Accepting request 1078280 from security:tls

OBS-URL: https://build.opensuse.org/request/show/1078280 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=146
2023-04-11 11:50:35 +00:00 · 2023-04-11 11:50:35 +00:00 · 044a2aab63
commit 044a2aab63
parent 10f73ba4f8 de18c17340
17 changed files with 587 additions and 1194 deletions
--- a/gnutls-3.7.9.tar.xz
+++ b/gnutls-3.7.9.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:aaa03416cdbd54eb155187b359e3ec3ed52ec73df4df35a0edd49429ff64d844
 size 6377212
--- a/gnutls-3.7.9.tar.xz.sig
+++ b/gnutls-3.7.9.tar.xz.sig
--- a/gnutls-3.8.0.tar.xz
+++ b/gnutls-3.8.0.tar.xz
--- a/gnutls-3.8.0.tar.xz.sig
+++ b/gnutls-3.8.0.tar.xz.sig
--- a/gnutls-FIPS-140-3-references.patch
+++ b/gnutls-FIPS-140-3-references.patch
@ -1,8 +1,8 @@
-Index: gnutls-3.7.9/configure.ac
+Index: gnutls-3.8.0/configure.ac
 ===================================================================
--- gnutls-3.7.9.orig/configure.ac
+--- gnutls-3.8.0.orig/configure.ac
-+++ gnutls-3.7.9/configure.ac
+++ gnutls-3.8.0/configure.ac
-@@ -588,19 +588,19 @@ LT_INIT([disable-static,win32-dll,shared
+@@ -586,19 +586,19 @@ LT_INIT([disable-static,win32-dll,shared
 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
 AC_ARG_ENABLE(fips140-mode,
@ -25,11 +25,11 @@ Index: gnutls-3.7.9/configure.ac
     AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
                                  [specify the FIPS140 module name]),
-Index: gnutls-3.7.9/doc/cha-gtls-app.texi
+Index: gnutls-3.8.0/doc/cha-gtls-app.texi
 ===================================================================
--- gnutls-3.7.9.orig/doc/cha-gtls-app.texi
+--- gnutls-3.8.0.orig/doc/cha-gtls-app.texi
-+++ gnutls-3.7.9/doc/cha-gtls-app.texi
+++ gnutls-3.8.0/doc/cha-gtls-app.texi
-@@ -206,7 +206,7 @@ CPU. The currently available options are
+@@ -222,7 +222,7 @@ CPU. The currently available options are
 @end itemize
 @item @code{GNUTLS_FORCE_FIPS_MODE}
@ -38,10 +38,10 @@ Index: gnutls-3.7.9/doc/cha-gtls-app.texi
 if set to one it will force the FIPS mode enablement.
 @end multitable
-Index: gnutls-3.7.9/doc/cha-internals.texi
+Index: gnutls-3.8.0/doc/cha-internals.texi
 ===================================================================
--- gnutls-3.7.9.orig/doc/cha-internals.texi
+--- gnutls-3.8.0.orig/doc/cha-internals.texi
-+++ gnutls-3.7.9/doc/cha-internals.texi
+++ gnutls-3.8.0/doc/cha-internals.texi
@@ -14,7 +14,7 @@ happens inside the black box.
 * TLS Hello Extension Handling::
 * Cryptographic Backend::
@ -162,11 +162,11 @@ Index: gnutls-3.7.9/doc/cha-internals.texi
 operation.  It can be attached to the current execution thread with
 @funcref{gnutls_fips140_push_context} and its internal state will be
 updated until it is detached with
-Index: gnutls-3.7.9/doc/enums.texi
+Index: gnutls-3.8.0/doc/enums.texi
 ===================================================================
--- gnutls-3.7.9.orig/doc/enums.texi
+--- gnutls-3.8.0.orig/doc/enums.texi
-+++ gnutls-3.7.9/doc/enums.texi
+++ gnutls-3.8.0/doc/enums.texi
-@@ -1169,7 +1169,7 @@ application traffic secret is installed
+@@ -1176,7 +1176,7 @@ application traffic secret is installed
 @c gnutls_fips_mode_t
 @table @code
 @item GNUTLS_@-FIPS140_@-DISABLED
@ -175,7 +175,7 @@ Index: gnutls-3.7.9/doc/enums.texi
 @item GNUTLS_@-FIPS140_@-STRICT
 The default mode; all forbidden operations will cause an
 operation failure via error code.
-@@ -1177,8 +1177,8 @@ operation failure via error code.
+@@ -1184,8 +1184,8 @@ operation failure via error code.
 A transient state during library initialization. That state
 cannot be set or seen by applications.
 @item GNUTLS_@-FIPS140_@-LAX
@ -186,10 +186,10 @@ Index: gnutls-3.7.9/doc/enums.texi
 application is aware of the followed security policy, and needs
 to utilize disallowed operations for other reasons (e.g., compatibility).
 @item GNUTLS_@-FIPS140_@-LOG
-Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
+Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode
 ===================================================================
--- gnutls-3.7.9.orig/doc/functions/gnutls_fips140_set_mode
+--- gnutls-3.8.0.orig/doc/functions/gnutls_fips140_set_mode
-+++ gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
+++ gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode
@@ -3,7 +3,7 @@
@ -215,10 +215,10 @@ Index: gnutls-3.7.9/doc/functions/gnutls_fips140_set_mode
 values for  @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS}  mode, the library
 switches to @code{GNUTLS_FIPS140_STRICT}  mode.
-Index: gnutls-3.7.9/doc/gnutls.html
+Index: gnutls-3.8.0/doc/gnutls.html
 ===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.html
+--- gnutls-3.8.0.orig/doc/gnutls.html
-+++ gnutls-3.7.9/doc/gnutls.html
+++ gnutls-3.8.0/doc/gnutls.html
@@ -486,7 +486,7 @@ Documentation License&rdquo;.
     <li><a id="toc-TLS-Extension-Handling" href="#TLS-Hello-Extension-Handling">11.4 TLS Extension Handling</a></li>
     <li><a id="toc-Cryptographic-Backend-1" href="#Cryptographic-Backend">11.5 Cryptographic Backend</a></li>
@ -228,7 +228,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
   </ul></li>
   <li><a id="toc-Upgrading-from-previous-versions-1" href="#Upgrading-from-previous-versions">Appendix A Upgrading from previous versions</a></li>
   <li><a id="toc-Support-1" href="#Support">Appendix B Support</a>
-@@ -8990,7 +8990,7 @@ CPU. The currently available options are
+@@ -9009,7 +9009,7 @@ CPU. The currently available options are
 </li><li> 0x200000: Enable VIA PHE
 </li><li> 0x400000: Enable VIA PHE SHA512
 </li></ul></td></tr>
@ -405,7 +405,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
 </p>
 <hr>
 </div>
-@@ -24538,7 +24538,7 @@ unusable.  This function is not thread-s
+@@ -24526,7 +24526,7 @@ unusable.  This function is not thread-s
 <span id="gnutls_005ffips140_005fset_005fmode-1"></span><h4 class="subheading">gnutls_fips140_set_mode</h4>
 <span id="gnutls_005ffips140_005fset_005fmode"></span><dl class="def">
 <dt id="index-gnutls_005ffips140_005fset_005fmode"><span class="category">Function: </span><span><em>void</em> <strong>gnutls_fips140_set_mode</strong> <em>(gnutls_fips_mode_t <var>mode</var>, unsigned <var>flags</var>)</em><a href='#index-gnutls_005ffips140_005fset_005fmode' class='copiable-anchor'> &para;</a></span></dt>
@ -414,7 +414,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
 </p>
 <p><var>flags</var>: should be zero or <code>GNUTLS_FIPS140_SET_MODE_THREAD</code> 
 </p>
-@@ -24547,13 +24547,13 @@ unusable.  This function is not thread-s
+@@ -24535,13 +24535,13 @@ unusable.  This function is not thread-s
 behavior with no flags after threads are created is undefined.
 </p>
 <p>When the flag <code>GNUTLS_FIPS140_SET_MODE_THREAD</code>  is specified
@ -430,7 +430,7 @@ Index: gnutls-3.7.9/doc/gnutls.html
 values for  <code>mode</code> or to <code>GNUTLS_FIPS140_SELFTESTS</code>  mode, the library
 switches to <code>GNUTLS_FIPS140_STRICT</code>  mode.
 </p>
-@@ -46665,7 +46665,7 @@ Next: <a href="#Concept-Index" accesskey
+@@ -46662,7 +46662,7 @@ Next: <a href="#Concept-Index" accesskey
 <tr><td></td><td valign="top"><a href="#index-gnutls_005ffingerprint"><code>gnutls_fingerprint</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
 <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fcontext_005fdeinit"><code>gnutls_fips140_context_deinit</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
 <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fcontext_005finit"><code>gnutls_fips140_context_init</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
@ -439,11 +439,11 @@ Index: gnutls-3.7.9/doc/gnutls.html
 <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fget_005foperation_005fstate-1"><code>gnutls_fips140_get_operation_state</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
 <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fmode_005fenabled"><code>gnutls_fips140_mode_enabled</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
 <tr><td></td><td valign="top"><a href="#index-gnutls_005ffips140_005fpop_005fcontext"><code>gnutls_fips140_pop_context</code></a>:</td><td>&nbsp;</td><td valign="top"><a href="#Core-TLS-API">Core TLS API</a></td></tr>
-Index: gnutls-3.7.9/doc/gnutls.info-3
+Index: gnutls-3.8.0/doc/gnutls.info-3
 ===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info-3
+--- gnutls-3.8.0.orig/doc/gnutls.info-3
-+++ gnutls-3.7.9/doc/gnutls.info-3
+++ gnutls-3.8.0/doc/gnutls.info-3
-@@ -2458,7 +2458,7 @@ to 'more'.  Both will exit with a status
+@@ -1631,7 +1631,7 @@ to 'more'.  Both will exit with a status
             --inline-commands-prefix=str Change the default delimiter for inline commands
             --provider=file        Specify the PKCS #11 provider library
      				- file must pre-exist
@ -452,7 +452,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
             --list-config          Reports the configuration of the library
             --logfile=str          Redirect informational messages to a specific file
             --keymatexport=str     Label used for exporting keying material
-@@ -3559,7 +3559,7 @@ to know what happens inside the black bo
+@@ -2732,7 +2732,7 @@ to know what happens inside the black bo
 * TLS Hello Extension Handling::
 * Cryptographic Backend::
 * Random Number Generators-internals::
@ -461,7 +461,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 File: gnutls.info,  Node: The TLS Protocol,  Next: TLS Handshake Protocol,  Up: Internal architecture of GnuTLS
-@@ -4091,7 +4091,7 @@ and abstract key types::.
+@@ -3264,7 +3264,7 @@ and abstract key types::.
 kernel implementation of '/dev/crypto'.
@ -470,7 +470,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 11.6 Random Number Generators
 =============================
-@@ -4101,7 +4101,7 @@ About the generators
+@@ -3274,7 +3274,7 @@ About the generators
 GnuTLS provides two random generators.  The default, and the AES-DRBG
 random generator which is only used when the library is compiled with
@ -479,7 +479,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 The default generator - inner workings
 --------------------------------------
-@@ -4250,25 +4250,25 @@ after observing the output of the PRNG.
+@@ -3423,25 +3423,25 @@ after observing the output of the PRNG.
 the above paragraph, all levels are immune to such attack.
@ -513,7 +513,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 modified as follows.
    * The random generator used switches to DRBG-AES
-@@ -4276,11 +4276,11 @@ modified as follows.
+@@ -3449,11 +3449,11 @@ modified as follows.
      startup
    * Algorithm self-tests are run on library load
@ -528,7 +528,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
      generation
    * Any cryptographic operation will be refused if any of the
      self-tests failed
-@@ -4289,7 +4289,7 @@ There are also few environment variables
+@@ -3462,7 +3462,7 @@ There are also few environment variables
 The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will
 disable the library integrity tests on startup, and the variable
 'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure
@ -537,7 +537,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 while '0' will disable it.
 The integrity checks for the dependent libraries and GnuTLS are
-@@ -4298,20 +4298,20 @@ library.  The key for the operations can
+@@ -3471,20 +3471,20 @@ library.  The key for the operations can
 with the configure option '-with-fips140-key'.  The MAC algorithm used
 is HMAC-SHA256.
