pool/gnutls
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1074130 from home:pmonrealgonzalez:branches:security:tls

Browse Source 
- Update to 3.8.0: [bsc#1205763, bsc#1209627]
  * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
    exchange. Reported by Hubert Kario (#1050). Fix developed by
    Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
    [CVE-2023-0361]
  * libgnutls: C++ library is now header only. All definitions
    from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
    C++ interface have two options:
    1. include gnutlsxx.h in their application and link against
       the C library. (default)
    2. include gnutlsxx.h in their application, compile with
       GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
       against the C++ library.
  * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
    priority modifier have been added to allow disabling of the
    status_request TLS extension in the client side.
  * libgnutls: TLS heartbeat is disabled by default.
    The heartbeat extension in TLS (RFC 6520) is not widely used
    given other implementations dropped support for it. To enable
    back support for it, supply --enable-heartbeat-support to
    configure script.
  * libgnutls: SRP authentication is now disabled by default.
    It is disabled because the SRP authentication in TLS is not
    up to date with the latest TLS standards and its ciphersuites
    are based on the CBC mode and SHA-1. To enable it back, supply
    --enable-srp-authentication option to configure script.
  * libgnutls: All code has been indented using "indent -ppi1 -linux".
    CI/CD has been adjusted to catch regressions. This is implemented
    through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
    commit-check. You may run devel/indent-gnutls to fix any

OBS-URL: https://build.opensuse.org/request/show/1074130
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=88
This commit is contained in:
Pedro Monreal Gonzalez 2023-03-24 12:22:34 +00:00 committed by Git OBS Bridge
parent e78803cceb
commit cf30493c2c
17 changed files with 573 additions and 1194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls-3.7.9.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aaa03416cdbd54eb155187b359e3ec3ed52ec73df4df35a0edd49429ff64d844
size 6377212

BIN
gnutls-3.7.9.tar.xz.sig
View File

Binary file not shown.

BIN
gnutls-3.8.0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
gnutls-3.8.0.tar.xz.sig Normal file
View File

Binary file not shown.

510
gnutls-FIPS-140-3-references.patch
View File

@ -1,8 +1,8 @@
Index: gnutls-3.7.9/configure.ac
Index: gnutls-3.8.0/configure.ac
===================================================================
--- gnutls-3.7.9.orig/configure.ac
+++ gnutls-3.7.9/configure.ac
@@ -588,19 +588,19 @@ LT_INIT([disable-static,win32-dll,shared
--- gnutls-3.8.0.orig/configure.ac
+++ gnutls-3.8.0/configure.ac
@@ -586,19 +586,19 @@ LT_INIT([disable-static,win32-dll,shared
AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
AC_ARG_ENABLE(fips140-mode,
@ -25,11 +25,11 @@ Index: gnutls-3.7.9/configure.ac
AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
[specify the FIPS140 module name]),
Index: gnutls-3.7.9/doc/cha-gtls-app.texi
Index: gnutls-3.8.0/doc/cha-gtls-app.texi
===================================================================
--- gnutls-3.7.9.orig/doc/cha-gtls-app.texi
+++ gnutls-3.7.9/doc/cha-gtls-app.texi
@@ -206,7 +206,7 @@ CPU. The currently available options are
--- gnutls-3.8.0.orig/doc/cha-gtls-app.texi
+++ gnutls-3.8.0/doc/cha-gtls-app.texi
@@ -222,7 +222,7 @@ CPU. The currently available options are
@end itemize
@item @code{GNUTLS_FORCE_FIPS_MODE}
@ -38,10 +38,10 @@ Index: gnutls-3.7.9/doc/cha-gtls-app.texi
if set to one it will force the FIPS mode enablement.
@end multitable
Index: gnutls-3.7.9/doc/cha-internals.texi
Index: gnutls-3.8.0/doc/cha-internals.texi
===================================================================
--- gnutls-3.7.9.orig/doc/cha-internals.texi
+++ gnutls-3.7.9/doc/cha-internals.texi
--- gnutls-3.8.0.orig/doc/cha-internals.texi
+++ gnutls-3.8.0/doc/cha-internals.texi
@@ -14,7 +14,7 @@ happens inside the black box.
* TLS Hello Extension Handling::
* Cryptographic Backend::
@ -162,11 +162,11 @@ Index: gnutls-3.7.9/doc/cha-internals.texi
operation. It can be attached to the current execution thread with
@funcref{gnutls_fips140_push_context} and its internal state will be
updated until it is detached with
Index: gnutls-3.7.9/doc/enums.texi
Index: gnutls-3.8.0/doc/enums.texi
===================================================================
--- gnutls-3.7.9.orig/doc/enums.texi
+++ gnutls-3.7.9/doc/enums.texi
@@ -1169,7 +1169,7 @@ application traffic secret is installed
--- gnutls-3.8.0.orig/doc/enums.texi
+++ gnutls-3.8.0/doc/enums.texi
@@ -1176,7 +1176,7 @@ application traffic secret is installed
@c gnutls_fips_mode_t
@table @code
@item GNUTLS_@-FIPS140_@-DISABLED
@ -175,7 +175,7 @@ Index: gnutls-3.7.9/doc/enums.texi
@item GNUTLS_@-FIPS140_@-STRICT
The default mode; all forbidden operations will cause an
operation failure via error code.
@@ -1177,8 +1177,8 @@ operation failure via error code.
@@ -1184,8 +1184,8 @@ operation failure via error code.
A transient state during library initialization. That state
cannot be set or seen by applications.
@item GNUTLS_@-FIPS140_@-LAX
@ -186,10 +186,10 @@ Index: gnutls-3.7.9/doc/enums.texi
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode
===================================================================
--- gnutls-3.7.9.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
--- gnutls-3.8.0.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode
@@ -3,7 +3,7 @@
@ -215,10 +215,10 @@ Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.7.9/doc/gnutls.html
Index: gnutls-3.8.0/doc/gnutls.html
===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.html
+++ gnutls-3.7.9/doc/gnutls.html
--- gnutls-3.8.0.orig/doc/gnutls.html
+++ gnutls-3.8.0/doc/gnutls.html
@@ -486,7 +486,7 @@ Documentation License&rdquo;.
<li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li>
<li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li>
@ -228,7 +228,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
</ul></li>
<li><a id="toc-Upgrading-from-previous-versions-1" href="#Upgrading-from-previous-versions">Appendix A Upgrading from previous versions</a></li>
<li><a id="toc-Support-1" href="#Support">Appendix B Support</a>
@@ -8990,7 +8990,7 @@ CPU. The currently available options are
@@ -9009,7 +9009,7 @@ CPU. The currently available options are
</li><li> 0x200000: Enable VIA PHE
</li><li> 0x400000: Enable VIA PHE SHA512
</li></ul></td></tr>
@ -405,7 +405,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
</p>
<hr>
</div>
@@ -24538,7 +24538,7 @@ unusable. This function is not thread-s
@@ -24526,7 +24526,7 @@ unusable. This function is not thread-s
<span id="gnutls_005ffips140_005fset_005fmode-1"></span><h4 class="subheading">gnutls_fips140_set_mode</h4>
<span id="gnutls_005ffips140_005fset_005fmode"></span><dl class="def">
<dt id="index-gnutls_005ffips140_005fset_005fmode"><span class="category">Function: </span><span><em>void</em> <strong>gnutls_fips140_set_mode</strong> <em>(gnutls_fips_mode_t <var>mode</var>, unsigned <var>flags</var>)</em><a href='#index-gnutls_005ffips140_005fset_005fmode' class='copiable-anchor'> &para;</a></span></dt>
@ -414,7 +414,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
</p>
<p><var>flags</var>: should be zero or <code>GNUTLS_FIPS140_SET_MODE_THREAD</code>
</p>
@@ -24547,13 +24547,13 @@ unusable. This function is not thread-s
@@ -24535,13 +24535,13 @@ unusable. This function is not thread-s
behavior with no flags after threads are created is undefined.
</p>
<p>When the flag <code>GNUTLS_FIPS140_SET_MODE_THREAD</code> is specified
@ -430,7 +430,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
values for <code>mode</code> or to <code>GNUTLS_FIPS140_SELFTESTS</code> mode, the library
switches to <code>GNUTLS_FIPS140_STRICT</code> mode.
</p>
@@ -46665,7 +46665,7 @@ Next: <a href="#Concept-Index" accesskey
@@ -46662,7 +46662,7 @@ Next: <a href="#Concept-Index" accesskey
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
@ -439,11 +439,11 @@ Index: gnutls-3.7.9/doc/gnutls.html
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.7.9/doc/gnutls.info-3
Index: gnutls-3.8.0/doc/gnutls.info-3
===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info-3
+++ gnutls-3.7.9/doc/gnutls.info-3
@@ -2458,7 +2458,7 @@ to 'more'. Both will exit with a status
--- gnutls-3.8.0.orig/doc/gnutls.info-3
+++ gnutls-3.8.0/doc/gnutls.info-3
@@ -1631,7 +1631,7 @@ to 'more'. Both will exit with a status
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
- file must pre-exist
@ -452,7 +452,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
@@ -3559,7 +3559,7 @@ to know what happens inside the black bo
@@ -2732,7 +2732,7 @@ to know what happens inside the black bo
* TLS Hello Extension Handling::
* Cryptographic Backend::
* Random Number Generators-internals::
@ -461,7 +461,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3

File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
@@ -4091,7 +4091,7 @@ and abstract key types::.
@@ -3264,7 +3264,7 @@ and abstract key types::.
kernel implementation of '/dev/crypto'.

@ -470,7 +470,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
11.6 Random Number Generators
=============================
@@ -4101,7 +4101,7 @@ About the generators
@@ -3274,7 +3274,7 @@ About the generators
GnuTLS provides two random generators. The default, and the AES-DRBG
random generator which is only used when the library is compiled with
@ -479,7 +479,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
The default generator - inner workings
--------------------------------------
@@ -4250,25 +4250,25 @@ after observing the output of the PRNG.
@@ -3423,25 +3423,25 @@ after observing the output of the PRNG.
the above paragraph, all levels are immune to such attack.

