From ab8ae2104b5faf7c4373dabecbad51c620567b8384e6577c72b3f6157598264d Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Tue, 22 Aug 2023 12:20:21 +0000 Subject: [PATCH] Accepting request 1105136 from home:pmonrealgonzalez:branches:security:tls - tests: Fix the SRP test that fails with SIGPIPE signal return due to a socket being closed before using it. * Add gnutls-srp-test-SIGPIPE.patch - Update to version 3.8.1: * libgnutls: ClientHello extensions are randomized by default To make fingerprinting harder, TLS extensions in ClientHello messages are shuffled. As this behavior may cause compatibility issue with legacy applications that do not accept the last extension without payload, the behavior can be reverted with the %NO_SHUFFLE_EXTENSIONS priority keyword. * libgnutls: Add support for RFC 9258 external PSK importer. This enables to deploy the same PSK across multiple TLS versions (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application needs to set up a callback that formats the PSK identity using gnutls_psk_format_imported_identity(). * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to %GNUTLS_NO_DEFAULT_EXTENSIONS. * libgnutls: Add additional PBKDF limit checks in FIPS mode as defined in SP 800-132. Minimum salt length is 128 bits and minimum iterations bound is 1000 for PBKDF in FIPS mode. * libgnutls: Add a mechanism to control whether to enforce extended master secret (RFC 7627). FIPS 140-3 mandates the use of TLS session hash (extended master secret, EMS) in TLS 1.2. To enforce this, a new priority keyword %FORCE_SESSION_HASH is added and if it is set and EMS is not set, the peer aborts the connection. This behavior is the default in FIPS mode, though it can be overridden through the configuration file with the "tls-session-hash" option. In either case non-EMS PRF is reported as a non-approved operation through the FIPS service indicator. OBS-URL: https://build.opensuse.org/request/show/1105136 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=98 --- gnutls-3.8.0.tar.xz | 3 - gnutls-3.8.0.tar.xz.sig | Bin 684 -> 0 bytes gnutls-3.8.1.tar.xz | 3 + gnutls-3.8.1.tar.xz.sig | Bin 0 -> 685 bytes gnutls-FIPS-140-3-references.patch | 747 ++++++++++++----------------- gnutls-FIPS-PCT-DH.patch | 55 --- gnutls-FIPS-PCT-ECDH.patch | 193 -------- gnutls-FIPS-jitterentropy.patch | 48 +- gnutls-srp-test-SIGPIPE.patch | 22 + gnutls.changes | 54 +++ gnutls.spec | 13 +- 11 files changed, 412 insertions(+), 726 deletions(-) delete mode 100644 gnutls-3.8.0.tar.xz delete mode 100644 gnutls-3.8.0.tar.xz.sig create mode 100644 gnutls-3.8.1.tar.xz create mode 100644 gnutls-3.8.1.tar.xz.sig delete mode 100644 gnutls-FIPS-PCT-DH.patch delete mode 100644 gnutls-FIPS-PCT-ECDH.patch create mode 100644 gnutls-srp-test-SIGPIPE.patch diff --git a/gnutls-3.8.0.tar.xz b/gnutls-3.8.0.tar.xz deleted file mode 100644 index d57e970..0000000 --- a/gnutls-3.8.