@ -562,7 +562,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 'GNUTLS_FIPS140_STRICT'
      The default mode; all forbidden operations will cause an operation
      failure via error code.
-@@ -4319,8 +4319,8 @@ in *note Figure 11.5: gnutls_fips_mode_t
+@@ -3492,8 +3492,8 @@ in *note Figure 11.5: gnutls_fips_mode_t
      A transient state during library initialization.  That state cannot
      be set or seen by applications.
 'GNUTLS_FIPS140_LAX'
@ -573,7 +573,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
      the application is aware of the followed security policy, and needs
      to utilize disallowed operations for other reasons (e.g.,
      compatibility).
-@@ -4333,7 +4333,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
+@@ -3506,7 +3506,7 @@ in *note Figure 11.5: gnutls_fips_mode_t
 Figure 11.5: The 'gnutls_fips_mode_t' enumeration.
 The intention of this API is to be used by applications which may run in
@ -582,7 +582,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 set, e.g., for non-security related purposes.  In these cases
 applications should wrap the non-compliant code within blocks like the
 following.
-@@ -4357,10 +4357,10 @@ are macros to simplify the following seq
+@@ -3530,10 +3530,10 @@ are macros to simplify the following seq
 The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous
 calls is to localize the change in the mode.  Note also, that such a
@ -595,7 +595,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
      gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
 Service indicator
-@@ -4379,7 +4379,7 @@ within a given context.
+@@ -3552,7 +3552,7 @@ within a given context.
 'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)'
 'INT *note gnutls_fips140_pop_context:: ( VOID)'
@ -604,7 +604,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 operation.  It can be attached to the current execution thread with
 *note gnutls_fips140_push_context:: and its internal state will be
 updated until it is detached with *note gnutls_fips140_pop_context::.
-@@ -4837,8 +4837,8 @@ There are certifications from national o
+@@ -4010,8 +4010,8 @@ There are certifications from national o
 practices, such as unit testing and reliance on well known crypto
 primitives.
@ -615,7 +615,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
 File: gnutls.info,  Node: Error codes,  Next: Supported ciphersuites,  Prev: Support,  Up: Top
-@@ -9315,7 +9315,7 @@ gnutls_fips140_set_mode
+@@ -8476,7 +8476,7 @@ gnutls_fips140_set_mode
  -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE,
           unsigned FLAGS)
@ -624,7 +624,7 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
      FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD'
-@@ -9325,12 +9325,12 @@ gnutls_fips140_set_mode
+@@ -8486,12 +8486,12 @@ gnutls_fips140_set_mode
      undefined.
      When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then
@ -639,10 +639,10 @@ Index: gnutls-3.7.9/doc/gnutls.info-3
      values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the
      library switches to 'GNUTLS_FIPS140_STRICT' mode.
-Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi
+Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi
 ===================================================================
--- gnutls-3.7.9.orig/doc/invoke-gnutls-cli.texi
+--- gnutls-3.8.0.orig/doc/invoke-gnutls-cli.texi
-+++ gnutls-3.7.9/doc/invoke-gnutls-cli.texi
+++ gnutls-3.8.0/doc/invoke-gnutls-cli.texi
@@ -99,7 +99,7 @@ None:
        --inline-commands-prefix=str Change the default delimiter for inline commands
        --provider=file        Specify the PKCS #11 provider library
@ -652,10 +652,10 @@ Index: gnutls-3.7.9/doc/invoke-gnutls-cli.texi
        --list-config          Reports the configuration of the library
        --logfile=str          Redirect informational messages to a specific file
        --keymatexport=str     Label used for exporting keying material
-Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1
+Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1
 ===================================================================
--- gnutls-3.7.9.orig/doc/manpages/gnutls-cli.1
+--- gnutls-3.8.0.orig/doc/manpages/gnutls-cli.1
-+++ gnutls-3.7.9/doc/manpages/gnutls-cli.1
+++ gnutls-3.8.0/doc/manpages/gnutls-cli.1
@@ -389,7 +389,7 @@ Specify the PKCS #11 provider library.
 This will override the default options in /etc/gnutls/pkcs11.conf
 .TP
@ -665,11 +665,11 @@ Index: gnutls-3.7.9/doc/manpages/gnutls-cli.1
 .sp
 .TP
 .NOP \f\*[B-Font]\-\-list\-config\f[]
-Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
+Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html
 ===================================================================
--- gnutls-3.7.9.orig/doc/reference/html/gnutls-gnutls.html
+--- gnutls-3.8.0.orig/doc/reference/html/gnutls-gnutls.html
-+++ gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
+++ gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html
-@@ -20552,12 +20552,12 @@ gnutls_fips140_set_mode (<em class="para
+@@ -20580,12 +20580,12 @@ gnutls_fips140_set_mode (<em class="para
 (globally), and should be called prior to creating any threads. Its
 behavior with no flags after threads are created is undefined.</p>
 <p>When the flag <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SET-MODE-THREAD:CAPS" title="GNUTLS_FIPS140_SET_MODE_THREAD"><code class="literal">GNUTLS_FIPS140_SET_MODE_THREAD</code></a> is specified
@ -684,7 +684,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
 values for <em class="parameter"><code>mode</code></em>
  or to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-SELFTESTS:CAPS"><code class="literal">GNUTLS_FIPS140_SELFTESTS</code></a> mode, the library
 switches to <a class="link" href="gnutls-gnutls.html#GNUTLS-FIPS140-STRICT:CAPS"><code class="literal">GNUTLS_FIPS140_STRICT</code></a> mode.</p>
-@@ -20572,7 +20572,7 @@ switches to <a class="link" href="gnutls
+@@ -20600,7 +20600,7 @@ switches to <a class="link" href="gnutls
 <tbody>
 <tr>
 <td class="parameter_name"><p>mode</p></td>
@ -693,7 +693,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
 <td class="parameter_annotations"> </td>
 </tr>
 <tr>
-@@ -25479,7 +25479,7 @@ encryption</p>
+@@ -25568,7 +25568,7 @@ encryption</p>
 <hr>
 <div class="refsect2">
 <a name="gnutls-fips-mode-t"></a><h3>enum gnutls_fips_mode_t</h3>
@ -702,7 +702,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
 <div class="refsect3">
 <a name="gnutls-fips-mode-t.members"></a><h4>Members</h4>
 <div class="informaltable"><table class="informaltable" width="100%" border="0">
-@@ -25492,7 +25492,7 @@ encryption</p>
+@@ -25581,7 +25581,7 @@ encryption</p>
 <tr>
 <td class="enum_member_name"><p><a name="GNUTLS-FIPS140-DISABLED:CAPS"></a>GNUTLS_FIPS140_DISABLED</p></td>
 <td class="enum_member_description">
@ -711,7 +711,7 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
 </td>
 <td class="enum_member_annotations"> </td>
 </tr>
-@@ -25515,8 +25515,8 @@ operation failure via error code.</p>
+@@ -25604,8 +25604,8 @@ operation failure via error code.</p>
 <tr>
 <td class="enum_member_name"><p><a name="GNUTLS-FIPS140-LAX:CAPS"></a>GNUTLS_FIPS140_LAX</p></td>
 <td class="enum_member_description">
@ -722,18 +722,18 @@ Index: gnutls-3.7.9/doc/reference/html/gnutls-gnutls.html
 application is aware of the followed security policy, and needs
 to utilize disallowed operations for other reasons (e.g., compatibility).</p>
 </td>
-@@ -27111,4 +27111,4 @@ transition to <a class="link" href="gnut
+@@ -27241,4 +27241,4 @@ This is used by <a class="link" href="gn
 <div class="footer">
 <hr>Generated by GTK-Doc V1.33.1</div>
 </body>
 -</html>
 \ No newline at end of file
 +</html>
-Index: gnutls-3.7.9/lib/fips.c
+Index: gnutls-3.8.0/lib/fips.c
 ===================================================================
--- gnutls-3.7.9.orig/lib/fips.c
+--- gnutls-3.8.0.orig/lib/fips.c
-+++ gnutls-3.7.9/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
-@@ -113,7 +113,7 @@ unsigned _gnutls_fips_mode_enabled(void)
+@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void)
 	}
 	if (f1p != 0) {
@ -742,7 +742,7 @@ Index: gnutls-3.7.9/lib/fips.c
 		ret = GNUTLS_FIPS140_STRICT;
 		goto exit;
 	}
-@@ -122,7 +122,7 @@ unsigned _gnutls_fips_mode_enabled(void)
+@@ -130,7 +130,7 @@ unsigned _gnutls_fips_mode_enabled(void)
 	if (f2p != 0) {
 		/* a funny state where self tests are performed
 		 * and ignored */
@ -751,7 +751,7 @@ Index: gnutls-3.7.9/lib/fips.c
 		ret = GNUTLS_FIPS140_SELFTESTS;
 		goto exit;
 	}
-@@ -632,7 +632,7 @@ unsigned gnutls_fips140_mode_enabled(voi
+@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi
 /**
  * gnutls_fips140_set_mode:
@ -760,7 +760,7 @@ Index: gnutls-3.7.9/lib/fips.c
  * @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD
  *
  * That function is not thread-safe when changing the mode with no flags
-@@ -640,13 +640,13 @@ unsigned gnutls_fips140_mode_enabled(voi
+@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi
  * behavior with no flags after threads are created is undefined.
  *
  * When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified
@ -776,27 +776,28 @@ Index: gnutls-3.7.9/lib/fips.c
  * values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library
  * switches to %GNUTLS_FIPS140_STRICT mode.
