Accepting request 1034574 from security:tls

OBS-URL: https://build.opensuse.org/request/show/1034574
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=142

gnutls-3.6.6-set_guile_site_dir.patch

@@ -1,13 +0,0 @@
-Index: gnutls-3.7.7/configure
-===================================================================
---- gnutls-3.7.7.orig/configure
-+++ gnutls-3.7.7/configure
-@@ -74223,7 +74223,7 @@ fi
- 
-   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" >&5
- printf %s "checking for Guile site directory... " >&6; }
--  GUILE_SITE=`$PKG_CONFIG --print-errors --variable=sitedir guile-$GUILE_EFFECTIVE_VERSION`
-+  GUILE_SITE=/usr/share/guile
-   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE" >&5
- printf "%s\n" "$GUILE_SITE" >&6; }
-   if test "$GUILE_SITE" = ""; then

gnutls-3.7.7.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106
-size 6351664

gnutls-3.7.8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114
+size 6029220

gnutls-FIPS-Run-CFB8-without-offset.patch

@@ -1,29 +0,0 @@
-Index: gnutls-3.7.7/lib/crypto-selftests.c
-===================================================================
---- gnutls-3.7.7.orig/lib/crypto-selftests.c
-+++ gnutls-3.7.7/lib/crypto-selftests.c
-@@ -2735,6 +2735,16 @@ int gnutls_cipher_self_test(unsigned fla
- 		NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead,
- 		     chacha_poly1305_vectors);
- 		FALLTHROUGH;
-+		CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
-+		     aes128_cfb8_vectors);
-+		FALLTHROUGH;
-+		CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
-+		     aes192_cfb8_vectors);
-+		FALLTHROUGH;
-+		CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
-+		      aes256_cfb8_vectors);
-+		FALLTHROUGH;
-+#if 0
- 		CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
- 		      test_cipher_all_block_sizes,
- 		      aes128_cfb8_vectors);
-@@ -2747,6 +2757,7 @@ int gnutls_cipher_self_test(unsigned fla
- 		      test_cipher_all_block_sizes,
- 		      aes256_cfb8_vectors);
- 		FALLTHROUGH;
-+#endif
- 		CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher,
- 		     aes128_xts_vectors);
- 		FALLTHROUGH;

gnutls-FIPS-Set-error-state-when-jent-init-failed.patch

@@ -0,0 +1,91 @@
+---
+ lib/nettle/sysrng-linux.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: gnutls-3.7.8/lib/nettle/sysrng-linux.c
+===================================================================
+--- gnutls-3.7.8.orig/lib/nettle/sysrng-linux.c
++++ gnutls-3.7.8/lib/nettle/sysrng-linux.c
+@@ -49,11 +49,13 @@
+ get_entropy_func _rnd_get_system_entropy = NULL;
+ 
+ #if defined(__linux__)
+-# ifdef ENABLE_FIPS140
++# if defined(ENABLE_FIPS140)
+ #  define HAVE_JENT
+ #  include <jitterentropy.h>
+ static int jent_initialized = 0;
+ static struct rand_data* ec = NULL;
++/* Declare function to fix a missing-prototypes compilation warning */
++void FIPS_jent_entropy_deinit(void);
+ # endif
+ # ifdef HAVE_GETRANDOM
+ #  include <sys/random.h>
+@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si
+ #  endif
+ # endif
+ 
+-# if defined(HAVE_JENT)
++# if defined(ENABLE_FIPS140)
++#  if defined(HAVE_JENT)
+ /* check whether the CPU Jitter entropy collector is available. */
+ static unsigned FIPS_jent_entropy_init(void)
+ {
+@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent(
+ 
+ 	return 0;
+ }
++#  endif
+ # endif
+ 
+ static unsigned have_getrandom(void)
+@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void)
+ 	int urandom_fd;
+ 
+ #if defined(__linux__)
+-# if defined(HAVE_JENT)
++# if defined(ENABLE_FIPS140)
++#  if defined(HAVE_JENT)
+ 	/* Enable jitterentropy usage if available */
+ 	if (FIPS_jent_entropy_init()) {
+ 		_rnd_get_system_entropy = _rnd_get_system_entropy_jent;
+@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void)
+ 		return 0;
+ 	} else {
+ 		_gnutls_debug_log("jitterentropy is not available\n");
++		/* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
++		if (_gnutls_fips_mode_enabled()) {
++			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
++			_gnutls_switch_lib_state(LIB_STATE_ERROR);
++			return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
++		}
+ 	}
++#  endif
+ # endif
+ 	/* Enable getrandom() usage if available */
+ 	if (have_getrandom()) {
+@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void)
+ {
+ 	/* A no-op now when we open and close /dev/urandom every time */
+ #if defined(__linux__)
+-# if defined(HAVE_JENT)
++# if defined(ENABLE_FIPS140)
++#  if defined(HAVE_JENT)
+ 	FIPS_jent_entropy_deinit();
++#  endif
+ # endif
+ #endif
+ 	return;
+Index: gnutls-3.7.8/tests/Makefile.am
+===================================================================
+--- gnutls-3.7.8.orig/tests/Makefile.am
++++ gnutls-3.7.8/tests/Makefile.am
+@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
+ 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
+ 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
+ 	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
+-	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
++	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
+ 	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
+ 	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
+ 	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \

