gnutls/gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

Index: gnutls-3.8.4/lib/fips.c
===================================================================
--- gnutls-3.8.4.orig/lib/fips.c
+++ gnutls-3.8.4/lib/fips.c
@@ -175,20 +175,32 @@ struct hmac_entry {
 struct hmac_file {
 	int version;
 	struct hmac_entry gnutls;
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	struct hmac_entry nettle;
 	struct hmac_entry hogweed;
 #ifdef GMP_LIBRARY_SONAME
 	struct hmac_entry gmp;
 #endif
+#endif
 };
 
 struct lib_paths {
 	char gnutls[GNUTLS_PATH_MAX];
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	char nettle[GNUTLS_PATH_MAX];
 	char hogweed[GNUTLS_PATH_MAX];
 #ifdef GMP_LIBRARY_SONAME
 	char gmp[GNUTLS_PATH_MAX];
 #endif
+#endif
 };
 
 /*
@@ -248,6 +252,11 @@ static int handler(void *user, const cha
 		}
 	} else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
 		return lib_handler(&p->gnutls, section, name, value);
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	} else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
 		return lib_handler(&p->nettle, section, name, value);
 	} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
@@ -256,6 +265,7 @@ static int handler(void *user, const cha
 	} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
 		return lib_handler(&p->gmp, section, name, value);
 #endif
+#endif
 	} else {
 		return 0;
 	}
@@ -401,6 +411,11 @@ static int callback(struct dl_phdr_info
 
 	if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+       /* Disable nettle, hogweed and gmp HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
 	else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
 	else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
@@ -409,6 +424,7 @@ static int callback(struct dl_phdr_info
 	else if (!strcmp(soname, GMP_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
 #endif
+#endif
 	return 0;
 }
 
@@ -421,6 +437,11 @@ static int load_lib_paths(struct lib_pat
 		_gnutls_debug_log("Gnutls library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
 	}
+#if 0
+	/* Disable nettle, hogweed and gmp HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	if (paths->nettle[0] == '\0') {
 		_gnutls_debug_log("Nettle library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -435,6 +456,7 @@ static int load_lib_paths(struct lib_pat
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
 	}
 #endif
+#endif
 
 	return GNUTLS_E_SUCCESS;
 }
@@ -481,6 +503,11 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
 	if (ret < 0)
 		return ret;
+# if 0
+	/* Disable nettle, hogweed and gmp HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	ret = check_lib_hmac(&hmac.nettle, paths.nettle);
 	if (ret < 0)
 		return ret;
@@ -492,6 +519,7 @@ static int check_binary_integrity(void)
 	if (ret < 0)
 		return ret;
 #endif
+#endif
 
 	return 0;
 }