  *
-@@ -657,8 +657,8 @@ void gnutls_fips140_set_mode(gnutls_fips
+@@ -719,9 +719,9 @@ void gnutls_fips140_set_mode(gnutls_fips
 #ifdef ENABLE_FIPS140
 	gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled();
 	if (prev == GNUTLS_FIPS140_DISABLED || prev == GNUTLS_FIPS140_SELFTESTS) {
 -		/* we need to run self-tests first to be in FIPS140-2 mode */
 -		_gnutls_audit_log(NULL, "The library should be initialized in FIPS140-2 mode to do that operation\n");
 +		/* we need to run self-tests first to be in FIPS140-3 mode */
-+		_gnutls_audit_log(NULL, "The library should be initialized in FIPS140-3 mode to do that operation\n");
+ 		_gnutls_audit_log(NULL,
 -				  "The library should be initialized in FIPS140-2 mode to do that operation\n");
 +				  "The library should be initialized in FIPS140-3 mode to do that operation\n");
 		return;
 	}
-@@ -669,7 +669,7 @@ void gnutls_fips140_set_mode(gnutls_fips
+@@ -733,7 +733,7 @@ void gnutls_fips140_set_mode(gnutls_fips
 		case GNUTLS_FIPS140_DISABLED:
 		break;
 	case GNUTLS_FIPS140_SELFTESTS:
-			_gnutls_audit_log(NULL, "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n");
+ 		_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n");
+-				  "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n");
 +				  "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n");
 		mode = GNUTLS_FIPS140_STRICT;
 		break;
 	default:
-@@ -848,7 +848,7 @@ _gnutls_switch_fips_state(gnutls_fips140
+@@ -908,7 +908,7 @@ void _gnutls_switch_fips_state(gnutls_fi
 	}
 	if (!_tfips_context) {
@ -805,56 +806,56 @@ Index: gnutls-3.7.9/lib/fips.c
 		return;
 	}
-@@ -860,7 +860,7 @@ _gnutls_switch_fips_state(gnutls_fips140
+@@ -921,7 +921,7 @@ void _gnutls_switch_fips_state(gnutls_fi
 	case GNUTLS_FIPS140_OP_INITIAL:
 		/* initial can be transitioned to any state */
 		if (mode != GNUTLS_FIPS140_LAX) {
-			_gnutls_audit_log(NULL, "FIPS140-2 operation mode switched from initial to %s\n",
+ 			_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "FIPS140-3 operation mode switched from initial to %s\n",
+-					  "FIPS140-2 operation mode switched from initial to %s\n",
 +					  "FIPS140-3 operation mode switched from initial to %s\n",
 					  operation_state_to_string(state));
 		}
 		_tfips_context->state = state;
-@@ -869,7 +869,7 @@ _gnutls_switch_fips_state(gnutls_fips140
+@@ -931,7 +931,7 @@ void _gnutls_switch_fips_state(gnutls_fi
 		/* approved can only be transitioned to not-approved */
 		if (likely(state == GNUTLS_FIPS140_OP_NOT_APPROVED)) {
 			if (mode != GNUTLS_FIPS140_LAX) {
-				_gnutls_audit_log(NULL, "FIPS140-2 operation mode switched from approved to %s\n",
+ 				_gnutls_audit_log(NULL,
-+				_gnutls_audit_log(NULL, "FIPS140-3 operation mode switched from approved to %s\n",
+-						  "FIPS140-2 operation mode switched from approved to %s\n",
- 						  operation_state_to_string(state));
+						  "FIPS140-3 operation mode switched from approved to %s\n",
 						  operation_state_to_string
 						  (state));
 			}
- 			_tfips_context->state = state;
+@@ -943,7 +943,7 @@ void _gnutls_switch_fips_state(gnutls_fi
@@ -879,7 +879,7 @@ _gnutls_switch_fips_state(gnutls_fips140
 	default:
 		/* other transitions are prohibited */
 		if (mode != GNUTLS_FIPS140_LAX) {
-			_gnutls_audit_log(NULL, "FIPS140-2 operation mode cannot be switched from %s to %s\n",
+ 			_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "FIPS140-3 operation mode cannot be switched from %s to %s\n",
+-					  "FIPS140-2 operation mode cannot be switched from %s to %s\n",
- 					  operation_state_to_string(_tfips_context->state),
+					  "FIPS140-3 operation mode cannot be switched from %s to %s\n",
 					  operation_state_to_string
 					  (_tfips_context->state),
 					  operation_state_to_string(state));
- 		}
+@@ -1004,7 +1004,7 @@ int gnutls_fips140_run_self_tests(void)
-@@ -941,7 +941,7 @@ gnutls_fips140_run_self_tests(void)
+ 	if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && ret < 0) {
 	if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED &&
 	    ret < 0) {
 		_gnutls_switch_lib_state(LIB_STATE_ERROR);
-		_gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n");
+ 		_gnutls_audit_log(NULL,
-+		_gnutls_audit_log(NULL, "FIPS140-3 self testing part 2 failed\n");
+-				  "FIPS140-2 self testing part 2 failed\n");
 +				  "FIPS140-3 self testing part 2 failed\n");
 	} else {
 		/* Restore the previous library state */
 		_gnutls_switch_lib_state(prev_lib_state);
-@@ -951,7 +951,7 @@ gnutls_fips140_run_self_tests(void)
+@@ -1016,7 +1016,7 @@ int gnutls_fips140_run_self_tests(void)
 	if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && fips_context) {
 		if (gnutls_fips140_pop_context() < 0) {
 			_gnutls_switch_lib_state(LIB_STATE_ERROR);
-			_gnutls_audit_log(NULL, "FIPS140-2 context restoration failed\n");
+ 			_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "FIPS140-3 context restoration failed\n");
+-					  "FIPS140-2 context restoration failed\n");
 +					  "FIPS140-3 context restoration failed\n");
 		}
 		gnutls_fips140_context_deinit(fips_context);
 	}
-Index: gnutls-3.7.9/lib/fips.h
+Index: gnutls-3.8.0/lib/fips.h
 ===================================================================
--- gnutls-3.7.9.orig/lib/fips.h
+--- gnutls-3.8.0.orig/lib/fips.h
-+++ gnutls-3.7.9/lib/fips.h
+++ gnutls-3.8.0/lib/fips.h
-@@ -189,16 +189,16 @@ is_digest_algo_allowed_for_sign_in_fips(
+@@ -158,16 +158,16 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
 }
 # ifdef ENABLE_FIPS140
@ -874,7 +875,7 @@ Index: gnutls-3.7.9/lib/fips.h
 				return ret_error; \
 			} \
 		} \
-@@ -213,7 +213,7 @@ is_mac_algo_allowed(gnutls_mac_algorithm
+@@ -181,7 +181,7 @@ inline static bool is_mac_algo_allowed(g
 		switch (mode) {
 		case GNUTLS_FIPS140_LOG:
 			_gnutls_audit_log(NULL,
@ -883,28 +884,19 @@ Index: gnutls-3.7.9/lib/fips.h
 					  gnutls_mac_get_name(algo));
 			FALLTHROUGH;
 		case GNUTLS_FIPS140_DISABLED:
-@@ -235,7 +235,7 @@ is_cipher_algo_allowed(gnutls_cipher_alg
+@@ -203,7 +203,7 @@ inline static bool is_cipher_algo_allowe
 	    !is_cipher_algo_allowed_in_fips(algo)) {
 		switch (mode) {
 		case GNUTLS_FIPS140_LOG:
-			_gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n",
+ 			_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "fips140-3: allowing access to %s\n",
+-					  "fips140-2: allowing access to %s\n",
 +					  "fips140-3: allowing access to %s\n",
 					  gnutls_cipher_get_name(algo));
 			FALLTHROUGH;
 		case GNUTLS_FIPS140_DISABLED:
-@@ -257,7 +257,7 @@ is_digest_algo_allowed_for_sign(gnutls_d
+Index: gnutls-3.8.0/lib/global.c
 	    !is_digest_algo_allowed_for_sign_in_fips(algo)) {
 		switch (mode) {
 		case GNUTLS_FIPS140_LOG:
 -			_gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n",
 +			_gnutls_audit_log(NULL, "fips140-3: allowing access to %s\n",
 					  gnutls_cipher_get_name(algo));
 			FALLTHROUGH;
 		case GNUTLS_FIPS140_DISABLED:
 Index: gnutls-3.7.9/lib/global.c
 ===================================================================
--- gnutls-3.7.9.orig/lib/global.c
+--- gnutls-3.8.0.orig/lib/global.c
-+++ gnutls-3.7.9/lib/global.c
+++ gnutls-3.8.0/lib/global.c
@@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned
 #ifdef ENABLE_FIPS140
@ -920,29 +912,29 @@ Index: gnutls-3.7.9/lib/global.c
 		_gnutls_priority_update_fips();
 		/* first round of self checks, these are done on the
-@@ -340,7 +340,7 @@ static int _gnutls_global_init(unsigned
+@@ -341,7 +341,7 @@ static int _gnutls_global_init(unsigned
 		ret = _gnutls_fips_perform_self_checks1();
 		if (ret < 0) {
 			_gnutls_switch_lib_state(LIB_STATE_ERROR);
-			_gnutls_audit_log(NULL, "FIPS140-2 self testing part1 failed\n");
+ 			_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "FIPS140-3 self testing part1 failed\n");
+-					  "FIPS140-2 self testing part1 failed\n");
 +					  "FIPS140-3 self testing part1 failed\n");
 			if (res != 2) {
 				gnutls_assert();
 				goto out;
-@@ -362,7 +362,7 @@ static int _gnutls_global_init(unsigned
+@@ -364,7 +364,7 @@ static int _gnutls_global_init(unsigned
 		ret = _gnutls_fips_perform_self_checks2();
 		if (ret < 0) {
 			_gnutls_switch_lib_state(LIB_STATE_ERROR);
-			_gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n");
+ 			_gnutls_audit_log(NULL,
-+			_gnutls_audit_log(NULL, "FIPS140-3 self testing part 2 failed\n");
+-					  "FIPS140-2 self testing part 2 failed\n");
 +					  "FIPS140-3 self testing part 2 failed\n");
 			if (res != 2) {
 				gnutls_assert();
 				goto out;
-Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
+Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in
 ===================================================================
--- gnutls-3.7.9.orig/lib/includes/gnutls/gnutls.h.in
+--- gnutls-3.8.0.orig/lib/includes/gnutls/gnutls.h.in
-+++ gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
+++ gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in
-@@ -3336,16 +3336,16 @@ void
+@@ -3278,16 +3278,16 @@ void
 gnutls_alert_set_read_function(gnutls_session_t session,
 			       gnutls_alert_read_func func);
@ -963,7 +955,7 @@ Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
  *                      application is aware of the followed security policy, and needs
  *                      to utilize disallowed operations for other reasons (e.g., compatibility).
  * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results
-@@ -3353,7 +3353,7 @@ unsigned gnutls_fips140_mode_enabled(voi
+@@ -3295,7 +3295,7 @@ unsigned gnutls_fips140_mode_enabled(voi
  * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state
  *			cannot be set or seen by applications.
  *
@ -972,11 +964,11 @@ Index: gnutls-3.7.9/lib/includes/gnutls/gnutls.h.in
  */
 typedef enum gnutls_fips_mode_t {
 	GNUTLS_FIPS140_DISABLED = 0,
-Index: gnutls-3.7.9/src/cli.c
+Index: gnutls-3.8.0/src/cli.c
 ===================================================================
--- gnutls-3.7.9.orig/src/cli.c
+--- gnutls-3.8.0.orig/src/cli.c
-+++ gnutls-3.7.9/src/cli.c
+++ gnutls-3.8.0/src/cli.c
-@@ -1641,10 +1641,10 @@ static void cmd_parser(int argc, char **
+@@ -1650,10 +1650,10 @@ static void cmd_parser(int argc, char **
 	if (HAVE_OPT(FIPS140_MODE)) {
 		if (gnutls_fips140_mode_enabled() != 0) {
@ -989,10 +981,10 @@ Index: gnutls-3.7.9/src/cli.c
 		exit(1);
 	}
-Index: gnutls-3.7.9/src/gnutls-cli-options.c
+Index: gnutls-3.8.0/src/gnutls-cli-options.c
 ===================================================================
--- gnutls-3.7.9.orig/src/gnutls-cli-options.c
+--- gnutls-3.8.0.orig/src/gnutls-cli-options.c
-+++ gnutls-3.7.9/src/gnutls-cli-options.c
+++ gnutls-3.8.0/src/gnutls-cli-options.c
@@ -785,7 +785,7 @@ usage (FILE *out, int status)
     "       --inline-commands-prefix=str Change the default delimiter for inline commands\n"
     "       --provider=file        Specify the PKCS #11 provider library\n"
@ -1002,10 +994,10 @@ Index: gnutls-3.7.9/src/gnutls-cli-options.c
     "       --list-config          Reports the configuration of the library\n"
     "       --logfile=str          Redirect informational messages to a specific file\n"
     "       --keymatexport=str     Label used for exporting keying material\n"
-Index: gnutls-3.7.9/tests/cert-tests/gost.sh
+Index: gnutls-3.8.0/tests/cert-tests/gost.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/gost.sh
+--- gnutls-3.8.0.orig/tests/cert-tests/gost.sh
-+++ gnutls-3.7.9/tests/cert-tests/gost.sh
+++ gnutls-3.8.0/tests/cert-tests/gost.sh
@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
@ -1015,10 +1007,36 @@ Index: gnutls-3.7.9/tests/cert-tests/gost.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
+Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-corner-cases.sh
+--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-corner-cases.sh
-+++ gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
 -	echo "Cannot run in FIPS140-2 mode"
 +	echo "Cannot run in FIPS140-3 mode"
 	exit 77
 fi
 Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh
 ===================================================================
 --- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-encode.sh
 +++ gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
 -	echo "Cannot run in FIPS140-2 mode"
 +	echo "Cannot run in FIPS140-3 mode"
 	exit 77
 fi
 Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh
 ===================================================================
 --- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-gost.sh
 +++ gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
@ -1028,10 +1046,23 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12-corner-cases.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
+Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-encode.sh
+--- gnutls-3.8.0.orig/tests/cert-tests/pkcs12.sh
-+++ gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs12.sh
@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
 -	echo "Cannot run in FIPS140-2 mode"
 +	echo "Cannot run in FIPS140-3 mode"
 	exit 77
 fi
 Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh
 ===================================================================
 --- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-decode.sh
 +++ gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
@ -1041,23 +1072,10 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12-encode.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh
+Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs12-gost.sh
+--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-eddsa.sh
-+++ gnutls-3.7.9/tests/cert-tests/pkcs12-gost.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh
@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
 -	echo "Cannot run in FIPS140-2 mode"
 +	echo "Cannot run in FIPS140-3 mode"
 	exit 77
 fi
 Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh
 ===================================================================
 --- gnutls-3.7.9.orig/tests/cert-tests/pkcs12.sh
 +++ gnutls-3.7.9/tests/cert-tests/pkcs12.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
@ -1067,11 +1085,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs12.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
+Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-decode.sh
+--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-gost.sh
-+++ gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh
-@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
+@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
@ -1080,11 +1098,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs8-decode.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
+Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-eddsa.sh
+--- gnutls-3.8.0.orig/tests/cert-tests/pkcs8.sh
-+++ gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
+++ gnutls-3.8.0/tests/cert-tests/pkcs8.sh
-@@ -30,7 +30,7 @@ if ! test -x "${CERTTOOL}"; then
+@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
@ -1093,37 +1111,11 @@ Index: gnutls-3.7.9/tests/cert-tests/pkcs8-eddsa.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh
+Index: gnutls-3.8.0/tests/cipher-listings.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/cert-tests/pkcs8-gost.sh
+--- gnutls-3.8.0.orig/tests/cipher-listings.sh
-+++ gnutls-3.7.9/tests/cert-tests/pkcs8-gost.sh
+++ gnutls-3.8.0/tests/cipher-listings.sh
-@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
+@@ -63,7 +63,7 @@ check()
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
 -	echo "Cannot run in FIPS140-2 mode"
 +	echo "Cannot run in FIPS140-3 mode"
 	exit 77
 fi
 Index: gnutls-3.7.9/tests/cert-tests/pkcs8.sh
 ===================================================================
 --- gnutls-3.7.9.orig/tests/cert-tests/pkcs8.sh
 +++ gnutls-3.7.9/tests/cert-tests/pkcs8.sh
@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then
 fi
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
 -	echo "Cannot run in FIPS140-2 mode"
 +	echo "Cannot run in FIPS140-3 mode"
 	exit 77
 fi
 Index: gnutls-3.7.9/tests/cipher-listings.sh
 ===================================================================
 --- gnutls-3.7.9.orig/tests/cipher-listings.sh
 +++ gnutls-3.7.9/tests/cipher-listings.sh
@@ -64,7 +64,7 @@ check()
 ${CLI} --fips140-mode
 if test $? = 0;then
@ -1132,11 +1124,11 @@ Index: gnutls-3.7.9/tests/cipher-listings.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/tests/testpkcs11.sh
+Index: gnutls-3.8.0/tests/testpkcs11.sh
 ===================================================================
--- gnutls-3.7.9.orig/tests/testpkcs11.sh
+--- gnutls-3.8.0.orig/tests/testpkcs11.sh
-+++ gnutls-3.7.9/tests/testpkcs11.sh
+++ gnutls-3.8.0/tests/testpkcs11.sh
-@@ -27,7 +27,7 @@
+@@ -26,7 +26,7 @@
 RETCODE=0
 if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
@ -1145,10 +1137,10 @@ Index: gnutls-3.7.9/tests/testpkcs11.sh
 	exit 77
 fi
-Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
+Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t
 ===================================================================
--- gnutls-3.7.9.orig/doc/enums/gnutls_fips_mode_t
+--- gnutls-3.8.0.orig/doc/enums/gnutls_fips_mode_t
-+++ gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
+++ gnutls-3.8.0/doc/enums/gnutls_fips_mode_t
@@ -3,7 +3,7 @@
 @c gnutls_fips_mode_t
 @table @code
@ -1169,10 +1161,10 @@ Index: gnutls-3.7.9/doc/enums/gnutls_fips_mode_t
 application is aware of the followed security policy, and needs
 to utilize disallowed operations for other reasons (e.g., compatibility).