gnutls-Make-XTS-key-check-failure-not-fatal.patch

@@ -0,0 +1,242 @@
+From 00fff0aad2b606801704046042aa3b2b24f07d63 Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Thu, 29 Sep 2022 15:31:28 +0200
+Subject: [PATCH] Make XTS key check failure not fatal
+
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+---
+ lib/accelerated/x86/aes-xts-x86-aesni.c |  1 -
+ lib/nettle/cipher.c                     | 73 ++++++++---------------
+ tests/Makefile.am                       |  2 +-
+ tests/xts-key-check.c                   | 78 +++++++++++++++++++++++++
+ 5 files changed, 103 insertions(+), 52 deletions(-)
+ create mode 100644 tests/xts-key-check.c
+
+diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
+index 0588d0bd55..d6936a688d 100644
+--- a/lib/accelerated/x86/aes-xts-x86-aesni.c
++++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
+@@ -73,7 +73,6 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
+ 	/* Check key block according to FIPS-140-2 IG A.9 */
+ 	if (_gnutls_fips_mode_enabled()){
+ 		if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
+-			_gnutls_switch_lib_state(LIB_STATE_ERROR);
+ 			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ 		}
+ 	}
+diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
+index c9c59fb0ba..9c2ce19e7e 100644
+--- a/lib/nettle/cipher.c
++++ b/lib/nettle/cipher.c
+@@ -448,12 +448,14 @@ _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
+ 		    length, dst, src);
+ }
+ 
+-static void _des_set_key(struct des_ctx *ctx, const uint8_t *key)
++static void
++_des_set_key(struct des_ctx *ctx, const uint8_t *key)
+ {
+ 	des_set_key(ctx, key);
+ }
+ 
+-static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
++static void
++_des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
+ {
+ 	des3_set_key(ctx, key);
+ }
+@@ -476,50 +478,6 @@ _cfb8_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
+ 		     length, dst, src);
+ }
+ 
+-static void
+-_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
+-			    const uint8_t *key)
+-{
+-	if (_gnutls_fips_mode_enabled() &&
+-	    gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
+-		_gnutls_switch_lib_state(LIB_STATE_ERROR);
+-
+-	xts_aes128_set_encrypt_key(xts_key, key);
+-}
+-
+-static void
+-_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
+-			    const uint8_t *key)
+-{
+-	if (_gnutls_fips_mode_enabled() &&
+-	    gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
+-		_gnutls_switch_lib_state(LIB_STATE_ERROR);
+-
+-	xts_aes128_set_decrypt_key(xts_key, key);
+-}
+-
+-static void
+-_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
+-			    const uint8_t *key)
+-{
+-	if (_gnutls_fips_mode_enabled() &&
+-	    gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
+-		_gnutls_switch_lib_state(LIB_STATE_ERROR);
+-
+-	xts_aes256_set_encrypt_key(xts_key, key);
+-}
+-
+-static void
+-_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
+-			    const uint8_t *key)
+-{
+-	if (_gnutls_fips_mode_enabled() &&
+-	    gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
+-		_gnutls_switch_lib_state(LIB_STATE_ERROR);
+-
+-	xts_aes256_set_decrypt_key(xts_key, key);
+-}
+-
+ static void
+ _xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
+ 		    const uint8_t * src)
+@@ -1041,8 +999,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
+ 	   .ctx_size = sizeof(struct xts_aes128_key),
+ 	   .encrypt = _xts_aes128_encrypt,
+ 	   .decrypt = _xts_aes128_decrypt,
+-	   .set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key,
+-	   .set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key,
++	   .set_encrypt_key = (nettle_set_key_func*)xts_aes128_set_encrypt_key,
++	   .set_decrypt_key = (nettle_set_key_func*)xts_aes128_set_decrypt_key,
