pool/gnutls
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1065923 from home:pmonrealgonzalez:branches:security:tls

Browse Source 
- Update to 3.7.9: [bsc#1208143, CVE-2023-0361]
  * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
    exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361]
  * Rebase gnutls-FIPS-140-3-references.patch

OBS-URL: https://build.opensuse.org/request/show/1065923
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=86
This commit is contained in:
Pedro Monreal Gonzalez 2023-02-15 11:02:33 +00:00 committed by Git OBS Bridge
parent 8014eb72f9
commit e78803cceb
7 changed files with 166 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls-3.7.8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114
size 6029220

BIN
gnutls-3.7.8.tar.xz.sig
View File

Binary file not shown.

3
gnutls-3.7.9.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aaa03416cdbd54eb155187b359e3ec3ed52ec73df4df35a0edd49429ff64d844
size 6377212

BIN
gnutls-3.7.9.tar.xz.sig Normal file
View File

Binary file not shown.

295
gnutls-FIPS-140-3-references.patch
View File

@ -1,7 +1,7 @@
Index: gnutls-3.7.8/configure.ac Index: gnutls-3.7.9/configure.ac
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/configure.ac --- gnutls-3.7.9.orig/configure.ac
+++ gnutls-3.7.8/configure.ac +++ gnutls-3.7.9/configure.ac
@@ -588,19 +588,19 @@ LT_INIT([disable-static,win32-dll,shared @@ -588,19 +588,19 @@ LT_INIT([disable-static,win32-dll,shared
AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);]) AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
@ -25,10 +25,10 @@ Index: gnutls-3.7.8/configure.ac
AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
[specify the FIPS140 module name]), [specify the FIPS140 module name]),
Index: gnutls-3.7.8/doc/cha-gtls-app.texi Index: gnutls-3.7.9/doc/cha-gtls-app.texi
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/cha-gtls-app.texi --- gnutls-3.7.9.orig/doc/cha-gtls-app.texi
+++ gnutls-3.7.8/doc/cha-gtls-app.texi +++ gnutls-3.7.9/doc/cha-gtls-app.texi
@@ -206,7 +206,7 @@ CPU. The currently available options are @@ -206,7 +206,7 @@ CPU. The currently available options are
@end itemize @end itemize
@ -38,10 +38,10 @@ Index: gnutls-3.7.8/doc/cha-gtls-app.texi
if set to one it will force the FIPS mode enablement. if set to one it will force the FIPS mode enablement.
@end multitable @end multitable
Index: gnutls-3.7.8/doc/cha-internals.texi Index: gnutls-3.7.9/doc/cha-internals.texi
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/cha-internals.texi --- gnutls-3.7.9.orig/doc/cha-internals.texi
+++ gnutls-3.7.8/doc/cha-internals.texi +++ gnutls-3.7.9/doc/cha-internals.texi
@@ -14,7 +14,7 @@ happens inside the black box. @@ -14,7 +14,7 @@ happens inside the black box.
* TLS Hello Extension Handling:: * TLS Hello Extension Handling::
* Cryptographic Backend:: * Cryptographic Backend::
@ -162,10 +162,10 @@ Index: gnutls-3.7.8/doc/cha-internals.texi
operation. It can be attached to the current execution thread with operation. It can be attached to the current execution thread with
@funcref{gnutls_fips140_push_context} and its internal state will be @funcref{gnutls_fips140_push_context} and its internal state will be
updated until it is detached with updated until it is detached with