 @item GNUTLS_@-FIPS140_@-LOG
-Index: gnutls-3.7.9/doc/gnutls-api.texi
+Index: gnutls-3.8.0/doc/gnutls-api.texi
 ===================================================================
--- gnutls-3.7.9.orig/doc/gnutls-api.texi
+--- gnutls-3.8.0.orig/doc/gnutls-api.texi
-+++ gnutls-3.7.9/doc/gnutls-api.texi
+++ gnutls-3.8.0/doc/gnutls-api.texi
@@ -3275,7 +3275,7 @@ unusable.  This function is not thread-s
 @subheading gnutls_fips140_set_mode
 @anchor{gnutls_fips140_set_mode}
@ -1198,11 +1190,11 @@ Index: gnutls-3.7.9/doc/gnutls-api.texi
 values for  @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS}  mode, the library
 switches to @code{GNUTLS_FIPS140_STRICT}  mode.
-Index: gnutls-3.7.9/lib/ext/session_ticket.c
+Index: gnutls-3.8.0/lib/ext/session_ticket.c
 ===================================================================
--- gnutls-3.7.9.orig/lib/ext/session_ticket.c
+--- gnutls-3.8.0.orig/lib/ext/session_ticket.c
-+++ gnutls-3.7.9/lib/ext/session_ticket.c
+++ gnutls-3.8.0/lib/ext/session_ticket.c
-@@ -539,7 +539,7 @@ int gnutls_session_ticket_key_generate(g
+@@ -536,7 +536,7 @@ int gnutls_session_ticket_key_generate(g
 {
 	if (_gnutls_fips_mode_enabled()) {
 		int ret;
@ -1211,10 +1203,10 @@ Index: gnutls-3.7.9/lib/ext/session_ticket.c
 		 * some limits on allowed key size, thus it is not
 		 * used. These limits do not affect this function as
 		 * it does not generate a "key" but rather key material
-Index: gnutls-3.7.9/lib/libgnutls.map
+Index: gnutls-3.8.0/lib/libgnutls.map
 ===================================================================
--- gnutls-3.7.9.orig/lib/libgnutls.map
+--- gnutls-3.8.0.orig/lib/libgnutls.map
-+++ gnutls-3.7.9/lib/libgnutls.map
+++ gnutls-3.8.0/lib/libgnutls.map
@@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 {
 	gnutls_hkdf_self_test;
 	gnutls_pbkdf2_self_test;
@ -1224,11 +1216,11 @@ Index: gnutls-3.7.9/lib/libgnutls.map
 	drbg_aes_reseed;
 	drbg_aes_init;
 	drbg_aes_generate;
-Index: gnutls-3.7.9/lib/nettle/mac.c
+Index: gnutls-3.8.0/lib/nettle/mac.c
 ===================================================================
--- gnutls-3.7.9.orig/lib/nettle/mac.c
+--- gnutls-3.8.0.orig/lib/nettle/mac.c
-+++ gnutls-3.7.9/lib/nettle/mac.c
+++ gnutls-3.8.0/lib/nettle/mac.c
-@@ -267,7 +267,7 @@ static void _wrap_gmac_digest(void *_ctx
+@@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx
 static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
 			 struct nettle_mac_ctx *ctx)
 {
@ -1237,7 +1229,7 @@ Index: gnutls-3.7.9/lib/nettle/mac.c
 	 * gnutls_hash_init() and gnutls_hmac_init() */
 	ctx->set_nonce = NULL;
-@@ -656,7 +656,7 @@ static void _md5_sha1_digest(void *_ctx,
+@@ -649,7 +649,7 @@ static void _md5_sha1_digest(void *_ctx,
 static int _ctx_init(gnutls_digest_algorithm_t algo,
 		     struct nettle_hash_ctx *ctx)
 {
@ -1246,11 +1238,11 @@ Index: gnutls-3.7.9/lib/nettle/mac.c
 	 * gnutls_hash_init() and gnutls_hmac_init() */
 	switch (algo) {
 	case GNUTLS_DIG_MD5:
-Index: gnutls-3.7.9/doc/gnutls.info-2
+Index: gnutls-3.8.0/doc/gnutls.info-2
 ===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info-2
+--- gnutls-3.8.0.orig/doc/gnutls.info-2
-+++ gnutls-3.7.9/doc/gnutls.info-2
+++ gnutls-3.8.0/doc/gnutls.info-2
-@@ -671,7 +671,7 @@ Variable               Purpose
+@@ -687,7 +687,7 @@ Variable               Purpose
                           * 0x400000: Enable VIA PHE SHA512
 'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support
@ -1259,10 +1251,10 @@ Index: gnutls-3.7.9/doc/gnutls.info-2
                        set to one it will force the FIPS mode
                        enablement.
-Index: gnutls-3.7.9/config.h.in
+Index: gnutls-3.8.0/config.h.in
 ===================================================================
--- gnutls-3.7.9.orig/config.h.in
+--- gnutls-3.8.0.orig/config.h.in
-+++ gnutls-3.7.9/config.h.in
+++ gnutls-3.8.0/config.h.in
@@ -82,7 +82,7 @@
 /* enable DHE */
 #undef ENABLE_ECDHE
@ -1281,11 +1273,11 @@ Index: gnutls-3.7.9/config.h.in
 #undef FIPS_KEY
 /* The FIPS140 module name */
-Index: gnutls-3.7.9/configure
+Index: gnutls-3.8.0/configure
 ===================================================================
--- gnutls-3.7.9.orig/configure
+--- gnutls-3.8.0.orig/configure
-+++ gnutls-3.7.9/configure
+++ gnutls-3.8.0/configure
-@@ -3573,7 +3573,7 @@ Optional Features:
+@@ -3775,7 +3775,7 @@ Optional Features:
   --enable-fast-install[=PKGS]
                           optimize for fast installation [default=yes]
   --disable-libtool-lock  avoid locking (might break parallel builds)
@ -1294,10 +1286,10 @@ Index: gnutls-3.7.9/configure
   --enable-strict-x509    enable stricter sanity checks for x509 certificates
   --disable-non-suiteb-curves
                           disable curves not in SuiteB
-Index: gnutls-3.7.9/doc/cha-support.texi
+Index: gnutls-3.8.0/doc/cha-support.texi
 ===================================================================
--- gnutls-3.7.9.orig/doc/cha-support.texi
+--- gnutls-3.8.0.orig/doc/cha-support.texi
-+++ gnutls-3.7.9/doc/cha-support.texi
+++ gnutls-3.8.0/doc/cha-support.texi
@@ -135,5 +135,5 @@ There are certifications from national o
 to an auditor that the crypto component follows some best practices, such
 as unit testing and reliance on well known crypto primitives.
@ -1306,11 +1298,11 @@ Index: gnutls-3.7.9/doc/cha-support.texi
 -See @ref{FIPS140-2 mode} for more information.
 +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux.
 +See @ref{FIPS140-3 mode} for more information.
-Index: gnutls-3.7.9/doc/gnutls.info-6
+Index: gnutls-3.8.0/doc/gnutls.info-6
 ===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info-6
+--- gnutls-3.8.0.orig/doc/gnutls.info-6
-+++ gnutls-3.7.9/doc/gnutls.info-6
+++ gnutls-3.8.0/doc/gnutls.info-6
-@@ -8843,7 +8843,7 @@ Function and Data Index
+@@ -7982,7 +7982,7 @@ Function and Data Index
 * gnutls_fingerprint:                    Core TLS API.       (line 3513)
 * gnutls_fips140_context_deinit:         Core TLS API.       (line 3540)
 * gnutls_fips140_context_init:           Core TLS API.       (line 3551)
@ -1319,23 +1311,23 @@ Index: gnutls-3.7.9/doc/gnutls.info-6
 * gnutls_fips140_get_operation_state <1>: Core TLS API.      (line 3564)
 * gnutls_fips140_mode_enabled:           Core TLS API.       (line 3578)
 * gnutls_fips140_pop_context:            Core TLS API.       (line 3596)
-Index: gnutls-3.7.9/doc/gnutls.info
+Index: gnutls-3.8.0/doc/gnutls.info
 ===================================================================
--- gnutls-3.7.9.orig/doc/gnutls.info
+--- gnutls-3.8.0.orig/doc/gnutls.info
-+++ gnutls-3.7.9/doc/gnutls.info
+++ gnutls-3.8.0/doc/gnutls.info
-@@ -611,7 +611,7 @@ Ref: fig-crypto-layers757265
+@@ -611,7 +611,7 @@ Ref: fig-crypto-layers730201
- Ref: Cryptographic Backend-Footnote-1760549
+ Ref: Cryptographic Backend-Footnote-1733485
- Ref: Cryptographic Backend-Footnote-2760634
+ Ref: Cryptographic Backend-Footnote-2733570
- Node: Random Number Generators-internals760742
+ Node: Random Number Generators-internals733678
-Node: FIPS140-2 mode768106
+-Node: FIPS140-2 mode741042
-+Node: FIPS140-3 mode768106
+Node: FIPS140-3 mode741042
- Ref: gnutls_fips_mode_t770742
+ Ref: gnutls_fips_mode_t743678
- Node: Upgrading from previous versions774339
+ Node: Upgrading from previous versions747275
- Node: Support788333
+ Node: Support761269
-Index: gnutls-3.7.9/src/gnutls-cli-options.json
+Index: gnutls-3.8.0/src/gnutls-cli-options.json
 ===================================================================
--- gnutls-3.7.9.orig/src/gnutls-cli-options.json
+--- gnutls-3.8.0.orig/src/gnutls-cli-options.json
-+++ gnutls-3.7.9/src/gnutls-cli-options.json
+++ gnutls-3.8.0/src/gnutls-cli-options.json
@@ -372,7 +372,7 @@
         },
         {
--- a/gnutls-FIPS-PCT-DH.patch
+++ b/gnutls-FIPS-PCT-DH.patch
@ -1,85 +1,55 @@
-Index: gnutls-3.7.8/lib/nettle/pk.c
+From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001
 From: Pedro Monreal <pmgdeb@gmail.com>
 Date: Thu, 16 Feb 2023 17:02:38 +0100
 Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation
 Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise
 Consistency check, even if we only support ephemeral DH, as it is
 required by FIPS 140-3 IG 10.3.A.
 Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
 Co-authored-by: Daiki Ueno <ueno@gnu.org>
 ---
 lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 Index: gnutls-3.8.0/lib/nettle/pk.c
 ===================================================================
--- gnutls-3.7.8.orig/lib/nettle/pk.c
+--- gnutls-3.8.0.orig/lib/nettle/pk.c
-+++ gnutls-3.7.8/lib/nettle/pk.c
+++ gnutls-3.8.0/lib/nettle/pk.c
-@@ -2498,6 +2498,48 @@ static int pct_test(gnutls_pk_algorithm_
+@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_
 		}
 		break;
 	case GNUTLS_PK_DH:
-+		if (_gnutls_fips_mode_enabled()) {
+		{
-+			/* Perform Owner Assurance of Pair-wise Consistency
+			mpz_t y;
-+			 * according to SP800-56A (revision 3), 5.6.2.1.4.
+
 +			/* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
 +			 * of Pair-wise Consistency check, even if we only
 +			 * support ephemeral DH, as it is required by FIPS
 +			 * 140-3 IG 10.3.A.
 +			 *
-+			 * DH params (see lib/crypto-backend.h)
+			 * Use the private key, x, along with the generator g
-+			 *  [DSA_P] [0] is p (prime number)
+			 * and prime modulus p included in the domain
-+			 *  [DSA_Q] [1] is q (prime order)
+			 * parameters associated with the key pair to compute
-+			 *  [DSA_G] [2] is g (generator)
+			 * g^x mod p. Compare the result to the public key, y.
 +			 *  [DSA_Y] [3] is y (public key)
 +			 *  [DSA_X] [4] is x (private key only)
 +			 *
 +			 * Regenerate the public key from the private key with
 +			 * y = g^x mod p and compare it with the previous one.
 +			 */
 +
 +			mpz_t p, g, y, x;
 +
 +			mpz_init(p);
 +			mpz_init(g);
 +			mpz_init(y);
-+			mpz_init(x);
+			mpz_powm(y,
-+
+				 TOMPZ(params->params[DSA_G]),
-+			mpz_set(p, params->params[DSA_P]);
+				 TOMPZ(params->params[DSA_X]),
-+			mpz_set(g, params->params[DSA_G]);
+				 TOMPZ(params->params[DSA_P]));
-+			mpz_set(x, params->params[DSA_X]);
+			if (unlikely
-+
+			    (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
-+			mpz_powm(y, g, x, p);
+				ret =
-+
+				    gnutls_assert_val
-+			ret = mpz_cmp(y, params->params[DSA_Y]);
+				    (GNUTLS_E_PK_GENERATION_ERROR);
 +			if (unlikely(ret != 0)) {
 +				ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
 +			}
 +
 +			mpz_clear(p);
 +			mpz_clear(g);
 +				mpz_clear(y);
 +			mpz_clear(x);
 +			if (ret < 0) {
 +				goto cleanup;
 +			}
-+		}
+			mpz_clear(y);
 +			break;
 +		}
 	case GNUTLS_PK_ECDH_X25519:
 	case GNUTLS_PK_ECDH_X448:
 		ret = 0;
@@ -2780,8 +2822,17 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a
 				}
 			}
 #endif
 -
 -			ret = _gnutls_mpi_init_multi(&params->params[DSA_Y], &params->params[DSA_X], NULL);
 +			if (_gnutls_fips_mode_enabled()) {
 +				ret = _gnutls_mpi_init_multi(&params->params[DSA_P],
 +							     &params->params[DSA_G],
 +							     &params->params[DSA_Y],
 +							     &params->params[DSA_X],
 +							     NULL);
 +			} else {
 +				ret = _gnutls_mpi_init_multi(&params->params[DSA_Y],
 +							     &params->params[DSA_X],
 +							     NULL);
 +			}
 			if (ret < 0) {
 				gnutls_assert();
 				goto dh_fail;
@@ -2790,6 +2841,11 @@ wrap_nettle_pk_generate_keys(gnutls_pk_a
 			mpz_set(TOMPZ(params->params[DSA_Y]), y);
 			mpz_set(TOMPZ(params->params[DSA_X]), x);
 			params->params_nr += 2;
 +			if (_gnutls_fips_mode_enabled()) {
 +				mpz_set(TOMPZ(params->params[DSA_P]), pub.p);
 +				mpz_set(TOMPZ(params->params[DSA_G]), pub.g);
 +				params->params_nr += 2;
 +			}
 			ret = 0;
--- a/gnutls-FIPS-PCT-ECDH.patch
+++ b/gnutls-FIPS-PCT-ECDH.patch
@ -1,7 +1,22 @@
-Index: gnutls-3.7.3/lib/nettle/pk.c
+From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001
-===================================================================
+From: Pedro Monreal <pmgdeb@gmail.com>
--- gnutls-3.7.3.orig/lib/nettle/pk.c
+Date: Fri, 24 Feb 2023 22:02:48 +0000
-+++ gnutls-3.7.3/lib/nettle/pk.c
+Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key
 derivation
 This implements full public key validation required in
 SP800-56A rev3, section 5.6.2.3.3.
 Co-authored-by: Daiki Ueno <ueno@gnu.org>
 Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
 ---
 lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 125 insertions(+), 3 deletions(-)
 diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
 index 6adf958a61..d30bca594f 100644
 --- a/lib/nettle/pk.c
 +++ b/lib/nettle/pk.c
@@ -71,6 +71,9 @@
 static inline const struct ecc_curve *get_supported_nist_curve(int curve);
 static inline const struct ecc_curve *get_supported_gost_curve(int curve);
@ -12,7 +27,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 /* When these callbacks are used for a nettle operation, the
  * caller must check the macro HAVE_LIB_ERROR() after the operation
  * is complete. If the macro is true, the operation is to be considered
-@@ -406,6 +409,10 @@ dh_cleanup:
+@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
 			struct ecc_scalar ecc_priv;
 			struct ecc_point ecc_pub;
 			const struct ecc_curve *curve;
@ -23,7 +38,7 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 			out->data = NULL;
-@@ -425,10 +432,21 @@ dh_cleanup:
+@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
 				not_approved = true;
 			}
@ -42,20 +57,19 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 			if (ret < 0) {
 				gnutls_assert();
 -				goto cleanup;
-+				goto ecc_pub_cleanup;
+				goto ecc_fail_cleanup;
 			}
- 			ret =
+ 			ret = _ecc_params_to_privkey(priv, &ecc_priv, curve);
@@ -436,7 +454,7 @@ dh_cleanup:
 			if (ret < 0) {
 				ecc_point_clear(&ecc_pub);
 				gnutls_assert();
 -				goto cleanup;
-+				goto ecc_priv_cleanup;
+				goto ecc_fail_cleanup;
 			}
 			out->size = gnutls_ecc_curve_get_size(priv->curve);
-@@ -449,16 +467,111 @@ dh_cleanup:
+@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
 				goto ecc_cleanup;
 			}
@ -75,7 +89,6 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 				gnutls_free(out->data);
 +				goto ecc_cleanup;
 +			}
 +
 +#ifdef ENABLE_FIPS140
 +			if (_gnutls_fips_mode_enabled()) {
 +				const char *order, *modulus;
@ -90,7 +103,9 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 +				 *
 +				 * Both checks are performed in nettle.  */
 +				if (!ecc_point_set(&r, x, y)) {
-+					ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_ILLEGAL_PARAMETER);
 +					goto ecc_cleanup;
 +				}
 +
@ -105,27 +120,38 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 +				 *
 +				 * That effectively means: n * Q = -Q + Q = O
 +				 */
-+				order = get_supported_nist_curve_order(priv->curve);
+				order =
 +				    get_supported_nist_curve_order(priv->curve);
 +				if (unlikely(order == NULL)) {
-+					ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_INTERNAL_ERROR);
 +					goto ecc_cleanup;
 +				}
 +
 +				ret = mpz_set_str(nn, order, 16);
 +				if (unlikely(ret < 0)) {
-+					ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
+					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_MPI_SCAN_FAILED);
 +					goto ecc_cleanup;
 +				}
 +
-+				modulus = get_supported_nist_curve_modulus(priv->curve);
+				modulus =
 +				    get_supported_nist_curve_modulus
 +				    (priv->curve);
 +				if (unlikely(modulus == NULL)) {
-+					ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_INTERNAL_ERROR);
 +					goto ecc_cleanup;
 +				}
 +
 +				ret = mpz_set_str(mm, modulus, 16);
 +				if (unlikely(ret < 0)) {
-+					ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
+					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_MPI_SCAN_FAILED);
 +					goto ecc_cleanup;
 +				}
 +
@ -137,22 +163,20 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 +				mpz_sub(mm, mm, y);
 +
 +				if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) {
-+					ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+					ret =
 +					    gnutls_assert_val
 +					    (GNUTLS_E_ILLEGAL_PARAMETER);
 +					goto ecc_cleanup;
 +				}
 +			} else {
 +				not_approved = true;
 +			}
 +#endif
 +
 +			ret = 0;
  ecc_cleanup:
-			ecc_point_clear(&ecc_pub);
+ 			ecc_point_clear(&ecc_pub);
 			ecc_scalar_zclear(&ecc_priv);
-+		      ecc_priv_cleanup:
+ ecc_fail_cleanup:
 +			ecc_point_clear(&ecc_pub);
 +		      ecc_pub_cleanup:
 +			mpz_clear(x);
 +			mpz_clear(y);
 +			mpz_clear(xx);
@ -162,10 +186,8 @@ Index: gnutls-3.7.3/lib/nettle/pk.c
 +			ecc_point_clear(&r);
 +			ecc_scalar_clear(&n);
 +			ecc_scalar_clear(&m);
 +
 			if (ret < 0)
 				goto cleanup;
 +
 			break;
- 		}
+-- 
- 	case GNUTLS_PK_ECDH_X25519:
+GitLab
--- a/gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
+++ b/gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
@ -1,114 +0,0 @@
 Index: gnutls-3.7.7/lib/crypto-api.c
 ===================================================================
 --- gnutls-3.7.7.orig/lib/crypto-api.c
 +++ gnutls-3.7.7/lib/crypto-api.c
@@ -2228,7 +2228,12 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac
 	if (!is_mac_algo_allowed(mac)) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 -	} else if (!is_mac_algo_approved_in_fips(mac)) {
 +	} else if (!is_mac_algo_approved_for_pbkdf2_in_fips(mac)) {
 +		not_approved = true;
 +	}
 +
 +	/* Key lengthes less than 112 bits are not approved */
 +	if (length < 14 || key->size < 14) {
 		not_approved = true;
 	}
 Index: gnutls-3.7.7/lib/fips.h
 ===================================================================
 --- gnutls-3.7.7.orig/lib/fips.h
 +++ gnutls-3.7.7/lib/fips.h
@@ -100,6 +100,25 @@ is_mac_algo_approved_in_fips(gnutls_mac_
 }
 inline static bool
 +is_mac_algo_approved_for_pbkdf2_in_fips(gnutls_mac_algorithm_t algo)
 +{
 +	switch (algo) {
 +	case GNUTLS_MAC_SHA1:
 +	case GNUTLS_MAC_SHA256:
 +	case GNUTLS_MAC_SHA384:
 +	case GNUTLS_MAC_SHA512:
 +	case GNUTLS_MAC_SHA224:
 +	case GNUTLS_MAC_SHA3_224:
 +	case GNUTLS_MAC_SHA3_256:
 +	case GNUTLS_MAC_SHA3_384:
 +	case GNUTLS_MAC_SHA3_512:
 +		return true;
 +	default:
 +		return false;
 +	}
 +}
 +
 +inline static bool
 is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo)
 {
 	return is_mac_algo_approved_in_fips(algo);
 Index: gnutls-3.7.7/lib/crypto-selftests.c
 ===================================================================
 --- gnutls-3.7.7.orig/lib/crypto-selftests.c
 +++ gnutls-3.7.7/lib/crypto-selftests.c
@@ -3090,30 +3090,6 @@ struct pbkdf2_vectors_st {
 };
 const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
 -	/* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
 -	{
 -		STR(key, key_size, "passwd"),
 -		STR(salt, salt_size, "salt"),
 -		.iter_count = 1,
 -		STR(output, output_size,
 -		    "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
 -		    "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
 -		    "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
 -		    "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
 -		    "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
 -	},
 -	/* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
 -	{
 -		STR(key, key_size, "Password"),
 -		STR(salt, salt_size, "NaCl"),
 -		.iter_count = 80000,
 -		STR(output, output_size,
 -		    "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
 -		    "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
 -		    "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
 -		    "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
 -		    "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
 -	},
