Accepting request 1011039 from home:pmonrealgonzalez:branches:security:tls

- The FIPS hmac is now calculated with an internal tool since commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed and it has been renamed to .gnutls.hmac. [bsc#1199881, bsc#1203245] * Remove the fipscheck build dependency * Check only the calculated hmac for libgnutls.so.30 since the calculated hmacs for libnettle.so.8, libhogweed.so.6 and libgmp.so.10 in .gnutls.hmac are incorrect. * Add gnutls-FIPS-hmac-check-only-libgnutls.patch * Remove gnutls-FIPS-Run-CFB8-without-offset.patch - FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146] * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch OBS-URL: https://build.opensuse.org/request/show/1011039 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=78
2022-10-17 10:12:56 +00:00 · 2022-10-17 10:12:56 +00:00 · f914173517
commit f914173517
parent 443be2c653
5 changed files with 159 additions and 41 deletions
--- a/gnutls-FIPS-Run-CFB8-without-offset.patch
+++ b/gnutls-FIPS-Run-CFB8-without-offset.patch
@ -1,29 +0,0 @@
-Index: gnutls-3.7.7/lib/crypto-selftests.c
-===================================================================
--- gnutls-3.7.7.orig/lib/crypto-selftests.c
-+++ gnutls-3.7.7/lib/crypto-selftests.c
-@@ -2735,6 +2735,16 @@ int gnutls_cipher_self_test(unsigned fla
- 		NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead,
- 		     chacha_poly1305_vectors);
- 		FALLTHROUGH;
-+		CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
-+		     aes128_cfb8_vectors);
-+		FALLTHROUGH;
-+		CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
-+		     aes192_cfb8_vectors);
-+		FALLTHROUGH;
-+		CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
-+		      aes256_cfb8_vectors);
-+		FALLTHROUGH;
-+#if 0
- 		CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
- 		      test_cipher_all_block_sizes,
- 		      aes128_cfb8_vectors);
-@@ -2747,6 +2757,7 @@ int gnutls_cipher_self_test(unsigned fla
- 		      test_cipher_all_block_sizes,
- 		      aes256_cfb8_vectors);
- 		FALLTHROUGH;
-+#endif
- 		CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher,
- 		     aes128_xts_vectors);
- 		FALLTHROUGH;
--- a/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
+++ b/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
@ -0,0 +1,91 @@
+---
+ lib/nettle/sysrng-linux.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: gnutls-3.7.8/lib/nettle/sysrng-linux.c
+===================================================================
+--- gnutls-3.7.8.orig/lib/nettle/sysrng-linux.c
+++ gnutls-3.7.8/lib/nettle/sysrng-linux.c
+@@ -49,11 +49,13 @@
+ get_entropy_func _rnd_get_system_entropy = NULL;
+ 
+ #if defined(__linux__)
+-# ifdef ENABLE_FIPS140
+# if defined(ENABLE_FIPS140)
+ #  define HAVE_JENT
+ #  include <jitterentropy.h>
+ static int jent_initialized = 0;
+ static struct rand_data* ec = NULL;
+/* Declare function to fix a missing-prototypes compilation warning */
+void FIPS_jent_entropy_deinit(void);
+ # endif
+ # ifdef HAVE_GETRANDOM
+ #  include <sys/random.h>
+@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si
+ #  endif
+ # endif
+ 
+-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+#  if defined(HAVE_JENT)
+ /* check whether the CPU Jitter entropy collector is available. */
+ static unsigned FIPS_jent_entropy_init(void)
+ {
+@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent(
+ 
+ 	return 0;
+ }
+#  endif
+ # endif
+ 
+ static unsigned have_getrandom(void)
+@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void)
+ 	int urandom_fd;
+ 
+ #if defined(__linux__)
+-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+#  if defined(HAVE_JENT)
+ 	/* Enable jitterentropy usage if available */
+ 	if (FIPS_jent_entropy_init()) {
+ 		_rnd_get_system_entropy = _rnd_get_system_entropy_jent;
+@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void)
+ 		return 0;
+ 	} else {
+ 		_gnutls_debug_log("jitterentropy is not available\n");
+		/* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
+		if (_gnutls_fips_mode_enabled()) {
+			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+			_gnutls_switch_lib_state(LIB_STATE_ERROR);
+			return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
+		}
+ 	}
+#  endif
+ # endif
+ 	/* Enable getrandom() usage if available */
+ 	if (have_getrandom()) {
+@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void)
+ {
+ 	/* A no-op now when we open and close /dev/urandom every time */
+ #if defined(__linux__)
+-# if defined(HAVE_JENT)
+# if defined(ENABLE_FIPS140)
+#  if defined(HAVE_JENT)
+ 	FIPS_jent_entropy_deinit();
+#  endif
+ # endif
+ #endif
+ 	return;
+Index: gnutls-3.7.8/tests/Makefile.am
+===================================================================
+--- gnutls-3.7.8.orig/tests/Makefile.am
+++ gnutls-3.7.8/tests/Makefile.am
+@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
+ 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
+ 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
+ 	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
+-	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
+	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
+ 	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
+ 	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
+ 	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \
--- a/gnutls-FIPS-hmac-check-only-libgnutls.patch
+++ b/gnutls-FIPS-hmac-check-only-libgnutls.patch
@ -0,0 +1,20 @@
+Index: gnutls-3.7.8/lib/fips.c
+===================================================================
+--- gnutls-3.7.8.orig/lib/fips.c
+++ gnutls-3.7.8/lib/fips.c
+@@ -402,6 +402,7 @@ static int check_binary_integrity(void)
+ 	ret = check_lib_hmac(&file.gnutls, GNUTLS_LIBRARY_NAME, "gnutls_global_init");
+ 	if (ret < 0)
+ 		return ret;
+#if 0
+ 	ret = check_lib_hmac(&file.nettle, NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
+ 	if (ret < 0)
+ 		return ret;
+@@ -411,6 +412,7 @@ static int check_binary_integrity(void)
+ 	ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
+ 	if (ret < 0)
+ 		return ret;
+#endif
+ 
+ 	return 0;
+ }
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Oct 14 11:35:33 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- The FIPS hmac is now calculated with an internal tool since
+  commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed and it has
+  been renamed to .gnutls.hmac. [bsc#1199881, bsc#1203245]
+  * Remove the fipscheck build dependency
+  * Check only the calculated hmac for libgnutls.so.30 since the
+    calculated hmacs for libnettle.so.8, libhogweed.so.6 and
+    libgmp.so.10 in .gnutls.hmac are incorrect.
+  * Add gnutls-FIPS-hmac-check-only-libgnutls.patch
+  * Remove gnutls-FIPS-Run-CFB8-without-offset.patch
+
 -------------------------------------------------------------------
 Sun Oct  9 12:53:27 UTC 2022 - Pedro Monreal <pmonreal@suse.com>

