tar.xz.sig new file mode 100644 index 0000000..f22d076 Binary files /dev/null and b/gnutls-3.8.0.tar.xz.sig differ diff --git a/gnutls-FIPS-140-3-references.patch b/gnutls-FIPS-140-3-references.patch index 101757c..bfc6651 100644 --- a/gnutls-FIPS-140-3-references.patch +++ b/gnutls-FIPS-140-3-references.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.7.9/configure.ac +Index: gnutls-3.8.0/configure.ac =================================================================== ---- gnutls-3.7.9.orig/configure.ac -+++ gnutls-3.7.9/configure.ac -@@ -588,19 +588,19 @@ LT_INIT([disable-static,win32-dll,shared +--- gnutls-3.8.0.orig/configure.ac ++++ gnutls-3.8.0/configure.ac +@@ -586,19 +586,19 @@ LT_INIT([disable-static,win32-dll,shared AC_LIB_HAVE_LINKFLAGS(dl,, [#include ], [dladdr (0, 0);]) AC_ARG_ENABLE(fips140-mode, @@ -25,11 +25,11 @@ Index: gnutls-3.7.9/configure.ac AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], [specify the FIPS140 module name]), -Index: gnutls-3.7.9/doc/cha-gtls-app.texi +Index: gnutls-3.8.0/doc/cha-gtls-app.texi =================================================================== ---- gnutls-3.7.9.orig/doc/cha-gtls-app.texi -+++ gnutls-3.7.9/doc/cha-gtls-app.texi -@@ -206,7 +206,7 @@ CPU. The currently available options are +--- gnutls-3.8.0.orig/doc/cha-gtls-app.texi ++++ gnutls-3.8.0/doc/cha-gtls-app.texi +@@ -222,7 +222,7 @@ CPU. The currently available options are @end itemize @item @code{GNUTLS_FORCE_FIPS_MODE} @@ -38,10 +38,10 @@ Index: gnutls-3.7.9/doc/cha-gtls-app.texi if set to one it will force the FIPS mode enablement. @end multitable -Index: gnutls-3.7.9/doc/cha-internals.texi +Index: gnutls-3.8.0/doc/cha-internals.texi =================================================================== ---- gnutls-3.7.9.orig/doc/cha-internals.texi -+++ gnutls-3.7.9/doc/cha-internals.texi +--- gnutls-3.8.0.orig/doc/cha-internals.texi ++++ gnutls-3.8.0/doc/cha-internals.texi @@ -14,7 +14,7 @@ happens inside the black box. * TLS Hello Extension Handling:: * Cryptographic Backend:: @@ -162,11 +162,11 @@ Index: gnutls-3.7.9/doc/cha-internals.texi operation. It can be attached to the current execution thread with @funcref{gnutls_fips140_push_context} and its internal state will be updated until it is detached with -Index: gnutls-3.7.9/doc/enums.texi +Index: gnutls-3.8.0/doc/enums.texi =================================================================== ---- gnutls-3.7.9.orig/doc/enums.texi -+++ gnutls-3.7.9/doc/enums.texi -@@ -1169,7 +1169,7 @@ application traffic secret is installed +--- gnutls-3.8.0.orig/doc/enums.texi ++++ gnutls-3.8.0/doc/enums.texi +@@ -1176,7 +1176,7 @@ application traffic secret is installed @c gnutls_fips_mode_t @table @code @item GNUTLS_@-FIPS140_@-DISABLED @@ -175,7 +175,7 @@ Index: gnutls-3.7.9/doc/enums.texi @item GNUTLS_@-FIPS140_@-STRICT The default mode; all forbidden operations will cause an operation failure via error code. -@@ -1177,8 +1177,8 @@ operation failure via error code. +@@ -1184,8 +1184,8 @@ operation failure via error code. A transient state during library initialization. That state cannot be set or seen by applications. @item GNUTLS_@-FIPS140_@-LAX @@ -186,10 +186,10 @@ Index: gnutls-3.7.9/doc/enums.texi application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode +Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode =================================================================== ---- gnutls-3.7.9.orig/doc/functions/gnutls_fips140_set_mode -+++ gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode +--- gnutls-3.8.0.orig/doc/functions/gnutls_fips140_set_mode ++++ gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode @@ -3,7 +3,7 @@ @@ -215,10 +215,10 @@ Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.7.9/doc/gnutls.html +Index: gnutls-3.8.0/doc/gnutls.html =================================================================== ---- gnutls-3.7.9.orig/doc/gnutls.html -+++ gnutls-3.7.9/doc/gnutls.html +--- gnutls-3.8.0.orig/doc/gnutls.html ++++ gnutls-3.8.0/doc/gnutls.html @@ -486,7 +486,7 @@ Documentation License”.
  • 11.4 TLS Extension Handling
  • 11.5 Cryptographic Backend
    • @@ -228,7 +228,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
  • Appendix A Upgrading from previous versions
  • Appendix B Support -@@ -8990,7 +8990,7 @@ CPU. The currently available options are +@@ -9009,7 +9009,7 @@ CPU. The currently available options are
  • 0x200000: Enable VIA PHE
  • 0x400000: Enable VIA PHE SHA512
    • @@ -405,7 +405,7 @@ Index: gnutls-3.7.9/doc/gnutls.html

    -@@ -24538,7 +24538,7 @@ unusable. This function is not thread-s +@@ -24526,7 +24526,7 @@ unusable. This function is not thread-s

    gnutls_fips140_set_mode

    Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t mode, unsigned flags)
    @@ -414,7 +414,7 @@ Index: gnutls-3.7.9/doc/gnutls.html

    flags: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD

    -@@ -24547,13 +24547,13 @@ unusable. This function is not thread-s +@@ -24535,13 +24535,13 @@ unusable. This function is not thread-s behavior with no flags after threads are created is undefined.

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -430,7 +430,7 @@ Index: gnutls-3.7.9/doc/gnutls.html values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library switches to GNUTLS_FIPS140_STRICT mode.

    -@@ -46665,7 +46665,7 @@ Next: gnutls_fingerprintCore TLS API gnutls_fips140_context_deinitCore TLS API gnutls_fips140_context_initCore TLS API @@ -439,11 +439,11 @@ Index: gnutls-3.7.9/doc/gnutls.html gnutls_fips140_get_operation_stateCore TLS API gnutls_fips140_mode_enabledCore TLS API gnutls_fips140_pop_contextCore TLS API -Index: gnutls-3.7.9/doc/gnutls.info-3 +Index: gnutls-3.8.0/doc/gnutls.info-3 =================================================================== ---- gnutls-3.7.9.orig/doc/gnutls.info-3 -+++ gnutls-3.7.9/doc/gnutls.info-3 -@@ -2458,7 +2458,7 @@ to 'more'. Both will exit with a status +--- gnutls-3.8.0.orig/doc/gnutls.info-3 ++++ gnutls-3.8.0/doc/gnutls.info-3 +@@ -1631,7 +1631,7 @@ to 'more'. Both will exit with a status --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library - file must pre-exist @@ -452,7 +452,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -@@ -3559,7 +3559,7 @@ to know what happens inside the black bo +@@ -2732,7 +2732,7 @@ to know what happens inside the black bo * TLS Hello Extension Handling:: * Cryptographic Backend:: * Random Number Generators-internals:: @@ -461,7 +461,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3  File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS -@@ -4091,7 +4091,7 @@ and abstract key types::. +@@ -3264,7 +3264,7 @@ and abstract key types::. kernel implementation of '/dev/crypto'.  @@ -470,7 +470,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 11.6 Random Number Generators ============================= -@@ -4101,7 +4101,7 @@ About the generators +@@ -3274,7 +3274,7 @@ About the generators GnuTLS provides two random generators. The default, and the AES-DRBG random generator which is only used when the library is compiled with @@ -479,7 +479,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 The default generator - inner workings -------------------------------------- -@@ -4250,25 +4250,25 @@ after observing the output of the PRNG. +@@ -3423,25 +3423,25 @@ after observing the output of the PRNG. the above paragraph, all levels are immune to such attack.  @@ -513,7 +513,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 modified as follows. * The random generator used switches to DRBG-AES -@@ -4276,11 +4276,11 @@ modified as follows. +@@ -3449,11 +3449,11 @@ modified as follows. startup * Algorithm self-tests are run on library load @@ -528,7 +528,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 generation * Any cryptographic operation will be refused if any of the self-tests failed -@@ -4289,7 +4289,7 @@ There are also few environment variables +@@ -3462,7 +3462,7 @@ There are also few environment variables The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will disable the library integrity tests on startup, and the variable 'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure @@ -537,7 +537,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 while '0' will disable it. The integrity checks for the dependent libraries and GnuTLS are -@@ -4298,20 +4298,20 @@ library. The key for the operations can +@@ -3471,20 +3471,20 @@ library. The key for the operations can with the configure option '-with-fips140-key'. The MAC algorithm used is HMAC-SHA256. @@ -562,7 +562,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 'GNUTLS_FIPS140_STRICT' The default mode; all forbidden operations will cause an operation failure via error code. -@@ -4319,8 +4319,8 @@ in *note Figure 11.5: gnutls_fips_mode_t +@@ -3492,8 +3492,8 @@ in *note Figure 11.5: gnutls_fips_mode_t A transient state during library initialization. That state cannot be set or seen by applications. 'GNUTLS_FIPS140_LAX' @@ -573,7 +573,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 the application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). -@@ -4333,7 +4333,7 @@ in *note Figure 11.5: gnutls_fips_mode_t +@@ -3506,7 +3506,7 @@ in *note Figure 11.5: gnutls_fips_mode_t Figure 11.5: The 'gnutls_fips_mode_t' enumeration. The intention of this API is to be used by applications which may run in @@ -582,7 +582,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 set, e.g., for non-security related purposes. In these cases applications should wrap the non-compliant code within blocks like the following. -@@ -4357,10 +4357,10 @@ are macros to simplify the following seq +@@ -3530,10 +3530,10 @@ are macros to simplify the following seq The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous calls is to localize the change in the mode. Note also, that such a @@ -595,7 +595,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); Service indicator -@@ -4379,7 +4379,7 @@ within a given context. +@@ -3552,7 +3552,7 @@ within a given context. 'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)' 'INT *note gnutls_fips140_pop_context:: ( VOID)' @@ -604,7 +604,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 operation. It can be attached to the current execution thread with *note gnutls_fips140_push_context:: and its internal state will be updated until it is detached with *note gnutls_fips140_pop_context::. -@@ -4837,8 +4837,8 @@ There are certifications from national o +@@ -4010,8 +4010,8 @@ There are certifications from national o practices, such as unit testing and reliance on well known crypto primitives. @@ -615,7 +615,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3  File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top -@@ -9315,7 +9315,7 @@ gnutls_fips140_set_mode +@@ -8476,7 +8476,7 @@ gnutls_fips140_set_mode -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE, unsigned FLAGS) @@ -624,7 +624,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD' -@@ -9325,12 +9325,12 @@ gnutls_fips140_set_mode +@@ -8486,12 +8486,12 @@ gnutls_fips140_set_mode undefined. When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then @@ -639,10 +639,10 @@ Index: gnutls-3.7.9/doc/gnutls.info-3 values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the library switches to 'GNUTLS_FIPS140_STRICT' mode. -Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi +Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi =================================================================== ---- gnutls-3.7.9.orig/doc/invoke-gnutls-cli.texi -+++ gnutls-3.7.9/doc/invoke-gnutls-cli.texi +--- gnutls-3.8.0.orig/doc/invoke-gnutls-cli.texi ++++ gnutls-3.8.0/doc/invoke-gnutls-cli.texi @@ -99,7 +99,7 @@ None: --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library @@ -652,10 +652,10 @@ Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1 +Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1 =================================================================== ---- gnutls-3.7.9.orig/doc/manpages/gnutls-cli.1 -+++ gnutls-3.7.9/doc/manpages/gnutls-cli.1 +--- gnutls-3.8.0.orig/doc/manpages/gnutls-cli.1 ++++ gnutls-3.8.0/doc/manpages/gnutls-cli.1 @@ -389,7 +389,7 @@ Specify the PKCS #11 provider library. This will override the default options in /etc/gnutls/pkcs11.conf .TP @@ -665,11 +665,11 @@ Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1 .sp .TP .NOP \f\*[B-Font]\-\-list\-config\f[] -Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html +Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html =================================================================== ---- gnutls-3.7.9.orig/doc/reference/html/gnutls-gnutls.html -+++ gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html -@@ -20552,12 +20552,12 @@ gnutls_fips140_set_mode (

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -684,7 +684,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library switches to GNUTLS_FIPS140_STRICT mode.