@ -513,7 +513,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
modified as follows.
* The random generator used switches to DRBG-AES
@@ -4276,11 +4276,11 @@ modified as follows.
@@ -3449,11 +3449,11 @@ modified as follows.
startup
* Algorithm self-tests are run on library load
@ -528,7 +528,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
generation
* Any cryptographic operation will be refused if any of the
self-tests failed
@@ -4289,7 +4289,7 @@ There are also few environment variables
@@ -3462,7 +3462,7 @@ There are also few environment variables
The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will
disable the library integrity tests on startup, and the variable
'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure
@ -537,7 +537,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
while '0' will disable it.
The integrity checks for the dependent libraries and GnuTLS are
@@ -4298,20 +4298,20 @@ library. The key for the operations can
@@ -3471,20 +3471,20 @@ library. The key for the operations can
with the configure option '-with-fips140-key'. The MAC algorithm used
is HMAC-SHA256.
@ -562,7 +562,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
'GNUTLS_FIPS140_STRICT'
The default mode; all forbidden operations will cause an operation
failure via error code.
@@ -4319,8 +4319,8 @@ in *note Figure 11.5: gnutls_fips_mode_t
@@ -3492,8 +3492,8 @@ in *note Figure 11.5: gnutls_fips_mode_t
A transient state during library initialization. That state cannot
be set or seen by applications.
'GNUTLS_FIPS140_LAX'
@ -573,7 +573,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
the application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g.,
compatibility).
@@ -4333,7 +4333,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
@@ -3506,7 +3506,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
Figure 11.5: The 'gnutls_fips_mode_t' enumeration.
The intention of this API is to be used by applications which may run in
@ -582,7 +582,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
set, e.g., for non-security related purposes. In these cases
applications should wrap the non-compliant code within blocks like the
following.
@@ -4357,10 +4357,10 @@ are macros to simplify the following seq
@@ -3530,10 +3530,10 @@ are macros to simplify the following seq
The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous
calls is to localize the change in the mode. Note also, that such a
@ -595,7 +595,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
Service indicator
@@ -4379,7 +4379,7 @@ within a given context.
@@ -3552,7 +3552,7 @@ within a given context.
'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)'
'INT *note gnutls_fips140_pop_context:: ( VOID)'
@ -604,7 +604,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
operation. It can be attached to the current execution thread with
*note gnutls_fips140_push_context:: and its internal state will be
updated until it is detached with *note gnutls_fips140_pop_context::.
@@ -4837,8 +4837,8 @@ There are certifications from national o
@@ -4010,8 +4010,8 @@ There are certifications from national o
practices, such as unit testing and reliance on well known crypto
primitives.
@ -615,7 +615,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3