+ 	   .max_iv_size = AES_BLOCK_SIZE,
+ 	},
+ 	{  .algo = GNUTLS_CIPHER_AES_256_XTS,
+@@ -1052,8 +1010,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
+ 	   .ctx_size = sizeof(struct xts_aes256_key),
+ 	   .encrypt = _xts_aes256_encrypt,
+ 	   .decrypt = _xts_aes256_decrypt,
+-	   .set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key,
+-	   .set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key,
++	   .set_encrypt_key = (nettle_set_key_func*)xts_aes256_set_encrypt_key,
++	   .set_decrypt_key = (nettle_set_key_func*)xts_aes256_set_decrypt_key,
+ 	   .max_iv_size = AES_BLOCK_SIZE,
+ 	},
+ 	{  .algo = GNUTLS_CIPHER_AES_128_SIV,
+@@ -1144,6 +1102,21 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
+ 		return 0;
+ 	}
+ 
++	switch (ctx->cipher->algo) {
++	case GNUTLS_CIPHER_AES_128_XTS:
++		if (_gnutls_fips_mode_enabled() &&
++		    gnutls_memcmp(key, (char *)key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
++			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++		break;
++	case GNUTLS_CIPHER_AES_256_XTS:
++		if (_gnutls_fips_mode_enabled() &&
++		    gnutls_memcmp(key, (char *)key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
++			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++		break;
++	default:
++		break;
++	}
++
+ 	if (ctx->enc)
+ 		ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key);
+ 	else
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 3e126f0046..1122886b31 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
+ 	 tls13-without-timeout-func buffer status-request-revoked \
+ 	 set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \
+ 	 x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \
+-	 x509-upnconstraint cipher-padding pkcs7-verify-double-free \
++	 x509-upnconstraint xts-key-check cipher-padding pkcs7-verify-double-free \
+ 	 fips-rsa-sizes
+ 
+ ctests += tls-channel-binding
+diff --git a/tests/xts-key-check.c b/tests/xts-key-check.c
+new file mode 100644
+index 0000000000..a3bea5abca
+--- /dev/null
++++ b/tests/xts-key-check.c
+@@ -0,0 +1,78 @@
++/*
++ * Copyright (C) 2022 Red Hat, Inc.
++ *
++ * Author: Zoltan Fridrich
++ *
++ * This file is part of GnuTLS.
++ *
++ * GnuTLS is free software: you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuTLS is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <gnutls/crypto.h>
++
++#include "utils.h"
++
++static void test_xts_check(gnutls_cipher_algorithm_t alg)
++{
++	int ret;
++	gnutls_cipher_hd_t ctx;
++	gnutls_datum_t key, iv;
++
++	iv.size = gnutls_cipher_get_iv_size(alg);
++	iv.data = gnutls_malloc(iv.size);
++	if (iv.data == NULL)
++		fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
++	gnutls_memset(iv.data, 0xf0, iv.size);
++
++	key.size = gnutls_cipher_get_key_size(alg);
++	key.data = gnutls_malloc(key.size);
++	if (key.data == NULL) {
++		gnutls_free(iv.data);
++		fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
++	}
++	gnutls_memset(key.data, 0xf0, key.size);
++
++	ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
++	if (ret == GNUTLS_E_SUCCESS) {
++		gnutls_cipher_deinit(ctx);
++		gnutls_free(iv.data);
++		gnutls_free(key.data);
++		fail("cipher initialization should fail for key1 == key2\n");
++	}
++
++	key.data[0] = 0xff;
++
++	ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
++	gnutls_free(iv.data);
++	gnutls_free(key.data);
++
++	if (ret == GNUTLS_E_SUCCESS)
++		gnutls_cipher_deinit(ctx);
++	else
++		fail("cipher initialization should succeed with key1 != key2"
++		     "\n%s\n", gnutls_strerror(ret));
++}
++
++void doit(void)
++{
++	if (!gnutls_fips140_mode_enabled())
++		exit(77);
++
++	test_xts_check(GNUTLS_CIPHER_AES_128_XTS);
++	test_xts_check(GNUTLS_CIPHER_AES_256_XTS);
++}
+-- 
+GitLab
+