Index: gnutls-3.7.8/doc/enums.texi Index: gnutls-3.7.9/doc/enums.texi
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/enums.texi --- gnutls-3.7.9.orig/doc/enums.texi
+++ gnutls-3.7.8/doc/enums.texi +++ gnutls-3.7.9/doc/enums.texi
@@ -1169,7 +1169,7 @@ application traffic secret is installed @@ -1169,7 +1169,7 @@ application traffic secret is installed
@c gnutls_fips_mode_t @c gnutls_fips_mode_t
@table @code @table @code
@ -186,10 +186,10 @@ Index: gnutls-3.7.8/doc/enums.texi
application is aware of the followed security policy, and needs application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility). to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG @item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.7.8/doc/functions/gnutls_fips140_set_mode Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/functions/gnutls_fips140_set_mode --- gnutls-3.7.9.orig/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.7.8/doc/functions/gnutls_fips140_set_mode +++ gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -215,10 +215,10 @@ Index: gnutls-3.7.8/doc/functions/gnutls_fips140_set_mode
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode. switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.7.8/doc/gnutls.html Index: gnutls-3.7.9/doc/gnutls.html
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/gnutls.html --- gnutls-3.7.9.orig/doc/gnutls.html
+++ gnutls-3.7.8/doc/gnutls.html +++ gnutls-3.7.9/doc/gnutls.html
@@ -486,7 +486,7 @@ Documentation License&rdquo;. @@ -486,7 +486,7 @@ Documentation License&rdquo;.
<li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li> <li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li>
<li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li> <li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li>
@ -439,11 +439,11 @@ Index: gnutls-3.7.8/doc/gnutls.html
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
<tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr> <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
Index: gnutls-3.7.8/doc/gnutls.info-3 Index: gnutls-3.7.9/doc/gnutls.info-3
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/gnutls.info-3 --- gnutls-3.7.9.orig/doc/gnutls.info-3
+++ gnutls-3.7.8/doc/gnutls.info-3 +++ gnutls-3.7.9/doc/gnutls.info-3
@@ -2459,7 +2459,7 @@ to 'more'. Both will exit with a status @@ -2458,7 +2458,7 @@ to 'more'. Both will exit with a status
--inline-commands-prefix=str Change the default delimiter for inline commands --inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library --provider=file Specify the PKCS #11 provider library
- file must pre-exist - file must pre-exist
@ -452,7 +452,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
--list-config Reports the configuration of the library --list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file --logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material --keymatexport=str Label used for exporting keying material
@@ -3560,7 +3560,7 @@ to know what happens inside the black bo @@ -3559,7 +3559,7 @@ to know what happens inside the black bo
* TLS Hello Extension Handling:: * TLS Hello Extension Handling::
* Cryptographic Backend:: * Cryptographic Backend::
* Random Number Generators-internals:: * Random Number Generators-internals::
@ -461,7 +461,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
 