File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top
@@ -9315,7 +9315,7 @@ gnutls_fips140_set_mode
@@ -8476,7 +8476,7 @@ gnutls_fips140_set_mode
-- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE,
unsigned FLAGS)
@ -624,7 +624,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD'
@@ -9325,12 +9325,12 @@ gnutls_fips140_set_mode
@@ -8486,12 +8486,12 @@ gnutls_fips140_set_mode
undefined.
When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then
@ -639,10 +639,10 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the
library switches to 'GNUTLS_FIPS140_STRICT' mode.
Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi
Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi
===================================================================
--- gnutls-3.7.9.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.7.9/doc/invoke-gnutls-cli.texi
--- gnutls-3.8.0.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.0/doc/invoke-gnutls-cli.texi
@@ -99,7 +99,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library
@ -652,10 +652,10 @@ Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi
--list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material
Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1
Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1
===================================================================
--- gnutls-3.7.9.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.7.9/doc/manpages/gnutls-cli.1
--- gnutls-3.8.0.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.0/doc/manpages/gnutls-cli.1
@@ -389,7 +389,7 @@ Specify the PKCS #11 provider library.
This will override the default options in /etc/gnutls/pkcs11.conf
.TP
@ -665,11 +665,11 @@ Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1
.sp
.TP
.NOP \f\*[B-Font]\-\-list\-config\f[]
Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html
===================================================================
--- gnutls-3.7.9.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
@@ -20552,12 +20552,12 @@ gnutls_fips140_set_mode (<em class="para
--- gnutls-3.8.0.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html
@@ -20580,12 +20580,12 @@ gnutls_fips140_set_mode (<em class="para
(globally), and should be called prior to creating any threads. Its
behavior with no flags after threads are created is undefined.</p>
<p>When the flag <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SET-MODE-THREAD:CAPS" title="GNUTLS_FIPS140_SET_MODE_THREAD"><code class="literal">GNUTLS_FIPS140_SET_MODE_THREAD</code></a> is specified
@ -684,7 +684,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
values for <em class="parameter"><code>mode</code></em>
or to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SELFTESTS:CAPS"><code class="literal">GNUTLS_FIPS140_SELFTESTS</code></a> mode, the library
switches to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-STRICT:CAPS"><code class="literal">GNUTLS_FIPS140_STRICT</code></a> mode.</p>
@@ -20572,7 +20572,7 @@ switches to <a class="link" href="gnutls
@@ -20600,7 +20600,7 @@ switches to <a class="link" href="gnutls
<tbody>
<tr>
<td class="parameter_name"><p>mode</p></td>
@ -693,7 +693,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
<td class="parameter_annotations"> </td>
</tr>
<tr>
@@ -25479,7 +25479,7 @@ encryption</p>
@@ -25568,7 +25568,7 @@ encryption</p>
<hr>
<div class="refsect2">
<a name="gnutls-fips-mode-t"></a><h3>enum gnutls_fips_mode_t</h3>
@ -702,7 +702,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
<div class="refsect3">
<a name="gnutls-fips-mode-t.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
@@ -25492,7 +25492,7 @@ encryption</p>
@@ -25581,7 +25581,7 @@ encryption</p>
<tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-DISABLED:CAPS"></a>GNUTLS_FIPS140_DISABLED</p></td>
<td class="enum_member_description">
@ -711,7 +711,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
</td>
<td class="enum_member_annotations"> </td>
</tr>
@@ -25515,8 +25515,8 @@ operation failure via error code.</p>
@@ -25604,8 +25604,8 @@ operation failure via error code.</p>
<tr>
<td class="enum_member_name"><p><a name="GNUTLS-FIPS140-LAX:CAPS"></a>GNUTLS_FIPS140_LAX</p></td>
<td class="enum_member_description">
@ -722,18 +722,18 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).</p>
</td>
@@ -27111,4 +27111,4 @@ transition to <a class="link" href="gnut
@@ -27241,4 +27241,4 @@ This is used by <a class="link" href="gn
<div class="footer">
<hr>Generated by GTK-Doc V1.33.1</div>
</body>
-</html>
\ No newline at end of file
+</html>
Index: gnutls-3.7.9/lib/fips.c
Index: gnutls-3.8.0/lib/fips.c
===================================================================
--- gnutls-3.7.9.orig/lib/fips.c
+++ gnutls-3.7.9/lib/fips.c
@@ -113,7 +113,7 @@ unsigned _gnutls_fips_mode_enabled(void)
--- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void)
}
if (f1p != 0) {
@ -742,7 +742,7 @@ Index: gnutls-3.7.9/lib/fips.c
ret = GNUTLS_FIPS140_STRICT;
goto exit;
}
@@ -122,7 +122,7 @@ unsigned _gnutls_fips_mode_enabled(void)
@@ -130,7 +130,7 @@ unsigned _gnutls_fips_mode_enabled(void)
if (f2p != 0) {
/* a funny state where self tests are performed
* and ignored */
@ -751,7 +751,7 @@ Index: gnutls-3.7.9/lib/fips.c
ret = GNUTLS_FIPS140_SELFTESTS;
goto exit;
}
@@ -632,7 +632,7 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi
/**
* gnutls_fips140_set_mode:
@ -760,7 +760,7 @@ Index: gnutls-3.7.9/lib/fips.c
* @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD
*
* That function is not thread-safe when changing the mode with no flags
@@ -640,13 +640,13 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi
* behavior with no flags after threads are created is undefined.
*
* When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified
@ -776,27 +776,28 @@ Index: gnutls-3.7.9/lib/fips.c
* values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library
* switches to %GNUTLS_FIPS140_STRICT mode.
*
@@ -657,8 +657,8 @@ void gnutls_fips140_set_mode(gnutls_fips
@@ -719,9 +719,9 @@ void gnutls_fips140_set_mode(gnutls_fips
#ifdef ENABLE_FIPS140
gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled();
if (prev == GNUTLS_FIPS140_DISABLED || prev == GNUTLS_FIPS140_SELFTESTS) {
- /* we need to run self-tests first to be in FIPS140-2 mode */
- _gnutls_audit_log(NULL, "The library should be initialized in FIPS140-2 mode to do that operation\n");
+ /* we need to run self-tests first to be in FIPS140-3 mode */
+ _gnutls_audit_log(NULL, "The library should be initialized in FIPS140-3 mode to do that operation\n");
_gnutls_audit_log(NULL,
- "The library should be initialized in FIPS140-2 mode to do that operation\n");
+ "The library should be initialized in FIPS140-3 mode to do that operation\n");
return;
}
@@ -669,7 +669,7 @@ void gnutls_fips140_set_mode(gnutls_fips
case GNUTLS_FIPS140_DISABLED:
@@ -733,7 +733,7 @@ void gnutls_fips140_set_mode(gnutls_fips
break;
case GNUTLS_FIPS140_SELFTESTS:
- _gnutls_audit_log(NULL, "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n");
+ _gnutls_audit_log(NULL, "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n");
_gnutls_audit_log(NULL,
- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n");
+ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n");
mode = GNUTLS_FIPS140_STRICT;
break;
default:
@@ -848,7 +848,7 @@ _gnutls_switch_fips_state(gnutls_fips140
@@ -908,7 +908,7 @@ void _gnutls_switch_fips_state(gnutls_fi
}
if (!_tfips_context) {
@ -805,59 +806,59 @@ Index: gnutls-3.7.9/lib/fips.c
return;
}
@@ -860,7 +860,7 @@ _gnutls_switch_fips_state(gnutls_fips140
case GNUTLS_FIPS140_OP_INITIAL:
@@ -921,7 +921,7 @@ void _gnutls_switch_fips_state(gnutls_fi
/* initial can be transitioned to any state */
if (mode != GNUTLS_FIPS140_LAX) {
- _gnutls_audit_log(NULL, "FIPS140-2 operation mode switched from initial to %s\n",
+ _gnutls_audit_log(NULL, "FIPS140-3 operation mode switched from initial to %s\n",
_gnutls_audit_log(NULL,
- "FIPS140-2 operation mode switched from initial to %s\n",
+ "FIPS140-3 operation mode switched from initial to %s\n",
operation_state_to_string(state));
}
_tfips_context->state = state;
@@ -869,7 +869,7 @@ _gnutls_switch_fips_state(gnutls_fips140
/* approved can only be transitioned to not-approved */
@@ -931,7 +931,7 @@ void _gnutls_switch_fips_state(gnutls_fi
if (likely(state == GNUTLS_FIPS140_OP_NOT_APPROVED)) {
if (mode != GNUTLS_FIPS140_LAX) {
- _gnutls_audit_log(NULL, "FIPS140-2 operation mode switched from approved to %s\n",
+ _gnutls_audit_log(NULL, "FIPS140-3 operation mode switched from approved to %s\n",
operation_state_to_string(state));
_gnutls_audit_log(NULL,
- "FIPS140-2 operation mode switched from approved to %s\n",
+ "FIPS140-3 operation mode switched from approved to %s\n",
operation_state_to_string
(state));
}
_tfips_context->state = state;
@@ -879,7 +879,7 @@ _gnutls_switch_fips_state(gnutls_fips140
default:
@@ -943,7 +943,7 @@ void _gnutls_switch_fips_state(gnutls_fi
/* other transitions are prohibited */
if (mode != GNUTLS_FIPS140_LAX) {
- _gnutls_audit_log(NULL, "FIPS140-2 operation mode cannot be switched from %s to %s\n",
+ _gnutls_audit_log(NULL, "FIPS140-3 operation mode cannot be switched from %s to %s\n",
operation_state_to_string(_tfips_context->state),
_gnutls_audit_log(NULL,
- "FIPS140-2 operation mode cannot be switched from %s to %s\n",
+ "FIPS140-3 operation mode cannot be switched from %s to %s\n",
operation_state_to_string
(_tfips_context->state),
operation_state_to_string(state));
}
@@ -941,7 +941,7 @@ gnutls_fips140_run_self_tests(void)
if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED &&
ret < 0) {
@@ -1004,7 +1004,7 @@ int gnutls_fips140_run_self_tests(void)
if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
- _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n");
+ _gnutls_audit_log(NULL, "FIPS140-3 self testing part 2 failed\n");
_gnutls_audit_log(NULL,
- "FIPS140-2 self testing part 2 failed\n");
+ "FIPS140-3 self testing part 2 failed\n");
} else {
/* Restore the previous library state */
_gnutls_switch_lib_state(prev_lib_state);
@@ -951,7 +951,7 @@ gnutls_fips140_run_self_tests(void)
if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && fips_context) {
@@ -1016,7 +1016,7 @@ int gnutls_fips140_run_self_tests(void)
if (gnutls_fips140_pop_context() < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
- _gnutls_audit_log(NULL, "FIPS140-2 context restoration failed\n");
+ _gnutls_audit_log(NULL, "FIPS140-3 context restoration failed\n");
_gnutls_audit_log(NULL,
- "FIPS140-2 context restoration failed\n");
+ "FIPS140-3 context restoration failed\n");
}
gnutls_fips140_context_deinit(fips_context);
}
Index: gnutls-3.7.9/lib/fips.h
Index: gnutls-3.8.0/lib/fips.h
===================================================================
--- gnutls-3.7.9.orig/lib/fips.h
+++ gnutls-3.7.9/lib/fips.h
@@ -189,16 +189,16 @@ is_digest_algo_allowed_for_sign_in_fips(
--- gnutls-3.8.0.orig/lib/fips.h
+++ gnutls-3.8.0/lib/fips.h
@@ -158,16 +158,16 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
}
#ifdef ENABLE_FIPS140
# ifdef ENABLE_FIPS140
-/* This will test the condition when in FIPS140-2 mode
+/* This will test the condition when in FIPS140-3 mode
* and return an error if necessary or ignore */
@ -874,7 +875,7 @@ Index: gnutls-3.7.9/lib/fips.h
return ret_error; \
} \
} \
@@ -213,7 +213,7 @@ is_mac_algo_allowed(gnutls_mac_algorithm
@@ -181,7 +181,7 @@ inline static bool is_mac_algo_allowed(g
switch (mode) {
case GNUTLS_FIPS140_LOG:
_gnutls_audit_log(NULL,
@ -883,28 +884,19 @@ Index: gnutls-3.7.9/lib/fips.h
gnutls_mac_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
@@ -235,7 +235,7 @@ is_cipher_algo_allowed(gnutls_cipher_alg
!is_cipher_algo_allowed_in_fips(algo)) {
@@ -203,7 +203,7 @@ inline static bool is_cipher_algo_allowe
switch (mode) {
case GNUTLS_FIPS140_LOG:
- _gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n",
+ _gnutls_audit_log(NULL, "fips140-3: allowing access to %s\n",
_gnutls_audit_log(NULL,
- "fips140-2: allowing access to %s\n",
+ "fips140-3: allowing access to %s\n",
gnutls_cipher_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
@@ -257,7 +257,7 @@ is_digest_algo_allowed_for_sign(gnutls_d
!is_digest_algo_allowed_for_sign_in_fips(algo)) {
switch (mode) {
case GNUTLS_FIPS140_LOG:
- _gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n",
+ _gnutls_audit_log(NULL, "fips140-3: allowing access to %s\n",
gnutls_cipher_get_name(algo));
FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED:
Index: gnutls-3.7.9/lib/global.c
Index: gnutls-3.8.0/lib/global.c
===================================================================
--- gnutls-3.7.9.orig/lib/global.c
+++ gnutls-3.7.9/lib/global.c
--- gnutls-3.8.0.orig/lib/global.c
+++ gnutls-3.8.0/lib/global.c
@@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned
#ifdef ENABLE_FIPS140
@ -920,29 +912,29 @@ Index: gnutls-3.7.9/lib/global.c
_gnutls_priority_update_fips();
/* first round of self checks, these are done on the
@@ -340,7 +340,7 @@ static int _gnutls_global_init(unsigned
ret = _gnutls_fips_perform_self_checks1();
@@ -341,7 +341,7 @@ static int _gnutls_global_init(unsigned