    -@@ -20572,7 +20572,7 @@ switches to

    mode

    @@ -693,7 +693,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html   -@@ -25479,7 +25479,7 @@ encryption

    +@@ -25568,7 +25568,7 @@ encryption

    enum gnutls_fips_mode_t

    @@ -702,7 +702,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html

    Members

    -@@ -25492,7 +25492,7 @@ encryption

    +@@ -25581,7 +25581,7 @@ encryption

    -@@ -25515,8 +25515,8 @@ operation failure via error code.

    +@@ -25604,8 +25604,8 @@ operation failure via error code.

    -@@ -27111,4 +27111,4 @@ transition to
    Generated by GTK-Doc V1.33.1 - \ No newline at end of file + -Index: gnutls-3.7.9/lib/fips.c +Index: gnutls-3.8.0/lib/fips.c =================================================================== ---- gnutls-3.7.9.orig/lib/fips.c -+++ gnutls-3.7.9/lib/fips.c -@@ -113,7 +113,7 @@ unsigned _gnutls_fips_mode_enabled(void) +--- gnutls-3.8.0.orig/lib/fips.c ++++ gnutls-3.8.0/lib/fips.c +@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void) } if (f1p != 0) { @@ -742,7 +742,7 @@ Index: gnutls-3.7.9/lib/fips.c ret = GNUTLS_FIPS140_STRICT; goto exit; } -@@ -122,7 +122,7 @@ unsigned _gnutls_fips_mode_enabled(void) +@@ -130,7 +130,7 @@ unsigned _gnutls_fips_mode_enabled(void) if (f2p != 0) { /* a funny state where self tests are performed * and ignored */ @@ -751,7 +751,7 @@ Index: gnutls-3.7.9/lib/fips.c ret = GNUTLS_FIPS140_SELFTESTS; goto exit; } -@@ -632,7 +632,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi /** * gnutls_fips140_set_mode: @@ -760,7 +760,7 @@ Index: gnutls-3.7.9/lib/fips.c * @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD * * That function is not thread-safe when changing the mode with no flags -@@ -640,13 +640,13 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi * behavior with no flags after threads are created is undefined. * * When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -776,27 +776,28 @@ Index: gnutls-3.7.9/lib/fips.c * values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library * switches to %GNUTLS_FIPS140_STRICT mode. * -@@ -657,8 +657,8 @@ void gnutls_fips140_set_mode(gnutls_fips +@@ -719,9 +719,9 @@ void gnutls_fips140_set_mode(gnutls_fips #ifdef ENABLE_FIPS140 gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled(); if (prev == GNUTLS_FIPS140_DISABLED || prev == GNUTLS_FIPS140_SELFTESTS) { - /* we need to run self-tests first to be in FIPS140-2 mode */ -- _gnutls_audit_log(NULL, "The library should be initialized in FIPS140-2 mode to do that operation\n"); + /* we need to run self-tests first to be in FIPS140-3 mode */ -+ _gnutls_audit_log(NULL, "The library should be initialized in FIPS140-3 mode to do that operation\n"); + _gnutls_audit_log(NULL, +- "The library should be initialized in FIPS140-2 mode to do that operation\n"); ++ "The library should be initialized in FIPS140-3 mode to do that operation\n"); return; } -@@ -669,7 +669,7 @@ void gnutls_fips140_set_mode(gnutls_fips - case GNUTLS_FIPS140_DISABLED: - break; - case GNUTLS_FIPS140_SELFTESTS: -- _gnutls_audit_log(NULL, "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); -+ _gnutls_audit_log(NULL, "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); - mode = GNUTLS_FIPS140_STRICT; - break; - default: -@@ -848,7 +848,7 @@ _gnutls_switch_fips_state(gnutls_fips140 +@@ -733,7 +733,7 @@ void gnutls_fips140_set_mode(gnutls_fips + break; + case GNUTLS_FIPS140_SELFTESTS: + _gnutls_audit_log(NULL, +- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); ++ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); + mode = GNUTLS_FIPS140_STRICT; + break; + default: +@@ -908,7 +908,7 @@ void _gnutls_switch_fips_state(gnutls_fi } if (!_tfips_context) { @@ -805,63 +806,63 @@ Index: gnutls-3.7.9/lib/fips.c return; } -@@ -860,7 +860,7 @@ _gnutls_switch_fips_state(gnutls_fips140 - case GNUTLS_FIPS140_OP_INITIAL: +@@ -921,7 +921,7 @@ void _gnutls_switch_fips_state(gnutls_fi /* initial can be transitioned to any state */ if (mode != GNUTLS_FIPS140_LAX) { -- _gnutls_audit_log(NULL, "FIPS140-2 operation mode switched from initial to %s\n", -+ _gnutls_audit_log(NULL, "FIPS140-3 operation mode switched from initial to %s\n", + _gnutls_audit_log(NULL, +- "FIPS140-2 operation mode switched from initial to %s\n", ++ "FIPS140-3 operation mode switched from initial to %s\n", operation_state_to_string(state)); } _tfips_context->state = state; -@@ -869,7 +869,7 @@ _gnutls_switch_fips_state(gnutls_fips140 - /* approved can only be transitioned to not-approved */ +@@ -931,7 +931,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (likely(state == GNUTLS_FIPS140_OP_NOT_APPROVED)) { if (mode != GNUTLS_FIPS140_LAX) { -- _gnutls_audit_log(NULL, "FIPS140-2 operation mode switched from approved to %s\n", -+ _gnutls_audit_log(NULL, "FIPS140-3 operation mode switched from approved to %s\n", - operation_state_to_string(state)); + _gnutls_audit_log(NULL, +- "FIPS140-2 operation mode switched from approved to %s\n", ++ "FIPS140-3 operation mode switched from approved to %s\n", + operation_state_to_string + (state)); } - _tfips_context->state = state; -@@ -879,7 +879,7 @@ _gnutls_switch_fips_state(gnutls_fips140 - default: +@@ -943,7 +943,7 @@ void _gnutls_switch_fips_state(gnutls_fi /* other transitions are prohibited */ if (mode != GNUTLS_FIPS140_LAX) { -- _gnutls_audit_log(NULL, "FIPS140-2 operation mode cannot be switched from %s to %s\n", -+ _gnutls_audit_log(NULL, "FIPS140-3 operation mode cannot be switched from %s to %s\n", - operation_state_to_string(_tfips_context->state), + _gnutls_audit_log(NULL, +- "FIPS140-2 operation mode cannot be switched from %s to %s\n", ++ "FIPS140-3 operation mode cannot be switched from %s to %s\n", + operation_state_to_string + (_tfips_context->state), operation_state_to_string(state)); - } -@@ -941,7 +941,7 @@ gnutls_fips140_run_self_tests(void) - if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && - ret < 0) { +@@ -1004,7 +1004,7 @@ int gnutls_fips140_run_self_tests(void) + if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); -- _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n"); -+ _gnutls_audit_log(NULL, "FIPS140-3 self testing part 2 failed\n"); + _gnutls_audit_log(NULL, +- "FIPS140-2 self testing part 2 failed\n"); ++ "FIPS140-3 self testing part 2 failed\n"); } else { /* Restore the previous library state */ _gnutls_switch_lib_state(prev_lib_state); -@@ -951,7 +951,7 @@ gnutls_fips140_run_self_tests(void) - if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && fips_context) { +@@ -1016,7 +1016,7 @@ int gnutls_fips140_run_self_tests(void) if (gnutls_fips140_pop_context() < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); -- _gnutls_audit_log(NULL, "FIPS140-2 context restoration failed\n"); -+ _gnutls_audit_log(NULL, "FIPS140-3 context restoration failed\n"); + _gnutls_audit_log(NULL, +- "FIPS140-2 context restoration failed\n"); ++ "FIPS140-3 context restoration failed\n"); } gnutls_fips140_context_deinit(fips_context); } -Index: gnutls-3.7.9/lib/fips.h +Index: gnutls-3.8.0/lib/fips.h =================================================================== ---- gnutls-3.7.9.orig/lib/fips.h -+++ gnutls-3.7.9/lib/fips.h -@@ -189,16 +189,16 @@ is_digest_algo_allowed_for_sign_in_fips( +--- gnutls-3.8.0.orig/lib/fips.h ++++ gnutls-3.8.0/lib/fips.h +@@ -158,16 +158,16 @@ is_cipher_algo_allowed_in_fips(gnutls_ci } - #ifdef ENABLE_FIPS140 + # ifdef ENABLE_FIPS140 -/* This will test the condition when in FIPS140-2 mode +/* This will test the condition when in FIPS140-3 mode * and return an error if necessary or ignore */ - # define FIPS_RULE(condition, ret_error, ...) { \ + # define FIPS_RULE(condition, ret_error, ...) { \ gnutls_fips_mode_t _mode = _gnutls_fips_mode_enabled(); \ if (_mode != GNUTLS_FIPS140_DISABLED) { \ if (condition) { \ @@ -874,7 +875,7 @@ Index: gnutls-3.7.9/lib/fips.h return ret_error; \ } \ } \ -@@ -213,7 +213,7 @@ is_mac_algo_allowed(gnutls_mac_algorithm +@@ -181,7 +181,7 @@ inline static bool is_mac_algo_allowed(g switch (mode) { case GNUTLS_FIPS140_LOG: _gnutls_audit_log(NULL, @@ -883,28 +884,19 @@ Index: gnutls-3.7.9/lib/fips.h gnutls_mac_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -@@ -235,7 +235,7 @@ is_cipher_algo_allowed(gnutls_cipher_alg - !is_cipher_algo_allowed_in_fips(algo)) { +@@ -203,7 +203,7 @@ inline static bool is_cipher_algo_allowe switch (mode) { case GNUTLS_FIPS140_LOG: -- _gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n", -+ _gnutls_audit_log(NULL, "fips140-3: allowing access to %s\n", + _gnutls_audit_log(NULL, +- "fips140-2: allowing access to %s\n", ++ "fips140-3: allowing access to %s\n", gnutls_cipher_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -@@ -257,7 +257,7 @@ is_digest_algo_allowed_for_sign(gnutls_d - !is_digest_algo_allowed_for_sign_in_fips(algo)) { - switch (mode) { - case GNUTLS_FIPS140_LOG: -- _gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n", -+ _gnutls_audit_log(NULL, "fips140-3: allowing access to %s\n", - gnutls_cipher_get_name(algo)); - FALLTHROUGH; - case GNUTLS_FIPS140_DISABLED: -Index: gnutls-3.7.9/lib/global.c +Index: gnutls-3.8.0/lib/global.c =================================================================== ---- gnutls-3.7.9.orig/lib/global.c -+++ gnutls-3.7.9/lib/global.c +--- gnutls-3.8.0.orig/lib/global.c ++++ gnutls-3.8.0/lib/global.c @@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned #ifdef ENABLE_FIPS140 @@ -920,29 +912,29 @@ Index: gnutls-3.7.9/lib/global.c _gnutls_priority_update_fips(); /* first round of self checks, these are done on the -@@ -340,7 +340,7 @@ static int _gnutls_global_init(unsigned - ret = _gnutls_fips_perform_self_checks1(); +@@ -341,7 +341,7 @@ static int _gnutls_global_init(unsigned if (ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); -- _gnutls_audit_log(NULL, "FIPS140-2 self testing part1 failed\n"); -+ _gnutls_audit_log(NULL, "FIPS140-3 self testing part1 failed\n"); + _gnutls_audit_log(NULL, +- "FIPS140-2 self testing part1 failed\n"); ++ "FIPS140-3 self testing part1 failed\n"); if (res != 2) { gnutls_assert(); goto out; -@@ -362,7 +362,7 @@ static int _gnutls_global_init(unsigned - ret = _gnutls_fips_perform_self_checks2(); +@@ -364,7 +364,7 @@ static int _gnutls_global_init(unsigned if (ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); -- _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n"); -+ _gnutls_audit_log(NULL, "FIPS140-3 self testing part 2 failed\n"); + _gnutls_audit_log(NULL, +- "FIPS140-2 self testing part 2 failed\n"); ++ "FIPS140-3 self testing part 2 failed\n"); if (res != 2) { gnutls_assert(); goto out; -Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in +Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in =================================================================== ---- gnutls-3.7.9.orig/lib/includes/gnutls/gnutls.h.in -+++ gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in -@@ -3336,16 +3336,16 @@ void +--- gnutls-3.8.0.orig/lib/includes/gnutls/gnutls.h.in ++++ gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in +@@ -3278,16 +3278,16 @@ void gnutls_alert_set_read_function(gnutls_session_t session, gnutls_alert_read_func func); @@ -963,7 +955,7 @@ Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in * application is aware of the followed security policy, and needs * to utilize disallowed operations for other reasons (e.g., compatibility). * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results -@@ -3353,7 +3353,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -3295,7 +3295,7 @@ unsigned gnutls_fips140_mode_enabled(voi * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state * cannot be set or seen by applications. * @@ -971,12 +963,12 @@ Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in + * Enumeration of different operational modes under FIPS140-3. */ typedef enum gnutls_fips_mode_t { - GNUTLS_FIPS140_DISABLED = 0, -Index: gnutls-3.7.9/src/cli.c + GNUTLS_FIPS140_DISABLED = 0, +Index: gnutls-3.8.0/src/cli.c =================================================================== ---- gnutls-3.7.9.orig/src/cli.c -+++ gnutls-3.7.9/src/cli.c -@@ -1641,10 +1641,10 @@ static void cmd_parser(int argc, char ** +--- gnutls-3.8.0.orig/src/cli.c ++++ gnutls-3.8.0/src/cli.c +@@ -1650,10 +1650,10 @@ static void cmd_parser(int argc, char ** if (HAVE_OPT(FIPS140_MODE)) { if (gnutls_fips140_mode_enabled() != 0) { @@ -989,10 +981,10 @@ Index: gnutls-3.7.9/src/cli.c exit(1); } -Index: gnutls-3.7.9/src/gnutls-cli-options.c +Index: gnutls-3.8.0/src/gnutls-cli-options.c =================================================================== ---- gnutls-3.7.9.orig/src/gnutls-cli-options.c -+++ gnutls-3.7.9/src/gnutls-cli-options.c +--- gnutls-3.8.0.orig/src/gnutls-cli-options.c ++++ gnutls-3.8.0/src/gnutls-cli-options.c @@ -785,7 +785,7 @@ usage (FILE *out, int status) " --inline-commands-prefix=str Change the default delimiter for inline commands\n" " --provider=file Specify the PKCS #11 provider library\n" @@ -1002,10 +994,10 @@ Index: gnutls-3.7.9/src/gnutls-cli-options.c " --list-config Reports the configuration of the library\n" " --logfile=str Redirect informational messages to a specific file\n" " --keymatexport=str Label used for exporting keying material\n" -Index: gnutls-3.7.9/tests/cert-tests/gost.sh +Index: gnutls-3.8.0/tests/cert-tests/gost.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/gost.sh -+++ gnutls-3.7.9/tests/cert-tests/gost.sh +--- gnutls-3.8.0.orig/tests/cert-tests/gost.sh ++++ gnutls-3.8.0/tests/cert-tests/gost.sh @@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1015,10 +1007,36 @@ Index: gnutls-3.7.9/tests/cert-tests/gost.sh exit 77 fi -Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh +Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-corner-cases.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-corner-cases.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh +=================================================================== +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-encode.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh +=================================================================== +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-gost.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1028,10 +1046,23 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh exit 77 fi -Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh +Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-encode.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs12.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh +=================================================================== +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-decode.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1041,23 +1072,10 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh exit 77 fi -Index: gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh +Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-gost.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh -@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then - fi - - if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then -- echo "Cannot run in FIPS140-2 mode" -+ echo "Cannot run in FIPS140-3 mode" - exit 77 - fi - -Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh -=================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs12.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs12.sh +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-eddsa.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1067,11 +1085,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh exit 77 fi -Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh +Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-decode.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh -@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-gost.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then @@ -1080,11 +1098,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh exit 77 fi -Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh +Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-eddsa.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh -@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then +--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8.sh ++++ gnutls-3.8.0/tests/cert-tests/pkcs8.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then @@ -1093,37 +1111,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh exit 77 fi -Index: gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh +Index: gnutls-3.8.0/tests/cipher-listings.sh =================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-gost.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh -@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then - fi - - if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then -- echo "Cannot run in FIPS140-2 mode" -+ echo "Cannot run in FIPS140-3 mode" - exit 77 - fi - -Index: gnutls-3.7.9/tests/cert-tests/pkcs8.sh -=================================================================== ---- gnutls-3.7.9.orig/tests/cert-tests/pkcs8.sh -+++ gnutls-3.7.9/tests/cert-tests/pkcs8.sh -@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then - fi - - if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then -- echo "Cannot run in FIPS140-2 mode" -+ echo "Cannot run in FIPS140-3 mode" - exit 77 - fi - -Index: gnutls-3.7.9/tests/cipher-listings.sh -=================================================================== ---- gnutls-3.7.9.orig/tests/cipher-listings.sh -+++ gnutls-3.7.9/tests/cipher-listings.sh -@@ -64,7 +64,7 @@ check() +--- gnutls-3.8.0.orig/tests/cipher-listings.sh ++++ gnutls-3.8.0/tests/cipher-listings.sh +@@ -63,7 +63,7 @@ check() ${CLI} --fips140-mode if test $? = 0;then @@ -1132,11 +1124,11 @@ Index: gnutls-3.7.9/tests/cipher-listings.sh exit 77 fi -Index: gnutls-3.7.9/tests/testpkcs11.sh +Index: gnutls-3.8.0/tests/testpkcs11.sh =================================================================== ---- gnutls-3.7.9.orig/tests/testpkcs11.sh -+++ gnutls-3.7.9/tests/testpkcs11.sh -@@ -27,7 +27,7 @@ +--- gnutls-3.8.0.orig/tests/testpkcs11.sh ++++ gnutls-3.8.0/tests/testpkcs11.sh +@@ -26,7 +26,7 @@ RETCODE=0 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then @@ -1145,10 +1137,10 @@ Index: gnutls-3.7.9/tests/testpkcs11.sh exit 77 fi -Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t +Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t =================================================================== ---- gnutls-3.7.9.orig/doc/enums/gnutls_fips_mode_t -+++ gnutls-3.7.9/doc/enums/gnutls_fips_mode_t +--- gnutls-3.8.0.orig/doc/enums/gnutls_fips_mode_t ++++ gnutls-3.8.0/doc/enums/gnutls_fips_mode_t @@ -3,7 +3,7 @@ @c gnutls_fips_mode_t @table @code @@ -1169,10 +1161,10 @@ Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.7.9/doc/gnutls-api.texi +Index: gnutls-3.8.0/doc/gnutls-api.texi =================================================================== ---- gnutls-3.7.9.orig/doc/gnutls-api.texi -+++ gnutls-3.7.9/doc/gnutls-api.texi +--- gnutls-3.8.0.orig/doc/gnutls-api.texi ++++ gnutls-3.8.0/doc/gnutls-api.texi @@ -3275,7 +3275,7 @@ unusable. This function is not thread-s @subheading gnutls_fips140_set_mode @anchor{gnutls_fips140_set_mode} @@ -1198,11 +1190,11 @@ Index: gnutls-3.7.9/doc/gnutls-api.texi values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.7.9/lib/ext/session_ticket.c +Index: gnutls-3.8.0/lib/ext/session_ticket.c =================================================================== ---- gnutls-3.7.9.orig/lib/ext/session_ticket.c -+++ gnutls-3.7.9/lib/ext/session_ticket.c -@@ -539,7 +539,7 @@ int gnutls_session_ticket_key_generate(g +--- gnutls-3.8.0.orig/lib/ext/session_ticket.c ++++ gnutls-3.8.0/lib/ext/session_ticket.c +@@ -536,7 +536,7 @@ int gnutls_session_ticket_key_generate(g { if (_gnutls_fips_mode_enabled()) { int ret; @@ -1211,10 +1203,10 @@ Index: gnutls-3.7.9/lib/ext/session_ticket.c * some limits on allowed key size, thus it is not * used. These limits do not affect this function as * it does not generate a "key" but rather key material -Index: gnutls-3.7.9/lib/libgnutls.map +Index: gnutls-3.8.0/lib/libgnutls.map =================================================================== ---- gnutls-3.7.9.orig/lib/libgnutls.map -+++ gnutls-3.7.9/lib/libgnutls.map +--- gnutls-3.8.0.orig/lib/libgnutls.map ++++ gnutls-3.8.0/lib/libgnutls.map @@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 { gnutls_hkdf_self_test; gnutls_pbkdf2_self_test; @@ -1224,11 +1216,11 @@ Index: gnutls-3.7.9/lib/libgnutls.map drbg_aes_reseed; drbg_aes_init; drbg_aes_generate; -Index: gnutls-3.7.9/lib/nettle/mac.c +Index: gnutls-3.8.0/lib/nettle/mac.c =================================================================== ---- gnutls-3.7.9.orig/lib/nettle/mac.c -+++ gnutls-3.7.9/lib/nettle/mac.c -@@ -267,7 +267,7 @@ static void _wrap_gmac_digest(void *_ctx +--- gnutls-3.8.0.orig/lib/nettle/mac.c ++++ gnutls-3.8.0/lib/nettle/mac.c +@@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) { @@ -1237,7 +1229,7 @@ Index: gnutls-3.7.9/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ ctx->set_nonce = NULL; -@@ -656,7 +656,7 @@ static void _md5_sha1_digest(void *_ctx, +@@ -649,7 +649,7 @@ static void _md5_sha1_digest(void *_ctx, static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx) { @@ -1246,11 +1238,11 @@ Index: gnutls-3.7.9/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ switch (algo) { case GNUTLS_DIG_MD5: -Index: gnutls-3.7.9/doc/gnutls.info-2 +Index: gnutls-3.8.0/doc/gnutls.info-2 =================================================================== ---- gnutls-3.7.9.orig/doc/gnutls.info-2 -+++ gnutls-3.7.9/doc/gnutls.info-2 -@@ -671,7 +671,7 @@ Variable Purpose +--- gnutls-3.8.0.orig/doc/gnutls.info-2 ++++ gnutls-3.8.0/doc/gnutls.info-2 +@@ -687,7 +687,7 @@ Variable Purpose * 0x400000: Enable VIA PHE SHA512 'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support @@ -1259,10 +1251,10 @@ Index: gnutls-3.7.9/doc/gnutls.info-2 set to one it will force the FIPS mode enablement. -Index: gnutls-3.7.9/config.h.in +Index: gnutls-3.8.0/config.h.in =================================================================== ---- gnutls-3.7.9.orig/config.h.in -+++ gnutls-3.7.9/config.h.in +--- gnutls-3.8.0.orig/config.h.in ++++ gnutls-3.8.0/config.h.in @@ -82,7 +82,7 @@ /* enable DHE */ #undef ENABLE_ECDHE @@ -1281,11 +1273,11 @@ Index: gnutls-3.7.9/config.h.in #undef FIPS_KEY /* The FIPS140 module name */ -Index: gnutls-3.7.9/configure +Index: gnutls-3.8.0/configure =================================================================== ---- gnutls-3.7.9.orig/configure -+++ gnutls-3.7.9/configure -@@ -3573,7 +3573,7 @@ Optional Features: +--- gnutls-3.8.0.orig/configure ++++ gnutls-3.8.0/configure +@@ -3775,7 +3775,7 @@ Optional Features: --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) @@ -1294,10 +1286,10 @@ Index: gnutls-3.7.9/configure --enable-strict-x509 enable stricter sanity checks for x509 certificates --disable-non-suiteb-curves disable curves not in SuiteB -Index: gnutls-3.7.9/doc/cha-support.texi +Index: gnutls-3.8.0/doc/cha-support.texi =================================================================== ---- gnutls-3.7.9.orig/doc/cha-support.texi -+++ gnutls-3.7.9/doc/cha-support.texi +--- gnutls-3.8.0.orig/doc/cha-support.texi ++++ gnutls-3.8.0/doc/cha-support.texi @@ -135,5 +135,5 @@ There are certifications from national o to an auditor that the crypto component follows some best practices, such as unit testing and reliance on well known crypto primitives. @@ -1306,11 +1298,11 @@ Index: gnutls-3.7.9/doc/cha-support.texi -See @ref{FIPS140-2 mode} for more information. +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. +See @ref{FIPS140-3 mode} for more information. -Index: gnutls-3.7.9/doc/gnutls.info-6 +Index: gnutls-3.8.0/doc/gnutls.info-6 =================================================================== ---- gnutls-3.7.9.orig/doc/gnutls.info-6 -+++ gnutls-3.7.9/doc/gnutls.info-6 -@@ -8843,7 +8843,7 @@ Function and Data Index +--- gnutls-3.8.0.orig/doc/gnutls.info-6 ++++ gnutls-3.8.0/doc/gnutls.info-6 +@@ -7982,7 +7982,7 @@ Function and Data Index * gnutls_fingerprint: Core TLS API. (line 3513) * gnutls_fips140_context_deinit: Core TLS API. (line 3540) * gnutls_fips140_context_init: Core TLS API. (line 3551) @@ -1319,23 +1311,23 @@ Index: gnutls-3.7.9/doc/gnutls.info-6 * gnutls_fips140_get_operation_state <1>: Core TLS API. (line 3564) * gnutls_fips140_mode_enabled: Core TLS API. (line 3578) * gnutls_fips140_pop_context: Core TLS API. (line 3596) -Index: gnutls-3.7.9/doc/gnutls.info +Index: gnutls-3.8.0/doc/gnutls.info =================================================================== ---- gnutls-3.7.9.orig/doc/gnutls.info -+++ gnutls-3.7.9/doc/gnutls.info -@@ -611,7 +611,7 @@ Ref: fig-crypto-layers757265 - Ref: Cryptographic Backend-Footnote-1760549 - Ref: Cryptographic Backend-Footnote-2760634 - Node: Random Number Generators-internals760742 --Node: FIPS140-2 mode768106 -+Node: FIPS140-3 mode768106 - Ref: gnutls_fips_mode_t770742 - Node: Upgrading from previous versions774339 - Node: Support788333 -Index: gnutls-3.7.9/src/gnutls-cli-options.json +--- gnutls-3.8.0.orig/doc/gnutls.info ++++ gnutls-3.8.0/doc/gnutls.info +@@ -611,7 +611,7 @@ Ref: fig-crypto-layers730201 + Ref: Cryptographic Backend-Footnote-1733485 + Ref: Cryptographic Backend-Footnote-2733570 + Node: Random Number Generators-internals733678 +-Node: FIPS140-2 mode741042 ++Node: FIPS140-3 mode741042 + Ref: gnutls_fips_mode_t743678 + Node: Upgrading from previous versions747275 + Node: Support761269 +Index: gnutls-3.8.0/src/gnutls-cli-options.json =================================================================== ---- gnutls-3.7.9.orig/src/gnutls-cli-options.json -+++ gnutls-3.7.9/src/gnutls-cli-options.json +--- gnutls-3.8.0.orig/src/gnutls-cli-options.json ++++ gnutls-3.8.0/src/gnutls-cli-options.json @@ -372,7 +372,7 @@ }, { diff --git a/gnutls-FIPS-PCT-DH.patch b/gnutls-FIPS-PCT-DH.patch index a48674a..a764823 100644 --- a/gnutls-FIPS-PCT-DH.patch +++ b/gnutls-FIPS-PCT-DH.patch @@ -1,85 +1,55 @@ -Index: gnutls-3.7.8/lib/nettle/pk.c +From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001 +From: Pedro Monreal +Date: Thu, 16 Feb 2023 17:02:38 +0100 +Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation + +Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise +Consistency check, even if we only support ephemeral DH, as it is +required by FIPS 140-3 IG 10.3.A. + +Signed-off-by: Pedro Monreal +Co-authored-by: Daiki Ueno +--- + lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +Index: gnutls-3.8.0/lib/nettle/pk.c =================================================================== ---- gnutls-3.7.8.orig/lib/nettle/pk.c -+++ gnutls-3.7.8/lib/nettle/pk.c -@@ -2498,6 +2498,48 @@ static int pct_test(gnutls_pk_algorithm_ +--- gnutls-3.8.0.orig/lib/nettle/pk.c ++++ gnutls-3.8.0/lib/nettle/pk.c +@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_ } break; case GNUTLS_PK_DH: -+ if (_gnutls_fips_mode_enabled()) { -+ /* Perform Owner Assurance of Pair-wise Consistency -+ * according to SP800-56A (revision 3), 5.6.2.1.4. ++ { ++ mpz_t y; ++ ++ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance ++ * of Pair-wise Consistency check, even if we only ++ * support ephemeral DH, as it is required by FIPS ++ * 140-3 IG 10.3.A. + * -+ * DH params (see lib/crypto-backend.h) -+ * [DSA_P] [0] is p (prime number) -+ * [DSA_Q] [1] is q (prime order) -+ * [DSA_G] [2] is g (generator) -+ * [DSA_Y] [3] is y (public key) -+ * [DSA_X] [4] is x (private key only) -+ * -+ * Regenerate the public key from the private key with -+ * y = g^x mod p and compare it with the previous one. ++ * Use the private key, x, along with the generator g ++ * and prime modulus p included in the domain ++ * parameters associated with the key pair to compute ++ * g^x mod p. Compare the result to the public key, y. + */ -+ -+ mpz_t p, g, y, x; -+ -+ mpz_init(p); -+ mpz_init(g); + mpz_init(y); -+ mpz_init(x); -+ -+ mpz_set(p, params->params[DSA_P]); -+ mpz_set(g, params->params[DSA_G]); -+ mpz_set(x, params->params[DSA_X]); -+ -+ mpz_powm(y, g, x, p); -+ -+ ret = mpz_cmp(y, params->params[DSA_Y]); -+ if (unlikely(ret != 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); -+ } -+ -+ mpz_clear(p); -+ mpz_clear(g); -+ mpz_clear(y); -+ mpz_clear(x); -+ if (ret < 0) { ++ mpz_powm(y, ++ TOMPZ(params->params[DSA_G]), ++ TOMPZ(params->params[DSA_X]), ++ TOMPZ(params->params[DSA_P])); ++ if (unlikely ++ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) { ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_PK_GENERATION_ERROR); ++ mpz_clear(y); + goto cleanup; + } ++ mpz_clear(y); ++ break; + } -+ break; case GNUTLS_PK_ECDH_X25519: case GNUTLS_PK_ECDH_X448: ret = 0; -@@ -2780,8 +2822,17 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a - } - } - #endif -- -- ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL); -+ if (_gnutls_fips_mode_enabled()) { -+ ret = _gnutls_mpi_init_multi(¶ms->params[DSA_P], -+ ¶ms->params[DSA_G], -+ ¶ms->params[DSA_Y], -+ ¶ms->params[DSA_X], -+ NULL); -+ } else { -+ ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], -+ ¶ms->params[DSA_X], -+ NULL); -+ } - if (ret < 0) { - gnutls_assert(); - goto dh_fail; -@@ -2790,6 +2841,11 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a - mpz_set(TOMPZ(params->params[DSA_Y]), y); - mpz_set(TOMPZ(params->params[DSA_X]), x); - params->params_nr += 2; -+ if (_gnutls_fips_mode_enabled()) { -+ mpz_set(TOMPZ(params->params[DSA_P]), pub.p); -+ mpz_set(TOMPZ(params->params[DSA_G]), pub.g); -+ params->params_nr += 2; -+ } - - ret = 0; - diff --git a/gnutls-FIPS-PCT-ECDH.patch b/gnutls-FIPS-PCT-ECDH.patch index 34895c6..5dbb403 100644 --- a/gnutls-FIPS-PCT-ECDH.patch +++ b/gnutls-FIPS-PCT-ECDH.patch @@ -1,7 +1,22 @@ -Index: gnutls-3.7.3/lib/nettle/pk.c -=================================================================== ---- gnutls-3.7.3.orig/lib/nettle/pk.c -+++ gnutls-3.7.3/lib/nettle/pk.c +From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001 +From: Pedro Monreal +Date: Fri, 24 Feb 2023 22:02:48 +0000 +Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key + derivation + +This implements full public key validation required in +SP800-56A rev3, section 5.6.2.3.3. + +Co-authored-by: Daiki Ueno +Signed-off-by: Pedro Monreal +--- + lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 125 insertions(+), 3 deletions(-) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 6adf958a61..d30bca594f 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c @@ -71,6 +71,9 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve); static inline const struct ecc_curve *get_supported_gost_curve(int curve); @@ -12,7 +27,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c /* When these callbacks are used for a nettle operation, the * caller must check the macro HAVE_LIB_ERROR() after the operation * is complete. If the macro is true, the operation is to be considered -@@ -406,6 +409,10 @@ dh_cleanup: +@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, struct ecc_scalar ecc_priv; struct ecc_point ecc_pub; const struct ecc_curve *curve; @@ -23,7 +38,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c out->data = NULL; -@@ -425,10 +432,21 @@ dh_cleanup: +@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, not_approved = true; } @@ -42,20 +57,19 @@ Index: gnutls-3.7.3/lib/nettle/pk.c if (ret < 0) { gnutls_assert(); - goto cleanup; -+ goto ecc_pub_cleanup; ++ goto ecc_fail_cleanup; } - ret = -@@ -436,7 +454,7 @@ dh_cleanup: + ret = _ecc_params_to_privkey(priv, &ecc_priv, curve); if (ret < 0) { ecc_point_clear(&ecc_pub); gnutls_assert(); - goto cleanup; -+ goto ecc_priv_cleanup; ++ goto ecc_fail_cleanup; } out->size = gnutls_ecc_curve_get_size(priv->curve); -@@ -449,16 +467,111 @@ dh_cleanup: +@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, goto ecc_cleanup; } @@ -64,7 +78,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c + */ + + /* Step 1: verify that Q is not an identity -+ * element (an infinity point). Note that this ++ * element (an infinity point). Note that this + * cannot happen in the nettle implementation, + * because it