File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
@@ -4092,7 +4092,7 @@ and abstract key types::. @@ -4091,7 +4091,7 @@ and abstract key types::.
kernel implementation of '/dev/crypto'. kernel implementation of '/dev/crypto'.
 
@ -470,7 +470,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
11.6 Random Number Generators 11.6 Random Number Generators
============================= =============================
@@ -4102,7 +4102,7 @@ About the generators @@ -4101,7 +4101,7 @@ About the generators
GnuTLS provides two random generators. The default, and the AES-DRBG GnuTLS provides two random generators. The default, and the AES-DRBG
random generator which is only used when the library is compiled with random generator which is only used when the library is compiled with
@ -479,7 +479,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
The default generator - inner workings The default generator - inner workings
-------------------------------------- --------------------------------------
@@ -4251,25 +4251,25 @@ after observing the output of the PRNG. @@ -4250,25 +4250,25 @@ after observing the output of the PRNG.
the above paragraph, all levels are immune to such attack. the above paragraph, all levels are immune to such attack.
 
@ -513,7 +513,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
modified as follows. modified as follows.
* The random generator used switches to DRBG-AES * The random generator used switches to DRBG-AES
@@ -4277,11 +4277,11 @@ modified as follows. @@ -4276,11 +4276,11 @@ modified as follows.
startup startup
* Algorithm self-tests are run on library load * Algorithm self-tests are run on library load
@ -528,7 +528,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
generation generation
* Any cryptographic operation will be refused if any of the * Any cryptographic operation will be refused if any of the
self-tests failed self-tests failed
@@ -4290,7 +4290,7 @@ There are also few environment variables @@ -4289,7 +4289,7 @@ There are also few environment variables
The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will
disable the library integrity tests on startup, and the variable disable the library integrity tests on startup, and the variable
'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure 'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure
@ -537,7 +537,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
while '0' will disable it. while '0' will disable it.
The integrity checks for the dependent libraries and GnuTLS are The integrity checks for the dependent libraries and GnuTLS are
@@ -4299,20 +4299,20 @@ library. The key for the operations can @@ -4298,20 +4298,20 @@ library. The key for the operations can
with the configure option '-with-fips140-key'. The MAC algorithm used with the configure option '-with-fips140-key'. The MAC algorithm used
is HMAC-SHA256. is HMAC-SHA256.
@ -562,7 +562,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
'GNUTLS_FIPS140_STRICT' 'GNUTLS_FIPS140_STRICT'
The default mode; all forbidden operations will cause an operation The default mode; all forbidden operations will cause an operation
failure via error code. failure via error code.
@@ -4320,8 +4320,8 @@ in *note Figure 11.5: gnutls_fips_mode_t @@ -4319,8 +4319,8 @@ in *note Figure 11.5: gnutls_fips_mode_t
A transient state during library initialization. That state cannot A transient state during library initialization. That state cannot
be set or seen by applications. be set or seen by applications.
'GNUTLS_FIPS140_LAX' 'GNUTLS_FIPS140_LAX'
@ -573,7 +573,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
the application is aware of the followed security policy, and needs the application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., to utilize disallowed operations for other reasons (e.g.,
compatibility). compatibility).
@@ -4334,7 +4334,7 @@ in *note Figure 11.5: gnutls_fips_mode_t @@ -4333,7 +4333,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
Figure 11.5: The 'gnutls_fips_mode_t' enumeration. Figure 11.5: The 'gnutls_fips_mode_t' enumeration.
The intention of this API is to be used by applications which may run in The intention of this API is to be used by applications which may run in
@ -582,7 +582,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
set, e.g., for non-security related purposes. In these cases set, e.g., for non-security related purposes. In these cases
applications should wrap the non-compliant code within blocks like the applications should wrap the non-compliant code within blocks like the
following. following.
@@ -4358,10 +4358,10 @@ are macros to simplify the following seq @@ -4357,10 +4357,10 @@ are macros to simplify the following seq
The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous
calls is to localize the change in the mode. Note also, that such a calls is to localize the change in the mode. Note also, that such a
@ -595,7 +595,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
Service indicator Service indicator
@@ -4380,7 +4380,7 @@ within a given context. @@ -4379,7 +4379,7 @@ within a given context.
'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)' 'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)'
'INT *note gnutls_fips140_pop_context:: ( VOID)' 'INT *note gnutls_fips140_pop_context:: ( VOID)'
@ -604,7 +604,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
operation. It can be attached to the current execution thread with operation. It can be attached to the current execution thread with
*note gnutls_fips140_push_context:: and its internal state will be *note gnutls_fips140_push_context:: and its internal state will be
updated until it is detached with *note gnutls_fips140_pop_context::. updated until it is detached with *note gnutls_fips140_pop_context::.
@@ -4838,8 +4838,8 @@ There are certifications from national o @@ -4837,8 +4837,8 @@ There are certifications from national o
practices, such as unit testing and reliance on well known crypto practices, such as unit testing and reliance on well known crypto
primitives. primitives.
@ -615,7 +615,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
 