if (ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
- _gnutls_audit_log(NULL, "FIPS140-2 self testing part1 failed\n");
+ _gnutls_audit_log(NULL, "FIPS140-3 self testing part1 failed\n");
_gnutls_audit_log(NULL,
- "FIPS140-2 self testing part1 failed\n");
+ "FIPS140-3 self testing part1 failed\n");
if (res != 2) {
gnutls_assert();
goto out;
@@ -362,7 +362,7 @@ static int _gnutls_global_init(unsigned
ret = _gnutls_fips_perform_self_checks2();
@@ -364,7 +364,7 @@ static int _gnutls_global_init(unsigned
if (ret < 0) {
_gnutls_switch_lib_state(LIB_STATE_ERROR);
- _gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n");
+ _gnutls_audit_log(NULL, "FIPS140-3 self testing part 2 failed\n");
_gnutls_audit_log(NULL,
- "FIPS140-2 self testing part 2 failed\n");
+ "FIPS140-3 self testing part 2 failed\n");
if (res != 2) {
gnutls_assert();
goto out;
Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in
===================================================================
--- gnutls-3.7.9.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
@@ -3336,16 +3336,16 @@ void
--- gnutls-3.8.0.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in
@@ -3278,16 +3278,16 @@ void
gnutls_alert_set_read_function(gnutls_session_t session,
gnutls_alert_read_func func);
@ -963,7 +955,7 @@ Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
* application is aware of the followed security policy, and needs
* to utilize disallowed operations for other reasons (e.g., compatibility).
* @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results
@@ -3353,7 +3353,7 @@ unsigned gnutls_fips140_mode_enabled(voi
@@ -3295,7 +3295,7 @@ unsigned gnutls_fips140_mode_enabled(voi
* @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state
* cannot be set or seen by applications.
*
@ -972,11 +964,11 @@ Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
*/
typedef enum gnutls_fips_mode_t {
GNUTLS_FIPS140_DISABLED = 0,
Index: gnutls-3.7.9/src/cli.c
Index: gnutls-3.8.0/src/cli.c
===================================================================
--- gnutls-3.7.9.orig/src/cli.c
+++ gnutls-3.7.9/src/cli.c
@@ -1641,10 +1641,10 @@ static void cmd_parser(int argc, char **
--- gnutls-3.8.0.orig/src/cli.c
+++ gnutls-3.8.0/src/cli.c
@@ -1650,10 +1650,10 @@ static void cmd_parser(int argc, char **
if (HAVE_OPT(FIPS140_MODE)) {
if (gnutls_fips140_mode_enabled() != 0) {
@ -989,10 +981,10 @@ Index: gnutls-3.7.9/src/cli.c
exit(1);
}
Index: gnutls-3.7.9/src/gnutls-cli-options.c
Index: gnutls-3.8.0/src/gnutls-cli-options.c
===================================================================
--- gnutls-3.7.9.orig/src/gnutls-cli-options.c
+++ gnutls-3.7.9/src/gnutls-cli-options.c
--- gnutls-3.8.0.orig/src/gnutls-cli-options.c
+++ gnutls-3.8.0/src/gnutls-cli-options.c
@@ -785,7 +785,7 @@ usage (FILE *out, int status)
" --inline-commands-prefix=str Change the default delimiter for inline commands\n"
" --provider=file Specify the PKCS #11 provider library\n"
@ -1002,10 +994,10 @@ Index: gnutls-3.7.9/src/gnutls-cli-options.c
" --list-config Reports the configuration of the library\n"
" --logfile=str Redirect informational messages to a specific file\n"
" --keymatexport=str Label used for exporting keying material\n"
Index: gnutls-3.7.9/tests/cert-tests/gost.sh
Index: gnutls-3.8.0/tests/cert-tests/gost.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/gost.sh
+++ gnutls-3.7.9/tests/cert-tests/gost.sh
--- gnutls-3.8.0.orig/tests/cert-tests/gost.sh
+++ gnutls-3.8.0/tests/cert-tests/gost.sh
@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -1015,10 +1007,36 @@ Index: gnutls-3.7.9/tests/cert-tests/gost.sh
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh
===================================================================
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh
===================================================================
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -1028,10 +1046,23 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs12.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh
===================================================================
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -1041,23 +1072,10 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh
Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs12.sh
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
@ -1067,11 +1085,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
@ -1080,11 +1098,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
@ -1093,37 +1111,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh
Index: gnutls-3.8.0/tests/cipher-listings.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.7.9/tests/cert-tests/pkcs8.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.7.9/tests/cert-tests/pkcs8.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
- echo "Cannot run in FIPS140-2 mode"
+ echo "Cannot run in FIPS140-3 mode"
exit 77
fi
Index: gnutls-3.7.9/tests/cipher-listings.sh
===================================================================
--- gnutls-3.7.9.orig/tests/cipher-listings.sh
+++ gnutls-3.7.9/tests/cipher-listings.sh
@@ -64,7 +64,7 @@ check()
--- gnutls-3.8.0.orig/tests/cipher-listings.sh
+++ gnutls-3.8.0/tests/cipher-listings.sh
@@ -63,7 +63,7 @@ check()
${CLI} --fips140-mode
if test $? = 0;then
@ -1132,11 +1124,11 @@ Index: gnutls-3.7.9/tests/cipher-listings.sh
exit 77
fi
Index: gnutls-3.7.9/tests/testpkcs11.sh
Index: gnutls-3.8.0/tests/testpkcs11.sh
===================================================================
--- gnutls-3.7.9.orig/tests/testpkcs11.sh
+++ gnutls-3.7.9/tests/testpkcs11.sh
@@ -27,7 +27,7 @@
--- gnutls-3.8.0.orig/tests/testpkcs11.sh
+++ gnutls-3.8.0/tests/testpkcs11.sh
@@ -26,7 +26,7 @@
RETCODE=0
if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
@ -1145,10 +1137,10 @@ Index: gnutls-3.7.9/tests/testpkcs11.sh
exit 77
fi
Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t
===================================================================
--- gnutls-3.7.9.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
--- gnutls-3.8.0.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.0/doc/enums/gnutls_fips_mode_t
@@ -3,7 +3,7 @@
@c gnutls_fips_mode_t
@table @code
@ -1169,10 +1161,10 @@ Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.7.9/doc/gnutls-api.texi
Index: gnutls-3.8.0/doc/gnutls-api.texi
===================================================================
--- gnutls-3.7.9.orig/doc/gnutls-api.texi
+++ gnutls-3.7.9/doc/gnutls-api.texi
--- gnutls-3.8.0.orig/doc/gnutls-api.texi
+++ gnutls-3.8.0/doc/gnutls-api.texi
@@ -3275,7 +3275,7 @@ unusable. This function is not thread-s
@subheading gnutls_fips140_set_mode
@anchor{gnutls_fips140_set_mode}
@ -1198,11 +1190,11 @@ Index: gnutls-3.7.9/doc/gnutls-api.texi
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.7.9/lib/ext/session_ticket.c
Index: gnutls-3.8.0/lib/ext/session_ticket.c
===================================================================
--- gnutls-3.7.9.orig/lib/ext/session_ticket.c
+++ gnutls-3.7.9/lib/ext/session_ticket.c
@@ -539,7 +539,7 @@ int gnutls_session_ticket_key_generate(g
--- gnutls-3.8.0.orig/lib/ext/session_ticket.c
+++ gnutls-3.8.0/lib/ext/session_ticket.c
@@ -536,7 +536,7 @@ int gnutls_session_ticket_key_generate(g
{
if (_gnutls_fips_mode_enabled()) {
int ret;
@ -1211,10 +1203,10 @@ Index: gnutls-3.7.9/lib/ext/session_ticket.c
* some limits on allowed key size, thus it is not
* used. These limits do not affect this function as
* it does not generate a "key" but rather key material
Index: gnutls-3.7.9/lib/libgnutls.map
Index: gnutls-3.8.0/lib/libgnutls.map
===================================================================
--- gnutls-3.7.9.orig/lib/libgnutls.map
+++ gnutls-3.7.9/lib/libgnutls.map
--- gnutls-3.8.0.orig/lib/libgnutls.map
+++ gnutls-3.8.0/lib/libgnutls.map
@@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_hkdf_self_test;
gnutls_pbkdf2_self_test;
@ -1224,11 +1216,11 @@ Index: gnutls-3.7.9/lib/libgnutls.map
drbg_aes_reseed;
drbg_aes_init;
drbg_aes_generate;
Index: gnutls-3.7.9/lib/nettle/mac.c
Index: gnutls-3.8.0/lib/nettle/mac.c
===================================================================
--- gnutls-3.7.9.orig/lib/nettle/mac.c
+++ gnutls-3.7.9/lib/nettle/mac.c
@@ -267,7 +267,7 @@ static void _wrap_gmac_digest(void *_ctx
--- gnutls-3.8.0.orig/lib/nettle/mac.c
+++ gnutls-3.8.0/lib/nettle/mac.c
@@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx
static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
struct nettle_mac_ctx *ctx)
{
@ -1237,7 +1229,7 @@ Index: gnutls-3.7.9/lib/nettle/mac.c
* gnutls_hash_init() and gnutls_hmac_init() */
ctx->set_nonce = NULL;
@@ -656,7 +656,7 @@ static void _md5_sha1_digest(void *_ctx,
@@ -649,7 +649,7 @@ static void _md5_sha1_digest(void *_ctx,
static int _ctx_init(gnutls_digest_algorithm_t algo,
struct nettle_hash_ctx *ctx)
{
@ -1246,11 +1238,11 @@ Index: gnutls-3.7.9/lib/nettle/mac.c
* gnutls_hash_init() and gnutls_hmac_init() */
switch (algo) {
case GNUTLS_DIG_MD5:
Index: gnutls-3.7.9/doc/gnutls.info-2
Index: gnutls-3.8.0/doc/gnutls.info-2
===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info-2
+++ gnutls-3.7.9/doc/gnutls.info-2
@@ -671,7 +671,7 @@ Variable Purpose
--- gnutls-3.8.0.orig/doc/gnutls.info-2
+++ gnutls-3.8.0/doc/gnutls.info-2
@@ -687,7 +687,7 @@ Variable Purpose
* 0x400000: Enable VIA PHE SHA512
'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support
@ -1259,10 +1251,10 @@ Index: gnutls-3.7.9/doc/gnutls.info-2
set to one it will force the FIPS mode
enablement.
Index: gnutls-3.7.9/config.h.in
Index: gnutls-3.8.0/config.h.in
===================================================================
--- gnutls-3.7.9.orig/config.h.in
+++ gnutls-3.7.9/config.h.in
--- gnutls-3.8.0.orig/config.h.in
+++ gnutls-3.8.0/config.h.in
@@ -82,7 +82,7 @@
/* enable DHE */
#undef ENABLE_ECDHE
@ -1281,11 +1273,11 @@ Index: gnutls-3.7.9/config.h.in
#undef FIPS_KEY
/* The FIPS140 module name */
Index: gnutls-3.7.9/configure
Index: gnutls-3.8.0/configure
===================================================================
--- gnutls-3.7.9.orig/configure
+++ gnutls-3.7.9/configure
@@ -3573,7 +3573,7 @@ Optional Features:
--- gnutls-3.8.0.orig/configure
+++ gnutls-3.8.0/configure
@@ -3775,7 +3775,7 @@ Optional Features:
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
@ -1294,10 +1286,10 @@ Index: gnutls-3.7.9/configure
--enable-strict-x509 enable stricter sanity checks for x509 certificates
--disable-non-suiteb-curves
disable curves not in SuiteB
Index: gnutls-3.7.9/doc/cha-support.texi
Index: gnutls-3.8.0/doc/cha-support.texi
===================================================================
--- gnutls-3.7.9.orig/doc/cha-support.texi
+++ gnutls-3.7.9/doc/cha-support.texi
--- gnutls-3.8.0.orig/doc/cha-support.texi
+++ gnutls-3.8.0/doc/cha-support.texi
@@ -135,5 +135,5 @@ There are certifications from national o
to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives.
@ -1306,11 +1298,11 @@ Index: gnutls-3.7.9/doc/cha-support.texi
-See @ref{FIPS140-2 mode} for more information.
+GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux.
+See @ref{FIPS140-3 mode} for more information.
Index: gnutls-3.7.9/doc/gnutls.info-6
Index: gnutls-3.8.0/doc/gnutls.info-6
===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info-6
+++ gnutls-3.7.9/doc/gnutls.info-6
@@ -8843,7 +8843,7 @@ Function and Data Index
--- gnutls-3.8.0.orig/doc/gnutls.info-6
+++ gnutls-3.8.0/doc/gnutls.info-6
@@ -7982,7 +7982,7 @@ Function and Data Index
* gnutls_fingerprint: Core TLS API. (line 3513)
* gnutls_fips140_context_deinit: Core TLS API. (line 3540)
* gnutls_fips140_context_init: Core TLS API. (line 3551)
@ -1319,23 +1311,23 @@ Index: gnutls-3.7.9/doc/gnutls.info-6
* gnutls_fips140_get_operation_state <1>: Core TLS API. (line 3564)
* gnutls_fips140_mode_enabled: Core TLS API. (line 3578)
* gnutls_fips140_pop_context: Core TLS API. (line 3596)
Index: gnutls-3.7.9/doc/gnutls.info
Index: gnutls-3.8.0/doc/gnutls.info
===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info
+++ gnutls-3.7.9/doc/gnutls.info
@@ -611,7 +611,7 @@ Ref: fig-crypto-layers757265
Ref: Cryptographic Backend-Footnote-1760549
Ref: Cryptographic Backend-Footnote-2760634
Node: Random Number Generators-internals760742
-Node: FIPS140-2 mode768106
+Node: FIPS140-3 mode768106
Ref: gnutls_fips_mode_t770742
Node: Upgrading from previous versions774339
Node: Support788333
Index: gnutls-3.7.9/src/gnutls-cli-options.json
--- gnutls-3.8.0.orig/doc/gnutls.info
+++ gnutls-3.8.0/doc/gnutls.info
@@ -611,7 +611,7 @@ Ref: fig-crypto-layers730201
Ref: Cryptographic Backend-Footnote-1733485
Ref: Cryptographic Backend-Footnote-2733570
Node: Random Number Generators-internals733678
-Node: FIPS140-2 mode741042
+Node: FIPS140-3 mode741042
Ref: gnutls_fips_mode_t743678
Node: Upgrading from previous versions747275
Node: Support761269
Index: gnutls-3.8.0/src/gnutls-cli-options.json
===================================================================
--- gnutls-3.7.9.orig/src/gnutls-cli-options.json
+++ gnutls-3.7.9/src/gnutls-cli-options.json
--- gnutls-3.8.0.orig/src/gnutls-cli-options.json
+++ gnutls-3.8.0/src/gnutls-cli-options.json
@@ -372,7 +372,7 @@
},
{

