Pedro Monreal Gonzalez
c7bc1d9ee7
- FIPS: Skip the fixed HMAC verification for nettle, hogweed and gmp libraries. These calculated HMACs change for every build of each of these packages, we only have to verify that for gnutls. * Add gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch [bsc#1211476] - FIPS: Merge libgnutls30-hmac package into the library [bsc#1185116] OBS-URL: https://build.opensuse.org/request/show/1088822 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=93
25 lines
731 B
Diff
25 lines
731 B
Diff
Index: gnutls-3.8.0/lib/fips.c
|
|
===================================================================
|
|
--- gnutls-3.8.0.orig/lib/fips.c
|
|
+++ gnutls-3.8.0/lib/fips.c
|
|
@@ -467,6 +467,11 @@ static int check_binary_integrity(void)
|
|
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
|
|
if (ret < 0)
|
|
return ret;
|
|
+# if 0
|
|
+ /* Disable nettle, hogweed and gpm HMAC verification as
|
|
+ * they are calculated during build of the respective
|
|
+ * packages and can differ from the ones listed here.
|
|
+ */
|
|
ret = check_lib_hmac(&hmac.nettle, paths.nettle);
|
|
if (ret < 0)
|
|
return ret;
|
|
@@ -476,6 +481,7 @@ static int check_binary_integrity(void)
|
|
ret = check_lib_hmac(&hmac.gmp, paths.gmp);
|
|
if (ret < 0)
|
|
return ret;
|
|
+# endif
|
|
|
|
return 0;
|
|
}
|