File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top
@@ -9316,7 +9316,7 @@ gnutls_fips140_set_mode @@ -9315,7 +9315,7 @@ gnutls_fips140_set_mode
-- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE, -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE,
unsigned FLAGS) unsigned FLAGS)
@ -624,7 +624,7 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD' FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD'
@@ -9326,12 +9326,12 @@ gnutls_fips140_set_mode @@ -9325,12 +9325,12 @@ gnutls_fips140_set_mode
undefined. undefined.
When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then
@ -639,10 +639,10 @@ Index: gnutls-3.7.8/doc/gnutls.info-3
values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the
library switches to 'GNUTLS_FIPS140_STRICT' mode. library switches to 'GNUTLS_FIPS140_STRICT' mode.
Index: gnutls-3.7.8/doc/invoke-gnutls-cli.texi Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/invoke-gnutls-cli.texi --- gnutls-3.7.9.orig/doc/invoke-gnutls-cli.texi
+++ gnutls-3.7.8/doc/invoke-gnutls-cli.texi +++ gnutls-3.7.9/doc/invoke-gnutls-cli.texi
@@ -99,7 +99,7 @@ None: @@ -99,7 +99,7 @@ None:
--inline-commands-prefix=str Change the default delimiter for inline commands --inline-commands-prefix=str Change the default delimiter for inline commands
--provider=file Specify the PKCS #11 provider library --provider=file Specify the PKCS #11 provider library
@ -652,10 +652,10 @@ Index: gnutls-3.7.8/doc/invoke-gnutls-cli.texi
--list-config Reports the configuration of the library --list-config Reports the configuration of the library
--logfile=str Redirect informational messages to a specific file --logfile=str Redirect informational messages to a specific file
--keymatexport=str Label used for exporting keying material --keymatexport=str Label used for exporting keying material
Index: gnutls-3.7.8/doc/manpages/gnutls-cli.1 Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/manpages/gnutls-cli.1 --- gnutls-3.7.9.orig/doc/manpages/gnutls-cli.1
+++ gnutls-3.7.8/doc/manpages/gnutls-cli.1 +++ gnutls-3.7.9/doc/manpages/gnutls-cli.1
@@ -389,7 +389,7 @@ Specify the PKCS #11 provider library. @@ -389,7 +389,7 @@ Specify the PKCS #11 provider library.
This will override the default options in /etc/gnutls/pkcs11.conf This will override the default options in /etc/gnutls/pkcs11.conf
.TP .TP
@ -665,10 +665,10 @@ Index: gnutls-3.7.8/doc/manpages/gnutls-cli.1
.sp .sp
.TP .TP
.NOP \f\*[B-Font]\-\-list\-config\f[] .NOP \f\*[B-Font]\-\-list\-config\f[]
Index: gnutls-3.7.8/doc/reference/html/gnutls-gnutls.html Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/reference/html/gnutls-gnutls.html --- gnutls-3.7.9.orig/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.7.8/doc/reference/html/gnutls-gnutls.html +++ gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
@@ -20552,12 +20552,12 @@ gnutls_fips140_set_mode (<em class="para @@ -20552,12 +20552,12 @@ gnutls_fips140_set_mode (<em class="para
(globally), and should be called prior to creating any threads. Its (globally), and should be called prior to creating any threads. Its
behavior with no flags after threads are created is undefined.</p> behavior with no flags after threads are created is undefined.</p>
@ -729,10 +729,10 @@ Index: gnutls-3.7.8/doc/reference/html/gnutls-gnutls.html
-</html> -</html>
\ No newline at end of file \ No newline at end of file
+</html> +</html>
Index: gnutls-3.7.8/lib/fips.c Index: gnutls-3.7.9/lib/fips.c
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/fips.c --- gnutls-3.7.9.orig/lib/fips.c
+++ gnutls-3.7.8/lib/fips.c +++ gnutls-3.7.9/lib/fips.c
@@ -113,7 +113,7 @@ unsigned _gnutls_fips_mode_enabled(void) @@ -113,7 +113,7 @@ unsigned _gnutls_fips_mode_enabled(void)
} }
@ -850,10 +850,10 @@ Index: gnutls-3.7.8/lib/fips.c
} }
gnutls_fips140_context_deinit(fips_context); gnutls_fips140_context_deinit(fips_context);
} }
Index: gnutls-3.7.8/lib/fips.h Index: gnutls-3.7.9/lib/fips.h
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/fips.h --- gnutls-3.7.9.orig/lib/fips.h
+++ gnutls-3.7.8/lib/fips.h +++ gnutls-3.7.9/lib/fips.h
@@ -189,16 +189,16 @@ is_digest_algo_allowed_for_sign_in_fips( @@ -189,16 +189,16 @@ is_digest_algo_allowed_for_sign_in_fips(
} }
@ -901,10 +901,10 @@ Index: gnutls-3.7.8/lib/fips.h
gnutls_cipher_get_name(algo)); gnutls_cipher_get_name(algo));
FALLTHROUGH; FALLTHROUGH;