 	/* Test vector extracted from:
 	 * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
 	{
 Index: gnutls-3.7.7/tests/kdf-api.c
 ===================================================================
 --- gnutls-3.7.7.orig/tests/kdf-api.c
 +++ gnutls-3.7.7/tests/kdf-api.c
@@ -192,14 +192,19 @@ doit(void)
 		  "2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
 		  "34007208d5b887185865");
 -	/* Test vector from RFC 6070.  More thorough testing is done
 -	 * in nettle. */
 -	test_pbkdf2(GNUTLS_MAC_SHA1,
 -		    "70617373776f7264", /* "password" */
 -		    "73616c74",		/* "salt" */
 +	/* Test vector extracted from:
 +	 * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
 +	test_pbkdf2(GNUTLS_MAC_SHA256,
 +		    "70617373776f726450415353"
 +		    "574f524470617373776f7264", /* "passwordPASSWORDpassword" */
 +		    "73616c7453414c5473616c74"
 +		    "53414c5473616c7453414c54"
 +		    "73616c7453414c5473616c74", /* "saltSALTsaltSALTsaltSALTsaltSALTsalt" */
 		    4096,
 -		    20,
 -		    "4b007901b765489abead49d926f721d065a429c1");
 +		    40,
 +		    "348c89dbcbd32b2f32d814b8"
 +		    "116e84cf2b17347ebc180018"
 +		    "1c4e2a1fb8dd53e1c635518c7dac47e9");
 	gnutls_fips140_context_deinit(fips_context);
 }
--- a/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
+++ b/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
@ -1,91 +0,0 @@
 ---
 lib/nettle/sysrng-linux.c |    6 ++++++
 1 file changed, 6 insertions(+)
 Index: gnutls-3.7.8/lib/nettle/sysrng-linux.c
 ===================================================================
 --- gnutls-3.7.8.orig/lib/nettle/sysrng-linux.c
 +++ gnutls-3.7.8/lib/nettle/sysrng-linux.c
@@ -49,11 +49,13 @@
 get_entropy_func _rnd_get_system_entropy = NULL;
 #if defined(__linux__)
 -# ifdef ENABLE_FIPS140
 +# if defined(ENABLE_FIPS140)
 #  define HAVE_JENT
 #  include <jitterentropy.h>
 static int jent_initialized = 0;
 static struct rand_data* ec = NULL;
 +/* Declare function to fix a missing-prototypes compilation warning */
 +void FIPS_jent_entropy_deinit(void);
 # endif
 # ifdef HAVE_GETRANDOM
 #  include <sys/random.h>
@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si
 #  endif
 # endif
 -# if defined(HAVE_JENT)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 /* check whether the CPU Jitter entropy collector is available. */
 static unsigned FIPS_jent_entropy_init(void)
 {
@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent(
 	return 0;
 }
 +#  endif
 # endif
 static unsigned have_getrandom(void)
@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void)
 	int urandom_fd;
 #if defined(__linux__)
 -# if defined(HAVE_JENT)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 	/* Enable jitterentropy usage if available */
 	if (FIPS_jent_entropy_init()) {
 		_rnd_get_system_entropy = _rnd_get_system_entropy_jent;
@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void)
 		return 0;
 	} else {
 		_gnutls_debug_log("jitterentropy is not available\n");
 +		/* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
 +		if (_gnutls_fips_mode_enabled()) {
 +			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 +			_gnutls_switch_lib_state(LIB_STATE_ERROR);
 +			return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
 +		}
 	}
 +#  endif
 # endif
 	/* Enable getrandom() usage if available */
 	if (have_getrandom()) {
@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void)
 {
 	/* A no-op now when we open and close /dev/urandom every time */
 #if defined(__linux__)
 -# if defined(HAVE_JENT)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 	FIPS_jent_entropy_deinit();
 +#  endif
 # endif
 #endif
 	return;
 Index: gnutls-3.7.8/tests/Makefile.am
 ===================================================================
 --- gnutls-3.7.8.orig/tests/Makefile.am
 +++ gnutls-3.7.8/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
 	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
 -	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
 +	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
 	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
 	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
 	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \
--- a/gnutls-FIPS-disable-failing-tests.patch
+++ b/gnutls-FIPS-disable-failing-tests.patch
@ -1,36 +0,0 @@
 Index: gnutls-3.7.7/guile/Makefile.am
 ===================================================================
 --- gnutls-3.7.7.orig/guile/Makefile.am
 +++ gnutls-3.7.7/guile/Makefile.am
@@ -102,14 +102,11 @@ endif HAVE_GUILD
 #
 TESTS =						\
 -  tests/anonymous-auth.scm			\
 -  tests/session-record-port.scm			\
   tests/pkcs-import-export.scm			\
   tests/errors.scm				\
   tests/x509-certificates.scm			\
   tests/x509-auth.scm				\
   tests/reauth.scm				\
 -  tests/premature-termination.scm		\
   tests/priorities.scm
 if ENABLE_SRP
 Index: gnutls-3.7.7/guile/Makefile.in
 ===================================================================
 --- gnutls-3.7.7.orig/guile/Makefile.in
 +++ gnutls-3.7.7/guile/Makefile.in
@@ -2335,10 +2335,9 @@ CLEANFILES = modules/gnutls.scm $(am__ap
 #
 # Tests.
 #
 -TESTS = tests/anonymous-auth.scm tests/session-record-port.scm \
 -	tests/pkcs-import-export.scm tests/errors.scm \
 +TESTS = tests/pkcs-import-export.scm tests/errors.scm \
 	tests/x509-certificates.scm tests/x509-auth.scm \
 -	tests/reauth.scm tests/premature-termination.scm \
 +	tests/reauth.scm \
 	tests/priorities.scm $(am__append_2)
 TESTS_ENVIRONMENT = \
   GUILE_AUTO_COMPILE=0				\
--- a/gnutls-FIPS-jitterentropy.patch
+++ b/gnutls-FIPS-jitterentropy.patch
@ -1,24 +1,28 @@
-Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
+Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c
 ===================================================================
--- gnutls-3.7.3.orig/lib/nettle/sysrng-linux.c
+--- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c
-+++ gnutls-3.7.3/lib/nettle/sysrng-linux.c
+++ gnutls-3.8.0/lib/nettle/sysrng-linux.c
-@@ -49,6 +49,12 @@
+@@ -49,6 +49,15 @@
 get_entropy_func _rnd_get_system_entropy = NULL;
 #if defined(__linux__)
-+# ifdef ENABLE_FIPS140
+# if defined(ENABLE_FIPS140)
 +#  define HAVE_JENT
 +#  include <jitterentropy.h>
-+static int jent_initialized = 0;
+/* Per thread context of random generator, and a flag to indicate initialization */
-+static struct rand_data* ec = NULL;
+static _Thread_local struct rand_data* ec = NULL;
 +static _Thread_local int jent_initialized = 0;
 +/* Declare function to fix a missing-prototypes compilation warning */
 +void FIPS_jent_entropy_deinit(void);
 +# endif
 # ifdef HAVE_GETRANDOM
 #  include <sys/random.h>
 # else
-@@ -66,6 +72,96 @@ static ssize_t _getrandom0(void *buf, si
+@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si
 #  endif
 # endif
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 +/* check whether the CPU Jitter entropy collector is available. */
 +static unsigned FIPS_jent_entropy_init(void)
@ -62,6 +66,8 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
 +               ec = NULL;
 +       }
 +
 +       jent_initialized = 0;
 +
 +       return;
 +}
 +
@ -109,13 +115,16 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
 +       return 0;
 +}
 +#  endif
- 
+# endif
 +
 static unsigned have_getrandom(void)
 {
-@@ -164,6 +260,16 @@ int _rnd_system_entropy_init(void)
+ 	char c;
@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void)
 	int urandom_fd;
 #if defined(__linux__)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 +	/* Enable jitterentropy usage if available */
 +	if (FIPS_jent_entropy_init()) {
@ -124,28 +133,36 @@ Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c
 +		return 0;
 +	} else {
 +		_gnutls_debug_log("jitterentropy is not available\n");
 +		/* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
 +		if (_gnutls_fips_mode_enabled()) {
 +			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 +			_gnutls_switch_lib_state(LIB_STATE_ERROR);
 +			return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
 +		}
 +	}
 +#  endif
 +# endif
 	/* Enable getrandom() usage if available */
 	if (have_getrandom()) {
 		_rnd_get_system_entropy = _rnd_get_system_entropy_getrandom;
-@@ -193,6 +299,11 @@ int _rnd_system_entropy_init(void)
+@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void)
 void _rnd_system_entropy_deinit(void)
 {
 	/* A no-op now when we open and close /dev/urandom every time */
 +#if defined(__linux__)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 +	FIPS_jent_entropy_deinit();
 +#  endif
 +# endif
 +#endif
 	return;
 }
- 
+Index: gnutls-3.8.0/lib/nettle/Makefile.in
 Index: gnutls-3.7.3/lib/nettle/Makefile.in
 ===================================================================
--- gnutls-3.7.3.orig/lib/nettle/Makefile.in
+--- gnutls-3.8.0.orig/lib/nettle/Makefile.in
-+++ gnutls-3.7.3/lib/nettle/Makefile.in
+++ gnutls-3.8.0/lib/nettle/Makefile.in
-@@ -398,7 +398,7 @@ am__v_CC_1 =
+@@ -399,7 +399,7 @@ am__v_CC_1 =
 CCLD = $(CC)
 LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@ -154,10 +171,10 @@ Index: gnutls-3.7.3/lib/nettle/Makefile.in
 AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
-Index: gnutls-3.7.3/lib/nettle/Makefile.am
+Index: gnutls-3.8.0/lib/nettle/Makefile.am
 ===================================================================
--- gnutls-3.7.3.orig/lib/nettle/Makefile.am
+--- gnutls-3.8.0.orig/lib/nettle/Makefile.am
-+++ gnutls-3.7.3/lib/nettle/Makefile.am
+++ gnutls-3.8.0/lib/nettle/Makefile.am
@@ -20,7 +20,7 @@
 include $(top_srcdir)/lib/common.mk
@ -167,10 +184,10 @@ Index: gnutls-3.7.3/lib/nettle/Makefile.am
 AM_CPPFLAGS = \
 	-I$(srcdir)/int		\
-Index: gnutls-3.7.3/lib/nettle/rnd-fips.c
+Index: gnutls-3.8.0/lib/nettle/rnd-fips.c
 ===================================================================
--- gnutls-3.7.3.orig/lib/nettle/rnd-fips.c
+--- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c
-+++ gnutls-3.7.3/lib/nettle/rnd-fips.c
+++ gnutls-3.8.0/lib/nettle/rnd-fips.c
@@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc
 	uint8_t buffer[DRBG_AES_SEED_SIZE];
 	int ret;
@ -193,3 +210,16 @@ Index: gnutls-3.7.3/lib/nettle/rnd-fips.c
 	ret = get_entropy(fctx, buffer, sizeof(buffer));
 	if (ret < 0) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 Index: gnutls-3.8.0/tests/Makefile.am
 ===================================================================
 --- gnutls-3.8.0.orig/tests/Makefile.am
 +++ gnutls-3.8.0/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
 	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
 -	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
 +	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
 	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
 	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
 	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \
--- a/gnutls-Make-XTS-key-check-failure-not-fatal.patch
+++ b/gnutls-Make-XTS-key-check-failure-not-fatal.patch
@ -1,242 +0,0 @@
 From 00fff0aad2b606801704046042aa3b2b24f07d63 Mon Sep 17 00:00:00 2001
 From: Zoltan Fridrich <zfridric@redhat.com>
 Date: Thu, 29 Sep 2022 15:31:28 +0200
 Subject: [PATCH] Make XTS key check failure not fatal
 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 ---
 lib/accelerated/x86/aes-xts-x86-aesni.c |  1 -
 lib/nettle/cipher.c                     | 73 ++++++++---------------
 tests/Makefile.am                       |  2 +-