112
gnutls-FIPS-PCT-DH.patch
View File

@ -1,85 +1,55 @@
Index: gnutls-3.7.8/lib/nettle/pk.c
From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001
From: Pedro Monreal <pmgdeb@gmail.com>
Date: Thu, 16 Feb 2023 17:02:38 +0100
Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation
Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise
Consistency check, even if we only support ephemeral DH, as it is
required by FIPS 140-3 IG 10.3.A.
Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
---
lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
Index: gnutls-3.8.0/lib/nettle/pk.c
===================================================================
--- gnutls-3.7.8.orig/lib/nettle/pk.c
+++ gnutls-3.7.8/lib/nettle/pk.c
@@ -2498,6 +2498,48 @@ static int pct_test(gnutls_pk_algorithm_
--- gnutls-3.8.0.orig/lib/nettle/pk.c
+++ gnutls-3.8.0/lib/nettle/pk.c
@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_
}
break;
case GNUTLS_PK_DH:
+ if (_gnutls_fips_mode_enabled()) {
+ /* Perform Owner Assurance of Pair-wise Consistency
+ * according to SP800-56A (revision 3), 5.6.2.1.4.
+ {
+ mpz_t y;
+
+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
+ * of Pair-wise Consistency check, even if we only
+ * support ephemeral DH, as it is required by FIPS
+ * 140-3 IG 10.3.A.
+ *
+ * DH params (see lib/crypto-backend.h)
+ * [DSA_P] [0] is p (prime number)
+ * [DSA_Q] [1] is q (prime order)
+ * [DSA_G] [2] is g (generator)
+ * [DSA_Y] [3] is y (public key)
+ * [DSA_X] [4] is x (private key only)
+ *
+ * Regenerate the public key from the private key with
+ * y = g^x mod p and compare it with the previous one.
+ * Use the private key, x, along with the generator g
+ * and prime modulus p included in the domain
+ * parameters associated with the key pair to compute
+ * g^x mod p. Compare the result to the public key, y.
+ */
+
+ mpz_t p, g, y, x;
+
+ mpz_init(p);
+ mpz_init(g);
+ mpz_init(y);
+ mpz_init(x);
+
+ mpz_set(p, params->params[DSA_P]);
+ mpz_set(g, params->params[DSA_G]);
+ mpz_set(x, params->params[DSA_X]);
+
+ mpz_powm(y, g, x, p);
+
+ ret = mpz_cmp(y, params->params[DSA_Y]);
+ if (unlikely(ret != 0)) {
+ ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
+ }
+
+ mpz_clear(p);
+ mpz_clear(g);
+ mpz_powm(y,
+ TOMPZ(params->params[DSA_G]),
+ TOMPZ(params->params[DSA_X]),
+ TOMPZ(params->params[DSA_P]));
+ if (unlikely
+ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_PK_GENERATION_ERROR);
+ mpz_clear(y);
+ mpz_clear(x);
+ if (ret < 0) {
+ goto cleanup;
+ }
+ }
+ mpz_clear(y);
+ break;
+ }
case GNUTLS_PK_ECDH_X25519:
case GNUTLS_PK_ECDH_X448:
ret = 0;
@@ -2780,8 +2822,17 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a
}
}
#endif
-
- ret = _gnutls_mpi_init_multi(&params->params[DSA_Y], &params->params[DSA_X], NULL);
+ if (_gnutls_fips_mode_enabled()) {
+ ret = _gnutls_mpi_init_multi(&params->params[DSA_P],
+ &params->params[DSA_G],
+ &params->params[DSA_Y],
+ &params->params[DSA_X],
+ NULL);
+ } else {
+ ret = _gnutls_mpi_init_multi(&params->params[DSA_Y],
+ &params->params[DSA_X],
+ NULL);
+ }
if (ret < 0) {
gnutls_assert();
goto dh_fail;
@@ -2790,6 +2841,11 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a
mpz_set(TOMPZ(params->params[DSA_Y]), y);
mpz_set(TOMPZ(params->params[DSA_X]), x);
params->params_nr += 2;
+ if (_gnutls_fips_mode_enabled()) {
+ mpz_set(TOMPZ(params->params[DSA_P]), pub.p);
+ mpz_set(TOMPZ(params->params[DSA_G]), pub.g);
+ params->params_nr += 2;
+ }
ret = 0;

86
gnutls-FIPS-PCT-ECDH.patch
View File

@ -1,7 +1,22 @@
Index: gnutls-3.7.3/lib/nettle/pk.c
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/pk.c
+++ gnutls-3.7.3/lib/nettle/pk.c
From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001
From: Pedro Monreal <pmgdeb@gmail.com>
Date: Fri, 24 Feb 2023 22:02:48 +0000
Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key
derivation
This implements full public key validation required in
SP800-56A rev3, section 5.6.2.3.3.
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
---
lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 125 insertions(+), 3 deletions(-)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 6adf958a61..d30bca594f 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -71,6 +71,9 @@
static inline const struct ecc_curve *get_supported_nist_curve(int curve);
static inline const struct ecc_curve *get_supported_gost_curve(int curve);
@ -12,7 +27,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
/* When these callbacks are used for a nettle operation, the
* caller must check the macro HAVE_LIB_ERROR() after the operation
* is complete. If the macro is true, the operation is to be considered
@@ -406,6 +409,10 @@ dh_cleanup:
@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
struct ecc_scalar ecc_priv;
struct ecc_point ecc_pub;
const struct ecc_curve *curve;
@ -23,7 +38,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
out->data = NULL;
@@ -425,10 +432,21 @@ dh_cleanup:
@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
not_approved = true;
}
@ -42,20 +57,19 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
if (ret < 0) {
gnutls_assert();
- goto cleanup;
+ goto ecc_pub_cleanup;
+ goto ecc_fail_cleanup;
}
ret =
@@ -436,7 +454,7 @@ dh_cleanup:
ret = _ecc_params_to_privkey(priv, &ecc_priv, curve);
if (ret < 0) {
ecc_point_clear(&ecc_pub);
gnutls_assert();
- goto cleanup;
+ goto ecc_priv_cleanup;
+ goto ecc_fail_cleanup;
}
out->size = gnutls_ecc_curve_get_size(priv->curve);
@@ -449,16 +467,111 @@ dh_cleanup:
@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
goto ecc_cleanup;
}
@ -75,7 +89,6 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
gnutls_free(out->data);
+ goto ecc_cleanup;
+ }
+
+#ifdef ENABLE_FIPS140
+ if (_gnutls_fips_mode_enabled()) {
+ const char *order, *modulus;
@ -90,7 +103,9 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
+ *
+ * Both checks are performed in nettle. */
+ if (!ecc_point_set(&r, x, y)) {
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto ecc_cleanup;
+ }
+
@ -105,54 +120,63 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
+ *
+ * That effectively means: n * Q = -Q + Q = O
+ */
+ order = get_supported_nist_curve_order(priv->curve);
+ order =
+ get_supported_nist_curve_order(priv->curve);
+ if (unlikely(order == NULL)) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+ goto ecc_cleanup;
+ }
+
+ ret = mpz_set_str(nn, order, 16);
+ if (unlikely(ret < 0)) {
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MPI_SCAN_FAILED);
+ goto ecc_cleanup;
+ }
+
+ modulus = get_supported_nist_curve_modulus(priv->curve);
+ modulus =
+ get_supported_nist_curve_modulus
+ (priv->curve);
+ if (unlikely(modulus == NULL)) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+ goto ecc_cleanup;
+ }
+
+ ret = mpz_set_str(mm, modulus, 16);
+ if (unlikely(ret < 0)) {
+ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MPI_SCAN_FAILED);
+ goto ecc_cleanup;
+ }
+
+ /* (n - 1) * Q = -Q */
+ mpz_sub_ui (nn, nn, 1);
+ mpz_sub_ui(nn, nn, 1);
+ ecc_scalar_set(&n, nn);
+ ecc_point_mul(&r, &n, &r);
+ ecc_point_get(&r, xx, yy);
+ mpz_sub (mm, mm, y);
+ mpz_sub(mm, mm, y);
+
+ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) {
+ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto ecc_cleanup;
+ }
+ } else {
+ not_approved = true;
+ }
+#endif
+
+ ret = 0;
ecc_cleanup:
- ecc_point_clear(&ecc_pub);
ecc_point_clear(&ecc_pub);
ecc_scalar_zclear(&ecc_priv);
+ ecc_priv_cleanup:
+ ecc_point_clear(&ecc_pub);
+ ecc_pub_cleanup:
+ ecc_fail_cleanup:
+ mpz_clear(x);
+ mpz_clear(y);
+ mpz_clear(xx);
@ -162,10 +186,8 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
+ ecc_point_clear(&r);
+ ecc_scalar_clear(&n);
+ ecc_scalar_clear(&m);
+
if (ret < 0)
goto cleanup;
+
break;
}
case GNUTLS_PK_ECDH_X25519:
--
GitLab