case GNUTLS_FIPS140_DISABLED: case GNUTLS_FIPS140_DISABLED:
Index: gnutls-3.7.8/lib/global.c Index: gnutls-3.7.9/lib/global.c
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/global.c --- gnutls-3.7.9.orig/lib/global.c
+++ gnutls-3.7.8/lib/global.c +++ gnutls-3.7.9/lib/global.c
@@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned @@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned
#ifdef ENABLE_FIPS140 #ifdef ENABLE_FIPS140
@ -938,10 +938,10 @@ Index: gnutls-3.7.8/lib/global.c
if (res != 2) { if (res != 2) {
gnutls_assert(); gnutls_assert();
goto out; goto out;
Index: gnutls-3.7.8/lib/includes/gnutls/gnutls.h.in Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/includes/gnutls/gnutls.h.in --- gnutls-3.7.9.orig/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.7.8/lib/includes/gnutls/gnutls.h.in +++ gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
@@ -3336,16 +3336,16 @@ void @@ -3336,16 +3336,16 @@ void
gnutls_alert_set_read_function(gnutls_session_t session, gnutls_alert_set_read_function(gnutls_session_t session,
gnutls_alert_read_func func); gnutls_alert_read_func func);
@ -972,10 +972,10 @@ Index: gnutls-3.7.8/lib/includes/gnutls/gnutls.h.in
*/ */
typedef enum gnutls_fips_mode_t { typedef enum gnutls_fips_mode_t {
GNUTLS_FIPS140_DISABLED = 0, GNUTLS_FIPS140_DISABLED = 0,
Index: gnutls-3.7.8/src/cli.c Index: gnutls-3.7.9/src/cli.c
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/src/cli.c --- gnutls-3.7.9.orig/src/cli.c
+++ gnutls-3.7.8/src/cli.c +++ gnutls-3.7.9/src/cli.c
@@ -1641,10 +1641,10 @@ static void cmd_parser(int argc, char ** @@ -1641,10 +1641,10 @@ static void cmd_parser(int argc, char **
if (HAVE_OPT(FIPS140_MODE)) { if (HAVE_OPT(FIPS140_MODE)) {
@ -989,10 +989,10 @@ Index: gnutls-3.7.8/src/cli.c
exit(1); exit(1);
} }
Index: gnutls-3.7.8/src/gnutls-cli-options.c Index: gnutls-3.7.9/src/gnutls-cli-options.c
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/src/gnutls-cli-options.c --- gnutls-3.7.9.orig/src/gnutls-cli-options.c
+++ gnutls-3.7.8/src/gnutls-cli-options.c +++ gnutls-3.7.9/src/gnutls-cli-options.c
@@ -785,7 +785,7 @@ usage (FILE *out, int status) @@ -785,7 +785,7 @@ usage (FILE *out, int status)
" --inline-commands-prefix=str Change the default delimiter for inline commands\n" " --inline-commands-prefix=str Change the default delimiter for inline commands\n"
" --provider=file Specify the PKCS #11 provider library\n" " --provider=file Specify the PKCS #11 provider library\n"
@ -1002,10 +1002,10 @@ Index: gnutls-3.7.8/src/gnutls-cli-options.c
" --list-config Reports the configuration of the library\n" " --list-config Reports the configuration of the library\n"
" --logfile=str Redirect informational messages to a specific file\n" " --logfile=str Redirect informational messages to a specific file\n"
" --keymatexport=str Label used for exporting keying material\n" " --keymatexport=str Label used for exporting keying material\n"
Index: gnutls-3.7.8/tests/cert-tests/gost.sh Index: gnutls-3.7.9/tests/cert-tests/gost.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/gost.sh --- gnutls-3.7.9.orig/tests/cert-tests/gost.sh
+++ gnutls-3.7.8/tests/cert-tests/gost.sh +++ gnutls-3.7.9/tests/cert-tests/gost.sh
@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then @@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1015,10 +1015,10 @@ Index: gnutls-3.7.8/tests/cert-tests/gost.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs12-corner-cases.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs12-corner-cases.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs12-corner-cases.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1028,10 +1028,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs12-corner-cases.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs12-encode.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs12-encode.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs12-encode.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1041,10 +1041,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs12-encode.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs12-gost.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs12-gost.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs12-gost.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then @@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1054,10 +1054,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs12-gost.