cannot represent an infinity point + * on curves. */ @@ -75,7 +89,6 @@ Index: gnutls-3.7.3/lib/nettle/pk.c gnutls_free(out->data); + goto ecc_cleanup; + } -+ +#ifdef ENABLE_FIPS140 + if (_gnutls_fips_mode_enabled()) { + const char *order, *modulus; @@ -90,7 +103,9 @@ Index: gnutls-3.7.3/lib/nettle/pk.c + * + * Both checks are performed in nettle. */ + if (!ecc_point_set(&r, x, y)) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_cleanup; + } + @@ -105,54 +120,63 @@ Index: gnutls-3.7.3/lib/nettle/pk.c + * + * That effectively means: n * Q = -Q + Q = O + */ -+ order = get_supported_nist_curve_order(priv->curve); ++ order = ++ get_supported_nist_curve_order(priv->curve); + if (unlikely(order == NULL)) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_INTERNAL_ERROR); + goto ecc_cleanup; + } + + ret = mpz_set_str(nn, order, 16); + if (unlikely(ret < 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_MPI_SCAN_FAILED); + goto ecc_cleanup; + } + -+ modulus = get_supported_nist_curve_modulus(priv->curve); ++ modulus = ++ get_supported_nist_curve_modulus ++ (priv->curve); + if (unlikely(modulus == NULL)) { -+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_INTERNAL_ERROR); + goto ecc_cleanup; + } + + ret = mpz_set_str(mm, modulus, 16); + if (unlikely(ret < 0)) { -+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_MPI_SCAN_FAILED); + goto ecc_cleanup; + } + + /* (n - 1) * Q = -Q */ -+ mpz_sub_ui (nn, nn, 1); ++ mpz_sub_ui(nn, nn, 1); + ecc_scalar_set(&n, nn); + ecc_point_mul(&r, &n, &r); + ecc_point_get(&r, xx, yy); -+ mpz_sub (mm, mm, y); ++ mpz_sub(mm, mm, y); + + if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { -+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ ret = ++ gnutls_assert_val ++ (GNUTLS_E_ILLEGAL_PARAMETER); + goto ecc_cleanup; + } + } else { + not_approved = true; + } +#endif -+ -+ ret = 0; - ecc_cleanup: -- ecc_point_clear(&ecc_pub); + ecc_cleanup: + ecc_point_clear(&ecc_pub); ecc_scalar_zclear(&ecc_priv); -+ ecc_priv_cleanup: -+ ecc_point_clear(&ecc_pub); -+ ecc_pub_cleanup: ++ ecc_fail_cleanup: + mpz_clear(x); + mpz_clear(y); + mpz_clear(xx); @@ -162,10 +186,8 @@ Index: gnutls-3.7.3/lib/nettle/pk.c + ecc_point_clear(&r); + ecc_scalar_clear(&n); + ecc_scalar_clear(&m); -+ if (ret < 0) goto cleanup; -+ break; - } - case GNUTLS_PK_ECDH_X25519: +-- +GitLab diff --git a/gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch b/gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch deleted file mode 100644 index 3ec109f..0000000 --- a/gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch +++ /dev/null @@ -1,114 +0,0 @@ -Index: gnutls-3.7.7/lib/crypto-api.c -=================================================================== ---- gnutls-3.7.7.orig/lib/crypto-api.c -+++ gnutls-3.7.7/lib/crypto-api.c -@@ -2228,7 +2228,12 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac - if (!is_mac_algo_allowed(mac)) { - _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); - return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); -- } else if (!is_mac_algo_approved_in_fips(mac)) { -+ } else if (!is_mac_algo_approved_for_pbkdf2_in_fips(mac)) { -+ not_approved = true; -+ } -+ -+ /* Key lengthes less than 112 bits are not approved */ -+ if (length < 14 || key->size < 14) { - not_approved = true; - } - -Index: gnutls-3.7.7/lib/fips.h -=================================================================== ---- gnutls-3.7.7.orig/lib/fips.h -+++ gnutls-3.7.7/lib/fips.h -@@ -100,6 +100,25 @@ is_mac_algo_approved_in_fips(gnutls_mac_ - } - - inline static bool -+is_mac_algo_approved_for_pbkdf2_in_fips(gnutls_mac_algorithm_t algo) -+{ -+ switch (algo) { -+ case GNUTLS_MAC_SHA1: -+ case GNUTLS_MAC_SHA256: -+ case GNUTLS_MAC_SHA384: -+ case GNUTLS_MAC_SHA512: -+ case GNUTLS_MAC_SHA224: -+ case GNUTLS_MAC_SHA3_224: -+ case GNUTLS_MAC_SHA3_256: -+ case GNUTLS_MAC_SHA3_384: -+ case GNUTLS_MAC_SHA3_512: -+ return true; -+ default: -+ return false; -+ } -+} -+ -+inline static bool - is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo) - { - return is_mac_algo_approved_in_fips(algo); -Index: gnutls-3.7.7/lib/crypto-selftests.c -=================================================================== ---- gnutls-3.7.7.orig/lib/crypto-selftests.c -+++ gnutls-3.7.7/lib/crypto-selftests.c -@@ -3090,30 +3090,6 @@ struct pbkdf2_vectors_st { - }; - - const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = { -- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */ -- { -- STR(key, key_size, "passwd"), -- STR(salt, salt_size, "salt"), -- .iter_count = 1, -- STR(output, output_size, -- "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44" -- "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57" -- "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16" -- "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5" -- "\x09\x11\x20\x41\xd3\xa1\x97\x83"), -- }, -- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */ -- { -- STR(key, key_size, "Password"), -- STR(salt, salt_size, "NaCl"), -- .iter_count = 80000, -- STR(output, output_size, -- "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27" -- "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87" -- "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb" -- "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78" -- "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"), -- }, - /* Test vector extracted from: - * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */ - { -Index: gnutls-3.7.7/tests/kdf-api.c -=================================================================== ---- gnutls-3.7.7.orig/tests/kdf-api.c -+++ gnutls-3.7.7/tests/kdf-api.c -@@ -192,14 +192,19 @@ doit(void) - "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" - "34007208d5b887185865"); - -- /* Test vector from RFC 6070. More thorough testing is done -- * in nettle. */ -- test_pbkdf2(GNUTLS_MAC_SHA1, -- "70617373776f7264", /* "password" */ -- "73616c74", /* "salt" */ -+ /* Test vector extracted from: -+ * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */ -+ test_pbkdf2(GNUTLS_MAC_SHA256, -+ "70617373776f726450415353" -+ "574f524470617373776f7264", /* "passwordPASSWORDpassword" */ -+ "73616c7453414c5473616c74" -+ "53414c5473616c7453414c54" -+ "73616c7453414c5473616c74", /* "saltSALTsaltSALTsaltSALTsaltSALTsalt" */ - 4096, -- 20, -- "4b007901b765489abead49d926f721d065a429c1"); -+ 40, -+ "348c89dbcbd32b2f32d814b8" -+ "116e84cf2b17347ebc180018" -+ "1c4e2a1fb8dd53e1c635518c7dac47e9"); - - gnutls_fips140_context_deinit(fips_context); - } diff --git a/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch b/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch deleted file mode 100644 index 1c969b7..0000000 --- a/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch +++ /dev/null @@ -1,91 +0,0 @@ ---- - lib/nettle/sysrng-linux.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -Index: gnutls-3.7.8/lib/nettle/sysrng-linux.c -=================================================================== ---- gnutls-3.7.8.orig/lib/nettle/sysrng-linux.c -+++ gnutls-3.7.8/lib/nettle/sysrng-linux.c -@@ -49,11 +49,13 @@ - get_entropy_func _rnd_get_system_entropy = NULL; - - #if defined(__linux__) --# ifdef ENABLE_FIPS140 -+# if defined(ENABLE_FIPS140) - # define HAVE_JENT - # include - static int jent_initialized = 0; - static struct rand_data* ec = NULL; -+/* Declare function to fix a missing-prototypes compilation warning */ -+void FIPS_jent_entropy_deinit(void); - # endif - # ifdef HAVE_GETRANDOM - # include -@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si - # endif - # endif - --# if defined(HAVE_JENT) -+# if defined(ENABLE_FIPS140) -+# if defined(HAVE_JENT) - /* check whether the CPU Jitter entropy collector is available. */ - static unsigned FIPS_jent_entropy_init(void) - { -@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent( - - return 0; - } -+# endif - # endif - - static unsigned have_getrandom(void) -@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void) - int urandom_fd; - - #if defined(__linux__) --# if defined(HAVE_JENT) -+# if defined(ENABLE_FIPS140) -+# if defined(HAVE_JENT) - /* Enable jitterentropy usage if available */ - if (FIPS_jent_entropy_init()) { - _rnd_get_system_entropy = _rnd_get_system_entropy_jent; -@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void) - return 0; - } else { - _gnutls_debug_log("jitterentropy is not available\n"); -+ /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */ -+ if (_gnutls_fips_mode_enabled()) { -+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); -+ _gnutls_switch_lib_state(LIB_STATE_ERROR); -+ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR); -+ } - } -+# endif - # endif - /* Enable getrandom() usage if available */ - if (have_getrandom()) { -@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void) - { - /* A no-op now when we open and close /dev/urandom every time */ - #if defined(__linux__) --# if defined(HAVE_JENT) -+# if defined(ENABLE_FIPS140) -+# if defined(HAVE_JENT) - FIPS_jent_entropy_deinit(); -+# endif - # endif - #endif - return; -Index: gnutls-3.7.8/tests/Makefile.am -=================================================================== ---- gnutls-3.7.8.orig/tests/Makefile.am -+++ gnutls-3.7.8/tests/Makefile.am -@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm - dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ - keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ - tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ -- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \ -+ set_x509_key_file_ocsp client-fastopen srp rng-pthread \ - safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \ - safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \ - rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \ diff --git a/gnutls-FIPS-disable-failing-tests.patch b/gnutls-FIPS-disable-failing-tests.patch deleted file mode 100644 index d4fefa7..0000000 --- a/gnutls-FIPS-disable-failing-tests.patch +++ /dev/null @@ -1,36 +0,0 @@ -Index: gnutls-3.7.7/guile/Makefile.am -=================================================================== ---- gnutls-3.7.7.orig/guile/Makefile.am -+++ gnutls-3.7.7/guile/Makefile.am -@@ -102,14 +102,11 @@ endif HAVE_GUILD - # - - TESTS = \ -- tests/anonymous-auth.scm \ -- tests/session-record-port.scm \ - tests/pkcs-import-export.scm \ - tests/errors.scm \ - tests/x509-certificates.scm \ - tests/x509-auth.scm \ - tests/reauth.scm \ -- tests/premature-termination.scm \ - tests/priorities.scm - - if ENABLE_SRP -Index: gnutls-3.7.7/guile/Makefile.in -=================================================================== ---- gnutls-3.7.7.orig/guile/Makefile.in -+++ gnutls-3.7.7/guile/Makefile.in -@@ -2335,10 +2335,9 @@ CLEANFILES = modules/gnutls.scm $(am__ap - # - # Tests. - # --TESTS = tests/anonymous-auth.scm tests/session-record-port.scm \ -- tests/pkcs-import-export.scm tests/errors.scm \ -+TESTS = tests/pkcs-import-export.scm tests/errors.scm \ - tests/x509-certificates.scm tests/x509-auth.scm \ -- tests/reauth.scm tests/premature-termination.scm \ -+ tests/reauth.scm \ - tests/priorities.scm $(am__append_2) - TESTS_ENVIRONMENT = \ - GUILE_AUTO_COMPILE=0 \ diff --git a/gnutls-FIPS-jitterentropy.patch b/gnutls-FIPS-jitterentropy.patch index 8f46739..244981a 100644 --- a/gnutls-FIPS-jitterentropy.patch +++ b/gnutls-FIPS-jitterentropy.patch @@ -1,122 +1,131 @@ -Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c +Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/sysrng-linux.c -+++ gnutls-3.7.3/lib/nettle/sysrng-linux.c -@@ -49,6 +49,12 @@ +--- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c ++++ gnutls-3.8.0/lib/nettle/sysrng-linux.c +@@ -49,6 +49,15 @@ get_entropy_func _rnd_get_system_entropy = NULL; #if defined(__linux__) -+# ifdef ENABLE_FIPS140 ++# if defined(ENABLE_FIPS140) +# define HAVE_JENT +# include -+static int jent_initialized = 0; -+static struct rand_data* ec = NULL; ++/* Per thread context of random generator, and a flag to indicate initialization */ ++static _Thread_local struct rand_data* ec = NULL; ++static _Thread_local int jent_initialized = 0; ++/* Declare function to fix a missing-prototypes compilation warning */ ++void FIPS_jent_entropy_deinit(void); +# endif # ifdef HAVE_GETRANDOM # include # else -@@ -66,6 +72,96 @@ static ssize_t _getrandom0(void *buf, si +@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si # endif # endif -+# if defined(HAVE_JENT) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) +/* check whether the CPU Jitter entropy collector is available. */ +static unsigned FIPS_jent_entropy_init(void) +{ -+ unsigned int rv = 1; -+ unsigned int osr = 1; /* Oversampling rate */ -+ unsigned int flags = 0; /* JENT_FORCE_FIPS -+ * JENT_DISABLE_MEMORY_ACCESS -+ * JENT_DISABLE_INTERNAL_TIMER -+ * JENT_FORCE_INTERNAL_TIMER -+ * JENT_MAX_MEMSIZE_{32,64,128,256,512}kB -+ * JENT_MAX_MEMSIZE_{1,2,4,8,16,32,64,128,256,512}MB -+ */ ++ unsigned int rv = 1; ++ unsigned int osr = 1; /* Oversampling rate */ ++ unsigned int flags = 0; /* JENT_FORCE_FIPS ++ * JENT_DISABLE_MEMORY_ACCESS ++ * JENT_DISABLE_INTERNAL_TIMER ++ * JENT_FORCE_INTERNAL_TIMER ++ * JENT_MAX_MEMSIZE_{32,64,128,256,512}kB ++ * JENT_MAX_MEMSIZE_{1,2,4,8,16,32,64,128,256,512}MB ++ */ + -+ /* Set the FIPS flag. */ -+ flags |= JENT_FORCE_FIPS; ++ /* Set the FIPS flag. */ ++ flags |= JENT_FORCE_FIPS; + -+ /* Do not re-initialize jent. */ -+ if (jent_initialized == 0) { -+ if (jent_entropy_init_ex(osr, flags)) -+ return 0; -+ jent_initialized = 1; -+ } ++ /* Do not re-initialize jent. */ ++ if (jent_initialized == 0) { ++ if (jent_entropy_init_ex(osr, flags)) ++ return 0; ++ jent_initialized = 1; ++ } + -+ /* Allocate the entropy collector. */ -+ if (ec == NULL) { -+ ec = jent_entropy_collector_alloc(osr, flags); -+ if (ec == NULL) { -+ rv = 0; -+ } -+ } ++ /* Allocate the entropy collector. */ ++ if (ec == NULL) { ++ ec = jent_entropy_collector_alloc(osr, flags); ++ if (ec == NULL) { ++ rv = 0; ++ } ++ } + -+ return rv; ++ return rv; +} + +void FIPS_jent_entropy_deinit(void) +{ -+ /* Free the entropy collector. */ -+ if (ec != NULL) { -+ jent_entropy_collector_free(ec); -+ ec = NULL; -+ } ++ /* Free the entropy collector. */ ++ if (ec != NULL) { ++ jent_entropy_collector_free(ec); ++ ec = NULL; ++ } + -+ return; ++ jent_initialized = 0; ++ ++ return; +} + +/* returns exactly the amount of bytes requested */ +static int force_jent(void *buf, size_t buflen, unsigned int flags, -+ unsigned int osr) ++ unsigned int osr) +{ -+ static int jent_bytes = -1; ++ static int jent_bytes = -1; + -+ if (buf == NULL || buflen == 0) { -+ return -1; -+ } ++ if (buf == NULL || buflen == 0) { ++ return -1; ++ } + -+ /* Ensure the entropy source has been fully initiated. */ -+ if (jent_initialized == 0 || ec == NULL) { -+ if (!FIPS_jent_entropy_init()) { -+ return -1; -+ } -+ } ++ /* Ensure the entropy source has been fully initiated. */ ++ if (jent_initialized == 0 || ec == NULL) { ++ if (!FIPS_jent_entropy_init()) { ++ return -1; ++ } ++ } + -+ /* Get entropy bytes. */ -+ jent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen); ++ /* Get entropy bytes. */ ++ jent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen); + -+ return jent_bytes; ++ return jent_bytes; +} + +static int _rnd_get_system_entropy_jent(void* _rnd, size_t size) +{ -+ int ret; -+ unsigned int osr = 1; -+ unsigned int flags = 0; ++ int ret; ++ unsigned int osr = 1; ++ unsigned int flags = 0; + -+ /* Set the FIPS flag. */ -+ flags |= JENT_FORCE_FIPS; ++ /* Set the FIPS flag. */ ++ flags |= JENT_FORCE_FIPS; + -+ ret = force_jent(_rnd, size, flags, osr); -+ if (ret < 0) { -+ int e = errno; -+ gnutls_assert(); -+ _gnutls_debug_log("Failed to use jent: %s\n", strerror(e)); -+ FIPS_jent_entropy_deinit(); -+ return GNUTLS_E_RANDOM_DEVICE_ERROR; -+ } ++ ret = force_jent(_rnd, size, flags, osr); ++ if (ret < 0) { ++ int e = errno; ++ gnutls_assert(); ++ _gnutls_debug_log("Failed to use jent: %s\n", strerror(e)); ++ FIPS_jent_entropy_deinit(); ++ return GNUTLS_E_RANDOM_DEVICE_ERROR; ++ } + -+ return 0; ++ return 0; +} ++# endif +# endif - ++ static unsigned have_getrandom(void) { -@@ -164,6 +260,16 @@ int _rnd_system_entropy_init(void) + char c; +@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void) int urandom_fd; #if defined(__linux__) -+# if defined(HAVE_JENT) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) + /* Enable jitterentropy usage if available */ + if (FIPS_jent_entropy_init()) { + _rnd_get_system_entropy = _rnd_get_system_entropy_jent; @@ -124,28 +133,36 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c + return 0; + } else { + _gnutls_debug_log("jitterentropy is not available\n"); ++ /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */ ++ if (_gnutls_fips_mode_enabled()) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR); ++ } + } ++# endif +# endif /* Enable getrandom() usage if available */ if (have_getrandom()) { _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom; -@@ -193,6 +299,11 @@ int _rnd_system_entropy_init(void) +@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void) void _rnd_system_entropy_deinit(void) { /* A no-op now when we open and close /dev/urandom every time */ +#if defined(__linux__) -+# if defined(HAVE_JENT) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) + FIPS_jent_entropy_deinit(); ++# endif +# endif +#endif return; } - -Index: gnutls-3.7.3/lib/nettle/Makefile.in +Index: gnutls-3.8.0/lib/nettle/Makefile.in =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/Makefile.in -+++ gnutls-3.7.3/lib/nettle/Makefile.in -@@ -398,7 +398,7 @@ am__v_CC_1 = +--- gnutls-3.8.0.orig/lib/nettle/Makefile.in ++++ gnutls-3.8.0/lib/nettle/Makefile.in +@@ -399,7 +399,7 @@ am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -154,10 +171,10 @@ Index: gnutls-3.7.3/lib/nettle/Makefile.in AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; -Index: gnutls-3.7.3/lib/nettle/Makefile.am +Index: gnutls-3.8.0/lib/nettle/Makefile.am =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/Makefile.am -+++ gnutls-3.7.3/lib/nettle/Makefile.am +--- gnutls-3.8.0.orig/lib/nettle/Makefile.am ++++ gnutls-3.8.0/lib/nettle/Makefile.am @@ -20,7 +20,7 @@ include $(top_srcdir)/lib/common.mk @@ -167,10 +184,10 @@ Index: gnutls-3.7.3/lib/nettle/Makefile.am AM_CPPFLAGS = \ -I$(srcdir)/int \ -Index: gnutls-3.7.3/lib/nettle/rnd-fips.c +Index: gnutls-3.8.0/lib/nettle/rnd-fips.c =================================================================== ---- gnutls-3.7.3.orig/lib/nettle/rnd-fips.c -+++ gnutls-3.7.3/lib/nettle/rnd-fips.c +--- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c ++++ gnutls-3.8.0/lib/nettle/rnd-fips.c @@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; @@ -193,3 +210,16 @@ Index: gnutls-3.7.3/lib/nettle/rnd-fips.c ret = get_entropy(fctx, buffer, sizeof(buffer)); if (ret < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); +Index: gnutls-3.8.0/tests/Makefile.am +=================================================================== +--- gnutls-3.8.0.orig/tests/Makefile.am ++++ gnutls-3.8.0/tests/Makefile.am +@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm + dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ + keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ + tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ +- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \ ++ set_x509_key_file_ocsp client-fastopen srp rng-pthread \ + safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \ + safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \ + rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \ diff --git a/gnutls-Make-XTS-key-check-failure-not-fatal.patch b/gnutls-Make-XTS-key-check-failure-not-fatal.patch deleted file mode 100644 index 51b7324..0000000 --- a/gnutls-Make-XTS-key-check-failure-not-fatal.patch +++ /dev/null @@ -1,242 +0,0 @@ -From 00fff0aad2b606801704046042aa3b2b24f07d63 Mon Sep 17 00:00:00 2001 -From: Zoltan Fridrich -Date: Thu, 29 Sep 2022 15:31:28 +0200 -Subject: [PATCH] Make XTS key check failure not fatal - -Signed-off-by: Zoltan Fridrich ---- - lib/accelerated/x86/aes-xts-x86-aesni.c | 1 - - lib/nettle/cipher.c | 73 ++++++++--------------- - tests/Makefile.am | 2 +- - tests/xts-key-check.c | 78 +++++++++++++++++++++++++ - 5 files changed, 103 insertions(+), 52 deletions(-) - create mode 100644 tests/xts-key-check.c - -diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c -index 0588d0bd55..d6936a688d 100644 ---- a/lib/accelerated/x86/aes-xts-x86-aesni.c -+++ b/lib/accelerated/x86/aes-xts-x86-aesni.c -@@ -73,7 +73,6 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) - /* Check key block according to FIPS-140-2 IG A.9 */ - if (_gnutls_fips_mode_enabled()){ - if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { -- _gnutls_switch_lib_state(LIB_STATE_ERROR); - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - } - } -diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c -index c9c59fb0ba..9c2ce19e7e 100644 ---- a/lib/nettle/cipher.c -+++ b/lib/nettle/cipher.c -@@ -448,12 +448,14 @@ _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - length, dst, src); - } - --static void _des_set_key(struct des_ctx *ctx, const uint8_t *key) -+static void -+_des_set_key(struct des_ctx *ctx, const uint8_t *key) - { - des_set_key(ctx, key); - } - --static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key) -+static void -+_des3_set_key(struct des3_ctx *ctx, const uint8_t *key) - { - des3_set_key(ctx, key); - } -@@ -476,50 +478,6 @@ _cfb8_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - length, dst, src); - } - --static void --_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, -- const uint8_t *key) --{ -- if (_gnutls_fips_mode_enabled() && -- gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) -- _gnutls_switch_lib_state(LIB_STATE_ERROR); -- -- xts_aes128_set_encrypt_key(xts_key, key); --} -- --static void --_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, -- const uint8_t *key) --{ -- if (_gnutls_fips_mode_enabled() && -- gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) -- _gnutls_switch_lib_state(LIB_STATE_ERROR); -- -- xts_aes128_set_decrypt_key(xts_key, key); --} -- --static void --_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, -- const uint8_t *key) --{ -- if (_gnutls_fips_mode_enabled() && -- gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) -- _gnutls_switch_lib_state(LIB_STATE_ERROR); -- -- xts_aes256_set_encrypt_key(xts_key, key); --} -- --static void --_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, -- const uint8_t *key) --{ -- if (_gnutls_fips_mode_enabled() && -- gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) -- _gnutls_switch_lib_state(LIB_STATE_ERROR); -- -- xts_aes256_set_decrypt_key(xts_key, key); --} -- - static void - _xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, - const uint8_t * src) -@@ -1041,8 +999,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = { - .ctx_size = sizeof(struct xts_aes128_key), - .encrypt = _xts_aes128_encrypt, - .decrypt = _xts_aes128_decrypt, -- .set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key, -- .set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key, -+ .set_encrypt_key = (nettle_set_key_func*)xts_aes128_set_encrypt_key, -+ .set_decrypt_key = (nettle_set_key_func*)xts_aes128_set_decrypt_key, - .max_iv_size = AES_BLOCK_SIZE, - }, - { .algo = GNUTLS_CIPHER_AES_256_XTS, -@@ -1052,8 +1010,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = { - .ctx_size = sizeof(struct xts_aes256_key), - .encrypt = _xts_aes256_encrypt, - .decrypt = _xts_aes256_decrypt, -- .set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key, -- .set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key, -+ .set_encrypt_key = (nettle_set_key_func*)xts_aes256_set_encrypt_key, -+ .set_decrypt_key = (nettle_set_key_func*)xts_aes256_set_decrypt_key, - .max_iv_size = AES_BLOCK_SIZE, - }, - { .algo = GNUTLS_CIPHER_AES_128_SIV, -@@ -1144,6 +1102,21 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) - return 0; - } - -+ switch (ctx->cipher->algo) { -+ case GNUTLS_CIPHER_AES_128_XTS: -+ if (_gnutls_fips_mode_enabled() && -+ gnutls_memcmp(key, (char *)key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) -+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ break; -+ case GNUTLS_CIPHER_AES_256_XTS: -+ if (_gnutls_fips_mode_enabled() && -+ gnutls_memcmp(key, (char *)key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) -+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ break; -+ default: -+ break; -+ } -+ - if (ctx->enc) - ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key); - else -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 3e126f0046..1122886b31 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei - tls13-without-timeout-func buffer status-request-revoked \ - set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ - x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \ -- x509-upnconstraint cipher-padding pkcs7-verify-double-free \ -+ x509-upnconstraint xts-key-check cipher-padding pkcs7-verify-double-free \ - fips-rsa-sizes - - ctests += tls-channel-binding -diff --git a/tests/xts-key-check.c b/tests/xts-key-check.c -new file mode 100644 -index 0000000000..a3bea5abca ---- /dev/null -+++ b/tests/xts-key-check.c -@@ -0,0 +1,78 @@ -+/* -+ * Copyright (C) 2022 Red Hat, Inc. -+ * -+ * Author: Zoltan Fridrich -+ * -+ * This file is part of GnuTLS. -+ * -+ * GnuTLS is free software: you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GnuTLS is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GnuTLS. If not, see . -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#include -+ -+#include "utils.h" -+ -+static void test_xts_check(gnutls_cipher_algorithm_t alg) -+{ -+ int ret; -+ gnutls_cipher_hd_t ctx; -+ gnutls_datum_t key, iv; -+ -+ iv.size = gnutls_cipher_get_iv_size(alg); -+ iv.data = gnutls_malloc(iv.size); -+ if (iv.data == NULL) -+ fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR)); -+ gnutls_memset(iv.data, 0xf0, iv.size); -+ -+ key.size = gnutls_cipher_get_key_size(alg); -+ key.data = gnutls_malloc(key.size); -+ if (key.data == NULL) { -+ gnutls_free(iv.data); -+ fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR)); -+ } -+ gnutls_memset(key.data, 0xf0, key.size); -+ -+ ret = gnutls_cipher_init(&ctx, alg, &key, &iv); -+ if (ret == GNUTLS_E_SUCCESS) { -+ gnutls_cipher_deinit(ctx); -+ gnutls_free(iv.data); -+ gnutls_free(key.data); -+ fail("cipher initialization should fail for key1 == key2\n"); -+ } -+ -+ key.data[0] = 0xff; -+ -+ ret = gnutls_cipher_init(&ctx, alg, &key, &iv); -+ gnutls_free(iv.data); -+ gnutls_free(key.data); -+ -+ if (ret == GNUTLS_E_SUCCESS) -+ gnutls_cipher_deinit(ctx); -+ else -+ fail("cipher initialization should succeed with key1 != key2" -+ "\n%s\n", gnutls_strerror(ret)); -+} -+ -+void doit(void) -+{ -+ if (!gnutls_fips140_mode_enabled()) -+ exit(77); -+ -+ test_xts_check(GNUTLS_CIPHER_AES_128_XTS); -+ test_xts_check(GNUTLS_CIPHER_AES_256_XTS); -+} --- -GitLab - diff --git a/gnutls-verify-library-HMAC.patch b/gnutls-verify-library-HMAC.patch deleted file mode 100644 index c706e0f..0000000 --- a/gnutls-verify-library-HMAC.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: gnutls-3.7.8/lib/fips.c -=================================================================== ---- gnutls-3.7.8.orig/lib/fips.c -+++ gnutls-3.7.8/lib/fips.c -@@ -402,6 +402,8 @@ static int check_binary_integrity(void) - ret = check_lib_hmac(&file.gnutls, GNUTLS_LIBRARY_NAME, "gnutls_global_init"); - if (ret < 0) - return ret; -+ /* Check only the binary integrity of the libgnutls library */ -+#if 0 - ret = check_lib_hmac(&file.nettle, NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key"); - if (ret < 0) - return ret; -@@ -411,6 +413,7 @@ static int check_binary_integrity(void) - ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init"); - if (ret < 0) - return ret; -+#endif - - return 0; - } diff --git a/gnutls.changes b/gnutls.changes index 59f268c..7353c50 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,73 @@ +------------------------------------------------------------------- +Tue Feb 21 10:17:00 UTC 2023 - Pedro Monreal + +- Update to 3.8.0: [bsc#1205763, bsc#1209627] + * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key + exchange. Reported by Hubert Kario (#1050). Fix developed by + Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] + [CVE-2023-0361] + * libgnutls: C++ library is now header only. All definitions + from gnutlsxx.c have been moved into gnutlsxx.h. Users of the + C++ interface have two options: + 1. include gnutlsxx.h in their application and link against + the C library. (default) + 2. include gnutlsxx.h in their application, compile with + GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link + against the C++ library. + * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST + priority modifier have been added to allow disabling of the + status_request TLS extension in the client side. + * libgnutls: TLS heartbeat is disabled by default. + The heartbeat extension in TLS (RFC 6520) is not widely used + given other implementations dropped support for it. To enable + back support for it, supply --enable-heartbeat-support to + configure script. + * libgnutls: SRP authentication is now disabled by default. + It is disabled because the SRP authentication in TLS is not + up to date with the latest TLS standards and its ciphersuites + are based on the CBC mode and SHA-1. To enable it back, supply + --enable-srp-authentication option to configure script. + * libgnutls: All code has been indented using "indent -ppi1 -linux". + CI/CD has been adjusted to catch regressions. This is implemented + through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s + commit-check. You may run devel/indent-gnutls to fix any + indentation issues if you make code modifications. + * guile: Guile-bindings removed. They have been extracted into a + separate project to reduce complexity and to simplify maintenance, + see . + * minitasn1: Upgraded to libtasn1 version 4.19. + * API and ABI modifications: + GNUTLS_NO_STATUS_REQUEST: New flag + GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member + GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member + * Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch + and gnutls-FIPS-jitterentropy-threadsafe.patch into the main + patch gnutls-FIPS-jitterentropy.patch + * Rebase gnutls-FIPS-140-3-references.patch + * Rebase patches with upstream version: + - gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch + * Remove patches merged/fixed upstream: + - gnutls-FIPS-disable-failing-tests.patch + - gnutls-verify-library-HMAC.patch + - gnutls_ECDSA_signing.patch + - gnutls-Make-XTS-key-check-failure-not-fatal.patch + - gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch + * Update keyring with https://gnutls.org/gnutls-release-keyring.gpg + +------------------------------------------------------------------- +Thu Feb 16 19:43:04 UTC 2023 - Pedro Monreal + +- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] + * Add gnutls-FIPS-jitterentropy-threadsafe.patch + +------------------------------------------------------------------- +Thu Feb 16 12:31:25 UTC 2023 - Pedro Monreal + +- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] + * Rebase patches with the version submitted upstream. + * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch + * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch + ------------------------------------------------------------------- Fri Feb 10 13:12:25 UTC 2023 - Pedro Monreal diff --git a/gnutls.keyring b/gnutls.keyring index 8194fcd..25b14b4 100644 Binary files a/gnutls.keyring and b/gnutls.keyring differ diff --git a/gnutls.spec b/gnutls.spec index b02f8ef..5de7e38 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -25,6 +25,11 @@ %else %bcond_with dane %endif +%if 0%{?suse_version} >= 1550 +%bcond_without srp +%else +%bcond_with srp +%endif # Enable Linux kernel AF_ALG based acceleration %if 0%{?suse_version} >= 1550 # disable for now, as our OBS builds do not work with it. Marcus 20220511 @@ -34,50 +39,37 @@ %bcond_with kcapi %endif %bcond_with tpm -%bcond_without guile Name: gnutls -Version: 3.7.9 +Version: 