gnutls/gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

Index: gnutls-3.8.7/lib/fips.c
===================================================================
--- gnutls-3.8.7.orig/lib/fips.c
+++ gnutls-3.8.7/lib/fips.c
@@ -177,20 +177,32 @@ struct hmac_entry {
 struct hmac_file {
 	int version;
 	struct hmac_entry gnutls;
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	struct hmac_entry nettle;
 	struct hmac_entry hogweed;
 #ifdef GMP_LIBRARY_SONAME
 	struct hmac_entry gmp;
 #endif
+#endif
 };
 
 struct lib_paths {
 	char gnutls[GNUTLS_PATH_MAX];
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	char nettle[GNUTLS_PATH_MAX];
 	char hogweed[GNUTLS_PATH_MAX];
 #ifdef GMP_LIBRARY_SONAME
 	char gmp[GNUTLS_PATH_MAX];
 #endif
+#endif
 };
 
 /*
@@ -250,6 +262,11 @@ static int handler(void *user, const cha
 		}
 	} else if (!strcmp(section, GNUTLS_LIBRARY_SONAME)) {
 		return lib_handler(&p->gnutls, section, name, value);
+#if 0
+        /* Disable nettle, hogweed and gmp HMAC verification as
+         * they are calculated during build of the respective
+         * packages and can differ from the ones listed here.
+         */
 	} else if (!strcmp(section, NETTLE_LIBRARY_SONAME)) {
 		return lib_handler(&p->nettle, section, name, value);
 	} else if (!strcmp(section, HOGWEED_LIBRARY_SONAME)) {
@@ -258,6 +275,7 @@ static int handler(void *user, const cha
 	} else if (!strcmp(section, GMP_LIBRARY_SONAME)) {
 		return lib_handler(&p->gmp, section, name, value);
 #endif
+#endif
 	} else {
 		return 0;
 	}
@@ -403,6 +422,11 @@ static int callback(struct dl_phdr_info
 
 	if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
 	else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
@@ -411,6 +435,7 @@ static int callback(struct dl_phdr_info
 	else if (!strcmp(soname, GMP_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
 #endif
+#endif
 	return 0;
 }
 
@@ -423,6 +448,11 @@ static int load_lib_paths(struct lib_pat
 		_gnutls_debug_log("Gnutls library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
 	}
+#if 0
+	/* Disable nettle, hogweed and gmp HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	if (paths->nettle[0] == '\0') {
 		_gnutls_debug_log("Nettle library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -437,6 +467,7 @@ static int load_lib_paths(struct lib_pat
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
 	}
 #endif
+#endif
 
 	return GNUTLS_E_SUCCESS;
 }
@@ -483,6 +514,11 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
 	if (ret < 0)
 		return ret;
+# if 0
+	/* Disable nettle, hogweed and gmp HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	ret = check_lib_hmac(&hmac.nettle, paths.nettle);
 	if (ret < 0)
 		return ret;
@@ -494,6 +530,7 @@ static int check_binary_integrity(void)
 	if (ret < 0)
 		return ret;
 #endif
+#endif
 
 	return 0;
 }