114
gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
View File

@ -1,114 +0,0 @@
Index: gnutls-3.7.7/lib/crypto-api.c
===================================================================
--- gnutls-3.7.7.orig/lib/crypto-api.c
+++ gnutls-3.7.7/lib/crypto-api.c
@@ -2228,7 +2228,12 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac
if (!is_mac_algo_allowed(mac)) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- } else if (!is_mac_algo_approved_in_fips(mac)) {
+ } else if (!is_mac_algo_approved_for_pbkdf2_in_fips(mac)) {
+ not_approved = true;
+ }
+
+ /* Key lengthes less than 112 bits are not approved */
+ if (length < 14 || key->size < 14) {
not_approved = true;
}
Index: gnutls-3.7.7/lib/fips.h
===================================================================
--- gnutls-3.7.7.orig/lib/fips.h
+++ gnutls-3.7.7/lib/fips.h
@@ -100,6 +100,25 @@ is_mac_algo_approved_in_fips(gnutls_mac_
}
inline static bool
+is_mac_algo_approved_for_pbkdf2_in_fips(gnutls_mac_algorithm_t algo)
+{
+ switch (algo) {
+ case GNUTLS_MAC_SHA1:
+ case GNUTLS_MAC_SHA256:
+ case GNUTLS_MAC_SHA384:
+ case GNUTLS_MAC_SHA512:
+ case GNUTLS_MAC_SHA224:
+ case GNUTLS_MAC_SHA3_224:
+ case GNUTLS_MAC_SHA3_256:
+ case GNUTLS_MAC_SHA3_384:
+ case GNUTLS_MAC_SHA3_512:
+ return true;
+ default:
+ return false;
+ }
+}
+
+inline static bool
is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo)
{
return is_mac_algo_approved_in_fips(algo);
Index: gnutls-3.7.7/lib/crypto-selftests.c
===================================================================
--- gnutls-3.7.7.orig/lib/crypto-selftests.c
+++ gnutls-3.7.7/lib/crypto-selftests.c
@@ -3090,30 +3090,6 @@ struct pbkdf2_vectors_st {
};
const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
- {
- STR(key, key_size, "passwd"),
- STR(salt, salt_size, "salt"),
- .iter_count = 1,
- STR(output, output_size,
- "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
- "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
- "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
- "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
- "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
- },
- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
- {
- STR(key, key_size, "Password"),
- STR(salt, salt_size, "NaCl"),
- .iter_count = 80000,
- STR(output, output_size,
- "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
- "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
- "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
- "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
- "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
- },
/* Test vector extracted from:
* https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
{
Index: gnutls-3.7.7/tests/kdf-api.c
===================================================================
--- gnutls-3.7.7.orig/tests/kdf-api.c
+++ gnutls-3.7.7/tests/kdf-api.c
@@ -192,14 +192,19 @@ doit(void)
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
"34007208d5b887185865");
- /* Test vector from RFC 6070. More thorough testing is done
- * in nettle. */
- test_pbkdf2(GNUTLS_MAC_SHA1,
- "70617373776f7264", /* "password" */
- "73616c74", /* "salt" */
+ /* Test vector extracted from:
+ * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
+ test_pbkdf2(GNUTLS_MAC_SHA256,
+ "70617373776f726450415353"
+ "574f524470617373776f7264", /* "passwordPASSWORDpassword" */
+ "73616c7453414c5473616c74"
+ "53414c5473616c7453414c54"
+ "73616c7453414c5473616c74", /* "saltSALTsaltSALTsaltSALTsaltSALTsalt" */
4096,
- 20,
- "4b007901b765489abead49d926f721d065a429c1");
+ 40,
+ "348c89dbcbd32b2f32d814b8"
+ "116e84cf2b17347ebc180018"
+ "1c4e2a1fb8dd53e1c635518c7dac47e9");
gnutls_fips140_context_deinit(fips_context);
}

91
gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
View File

@ -1,91 +0,0 @@
---
lib/nettle/sysrng-linux.c | 6 ++++++
1 file changed, 6 insertions(+)
Index: gnutls-3.7.8/lib/nettle/sysrng-linux.c
===================================================================
--- gnutls-3.7.8.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.7.8/lib/nettle/sysrng-linux.c
@@ -49,11 +49,13 @@
get_entropy_func _rnd_get_system_entropy = NULL;
#if defined(__linux__)
-# ifdef ENABLE_FIPS140
+# if defined(ENABLE_FIPS140)
# define HAVE_JENT
# include <jitterentropy.h>
static int jent_initialized = 0;
static struct rand_data* ec = NULL;
+/* Declare function to fix a missing-prototypes compilation warning */
+void FIPS_jent_entropy_deinit(void);
# endif
# ifdef HAVE_GETRANDOM
# include <sys/random.h>
@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si
# endif
# endif
-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+# if defined(HAVE_JENT)
/* check whether the CPU Jitter entropy collector is available. */
static unsigned FIPS_jent_entropy_init(void)
{
@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent(
return 0;
}
+# endif
# endif
static unsigned have_getrandom(void)
@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void)
int urandom_fd;
#if defined(__linux__)
-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+# if defined(HAVE_JENT)
/* Enable jitterentropy usage if available */
if (FIPS_jent_entropy_init()) {
_rnd_get_system_entropy = _rnd_get_system_entropy_jent;
@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void)
return 0;
} else {
_gnutls_debug_log("jitterentropy is not available\n");
+ /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
+ if (_gnutls_fips_mode_enabled()) {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ _gnutls_switch_lib_state(LIB_STATE_ERROR);
+ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
}
+# endif
# endif
/* Enable getrandom() usage if available */
if (have_getrandom()) {
@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void)
{
/* A no-op now when we open and close /dev/urandom every time */
#if defined(__linux__)
-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+# if defined(HAVE_JENT)
FIPS_jent_entropy_deinit();
+# endif
# endif
#endif
return;
Index: gnutls-3.7.8/tests/Makefile.am
===================================================================
--- gnutls-3.7.8.orig/tests/Makefile.am
+++ gnutls-3.7.8/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
+ set_x509_key_file_ocsp client-fastopen srp rng-pthread \
safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \

36
gnutls-FIPS-disable-failing-tests.patch
View File

@ -1,36 +0,0 @@
Index: gnutls-3.7.7/guile/Makefile.am
===================================================================
--- gnutls-3.7.7.orig/guile/Makefile.am
+++ gnutls-3.7.7/guile/Makefile.am
@@ -102,14 +102,11 @@ endif HAVE_GUILD
#
TESTS = \
- tests/anonymous-auth.scm \
- tests/session-record-port.scm \
tests/pkcs-import-export.scm \
tests/errors.scm \
tests/x509-certificates.scm \
tests/x509-auth.scm \
tests/reauth.scm \
- tests/premature-termination.scm \
tests/priorities.scm
if ENABLE_SRP
Index: gnutls-3.7.7/guile/Makefile.in
===================================================================
--- gnutls-3.7.7.orig/guile/Makefile.in
+++ gnutls-3.7.7/guile/Makefile.in
@@ -2335,10 +2335,9 @@ CLEANFILES = modules/gnutls.scm $(am__ap
#
# Tests.
#
-TESTS = tests/anonymous-auth.scm tests/session-record-port.scm \
- tests/pkcs-import-export.scm tests/errors.scm \
+TESTS = tests/pkcs-import-export.scm tests/errors.scm \
tests/x509-certificates.scm tests/x509-auth.scm \
- tests/reauth.scm tests/premature-termination.scm \
+ tests/reauth.scm \
tests/priorities.scm $(am__append_2)
TESTS_ENVIRONMENT = \
GUILE_AUTO_COMPILE=0 \

74
gnutls-FIPS-jitterentropy.patch
View File

@ -1,24 +1,28 @@
Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.7.3/lib/nettle/sysrng-linux.c
@@ -49,6 +49,12 @@
--- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.0/lib/nettle/sysrng-linux.c
@@ -49,6 +49,15 @@
get_entropy_func _rnd_get_system_entropy = NULL;
#if defined(__linux__)
+# ifdef ENABLE_FIPS140
+# if defined(ENABLE_FIPS140)
+# define HAVE_JENT
+# include <jitterentropy.h>
+static int jent_initialized = 0;
+static struct rand_data* ec = NULL;
+/* Per thread context of random generator, and a flag to indicate initialization */
+static _Thread_local struct rand_data* ec = NULL;
+static _Thread_local int jent_initialized = 0;
+/* Declare function to fix a missing-prototypes compilation warning */
+void FIPS_jent_entropy_deinit(void);
+# endif
# ifdef HAVE_GETRANDOM
# include <sys/random.h>
# else
@@ -66,6 +72,96 @@ static ssize_t _getrandom0(void *buf, si
@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si
# endif
# endif
+# if defined(ENABLE_FIPS140)
+# if defined(HAVE_JENT)
+/* check whether the CPU Jitter entropy collector is available. */
+static unsigned FIPS_jent_entropy_init(void)
@ -62,6 +66,8 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
+ ec = NULL;
+ }
+
+ jent_initialized = 0;
+
+ return;
+}
+
@ -109,13 +115,16 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
+ return 0;
+}
+# endif
+# endif
+
static unsigned have_getrandom(void)
{
@@ -164,6 +260,16 @@ int _rnd_system_entropy_init(void)
char c;
@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void)
int urandom_fd;
#if defined(__linux__)
+# if defined(ENABLE_FIPS140)
+# if defined(HAVE_JENT)
+ /* Enable jitterentropy usage if available */
+ if (FIPS_jent_entropy_init()) {
@ -124,28 +133,36 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
+ return 0;
+ } else {
+ _gnutls_debug_log("jitterentropy is not available\n");
+ /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
+ if (_gnutls_fips_mode_enabled()) {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ _gnutls_switch_lib_state(LIB_STATE_ERROR);
+ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+ }
+# endif
+# endif
/* Enable getrandom() usage if available */
if (have_getrandom()) {
_rnd_get_system_entropy = _rnd_get_system_entropy_getrandom;
@@ -193,6 +299,11 @@ int _rnd_system_entropy_init(void)
@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void)
void _rnd_system_entropy_deinit(void)
{
/* A no-op now when we open and close /dev/urandom every time */
+#if defined(__linux__)
+# if defined(ENABLE_FIPS140)
+# if defined(HAVE_JENT)
+ FIPS_jent_entropy_deinit();
+# endif
+# endif
+#endif
return;
}
Index: gnutls-3.7.3/lib/nettle/Makefile.in
Index: gnutls-3.8.0/lib/nettle/Makefile.in
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/Makefile.in
+++ gnutls-3.7.3/lib/nettle/Makefile.in
@@ -398,7 +398,7 @@ am__v_CC_1 =
--- gnutls-3.8.0.orig/lib/nettle/Makefile.in
+++ gnutls-3.8.0/lib/nettle/Makefile.in
@@ -399,7 +399,7 @@ am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@ -154,10 +171,10 @@ Index: gnutls-3.7.3/lib/nettle/Makefile.in
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
Index: gnutls-3.7.3/lib/nettle/Makefile.am
Index: gnutls-3.8.0/lib/nettle/Makefile.am
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/Makefile.am
+++ gnutls-3.7.3/lib/nettle/Makefile.am
--- gnutls-3.8.0.orig/lib/nettle/Makefile.am
+++ gnutls-3.8.0/lib/nettle/Makefile.am
@@ -20,7 +20,7 @@
include $(top_srcdir)/lib/common.mk
@ -167,10 +184,10 @@ Index: gnutls-3.7.3/lib/nettle/Makefile.am
AM_CPPFLAGS = \
-I$(srcdir)/int \
Index: gnutls-3.7.3/lib/nettle/rnd-fips.c
Index: gnutls-3.8.0/lib/nettle/rnd-fips.c
===================================================================
--- gnutls-3.7.3.orig/lib/nettle/rnd-fips.c
+++ gnutls-3.7.3/lib/nettle/rnd-fips.c
--- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c
+++ gnutls-3.8.0/lib/nettle/rnd-fips.c
@@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc
uint8_t buffer[DRBG_AES_SEED_SIZE];
int ret;
@ -193,3 +210,16 @@ Index: gnutls-3.7.3/lib/nettle/rnd-fips.c
ret = get_entropy(fctx, buffer, sizeof(buffer));
if (ret < 0) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
Index: gnutls-3.8.0/tests/Makefile.am
===================================================================
--- gnutls-3.8.0.orig/tests/Makefile.am
+++ gnutls-3.8.0/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
- set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
+ set_x509_key_file_ocsp client-fastopen srp rng-pthread \
safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \

242
gnutls-Make-XTS-key-check-failure-not-fatal.patch
View File

@ -1,242 +0,0 @@
From 00fff0aad2b606801704046042aa3b2b24f07d63 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu, 29 Sep 2022 15:31:28 +0200
Subject: [PATCH] Make XTS key check failure not fatal
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
lib/accelerated/x86/aes-xts-x86-aesni.c | 1 -
lib/nettle/cipher.c | 73 ++++++++---------------
tests/Makefile.am | 2 +-
tests/xts-key-check.c | 78 +++++++++++++++++++++++++
5 files changed, 103 insertions(+), 52 deletions(-)
create mode 100644 tests/xts-key-check.c
diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
index 0588d0bd55..d6936a688d 100644
--- a/lib/accelerated/x86/aes-xts-x86-aesni.c
+++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
@@ -73,7 +73,6 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
/* Check key block according to FIPS-140-2 IG A.9 */
if (_gnutls_fips_mode_enabled()){
if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
}
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index c9c59fb0ba..9c2ce19e7e 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -448,12 +448,14 @@ _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
length, dst, src);
}
-static void _des_set_key(struct des_ctx *ctx, const uint8_t *key)
+static void
+_des_set_key(struct des_ctx *ctx, const uint8_t *key)
{
des_set_key(ctx, key);
}
-static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
+static void
+_des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
{
des3_set_key(ctx, key);
}
@@ -476,50 +478,6 @@ _cfb8_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
length, dst, src);
}
-static void
-_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
- const uint8_t *key)
-{
- if (_gnutls_fips_mode_enabled() &&
- gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-
- xts_aes128_set_encrypt_key(xts_key, key);
-}
-
-static void
-_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
- const uint8_t *key)
-{
- if (_gnutls_fips_mode_enabled() &&
- gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-
- xts_aes128_set_decrypt_key(xts_key, key);
-}
-
-static void
-_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
- const uint8_t *key)
-{
- if (_gnutls_fips_mode_enabled() &&
- gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-
- xts_aes256_set_encrypt_key(xts_key, key);
-}
-
-static void
-_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
- const uint8_t *key)
-{
- if (_gnutls_fips_mode_enabled() &&
- gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-
- xts_aes256_set_decrypt_key(xts_key, key);
-}
-
static void
_xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
const uint8_t * src)
@@ -1041,8 +999,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
.ctx_size = sizeof(struct xts_aes128_key),
.encrypt = _xts_aes128_encrypt,
.decrypt = _xts_aes128_decrypt,
- .set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key,
- .set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key,
+ .set_encrypt_key = (nettle_set_key_func*)xts_aes128_set_encrypt_key,
+ .set_decrypt_key = (nettle_set_key_func*)xts_aes128_set_decrypt_key,
.max_iv_size = AES_BLOCK_SIZE,
},
{ .algo = GNUTLS_CIPHER_AES_256_XTS,
@@ -1052,8 +1010,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
.ctx_size = sizeof(struct xts_aes256_key),
.encrypt = _xts_aes256_encrypt,
.decrypt = _xts_aes256_decrypt,
- .set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key,
- .set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key,
+ .set_encrypt_key = (nettle_set_key_func*)xts_aes256_set_encrypt_key,
+ .set_decrypt_key = (nettle_set_key_func*)xts_aes256_set_decrypt_key,
.max_iv_size = AES_BLOCK_SIZE,
},
{ .algo = GNUTLS_CIPHER_AES_128_SIV,
@@ -1144,6 +1102,21 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
return 0;
}
+ switch (ctx->cipher->algo) {
+ case GNUTLS_CIPHER_AES_128_XTS:
+ if (_gnutls_fips_mode_enabled() &&
+ gnutls_memcmp(key, (char *)key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ break;
+ case GNUTLS_CIPHER_AES_256_XTS:
+ if (_gnutls_fips_mode_enabled() &&
+ gnutls_memcmp(key, (char *)key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ break;
+ default:
+ break;
+ }
+
if (ctx->enc)
ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key);
else
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 3e126f0046..1122886b31 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
tls13-without-timeout-func buffer status-request-revoked \
set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \
x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \
- x509-upnconstraint cipher-padding pkcs7-verify-double-free \
+ x509-upnconstraint xts-key-check cipher-padding pkcs7-verify-double-free \
fips-rsa-sizes
ctests += tls-channel-binding
diff --git a/tests/xts-key-check.c b/tests/xts-key-check.c
new file mode 100644
index 0000000000..a3bea5abca
--- /dev/null
+++ b/tests/xts-key-check.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2022 Red Hat, Inc.
+ *
+ * Author: Zoltan Fridrich
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <gnutls/crypto.h>
+
+#include "utils.h"
+
+static void test_xts_check(gnutls_cipher_algorithm_t alg)
+{
+ int ret;
+ gnutls_cipher_hd_t ctx;
+ gnutls_datum_t key, iv;
+
+ iv.size = gnutls_cipher_get_iv_size(alg);
+ iv.data = gnutls_malloc(iv.size);
+ if (iv.data == NULL)
+ fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ gnutls_memset(iv.data, 0xf0, iv.size);
+
+ key.size = gnutls_cipher_get_key_size(alg);
+ key.data = gnutls_malloc(key.size);
+ if (key.data == NULL) {
+ gnutls_free(iv.data);
+ fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ }
+ gnutls_memset(key.data, 0xf0, key.size);
+
+ ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
+ if (ret == GNUTLS_E_SUCCESS) {
+ gnutls_cipher_deinit(ctx);
+ gnutls_free(iv.data);
+ gnutls_free(key.data);
+ fail("cipher initialization should fail for key1 == key2\n");
+ }
+
+ key.data[0] = 0xff;
+
+ ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
+ gnutls_free(iv.data);
+ gnutls_free(key.data);
+
+ if (ret == GNUTLS_E_SUCCESS)
+ gnutls_cipher_deinit(ctx);
+ else
+ fail("cipher initialization should succeed with key1 != key2"
+ "\n%s\n", gnutls_strerror(ret));
+}
+
+void doit(void)
+{
+ if (!gnutls_fips140_mode_enabled())
+ exit(77);
+
+ test_xts_check(GNUTLS_CIPHER_AES_128_XTS);
+ test_xts_check(GNUTLS_CIPHER_AES_256_XTS);
+}
--
GitLab

21
gnutls-verify-library-HMAC.patch
View File

@ -1,21 +0,0 @@
Index: gnutls-3.7.8/lib/fips.c
===================================================================
--- gnutls-3.7.8.orig/lib/fips.c
+++ gnutls-3.7.8/lib/fips.c
@@ -402,6 +402,8 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&file.gnutls, GNUTLS_LIBRARY_NAME, "gnutls_global_init");
if (ret < 0)
return ret;
+ /* Check only the binary integrity of the libgnutls library */
+#if 0
ret = check_lib_hmac(&file.nettle, NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
if (ret < 0)
return ret;
@@ -411,6 +413,7 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
if (ret < 0)
return ret;
+#endif
return 0;
}

70
gnutls.changes
View File

@ -1,3 +1,73 @@
-------------------------------------------------------------------
Tue Feb 21 10:17:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.8.0: [bsc#1205763, bsc#1209627]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. Reported by Hubert Kario (#1050). Fix developed by
Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
[CVE-2023-0361]
* libgnutls: C++ library is now header only. All definitions
from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
C++ interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
* libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
* libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used
given other implementations dropped support for it. To enable
back support for it, supply --enable-heartbeat-support to
configure script.
* libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not
up to date with the latest TLS standards and its ciphersuites
are based on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
* libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.ymls
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
* guile: Guile-bindings removed. They have been extracted into a
separate project to reduce complexity and to simplify maintenance,
see <https://gitlab.com/gnutls/guile/>.
* minitasn1: Upgraded to libtasn1 version 4.19.
* API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
* Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
and gnutls-FIPS-jitterentropy-threadsafe.patch into the main
patch gnutls-FIPS-jitterentropy.patch
* Rebase gnutls-FIPS-140-3-references.patch
* Rebase patches with upstream version:
- gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch
* Remove patches merged/fixed upstream:
- gnutls-FIPS-disable-failing-tests.patch
- gnutls-verify-library-HMAC.patch
- gnutls_ECDSA_signing.patch
- gnutls-Make-XTS-key-check-failure-not-fatal.patch
- gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
* Update keyring with https://gnutls.org/gnutls-release-keyring.gpg
-------------------------------------------------------------------
Thu Feb 16 19:43:04 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
* Add gnutls-FIPS-jitterentropy-threadsafe.patch
-------------------------------------------------------------------
Thu Feb 16 12:31:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
* Rebase patches with the version submitted upstream.
* Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
* Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch
-------------------------------------------------------------------
Fri Feb 10 13:12:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

BIN
gnutls.keyring
View File

Binary file not shown.