3.8.0 Release: 0 Summary: The GNU Transport Layer Security Library License: GPL-3.0-or-later AND LGPL-2.1-or-later Group: Productivity/Networking/Security URL: https://www.gnutls.org/ -Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz -Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig +Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz +Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig # https://gnutls.org/gnutls-release-keyring.gpg -Source2: gnutls.keyring +Source2: https://gnutls.org/gnutls-release-keyring.gpg#/gnutls.keyring Source3: baselibs.conf # Suppress a false positive on the .hmac file Source4: gnutls.rpmlintrc Patch0: gnutls-3.5.11-skip-trust-store-tests.patch Patch1: gnutls-FIPS-TLS_KDF_selftest.patch -Patch2: gnutls-FIPS-disable-failing-tests.patch -Patch3: gnutls_ECDSA_signing.patch -%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 -%ifnarch s390 s390x -#PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy -Patch4: gnutls-FIPS-jitterentropy.patch -#PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode -Patch5: gnutls-FIPS-Set-error-state-when-jent-init-failed.patch -%endif -%endif -#PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only -Patch6: gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch -#PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal -Patch7: gnutls-Make-XTS-key-check-failure-not-fatal.patch -Patch8: gnutls-disable-flaky-test-dtls-resume.patch -#PATCH-FIX-OPENSUSE bsc#1199881 Verify only the libgnutls library HMAC -Patch9: gnutls-verify-library-HMAC.patch +Patch2: gnutls-disable-flaky-test-dtls-resume.patch +# FIPS 140-3 patches: #PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration -Patch10: gnutls-FIPS-PCT-DH.patch -Patch11: gnutls-FIPS-PCT-ECDH.patch +Patch100: gnutls-FIPS-PCT-DH.patch +Patch101: gnutls-FIPS-PCT-ECDH.patch #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 -Patch12: gnutls-FIPS-140-3-references.patch +Patch102: gnutls-FIPS-140-3-references.patch +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +#PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy +Patch103: gnutls-FIPS-jitterentropy.patch +%endif BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge BuildRequires: fdupes -BuildRequires: fipscheck BuildRequires: gcc-c++ BuildRequires: gtk-doc # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present @@ -112,9 +104,6 @@ BuildRequires: unbound-devel BuildRequires: libunbound-devel %endif %endif -%if %{with guile} -BuildRequires: guile-devel > 1.8 -%endif %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 BuildRequires: crypto-policies Requires: crypto-policies @@ -213,17 +202,6 @@ Requires: libstdc++-devel %description -n libgnutlsxx-devel Files needed for software development using gnutls. -%if %{with guile} -%package guile -Summary: Guile wrappers for gnutls -License: LGPL-2.1-or-later -Group: Development/Libraries/Other -Requires: guile > 1.8 - -%description guile -GnuTLS Wrappers for GNU Guile, a dialect of Scheme. -%endif - %prep %autosetup -p1 @@ -233,10 +211,8 @@ echo "SYSTEM=NORMAL" >> tests/system.prio export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro" export CFLAGS="%{optflags} -fPIE" export CXXFLAGS="%{optflags} -fPIE" -autoreconf -fiv -# Rename the internal .hmac file to include the so library version -sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.am lib/Makefile.in lib/fips.c +autoreconf -fiv %configure \ gl_cv_func_printf_directive_n=yes \ @@ -258,16 +234,15 @@ sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile. %else --disable-libdane \ %endif -%if %{with guile} - --enable-guile \ - --with-guile-extension-dir=%{_libdir}/guile/3.0 \ -%else - --disable-guile \ +%if %{with srp} + --enable-srp-authentication \ %endif + --enable-shared \ --enable-fips140-mode \ --with-fips140-module-name="GnuTLS version" \ --with-fips140-module-version="%{version}-%{release}" \ %{nil} + %make_build %install @@ -287,11 +262,11 @@ sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile. # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' -# note: The FIPS hmac is now calculated with an internal tool since +# Note: The FIPS hmac is now calculated with an internal tool since # commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed %{expand:%%global __os_install_post {%__os_install_post -./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac -sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac + ./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac" + sed -i "s^%{buildroot}/usr^^" "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac" }} rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot @@ -318,7 +293,8 @@ rm -rf %{buildroot}%{_datadir}/doc/gnutls find -name test-suite.log -print -exec cat {} + exit 1 } -#Run the regression tests also in FIPS mode + +# Run the regression tests also in forced FIPS mode GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { find -name test-suite.log -print -exec cat {} + exit 1 @@ -346,7 +322,9 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE= %{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool +%if %{with srp} %{_bindir}/srptool +%endif %if %{with dane} %{_bindir}/danetool %endif @@ -414,11 +392,4 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE= %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h -%if %{with guile} -%files guile -%license LICENSE -%{_libdir}/guile/* -%{_datadir}/guile/site/* -%endif - %changelog diff --git a/gnutls_ECDSA_signing.patch b/gnutls_ECDSA_signing.patch deleted file mode 100644 index 9ad998b..0000000 --- a/gnutls_ECDSA_signing.patch +++ /dev/null @@ -1,172 +0,0 @@ -Index: gnutls-3.7.7/lib/crypto-api.c -=================================================================== ---- gnutls-3.7.7.orig/lib/crypto-api.c -+++ gnutls-3.7.7/lib/crypto-api.c -@@ -1056,6 +1056,7 @@ gnutls_hash_hd_t gnutls_hash_copy(gnutls - int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size) - { - int ret; -+ bool not_approved = false; - - FAIL_IF_LIB_ERROR; - -@@ -1066,6 +1067,10 @@ int gnutls_key_generate(gnutls_datum_t * - if (_gnutls_fips_mode_enabled() != 0 && - key_size > FIPS140_RND_KEY_SIZE) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -+ if (key_size < 14) { -+ not_approved = true; -+ } -+ - #endif - - key->size = key_size; -@@ -1082,6 +1087,15 @@ int gnutls_key_generate(gnutls_datum_t * - return ret; - } - -+#ifdef ENABLE_FIPS140 -+ if (not_approved) { -+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); -+ } else { -+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); -+ } -+ -+#endif -+ - return 0; - } - -Index: gnutls-3.7.7/lib/fips.h -=================================================================== ---- gnutls-3.7.7.orig/lib/fips.h -+++ gnutls-3.7.7/lib/fips.h -@@ -145,6 +145,30 @@ is_cipher_algo_allowed_in_fips(gnutls_ci - } - } - -+inline static bool -+is_digest_algo_approved_for_sign_in_fips(gnutls_digest_algorithm_t algo) -+{ -+ switch (algo) { -+ case GNUTLS_DIG_SHA224: -+ case GNUTLS_DIG_SHA256: -+ case GNUTLS_DIG_SHA384: -+ case GNUTLS_DIG_SHA512: -+ case GNUTLS_DIG_SHA3_224: -+ case GNUTLS_DIG_SHA3_256: -+ case GNUTLS_DIG_SHA3_384: -+ case GNUTLS_DIG_SHA3_512: -+ return true; -+ default: -+ return false; -+ } -+} -+ -+inline static bool -+is_digest_algo_allowed_for_sign_in_fips(gnutls_digest_algorithm_t algo) -+{ -+ return is_digest_algo_approved_for_sign_in_fips(algo); -+} -+ - #ifdef ENABLE_FIPS140 - /* This will test the condition when in FIPS140-2 mode - * and return an error if necessary or ignore */ -@@ -205,9 +229,33 @@ is_cipher_algo_allowed(gnutls_cipher_alg - - return true; - } -+ -+inline static bool -+is_digest_algo_allowed_for_sign(gnutls_digest_algorithm_t algo) -+{ -+ gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled(); -+ if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST && -+ !is_digest_algo_allowed_for_sign_in_fips(algo)) { -+ switch (mode) { -+ case GNUTLS_FIPS140_LOG: -+ _gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n", -+ gnutls_cipher_get_name(algo)); -+ FALLTHROUGH; -+ case GNUTLS_FIPS140_DISABLED: -+ case GNUTLS_FIPS140_LAX: -+ return true; -+ default: -+ return false; -+ } -+ } -+ -+ return true; -+} -+ - #else - # define is_mac_algo_allowed(x) true - # define is_cipher_algo_allowed(x) true -+# define is_digest_algo_allowed_for_sign(x) true - # define FIPS_RULE(condition, ret_error, ...) - #endif - -Index: gnutls-3.7.7/lib/privkey.c -=================================================================== ---- gnutls-3.7.7.orig/lib/privkey.c -+++ gnutls-3.7.7/lib/privkey.c -@@ -1284,10 +1284,24 @@ privkey_sign_and_hash_data(gnutls_privke - int ret; - gnutls_datum_t digest; - const mac_entry_st *me; -+ bool not_approved = false; - - if (unlikely(se == NULL)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - -+ if (se->pk == GNUTLS_PK_ECDSA && !is_digest_algo_allowed_for_sign(se->hash)) { -+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); -+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); -+ } else if (se->pk == GNUTLS_PK_ECDSA && !is_digest_algo_approved_for_sign_in_fips(se->hash)) { -+ not_approved = true; -+ } -+ -+ if (not_approved) { -+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); -+ } else { -+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED); -+ } -+ - if (_gnutls_pk_is_not_prehashed(se->pk)) { - return privkey_sign_raw_data(signer, se, data, signature, params); - } -Index: gnutls-3.7.7/tests/fips-test.c -=================================================================== ---- gnutls-3.7.7.orig/tests/fips-test.c -+++ gnutls-3.7.7/tests/fips-test.c -@@ -38,6 +38,7 @@ static void tls_log_func(int level, cons - fprintf(stderr, "<%d>| %s", level, str); - } - -+static uint8_t key13[13]; - static uint8_t key16[16]; - static uint8_t iv16[16]; - uint8_t key_data[64]; -@@ -269,6 +270,7 @@ void doit(void) - gnutls_pubkey_t pubkey; - gnutls_x509_privkey_t xprivkey; - gnutls_privkey_t privkey; -+ gnutls_datum_t key_invalid = { key13, sizeof(key13) }; - gnutls_datum_t key = { key16, sizeof(key16) }; - gnutls_datum_t iv = { iv16, sizeof(iv16) }; - gnutls_datum_t signature; -@@ -309,6 +311,14 @@ void doit(void) - /* Try crypto.h functionality */ - test_ciphers(); - -+ /* Try creating key with less than 112 bits: not approved */ -+ FIPS_PUSH_CONTEXT(); -+ ret = gnutls_key_generate(&key_invalid, 13); -+ if (ret < 0) { -+ fail("gnutls_generate_key failed\n"); -+ } -+ FIPS_POP_CONTEXT(NOT_APPROVED); -+ - FIPS_PUSH_CONTEXT(); - ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); - if (ret < 0) {

    GNUTLS_FIPS140_DISABLED

    		 @@ -711,7 +711,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html  

    GNUTLS_FIPS140_LAX

    		 @@ -722,18 +722,18 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).