gnutls-disable-flaky-test-dtls-resume.patch

@@ -0,0 +1,13 @@
+Index: gnutls-3.7.8/tests/Makefile.am
+===================================================================
+--- gnutls-3.7.8.orig/tests/Makefile.am
++++ gnutls-3.7.8/tests/Makefile.am
+@@ -508,7 +508,7 @@ if !WINDOWS
+ # List of tests not available/functional under windows
+ #
+ 
+-dist_check_SCRIPTS += dtls/dtls.sh dtls/dtls-resume.sh #dtls/dtls-nb
++dist_check_SCRIPTS += dtls/dtls.sh #dtls/dtls-resume.sh #dtls/dtls-nb
+ 
+ indirect_tests += dtls-stress
+ 

gnutls-verify-library-HMAC.patch

@@ -0,0 +1,21 @@
+Index: gnutls-3.7.8/lib/fips.c
+===================================================================
+--- gnutls-3.7.8.orig/lib/fips.c
++++ gnutls-3.7.8/lib/fips.c
+@@ -402,6 +402,8 @@ static int check_binary_integrity(void)
+ 	ret = check_lib_hmac(&file.gnutls, GNUTLS_LIBRARY_NAME, "gnutls_global_init");
+ 	if (ret < 0)
+ 		return ret;
++	/* Check only the binary integrity of the libgnutls library */
++#if 0
+ 	ret = check_lib_hmac(&file.nettle, NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
+ 	if (ret < 0)
+ 		return ret;
+@@ -411,6 +413,7 @@ static int check_binary_integrity(void)
+ 	ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
+ 	if (ret < 0)
+ 		return ret;
++#endif
+ 
+ 	return 0;
+ }

gnutls.changes

@@ -1,3 +1,71 @@
+-------------------------------------------------------------------
+Tue Nov  8 12:52:18 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Verify only the libgnutls library HMAC [bsc#1199881]
+  * Do not use the brp-50-generate-fips-hmac script as this
+    is now calculated with the internal fipshmac tool.
+  * Add gnutls-verify-library-HMAC.patch
+
+-------------------------------------------------------------------
+Wed Nov  2 20:51:43 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Temporarily revert the jitterentropy patches in s390 and s390x
+  architectures until a fix is provided [bsc#1204937]
+- Disable flaky test that fails in s390x architecture:
+  * Add gnutls-disable-flaky-test-dtls-resume.patch
+
+-------------------------------------------------------------------
+Fri Oct 14 11:35:33 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Consolidate the FIPS hmac files [bsc#1203245]
+  * Use the gnutls fipshmac tool instead of the brp-check-suse
+    and rename it to reflect on the library version.
+  * Remove not needed gnutls-FIPS-Run-CFB8-without-offset.patch
+- Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false
+  positive for the FIPS hmac calculation.
+
+-------------------------------------------------------------------
+Sun Oct  9 12:53:27 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.7.8:
+  * libgnutls: In FIPS140 mode, RSA signature verification is an
+    approved operation if the key has modulus with known sizes
+    (1024, 1280, 1536, and 1792 bits), in addition to any modulus
+    sizes larger than 2048 bits, according to SP800-131A rev2.
+  * libgnutls: gnutls_session_channel_binding performs additional
+    checks when GNUTLS_CB_TLS_EXPORTER is requested. According to
+    RFC9622 4.2, the "tls-exporter" channel binding is only usable
+    when the handshake is bound to a unique master secret (i.e.,
+    either TLS 1.3 or extended master secret extension is
+    negotiated). Otherwise the function now returns error.
+  * libgnutls: usage of the following functions, which are designed
+    to loosen restrictions imposed by allowlisting mode of
+    configuration, has been additionally restricted. Invoking
+    them is now only allowed if system-wide TLS priority string
+    has not been initialized yet:
+      - gnutls_digest_set_secure
+      - gnutls_sign_set_secure
+      - gnutls_sign_set_secure_for_certs
+      - gnutls_protocol_set_enabled
+  * Delete gnutls-3.6.6-set_guile_site_dir.patch and use the
+    --with-guile-extension-dir configure option to properly
+    handle the guile extension directory.
+  * Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch
+  * Update gnutls.keyring
+  * Add a build depencency on gtk-doc required by autoreconf
+
+-------------------------------------------------------------------
+Fri Oct  7 09:30:44 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
+
+- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146]
+  * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
+
+-------------------------------------------------------------------
+Tue Oct  4 13:05:27 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
+
+- FIPS: Make XTS key check failure not fatal [bsc#1203779]
+  * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch
+
 -------------------------------------------------------------------
 Wed Sep 14 15:25:46 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 