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs12.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs12.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs12.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs12.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs12.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1067,10 +1067,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs12.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs8-decode.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs8-decode.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs8-decode.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then @@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1080,10 +1080,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs8-decode.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs8-eddsa.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs8-eddsa.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs8-eddsa.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then @@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1093,10 +1093,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs8-eddsa.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs8-gost.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs8-gost.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs8-gost.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1106,10 +1106,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs8-gost.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cert-tests/pkcs8.sh Index: gnutls-3.7.9/tests/cert-tests/pkcs8.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cert-tests/pkcs8.sh --- gnutls-3.7.9.orig/tests/cert-tests/pkcs8.sh
+++ gnutls-3.7.8/tests/cert-tests/pkcs8.sh +++ gnutls-3.7.9/tests/cert-tests/pkcs8.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
fi fi
@ -1119,10 +1119,10 @@ Index: gnutls-3.7.8/tests/cert-tests/pkcs8.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/cipher-listings.sh Index: gnutls-3.7.9/tests/cipher-listings.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/cipher-listings.sh --- gnutls-3.7.9.orig/tests/cipher-listings.sh
+++ gnutls-3.7.8/tests/cipher-listings.sh +++ gnutls-3.7.9/tests/cipher-listings.sh
@@ -64,7 +64,7 @@ check() @@ -64,7 +64,7 @@ check()
${CLI} --fips140-mode ${CLI} --fips140-mode
@ -1132,10 +1132,10 @@ Index: gnutls-3.7.8/tests/cipher-listings.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/tests/testpkcs11.sh Index: gnutls-3.7.9/tests/testpkcs11.sh
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/tests/testpkcs11.sh --- gnutls-3.7.9.orig/tests/testpkcs11.sh
+++ gnutls-3.7.8/tests/testpkcs11.sh +++ gnutls-3.7.9/tests/testpkcs11.sh
@@ -27,7 +27,7 @@ @@ -27,7 +27,7 @@
RETCODE=0 RETCODE=0
@ -1145,10 +1145,10 @@ Index: gnutls-3.7.8/tests/testpkcs11.sh
exit 77 exit 77
fi fi
Index: gnutls-3.7.8/doc/enums/gnutls_fips_mode_t Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/enums/gnutls_fips_mode_t --- gnutls-3.7.9.orig/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.7.8/doc/enums/gnutls_fips_mode_t +++ gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@c gnutls_fips_mode_t @c gnutls_fips_mode_t
@table @code @table @code
@ -1169,10 +1169,10 @@ Index: gnutls-3.7.8/doc/enums/gnutls_fips_mode_t
application is aware of the followed security policy, and needs application is aware of the followed security policy, and needs
to utilize disallowed operations for other reasons (e.g., compatibility). to utilize disallowed operations for other reasons (e.g., compatibility).
@item GNUTLS_@-FIPS140_@-LOG @item GNUTLS_@-FIPS140_@-LOG
Index: gnutls-3.7.8/doc/gnutls-api.texi Index: gnutls-3.7.9/doc/gnutls-api.texi
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/gnutls-api.texi --- gnutls-3.7.9.orig/doc/gnutls-api.texi
+++ gnutls-3.7.8/doc/gnutls-api.texi +++ gnutls-3.7.9/doc/gnutls-api.texi
@@ -3275,7 +3275,7 @@ unusable. This function is not thread-s @@ -3275,7 +3275,7 @@ unusable. This function is not thread-s
@subheading gnutls_fips140_set_mode @subheading gnutls_fips140_set_mode
@anchor{gnutls_fips140_set_mode} @anchor{gnutls_fips140_set_mode}
@ -1198,10 +1198,10 @@ Index: gnutls-3.7.8/doc/gnutls-api.texi
values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library