 tests/xts-key-check.c                   | 78 +++++++++++++++++++++++++
 5 files changed, 103 insertions(+), 52 deletions(-)
 create mode 100644 tests/xts-key-check.c
 diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
 index 0588d0bd55..d6936a688d 100644
 --- a/lib/accelerated/x86/aes-xts-x86-aesni.c
 +++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
@@ -73,7 +73,6 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	/* Check key block according to FIPS-140-2 IG A.9 */
 	if (_gnutls_fips_mode_enabled()){
 		if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
 -			_gnutls_switch_lib_state(LIB_STATE_ERROR);
 			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 		}
 	}
 diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
 index c9c59fb0ba..9c2ce19e7e 100644
 --- a/lib/nettle/cipher.c
 +++ b/lib/nettle/cipher.c
@@ -448,12 +448,14 @@ _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 		    length, dst, src);
 }
 -static void _des_set_key(struct des_ctx *ctx, const uint8_t *key)
 +static void
 +_des_set_key(struct des_ctx *ctx, const uint8_t *key)
 {
 	des_set_key(ctx, key);
 }
 -static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
 +static void
 +_des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
 {
 	des3_set_key(ctx, key);
 }
@@ -476,50 +478,6 @@ _cfb8_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 		     length, dst, src);
 }
 -static void
 -_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes128_set_encrypt_key(xts_key, key);
 -}
 -
 -static void
 -_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes128_set_decrypt_key(xts_key, key);
 -}
 -
 -static void
 -_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes256_set_encrypt_key(xts_key, key);
 -}
 -
 -static void
 -_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes256_set_decrypt_key(xts_key, key);
 -}
 -
 static void
 _xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 		    const uint8_t * src)
@@ -1041,8 +999,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
 	   .ctx_size = sizeof(struct xts_aes128_key),
 	   .encrypt = _xts_aes128_encrypt,
 	   .decrypt = _xts_aes128_decrypt,
 -	   .set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key,
 -	   .set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key,
 +	   .set_encrypt_key = (nettle_set_key_func*)xts_aes128_set_encrypt_key,
 +	   .set_decrypt_key = (nettle_set_key_func*)xts_aes128_set_decrypt_key,
 	   .max_iv_size = AES_BLOCK_SIZE,
 	},
 	{  .algo = GNUTLS_CIPHER_AES_256_XTS,
@@ -1052,8 +1010,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
 	   .ctx_size = sizeof(struct xts_aes256_key),
 	   .encrypt = _xts_aes256_encrypt,
 	   .decrypt = _xts_aes256_decrypt,
 -	   .set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key,
 -	   .set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key,
 +	   .set_encrypt_key = (nettle_set_key_func*)xts_aes256_set_encrypt_key,
 +	   .set_decrypt_key = (nettle_set_key_func*)xts_aes256_set_decrypt_key,
 	   .max_iv_size = AES_BLOCK_SIZE,
 	},
 	{  .algo = GNUTLS_CIPHER_AES_128_SIV,
@@ -1144,6 +1102,21 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 		return 0;
 	}
 +	switch (ctx->cipher->algo) {
 +	case GNUTLS_CIPHER_AES_128_XTS:
 +		if (_gnutls_fips_mode_enabled() &&
 +		    gnutls_memcmp(key, (char *)key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
 +			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 +		break;
 +	case GNUTLS_CIPHER_AES_256_XTS:
 +		if (_gnutls_fips_mode_enabled() &&
 +		    gnutls_memcmp(key, (char *)key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
 +			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 +		break;
 +	default:
 +		break;
 +	}
 +
 	if (ctx->enc)
 		ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key);
 	else
 diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 3e126f0046..1122886b31 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
 	 tls13-without-timeout-func buffer status-request-revoked \
 	 set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \
 	 x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \
 -	 x509-upnconstraint cipher-padding pkcs7-verify-double-free \
 +	 x509-upnconstraint xts-key-check cipher-padding pkcs7-verify-double-free \
 	 fips-rsa-sizes
 ctests += tls-channel-binding
 diff --git a/tests/xts-key-check.c b/tests/xts-key-check.c
 new file mode 100644
 index 0000000000..a3bea5abca
 --- /dev/null
 +++ b/tests/xts-key-check.c
@@ -0,0 +1,78 @@
 +/*
 + * Copyright (C) 2022 Red Hat, Inc.
 + *
 + * Author: Zoltan Fridrich
 + *
 + * This file is part of GnuTLS.
 + *
 + * GnuTLS is free software: you can redistribute it and/or modify it
 + * under the terms of the GNU General Public License as published by
 + * the Free Software Foundation, either version 3 of the License, or
 + * (at your option) any later version.
 + *
 + * GnuTLS is distributed in the hope that it will be useful, but
 + * WITHOUT ANY WARRANTY; without even the implied warranty of
 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 + * General Public License for more details.
 + *
 + * You should have received a copy of the GNU General Public License
 + * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
 + */
 +
 +#ifdef HAVE_CONFIG_H
 +#include <config.h>
 +#endif
 +
 +#include <gnutls/crypto.h>
 +
 +#include "utils.h"
 +
 +static void test_xts_check(gnutls_cipher_algorithm_t alg)
 +{
 +	int ret;
 +	gnutls_cipher_hd_t ctx;
 +	gnutls_datum_t key, iv;
 +
 +	iv.size = gnutls_cipher_get_iv_size(alg);
 +	iv.data = gnutls_malloc(iv.size);
 +	if (iv.data == NULL)
 +		fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
 +	gnutls_memset(iv.data, 0xf0, iv.size);
 +
 +	key.size = gnutls_cipher_get_key_size(alg);
 +	key.data = gnutls_malloc(key.size);
 +	if (key.data == NULL) {
 +		gnutls_free(iv.data);
 +		fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
 +	}
 +	gnutls_memset(key.data, 0xf0, key.size);
 +
 +	ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
 +	if (ret == GNUTLS_E_SUCCESS) {
 +		gnutls_cipher_deinit(ctx);
 +		gnutls_free(iv.data);
 +		gnutls_free(key.data);
 +		fail("cipher initialization should fail for key1 == key2\n");
 +	}
 +
 +	key.data[0] = 0xff;
 +
 +	ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
 +	gnutls_free(iv.data);
 +	gnutls_free(key.data);
 +
 +	if (ret == GNUTLS_E_SUCCESS)
 +		gnutls_cipher_deinit(ctx);
 +	else
 +		fail("cipher initialization should succeed with key1 != key2"
 +		     "\n%s\n", gnutls_strerror(ret));
 +}
 +
 +void doit(void)
 +{
 +	if (!gnutls_fips140_mode_enabled())
 +		exit(77);
 +
 +	test_xts_check(GNUTLS_CIPHER_AES_128_XTS);
 +	test_xts_check(GNUTLS_CIPHER_AES_256_XTS);
 +}
 -- 
 GitLab
--- a/gnutls-verify-library-HMAC.patch
+++ b/gnutls-verify-library-HMAC.patch
@ -1,21 +0,0 @@
 Index: gnutls-3.7.8/lib/fips.c
 ===================================================================
 --- gnutls-3.7.8.orig/lib/fips.c
 +++ gnutls-3.7.8/lib/fips.c
@@ -402,6 +402,8 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&file.gnutls, GNUTLS_LIBRARY_NAME, "gnutls_global_init");
 	if (ret < 0)
 		return ret;
 +	/* Check only the binary integrity of the libgnutls library */
 +#if 0
 	ret = check_lib_hmac(&file.nettle, NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
 	if (ret < 0)
 		return ret;
@@ -411,6 +413,7 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
 	if (ret < 0)
 		return ret;
 +#endif
 	return 0;
 }
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,84 @@
 -------------------------------------------------------------------
 Mon Apr 10 14:48:41 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Temporarily disable GNULIB's year2038 support for 64bit time_t
  by using the --disable-year2038 flag. This omits support for
  timestamps past the year 2038:
  * Fixes the public API on 32-bit architectures avoiding to
    change the size of time_t as it cannot be changed without
    breaking the ABI compatibility.
  * Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1466
 -------------------------------------------------------------------
 Tue Feb 21 10:17:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Update to 3.8.0: [bsc#1205763, bsc#1209627]
  * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
    exchange. Reported by Hubert Kario (#1050). Fix developed by
    Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
    [CVE-2023-0361]
  * libgnutls: C++ library is now header only. All definitions
    from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
    C++ interface have two options:
    1. include gnutlsxx.h in their application and link against
       the C library. (default)
    2. include gnutlsxx.h in their application, compile with
       GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
       against the C++ library.
  * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
    priority modifier have been added to allow disabling of the
    status_request TLS extension in the client side.
  * libgnutls: TLS heartbeat is disabled by default.
    The heartbeat extension in TLS (RFC 6520) is not widely used
    given other implementations dropped support for it. To enable
    back support for it, supply --enable-heartbeat-support to
    configure script.
  * libgnutls: SRP authentication is now disabled by default.
    It is disabled because the SRP authentication in TLS is not
    up to date with the latest TLS standards and its ciphersuites
    are based on the CBC mode and SHA-1. To enable it back, supply
    --enable-srp-authentication option to configure script.
  * libgnutls: All code has been indented using "indent -ppi1 -linux".
    CI/CD has been adjusted to catch regressions. This is implemented
    through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
    commit-check. You may run devel/indent-gnutls to fix any
    indentation issues if you make code modifications.
  * guile: Guile-bindings removed. They have been extracted into a
    separate project to reduce complexity and to simplify maintenance,
    see <https://gitlab.com/gnutls/guile/>.
  * minitasn1: Upgraded to libtasn1 version 4.19.
  * API and ABI modifications:
    GNUTLS_NO_STATUS_REQUEST: New flag
    GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
    GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
  * Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
    and gnutls-FIPS-jitterentropy-threadsafe.patch into the main
    patch gnutls-FIPS-jitterentropy.patch
  * Rebase gnutls-FIPS-140-3-references.patch
  * Rebase patches with upstream version:
    - gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch
  * Remove patches merged/fixed upstream:
    - gnutls-FIPS-disable-failing-tests.patch
    - gnutls-verify-library-HMAC.patch
    - gnutls_ECDSA_signing.patch
    - gnutls-Make-XTS-key-check-failure-not-fatal.patch
    - gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
  * Update keyring with https://gnutls.org/gnutls-release-keyring.gpg
 -------------------------------------------------------------------
 Thu Feb 16 19:43:04 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
  * Add gnutls-FIPS-jitterentropy-threadsafe.patch
 -------------------------------------------------------------------
 Thu Feb 16 12:31:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Rebase patches with the version submitted upstream.
  * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
  * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch
 -------------------------------------------------------------------
 Fri Feb 10 13:12:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
--- a/gnutls.keyring
+++ b/gnutls.keyring
--- a/gnutls.spec
+++ b/gnutls.spec
@ -25,6 +25,11 @@
 %else
 %bcond_with dane
 %endif
 %if 0%{?suse_version} >= 1550
 %bcond_without srp
 %else
 %bcond_with srp
 %endif
 # Enable Linux kernel AF_ALG based acceleration
 %if 0%{?suse_version} >= 1550
 # disable for now, as our OBS builds do not work with it. Marcus 20220511
@ -34,50 +39,37 @@
 %bcond_with kcapi
 %endif
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.7.9
+Version:        3.8.0
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        GPL-3.0-or-later AND LGPL-2.1-or-later
 Group:          Productivity/Networking/Security
 URL:            https://www.gnutls.org/
-Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
+Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
-Source1:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
+Source1:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig
 # https://gnutls.org/gnutls-release-keyring.gpg
-Source2:        gnutls.keyring
+Source2:        https://gnutls.org/gnutls-release-keyring.gpg#/gnutls.keyring
 Source3:        baselibs.conf
 # Suppress a false positive on the .hmac file
 Source4:        gnutls.rpmlintrc
 Patch0:         gnutls-3.5.11-skip-trust-store-tests.patch
 Patch1:         gnutls-FIPS-TLS_KDF_selftest.patch
-Patch2:         gnutls-FIPS-disable-failing-tests.patch
+Patch2:         gnutls-disable-flaky-test-dtls-resume.patch
-Patch3:         gnutls_ECDSA_signing.patch
+# FIPS 140-3 patches:
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 %ifnarch s390 s390x
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
 Patch4:         gnutls-FIPS-jitterentropy.patch
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode
 Patch5:         gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
 %endif
 %endif
 #PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
 Patch6:         gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
 #PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal
 Patch7:         gnutls-Make-XTS-key-check-failure-not-fatal.patch
 Patch8:         gnutls-disable-flaky-test-dtls-resume.patch
 #PATCH-FIX-OPENSUSE bsc#1199881 Verify only the libgnutls library HMAC
 Patch9:         gnutls-verify-library-HMAC.patch
 #PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration
-Patch10:        gnutls-FIPS-PCT-DH.patch
+Patch100:       gnutls-FIPS-PCT-DH.patch
-Patch11:        gnutls-FIPS-PCT-ECDH.patch
+Patch101:       gnutls-FIPS-PCT-ECDH.patch
 #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3
-Patch12:        gnutls-FIPS-140-3-references.patch
+Patch102:       gnutls-FIPS-140-3-references.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
 Patch103:       gnutls-FIPS-jitterentropy.patch
 %endif
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 BuildRequires:  gtk-doc
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
@ -112,9 +104,6 @@ BuildRequires:  unbound-devel
 BuildRequires:  libunbound-devel
 %endif
 %endif
 %if %{with guile}
 BuildRequires:  guile-devel > 1.8
 %endif
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 BuildRequires:  crypto-policies
 Requires:       crypto-policies
@ -213,17 +202,6 @@ Requires:       libstdc++-devel
 %description -n libgnutlsxx-devel
 Files needed for software development using gnutls.
 %if %{with guile}
 %package guile
 Summary:        Guile wrappers for gnutls
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/Other
 Requires:       guile > 1.8
 %description guile
 GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
 %endif
 %prep
 %autosetup -p1
@ -233,10 +211,8 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
 export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro"
 export CFLAGS="%{optflags} -fPIE"
 export CXXFLAGS="%{optflags} -fPIE"
 autoreconf -fiv
-# Rename the internal .hmac file to include the so library version
+autoreconf -fiv
 sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.am lib/Makefile.in lib/fips.c
 %configure \
        gl_cv_func_printf_directive_n=yes \
@ -258,16 +234,18 @@ sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.
 %else
        --disable-libdane \
 %endif
-%if %{with guile}
+%if %{with srp}
-        --enable-guile \
+        --enable-srp-authentication \
        --with-guile-extension-dir=%{_libdir}/guile/3.0 \
 %else
        --disable-guile \
 %endif
 %ifarch %{ix86}
        --disable-year2038 \
 %endif
        --enable-shared \
        --enable-fips140-mode \
        --with-fips140-module-name="GnuTLS version" \
        --with-fips140-module-version="%{version}-%{release}" \
        %{nil}
 %make_build
 %install
@ -287,11 +265,11 @@ sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.
 # the macro is too late.
 # remark: This is the same as running
 #   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
-# note: The FIPS hmac is now calculated with an internal tool since
+# Note: The FIPS hmac is now calculated with an internal tool since
 #   commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed
 %{expand:%%global __os_install_post {%__os_install_post
-./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
+ ./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac"
-sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
+ sed -i "s^%{buildroot}/usr^^" "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac"
 }}
 rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
@ -318,7 +296,8 @@ rm -rf %{buildroot}%{_datadir}/doc/gnutls
    find -name test-suite.log -print -exec cat {} +
    exit 1
 }
-#Run the regression tests also in FIPS mode
+
 # Run the regression tests also in forced FIPS mode
 GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
    find -name test-suite.log -print -exec cat {} +
    exit 1
@ -346,7 +325,9 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %{_bindir}/ocsptool
 %{_bindir}/psktool
 %{_bindir}/p11tool
 %if %{with srp}
 %{_bindir}/srptool
 %endif
 %if %{with dane}
 %{_bindir}/danetool
 %endif
@ -414,11 +395,4 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %dir %{_includedir}/%{name}
 %{_includedir}/%{name}/gnutlsxx.h
 %if %{with guile}
 %files guile
 %license LICENSE
 %{_libdir}/guile/*
 %{_datadir}/guile/site/*
 %endif
 %changelog
--- a/gnutls_ECDSA_signing.patch
+++ b/gnutls_ECDSA_signing.patch
@ -1,172 +0,0 @@
 Index: gnutls-3.7.7/lib/crypto-api.c
 ===================================================================
 --- gnutls-3.7.7.orig/lib/crypto-api.c
 +++ gnutls-3.7.7/lib/crypto-api.c
@@ -1056,6 +1056,7 @@ gnutls_hash_hd_t gnutls_hash_copy(gnutls
 int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
 {
 	int ret;
 +	bool not_approved = false;
 	FAIL_IF_LIB_ERROR;
@@ -1066,6 +1067,10 @@ int gnutls_key_generate(gnutls_datum_t *
 	if (_gnutls_fips_mode_enabled() != 0 &&
 	    key_size > FIPS140_RND_KEY_SIZE)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 +	if (key_size < 14) {
 +		not_approved = true;
 +	}
 +
 #endif
 	key->size = key_size;
@@ -1082,6 +1087,15 @@ int gnutls_key_generate(gnutls_datum_t *
 		return ret;
 	}
 +#ifdef ENABLE_FIPS140
 +	if (not_approved) {
 +		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
 +	} else {
 +		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED);
 +	}
 +
 +#endif
 +
 	return 0;
 }
 Index: gnutls-3.7.7/lib/fips.h
 ===================================================================
 --- gnutls-3.7.7.orig/lib/fips.h
 +++ gnutls-3.7.7/lib/fips.h
@@ -145,6 +145,30 @@ is_cipher_algo_allowed_in_fips(gnutls_ci
 	}
 }
 +inline static bool
 +is_digest_algo_approved_for_sign_in_fips(gnutls_digest_algorithm_t algo)
 +{
 +	switch (algo) {
 +	case GNUTLS_DIG_SHA224:
 +	case GNUTLS_DIG_SHA256:
 +	case GNUTLS_DIG_SHA384:
 +	case GNUTLS_DIG_SHA512:
 +	case GNUTLS_DIG_SHA3_224:
 +	case GNUTLS_DIG_SHA3_256:
 +	case GNUTLS_DIG_SHA3_384:
 +	case GNUTLS_DIG_SHA3_512:
 +		return true;
 +	default:
 +		return false;
 +	}
 +}
 +
 +inline static bool
 +is_digest_algo_allowed_for_sign_in_fips(gnutls_digest_algorithm_t algo)
 +{
 +	return is_digest_algo_approved_for_sign_in_fips(algo);
 +}
 +
 #ifdef ENABLE_FIPS140
 /* This will test the condition when in FIPS140-2 mode
  * and return an error if necessary or ignore */
@@ -205,9 +229,33 @@ is_cipher_algo_allowed(gnutls_cipher_alg
 	return true;
 }
 +
 +inline static bool
 +is_digest_algo_allowed_for_sign(gnutls_digest_algorithm_t algo)
 +{
 +	gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled();
 +	if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST &&
 +	    !is_digest_algo_allowed_for_sign_in_fips(algo)) {
 +		switch (mode) {
 +		case GNUTLS_FIPS140_LOG:
 +			_gnutls_audit_log(NULL, "fips140-2: allowing access to %s\n",
 +					  gnutls_cipher_get_name(algo));
 +			FALLTHROUGH;
 +		case GNUTLS_FIPS140_DISABLED:
 +		case GNUTLS_FIPS140_LAX:
 +			return true;
 +		default:
 +			return false;
 +		}
 +	}
 +
 +	return true;
 +}
 +
 #else
 # define is_mac_algo_allowed(x) true
 # define is_cipher_algo_allowed(x) true
 +# define is_digest_algo_allowed_for_sign(x) true
 # define FIPS_RULE(condition, ret_error, ...)
 #endif
 Index: gnutls-3.7.7/lib/privkey.c
 ===================================================================
 --- gnutls-3.7.7.orig/lib/privkey.c
 +++ gnutls-3.7.7/lib/privkey.c
@@ -1284,10 +1284,24 @@ privkey_sign_and_hash_data(gnutls_privke
 	int ret;
 	gnutls_datum_t digest;
 	const mac_entry_st *me;
 +	bool not_approved = false;
 	if (unlikely(se == NULL))
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 +	if (se->pk == GNUTLS_PK_ECDSA && !is_digest_algo_allowed_for_sign(se->hash)) {
 +		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 +		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 +	} else if (se->pk == GNUTLS_PK_ECDSA && !is_digest_algo_approved_for_sign_in_fips(se->hash)) {
 +		not_approved = true;
 +	}
 +
 +	if (not_approved) {
 +		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
 +	} else {
 +		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED);
 +	}
 +
 	if (_gnutls_pk_is_not_prehashed(se->pk)) {
 		return privkey_sign_raw_data(signer, se, data, signature, params);
 	}
 Index: gnutls-3.7.7/tests/fips-test.c
 ===================================================================
 --- gnutls-3.7.7.orig/tests/fips-test.c
 +++ gnutls-3.7.7/tests/fips-test.c
@@ -38,6 +38,7 @@ static void tls_log_func(int level, cons
 	fprintf(stderr, "<%d>| %s", level, str);
 }
 +static uint8_t key13[13];
 static uint8_t key16[16];
 static uint8_t iv16[16];
 uint8_t key_data[64];
@@ -269,6 +270,7 @@ void doit(void)
 	gnutls_pubkey_t pubkey;
 	gnutls_x509_privkey_t xprivkey;
 	gnutls_privkey_t privkey;
 +	gnutls_datum_t key_invalid = { key13, sizeof(key13) };
 	gnutls_datum_t key = { key16, sizeof(key16) };
 	gnutls_datum_t iv = { iv16, sizeof(iv16) };
 	gnutls_datum_t signature;
@@ -309,6 +311,14 @@ void doit(void)
 	/* Try crypto.h functionality */
 	test_ciphers();
 +	/* Try creating key with less than 112 bits: not approved */
 +	FIPS_PUSH_CONTEXT();
 +	ret = gnutls_key_generate(&key_invalid, 13);
 +	if (ret < 0) {
 +		fail("gnutls_generate_key failed\n");
 +	}
 +	FIPS_POP_CONTEXT(NOT_APPROVED);
 +
 	FIPS_PUSH_CONTEXT();
 	ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
 	if (ret < 0) {