89
gnutls.spec
View File

@ -25,6 +25,11 @@
%else
%bcond_with dane
%endif
%if 0%{?suse_version} >= 1550
%bcond_without srp
%else
%bcond_with srp
%endif
# Enable Linux kernel AF_ALG based acceleration
%if 0%{?suse_version} >= 1550
# disable for now, as our OBS builds do not work with it. Marcus 20220511
@ -34,50 +39,37 @@
%bcond_with kcapi
%endif
%bcond_with tpm
%bcond_without guile
Name: gnutls
Version: 3.7.9
Version: 3.8.0
Release: 0
Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Security
URL: https://www.gnutls.org/
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig
# https://gnutls.org/gnutls-release-keyring.gpg
Source2: gnutls.keyring
Source2: https://gnutls.org/gnutls-release-keyring.gpg#/gnutls.keyring
Source3: baselibs.conf
# Suppress a false positive on the .hmac file
Source4: gnutls.rpmlintrc
Patch0: gnutls-3.5.11-skip-trust-store-tests.patch
Patch1: gnutls-FIPS-TLS_KDF_selftest.patch
Patch2: gnutls-FIPS-disable-failing-tests.patch
Patch3: gnutls_ECDSA_signing.patch
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
%ifnarch s390 s390x
#PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
Patch4: gnutls-FIPS-jitterentropy.patch
#PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode
Patch5: gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
%endif
%endif
#PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
Patch6: gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
#PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal
Patch7: gnutls-Make-XTS-key-check-failure-not-fatal.patch
Patch8: gnutls-disable-flaky-test-dtls-resume.patch
#PATCH-FIX-OPENSUSE bsc#1199881 Verify only the libgnutls library HMAC
Patch9: gnutls-verify-library-HMAC.patch
Patch2: gnutls-disable-flaky-test-dtls-resume.patch
# FIPS 140-3 patches:
#PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration
Patch10: gnutls-FIPS-PCT-DH.patch
Patch11: gnutls-FIPS-PCT-ECDH.patch
Patch100: gnutls-FIPS-PCT-DH.patch
Patch101: gnutls-FIPS-PCT-ECDH.patch
#PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3
Patch12: gnutls-FIPS-140-3-references.patch
Patch102: gnutls-FIPS-140-3-references.patch
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
#PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
Patch103: gnutls-FIPS-jitterentropy.patch
%endif
BuildRequires: autogen
BuildRequires: automake
BuildRequires: datefudge
BuildRequires: fdupes
BuildRequires: fipscheck
BuildRequires: gcc-c++
BuildRequires: gtk-doc
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
@ -112,9 +104,6 @@ BuildRequires: unbound-devel
BuildRequires: libunbound-devel
%endif
%endif
%if %{with guile}
BuildRequires: guile-devel > 1.8
%endif
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
BuildRequires: crypto-policies
Requires: crypto-policies
@ -213,17 +202,6 @@ Requires: libstdc++-devel
%description -n libgnutlsxx-devel
Files needed for software development using gnutls.
%if %{with guile}
%package guile
Summary: Guile wrappers for gnutls
License: LGPL-2.1-or-later
Group: Development/Libraries/Other
Requires: guile > 1.8
%description guile
GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
%endif
%prep
%autosetup -p1
@ -233,10 +211,8 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro"
export CFLAGS="%{optflags} -fPIE"
export CXXFLAGS="%{optflags} -fPIE"
autoreconf -fiv
# Rename the internal .hmac file to include the so library version
sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.am lib/Makefile.in lib/fips.c
autoreconf -fiv
%configure \
gl_cv_func_printf_directive_n=yes \
@ -258,16 +234,15 @@ sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.
%else
--disable-libdane \
%endif
%if %{with guile}
--enable-guile \
--with-guile-extension-dir=%{_libdir}/guile/3.0 \
%else
--disable-guile \
%if %{with srp}
--enable-srp-authentication \
%endif
--enable-shared \
--enable-fips140-mode \
--with-fips140-module-name="GnuTLS version" \
--with-fips140-module-version="%{version}-%{release}" \
%{nil}
%make_build
%install
@ -287,11 +262,11 @@ sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
# note: The FIPS hmac is now calculated with an internal tool since
# Note: The FIPS hmac is now calculated with an internal tool since
# commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed
%{expand:%%global __os_install_post {%__os_install_post
./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac"
sed -i "s^%{buildroot}/usr^^" "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac"
}}
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
@ -318,7 +293,8 @@ rm -rf %{buildroot}%{_datadir}/doc/gnutls
find -name test-suite.log -print -exec cat {} +
exit 1
}
#Run the regression tests also in FIPS mode
# Run the regression tests also in forced FIPS mode
GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
find -name test-suite.log -print -exec cat {} +
exit 1
@ -346,7 +322,9 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%{_bindir}/ocsptool
%{_bindir}/psktool
%{_bindir}/p11tool
%if %{with srp}
%{_bindir}/srptool
%endif
%if %{with dane}
%{_bindir}/danetool
%endif
@ -414,11 +392,4 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/gnutlsxx.h
%if %{with guile}
%files guile
%license LICENSE
%{_libdir}/guile/*
%{_datadir}/guile/site/*
%endif
%changelog

172
gnutls_ECDSA_signing.patch
View File

@ -1,172 +0,0 @@
Index: gnutls-3.7.7/lib/crypto-api.c
===================================================================
--- gnutls-3.7.7.orig/lib/crypto-api.c
+++ gnutls-3.7.7/lib/crypto-api.c
@@ -1056,6 +1056,7 @@ gnutls_hash_hd_t gnutls_hash_copy(gnutls
int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
{
int ret;
+ bool not_approved = false;
FAIL_IF_LIB_ERROR;
@@ -1066,6 +1067,10 @@ int gnutls_key_generate(gnutls_datum_t *
if (_gnutls_fips_mode_enabled() != 0 &&
key_size > FIPS140_RND_KEY_SIZE)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (key_size < 14) {
+ not_approved = true;
+ }
+
#endif
key->size = key_size;
@@ -1082,6 +1087,15 @@ int gnutls_key_generate(gnutls_datum_t *
return ret;
}
+#ifdef ENABLE_FIPS140
+ if (not_approved) {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
+ } else {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED);
+ }
+
+#endif
+
return 0;
}
Index: gnutls-3.7.7/lib/fips.h
===================================================================
--- gnutls-3.7.7.orig/lib/fips.h
+++ gnutls-3.7.7/lib/fips.h
@@ -145,6 +145,30 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
}
}
+inline static bool
+is_digest_algo_approved_for_sign_in_fips(gnutls_digest_algorithm_t algo)
+{
+ switch (algo) {
+ case GNUTLS_DIG_SHA224:
+ case GNUTLS_DIG_SHA256:
+ case GNUTLS_DIG_SHA384:
+ case GNUTLS_DIG_SHA512:
+ case GNUTLS_DIG_SHA3_224:
+ case GNUTLS_DIG_SHA3_256:
+ case GNUTLS_DIG_SHA3_384:
+ case GNUTLS_DIG_SHA3_512:
+ return true;
+ default:
+ return false;
+ }
+}
+
+inline static bool
+is_digest_algo_allowed_for_sign_in_fips(gnutls_digest_algorithm_t algo)
+{
+ return is_digest_algo_approved_for_sign_in_fips(algo);
+}
+
#ifdef ENABLE_FIPS140
/* This will test the condition when in FIPS140-2 mode
* and return an error if necessary or ignore */
@@ -205,9 +229,33 @@ is_cipher_algo_allowed(gnutls_cipher_alg
return true;
}
+
+inline static bool
+is_digest_algo_allowed_for_sign(gnutls_digest_algorithm_t algo)
+{
+ gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled();
+ if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST &&
+ !is_digest_algo_allowed_for_sign_in_fips(algo)) {
+ switch (mode) {
+ case GNUTLS_FIPS140_LOG:
+ _gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n",
+ gnutls_cipher_get_name(algo));
+ FALLTHROUGH;
+ case GNUTLS_FIPS140_DISABLED:
+ case GNUTLS_FIPS140_LAX:
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ return true;
+}
+
#else
# define is_mac_algo_allowed(x) true
# define is_cipher_algo_allowed(x) true
+# define is_digest_algo_allowed_for_sign(x) true
# define FIPS_RULE(condition, ret_error, ...)
#endif
Index: gnutls-3.7.7/lib/privkey.c
===================================================================
--- gnutls-3.7.7.orig/lib/privkey.c
+++ gnutls-3.7.7/lib/privkey.c
@@ -1284,10 +1284,24 @@ privkey_sign_and_hash_data(gnutls_privke
int ret;
gnutls_datum_t digest;
const mac_entry_st *me;
+ bool not_approved = false;
if (unlikely(se == NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (se->pk == GNUTLS_PK_ECDSA && !is_digest_algo_allowed_for_sign(se->hash)) {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+ } else if (se->pk == GNUTLS_PK_ECDSA && !is_digest_algo_approved_for_sign_in_fips(se->hash)) {
+ not_approved = true;
+ }
+
+ if (not_approved) {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
+ } else {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED);
+ }
+
if (_gnutls_pk_is_not_prehashed(se->pk)) {
return privkey_sign_raw_data(signer, se, data, signature, params);
}
Index: gnutls-3.7.7/tests/fips-test.c
===================================================================
--- gnutls-3.7.7.orig/tests/fips-test.c
+++ gnutls-3.7.7/tests/fips-test.c
@@ -38,6 +38,7 @@ static void tls_log_func(int level, cons
fprintf(stderr, "<%d>| %s", level, str);
}
+static uint8_t key13[13];
static uint8_t key16[16];
static uint8_t iv16[16];
uint8_t key_data[64];
@@ -269,6 +270,7 @@ void doit(void)
gnutls_pubkey_t pubkey;
gnutls_x509_privkey_t xprivkey;
gnutls_privkey_t privkey;
+ gnutls_datum_t key_invalid = { key13, sizeof(key13) };
gnutls_datum_t key = { key16, sizeof(key16) };
gnutls_datum_t iv = { iv16, sizeof(iv16) };
gnutls_datum_t signature;
@@ -309,6 +311,14 @@ void doit(void)
/* Try crypto.h functionality */
test_ciphers();
+ /* Try creating key with less than 112 bits: not approved */
+ FIPS_PUSH_CONTEXT();
+ ret = gnutls_key_generate(&key_invalid, 13);
+ if (ret < 0) {
+ fail("gnutls_generate_key failed\n");
+ }
+ FIPS_POP_CONTEXT(NOT_APPROVED);
+
FIPS_PUSH_CONTEXT();
ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
if (ret < 0) {