switches to @code{GNUTLS_FIPS140_STRICT} mode. switches to @code{GNUTLS_FIPS140_STRICT} mode.
Index: gnutls-3.7.8/lib/ext/session_ticket.c Index: gnutls-3.7.9/lib/ext/session_ticket.c
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/ext/session_ticket.c --- gnutls-3.7.9.orig/lib/ext/session_ticket.c
+++ gnutls-3.7.8/lib/ext/session_ticket.c +++ gnutls-3.7.9/lib/ext/session_ticket.c
@@ -539,7 +539,7 @@ int gnutls_session_ticket_key_generate(g @@ -539,7 +539,7 @@ int gnutls_session_ticket_key_generate(g
{ {
if (_gnutls_fips_mode_enabled()) { if (_gnutls_fips_mode_enabled()) {
@ -1211,10 +1211,10 @@ Index: gnutls-3.7.8/lib/ext/session_ticket.c
* some limits on allowed key size, thus it is not * some limits on allowed key size, thus it is not
* used. These limits do not affect this function as * used. These limits do not affect this function as
* it does not generate a "key" but rather key material * it does not generate a "key" but rather key material
Index: gnutls-3.7.8/lib/libgnutls.map Index: gnutls-3.7.9/lib/libgnutls.map
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/libgnutls.map --- gnutls-3.7.9.orig/lib/libgnutls.map
+++ gnutls-3.7.8/lib/libgnutls.map +++ gnutls-3.7.9/lib/libgnutls.map
@@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 { @@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 {
gnutls_hkdf_self_test; gnutls_hkdf_self_test;
gnutls_pbkdf2_self_test; gnutls_pbkdf2_self_test;
@ -1224,10 +1224,10 @@ Index: gnutls-3.7.8/lib/libgnutls.map
drbg_aes_reseed; drbg_aes_reseed;
drbg_aes_init; drbg_aes_init;
drbg_aes_generate; drbg_aes_generate;
Index: gnutls-3.7.8/lib/nettle/mac.c Index: gnutls-3.7.9/lib/nettle/mac.c
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/lib/nettle/mac.c --- gnutls-3.7.9.orig/lib/nettle/mac.c
+++ gnutls-3.7.8/lib/nettle/mac.c +++ gnutls-3.7.9/lib/nettle/mac.c
@@ -267,7 +267,7 @@ static void _wrap_gmac_digest(void *_ctx @@ -267,7 +267,7 @@ static void _wrap_gmac_digest(void *_ctx
static int _mac_ctx_init(gnutls_mac_algorithm_t algo, static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
struct nettle_mac_ctx *ctx) struct nettle_mac_ctx *ctx)
@ -1246,11 +1246,11 @@ Index: gnutls-3.7.8/lib/nettle/mac.c
* gnutls_hash_init() and gnutls_hmac_init() */ * gnutls_hash_init() and gnutls_hmac_init() */
switch (algo) { switch (algo) {
case GNUTLS_DIG_MD5: case GNUTLS_DIG_MD5:
Index: gnutls-3.7.8/doc/gnutls.info-2 Index: gnutls-3.7.9/doc/gnutls.info-2
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/gnutls.info-2 --- gnutls-3.7.9.orig/doc/gnutls.info-2
+++ gnutls-3.7.8/doc/gnutls.info-2 +++ gnutls-3.7.9/doc/gnutls.info-2
@@ -672,7 +672,7 @@ Variable Purpose @@ -671,7 +671,7 @@ Variable Purpose
* 0x400000: Enable VIA PHE SHA512 * 0x400000: Enable VIA PHE SHA512
'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support 'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support
@ -1259,10 +1259,10 @@ Index: gnutls-3.7.8/doc/gnutls.info-2
set to one it will force the FIPS mode set to one it will force the FIPS mode
enablement. enablement.
Index: gnutls-3.7.8/config.h.in Index: gnutls-3.7.9/config.h.in
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/config.h.in --- gnutls-3.7.9.orig/config.h.in
+++ gnutls-3.7.8/config.h.in +++ gnutls-3.7.9/config.h.in
@@ -82,7 +82,7 @@ @@ -82,7 +82,7 @@
/* enable DHE */ /* enable DHE */
#undef ENABLE_ECDHE #undef ENABLE_ECDHE
@ -1281,11 +1281,11 @@ Index: gnutls-3.7.8/config.h.in
#undef FIPS_KEY #undef FIPS_KEY
/* The FIPS140 module name */ /* The FIPS140 module name */
Index: gnutls-3.7.8/configure Index: gnutls-3.7.9/configure
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/configure --- gnutls-3.7.9.orig/configure
+++ gnutls-3.7.8/configure +++ gnutls-3.7.9/configure
@@ -3542,7 +3542,7 @@ Optional Features: @@ -3573,7 +3573,7 @@ Optional Features:
--enable-fast-install[=PKGS] --enable-fast-install[=PKGS]
optimize for fast installation [default=yes] optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds) --disable-libtool-lock avoid locking (might break parallel builds)
@ -1294,10 +1294,10 @@ Index: gnutls-3.7.8/configure
--enable-strict-x509 enable stricter sanity checks for x509 certificates --enable-strict-x509 enable stricter sanity checks for x509 certificates
--disable-non-suiteb-curves --disable-non-suiteb-curves
disable curves not in SuiteB disable curves not in SuiteB