gnutls.rpmlintrc

@@ -0,0 +1 @@
+addFilter("hidden-file-or-dir /usr/lib64/.libgnutls.so.30.hmac")

gnutls.spec

@@ -36,7 +36,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.7.7
+Version:        3.7.8
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        GPL-3.0-or-later AND LGPL-2.1-or-later
@@ -44,27 +44,37 @@ Group:          Productivity/Networking/Security
 URL:            https://www.gnutls.org/
 Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
 Source1:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
+# https://gnutls.org/gnutls-release-keyring.gpg
 Source2:        gnutls.keyring
 Source3:        baselibs.conf
+# Suppress a false positive on the .hmac file
+Source4:        gnutls.rpmlintrc
 Patch0:         gnutls-3.5.11-skip-trust-store-tests.patch
-Patch1:         gnutls-3.6.6-set_guile_site_dir.patch
-Patch2:         gnutls-FIPS-TLS_KDF_selftest.patch
-Patch3:         gnutls-FIPS-disable-failing-tests.patch
-Patch4:         gnutls_ECDSA_signing.patch
+Patch1:         gnutls-FIPS-TLS_KDF_selftest.patch
+Patch2:         gnutls-FIPS-disable-failing-tests.patch
+Patch3:         gnutls_ECDSA_signing.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
+%ifnarch s390 s390x
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
-Patch5:         gnutls-FIPS-jitterentropy.patch
+Patch4:         gnutls-FIPS-jitterentropy.patch
+#PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode
+Patch5:         gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
+%endif
 %endif
 #PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
 Patch6:         gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
-#PATCH-FIX-SUSE bsc#1203245 FIPS: Run the CFB8 cipher selftests without offset
-Patch7:         gnutls-FIPS-Run-CFB8-without-offset.patch
+#PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal
+Patch7:         gnutls-Make-XTS-key-check-failure-not-fatal.patch
+Patch8:         gnutls-disable-flaky-test-dtls-resume.patch
+#PATCH-FIX-OPENSUSE bsc#1199881 Verify only the libgnutls library HMAC
+Patch9:         gnutls-verify-library-HMAC.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
+BuildRequires:  gtk-doc
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
 BuildRequires:  iproute2
 BuildRequires:  libidn2-devel
@@ -218,7 +228,11 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
 export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro"
 export CFLAGS="%{optflags} -fPIE"
 export CXXFLAGS="%{optflags} -fPIE"
-#autoreconf -fiv
+autoreconf -fiv
+
+# Rename the internal .hmac file to include the so library version
+sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.am lib/Makefile.in lib/fips.c
+
 %configure \
         gl_cv_func_printf_directive_n=yes \
         gl_cv_func_printf_infinite_long_double=yes \
@@ -241,6 +255,7 @@ export CXXFLAGS="%{optflags} -fPIE"
 %endif
 %if %{with guile}
         --enable-guile \
+        --with-guile-extension-dir=%{_libdir}/guile/3.0 \
 %else
         --disable-guile \
 %endif
@@ -252,13 +267,32 @@ export CXXFLAGS="%{optflags} -fPIE"
 
 %install
 %make_install
+
+# Compute the FIPS hmac using the brp-50-generate-fips-hmac script
+# export BRP_FIPSHMAC_FILES=%%{buildroot}%%{_libdir}/libgnutls.so.%%{gnutls_sover}
+
+# the hmac hashes:
+#
+# this is a hack that re-defines the __os_install_post macro
+# for a simple reason: the macro strips the binaries and thereby
+# invalidates a HMAC that may have been created earlier.
+# solution: create the hashes _after_ the macro runs.
+#
+# this shows up earlier because otherwise the %%expand of
+# the macro is too late.
+# remark: This is the same as running
+#   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
+# note: The FIPS hmac is now calculated with an internal tool since
+#   commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed
+%{expand:%%global __os_install_post {%__os_install_post
+./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
+sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
+}}
+
 rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
 # Do not package static libs and libtool files
 find %{buildroot} -type f -name "*.la" -delete -print
 
-# Compute FIPS hmac using the brp-50-generate-fips-hmac script
-export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
-
 # install docs
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
 cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
@@ -379,7 +413,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %files guile
 %license LICENSE
 %{_libdir}/guile/*
-%{_datadir}/guile/gnutls*
+%{_datadir}/guile/site/*
 %endif
 
 %changelog