@ -28,6 +41,12 @@ Sun Oct  9 12:53:27 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
  * Update gnutls.keyring
  * Add a build depencency on gtk-doc required by autoreconf

+-------------------------------------------------------------------
+Fri Oct  7 09:30:44 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
+
+- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146]
+  * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
+
 -------------------------------------------------------------------
 Tue Oct  4 13:05:27 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>

--- a/gnutls.spec
+++ b/gnutls.spec
@ -48,24 +48,25 @@ Source1:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.
 Source2:        gnutls.keyring
 Source3:        baselibs.conf
 Patch0:         gnutls-3.5.11-skip-trust-store-tests.patch
-Patch2:         gnutls-FIPS-TLS_KDF_selftest.patch
-Patch3:         gnutls-FIPS-disable-failing-tests.patch
-Patch4:         gnutls_ECDSA_signing.patch
+Patch1:         gnutls-FIPS-TLS_KDF_selftest.patch
+Patch2:         gnutls-FIPS-disable-failing-tests.patch
+Patch3:         gnutls_ECDSA_signing.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
-Patch5:         gnutls-FIPS-jitterentropy.patch
+Patch4:         gnutls-FIPS-jitterentropy.patch
+#PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode
+Patch5:         gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
 %endif
 #PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
 Patch6:         gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
-#PATCH-FIX-SUSE bsc#1203245 FIPS: Run the CFB8 cipher selftests without offset
-Patch7:         gnutls-FIPS-Run-CFB8-without-offset.patch
 #PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal
-Patch8:         gnutls-Make-XTS-key-check-failure-not-fatal.patch
+Patch7:         gnutls-Make-XTS-key-check-failure-not-fatal.patch
+#PATCH-FIX-SUSE bsc#1199881 FIPS: Check only the calculated hmac for libgnutls.so.%%{gnutls_sover}
+Patch8:         gnutls-FIPS-hmac-check-only-libgnutls.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
-BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 BuildRequires:  gtk-doc
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
@ -260,9 +261,6 @@ rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
 # Do not package static libs and libtool files
 find %{buildroot} -type f -name "*.la" -delete -print

-# Compute FIPS hmac using the brp-50-generate-fips-hmac script
-export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
-
 # install docs
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
 cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
@ -277,6 +275,25 @@ rm -rf %{buildroot}%{_datadir}/doc/gnutls

 %find_lang libgnutls --all-name

+# the hmac hashes:
+#
+# this is a hack that re-defines the __os_install_post macro
+# for a simple reason: the macro strips the binaries and thereby
+# invalidates a HMAC that may have been created earlier.
+# solution: create the hashes _after_ the macro runs.
+#
+# this shows up earlier because otherwise the %%expand of
+# the macro is too late.
+# remark: This is the same as running
+#   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
+# note: The FIPS hmac is now calculated with an internal tool since
+#   commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed and the file
+#   has been renamed to .gnutls.hmac
+%{expand:%%global __os_install_post {%__os_install_post
+./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.30" > %{buildroot}%{_libdir}/.gnutls.hmac
+sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.gnutls.hmac
+}}
+
 %check
 %if ! 0%{?qemu_user_space_build}
 %make_build check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
@ -326,7 +343,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=

 %files -n libgnutls%{gnutls_sover}-hmac
 %license LICENSE
-%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
+%{_libdir}/.gnutls.hmac

 %if %{with dane}
 %files -n libgnutls-dane%{gnutls_dane_sover}