Index: gnutls-3.7.8/doc/cha-support.texi Index: gnutls-3.7.9/doc/cha-support.texi
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/cha-support.texi --- gnutls-3.7.9.orig/doc/cha-support.texi
+++ gnutls-3.7.8/doc/cha-support.texi +++ gnutls-3.7.9/doc/cha-support.texi
@@ -135,5 +135,5 @@ There are certifications from national o @@ -135,5 +135,5 @@ There are certifications from national o
to an auditor that the crypto component follows some best practices, such to an auditor that the crypto component follows some best practices, such
as unit testing and reliance on well known crypto primitives. as unit testing and reliance on well known crypto primitives.
@ -1306,11 +1306,11 @@ Index: gnutls-3.7.8/doc/cha-support.texi
-See @ref{FIPS140-2 mode} for more information. -See @ref{FIPS140-2 mode} for more information.
+GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux.
+See @ref{FIPS140-3 mode} for more information. +See @ref{FIPS140-3 mode} for more information.
Index: gnutls-3.7.8/doc/gnutls.info-6 Index: gnutls-3.7.9/doc/gnutls.info-6
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/gnutls.info-6 --- gnutls-3.7.9.orig/doc/gnutls.info-6
+++ gnutls-3.7.8/doc/gnutls.info-6 +++ gnutls-3.7.9/doc/gnutls.info-6
@@ -8844,7 +8844,7 @@ Function and Data Index @@ -8843,7 +8843,7 @@ Function and Data Index
* gnutls_fingerprint: Core TLS API. (line 3513) * gnutls_fingerprint: Core TLS API. (line 3513)
* gnutls_fips140_context_deinit: Core TLS API. (line 3540) * gnutls_fips140_context_deinit: Core TLS API. (line 3540)
* gnutls_fips140_context_init: Core TLS API. (line 3551) * gnutls_fips140_context_init: Core TLS API. (line 3551)
@ -1319,16 +1319,29 @@ Index: gnutls-3.7.8/doc/gnutls.info-6
* gnutls_fips140_get_operation_state <1>: Core TLS API. (line 3564) * gnutls_fips140_get_operation_state <1>: Core TLS API. (line 3564)
* gnutls_fips140_mode_enabled: Core TLS API. (line 3578) * gnutls_fips140_mode_enabled: Core TLS API. (line 3578)
* gnutls_fips140_pop_context: Core TLS API. (line 3596) * gnutls_fips140_pop_context: Core TLS API. (line 3596)
Index: gnutls-3.7.8/doc/gnutls.info Index: gnutls-3.7.9/doc/gnutls.info
=================================================================== ===================================================================
--- gnutls-3.7.8.orig/doc/gnutls.info --- gnutls-3.7.9.orig/doc/gnutls.info
+++ gnutls-3.7.8/doc/gnutls.info +++ gnutls-3.7.9/doc/gnutls.info
@@ -612,7 +612,7 @@ Ref: fig-crypto-layers757273 @@ -611,7 +611,7 @@ Ref: fig-crypto-layers757265
Ref: Cryptographic Backend-Footnote-1760557 Ref: Cryptographic Backend-Footnote-1760549
Ref: Cryptographic Backend-Footnote-2760642 Ref: Cryptographic Backend-Footnote-2760634
Node: Random Number Generators-internals760750 Node: Random Number Generators-internals760742
-Node: FIPS140-2 mode768114 -Node: FIPS140-2 mode768106
+Node: FIPS140-3 mode768114 +Node: FIPS140-3 mode768106
Ref: gnutls_fips_mode_t770750 Ref: gnutls_fips_mode_t770742
Node: Upgrading from previous versions774347 Node: Upgrading from previous versions774339
Node: Support788341 Node: Support788333
Index: gnutls-3.7.9/src/gnutls-cli-options.json
===================================================================
--- gnutls-3.7.9.orig/src/gnutls-cli-options.json
+++ gnutls-3.7.9/src/gnutls-cli-options.json
@@ -372,7 +372,7 @@
},
{
"long-option": "fips140-mode",
- "description": "Reports the status of the FIPS140-2 mode in gnutls library"
+ "description": "Reports the status of the FIPS140-3 mode in gnutls library"
},
{
"long-option": "list-config",

8
gnutls.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Feb 10 13:12:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.7.9: [bsc#1208143, CVE-2023-0361]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361]
* Rebase gnutls-FIPS-140-3-references.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 20 09:58:53 UTC 2023 - Pedro Monreal <pmonreal@suse.com> Fri Jan 20 09:58:53 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

2
gnutls.spec
View File

@ -36,7 +36,7 @@
%bcond_with tpm %bcond_with tpm
%bcond_without guile %bcond_without guile
Name: gnutls Name: gnutls
Version: 3.7.8 Version: 3.7.9
Release: 0 Release: 0
Summary: The GNU Transport Layer Security Library Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later License: GPL-3.0-or-later AND LGPL-2.1-or-later