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0ea0d11a1660a1e63f960f157b197abe6d0c8cb3255be24e1fb3815930b9bdc5 -size 6378480 diff --git a/gnutls-3.8.0.tar.xz.sig b/gnutls-3.8.0.tar.xz.sig deleted file mode 100644 index f22d076c7801a31aa7500bb3abbd96f0b654a3bd33a75b8bfb4709b2a51c0bad..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 684 zcmV;d0#p5nbOZnv3IH7zAp~7U%MW%m1*ZiyR`hyxrbx5-A`ArrW91X#0162ZdUd8q zv-u(nMV0{mFJaW;z=GOpCn1P+6+Kvag!0c{vxkWu50V`V{#M6}0Qj-~_Bh5Y*v-G9 z4puGJA|ykzg8O*l(#dul!-V$X0*L}M1ONdD038+~1V$ny!?bTSho8tvY}N&Yj@Rax zaRmZn+qdmWpd z_3~tXHvEjC_%Bh;-`PDc+Ke08)}=vbE6zS{WsdZ0G7jyjzWyYjpi{{hIU|RkU171W z#e1MOFSLr-DYxb?eF+Ed?hv2#MFW4COPvIpPdUN0)=^VEW52by1H`w%=B8bK4uzmR zv^CE;Wb(WCOxhrGo2-erD^Kv3Z{=?gL*Wg;uh7I989F&T%Uau!= zC_Ls1XvXV6nY7S1JJgCq7=Ek^^ByXSQ6BtGj9>JHFBRxlWLo!4LP2nnwdxN#nKeq( z^CJqaexh=oznw}l?7TUVd!JAXI2;F*ce=$Ke;a37kBKOYjFn^>Wq!w70i3LmOZtKA zEOl5J-{VyJrmzqc!Ht!Tn+lR+&9PmBO6nkHdUZIb0dTUVSAK#k3Qm2@JvI?Q7)q=? zbXhY(ZAQQ0AliF_IUE(zb$>=O!1bCG?9Klg6G#gqCw__BjEVuA+vCR}uHr5#YLVzz zTvwSY^Z*syM~0R)+a28(nC#;_0l)lj4;SZHVk0^mg7Jw7wKZ;C}Z zTc~BJ$?;B1t^(@9MKewh?GiFW%jVQz4GnBy1QldW;wM3rpn~2DbEaN2CLB@lDjE`3 SmxE+uQFg{dH0jbMKmi`R*EY=n diff --git a/gnutls-3.8.1.tar.xz b/gnutls-3.8.1.tar.xz new file mode 100644 index 0000000..320348f --- /dev/null +++ b/gnutls-3.8.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c +size 6447056 diff --git a/gnutls-3.8.1.tar.xz.sig b/gnutls-3.8.1.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..b455610869483509cd67353f06a26d2b867db5c3103bdbe487fea847de99bf33 GIT binary patch literal 685 zcmV;e0#f~mbp!ww3IH7zAp~7U%MW%m1*ZiyR`hyxrbx5-A`ArrWX!xb0162ZdUd8q zv-u(nJQ4u?8hQ2?f@2(4zaNo>{ygpSwd zm~jOHWX#E;0162Z)&+!)*XEdU*E0|Rj~pTE!aKZhL515b;R=b3Hr~DVPMzS+G#;*7 zm-KhBSj`Y}_EE;A^ku~U@n2TxQE!X2#~VDLym?F2^K>JniZ-Bfus+Z& z-l`ZG!Qc-nmzl##-h(KnZk~xw>h%C1Bmp?E`zY;0xdnTANqO*7 z9B)(Wt4)`p9cl9M4Zbd&$UGw8uE82!(vFxB(B3cU^D#k&=;9U(sCJ^wv;L$ro zU{CGLRGM`6!Ev7)5#_q=k3ZCE%FI*_CdWPFlAn}^D<$=+f1|4eFy*Vi)IrSKE;aq! zjN7B@V`ckm1}n#69ihZHMM=%S>g9(hk-m2NyC$ex6$QC=y$gS7E=!-|IMLqh?Xt@0 z4`98C2pdVeR!6^QMZ1A;^`M8h5*PeQXVkOCepH3-SKG9eCuntNM=O)|4B!BQH?NwO zS&X1w>bZJu)688NWgo@!(Ey literal 0 HcmV?d00001 diff --git a/gnutls-FIPS-140-3-references.patch b/gnutls-FIPS-140-3-references.patch index bfc6651..531506c 100644 --- a/gnutls-FIPS-140-3-references.patch +++ b/gnutls-FIPS-140-3-references.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.8.0/configure.ac +Index: gnutls-3.8.1/configure.ac =================================================================== ---- gnutls-3.8.0.orig/configure.ac -+++ gnutls-3.8.0/configure.ac -@@ -586,19 +586,19 @@ LT_INIT([disable-static,win32-dll,shared +--- gnutls-3.8.1.orig/configure.ac ++++ gnutls-3.8.1/configure.ac +@@ -623,19 +623,19 @@ LT_INIT([disable-static,win32-dll,shared AC_LIB_HAVE_LINKFLAGS(dl,, [#include ], [dladdr (0, 0);]) AC_ARG_ENABLE(fips140-mode, @@ -25,10 +25,10 @@ Index: gnutls-3.8.0/configure.ac AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], [specify the FIPS140 module name]), -Index: gnutls-3.8.0/doc/cha-gtls-app.texi +Index: gnutls-3.8.1/doc/cha-gtls-app.texi =================================================================== ---- gnutls-3.8.0.orig/doc/cha-gtls-app.texi -+++ gnutls-3.8.0/doc/cha-gtls-app.texi +--- gnutls-3.8.1.orig/doc/cha-gtls-app.texi ++++ gnutls-3.8.1/doc/cha-gtls-app.texi @@ -222,7 +222,7 @@ CPU. The currently available options are @end itemize @@ -38,10 +38,10 @@ Index: gnutls-3.8.0/doc/cha-gtls-app.texi if set to one it will force the FIPS mode enablement. @end multitable -Index: gnutls-3.8.0/doc/cha-internals.texi +Index: gnutls-3.8.1/doc/cha-internals.texi =================================================================== ---- gnutls-3.8.0.orig/doc/cha-internals.texi -+++ gnutls-3.8.0/doc/cha-internals.texi +--- gnutls-3.8.1.orig/doc/cha-internals.texi ++++ gnutls-3.8.1/doc/cha-internals.texi @@ -14,7 +14,7 @@ happens inside the black box. * TLS Hello Extension Handling:: * Cryptographic Backend:: @@ -162,11 +162,11 @@ Index: gnutls-3.8.0/doc/cha-internals.texi operation. It can be attached to the current execution thread with @funcref{gnutls_fips140_push_context} and its internal state will be updated until it is detached with -Index: gnutls-3.8.0/doc/enums.texi +Index: gnutls-3.8.1/doc/enums.texi =================================================================== ---- gnutls-3.8.0.orig/doc/enums.texi -+++ gnutls-3.8.0/doc/enums.texi -@@ -1176,7 +1176,7 @@ application traffic secret is installed +--- gnutls-3.8.1.orig/doc/enums.texi ++++ gnutls-3.8.1/doc/enums.texi +@@ -1184,7 +1184,7 @@ application traffic secret is installed @c gnutls_fips_mode_t @table @code @item GNUTLS_@-FIPS140_@-DISABLED @@ -175,7 +175,7 @@ Index: gnutls-3.8.0/doc/enums.texi @item GNUTLS_@-FIPS140_@-STRICT The default mode; all forbidden operations will cause an operation failure via error code. -@@ -1184,8 +1184,8 @@ operation failure via error code. +@@ -1192,8 +1192,8 @@ operation failure via error code. A transient state during library initialization. That state cannot be set or seen by applications. @item GNUTLS_@-FIPS140_@-LAX @@ -186,10 +186,10 @@ Index: gnutls-3.8.0/doc/enums.texi application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode +Index: gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode =================================================================== ---- gnutls-3.8.0.orig/doc/functions/gnutls_fips140_set_mode -+++ gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode +--- gnutls-3.8.1.orig/doc/functions/gnutls_fips140_set_mode ++++ gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode @@ -3,7 +3,7 @@ @@ -215,11 +215,11 @@ Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.8.0/doc/gnutls.html +Index: gnutls-3.8.1/doc/gnutls.html =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.html -+++ gnutls-3.8.0/doc/gnutls.html -@@ -486,7 +486,7 @@ Documentation License”. +--- gnutls-3.8.1.orig/doc/gnutls.html ++++ gnutls-3.8.1/doc/gnutls.html +@@ -484,7 +484,7 @@ Documentation License”.
  • 11.4 TLS Extension Handling
  • 11.5 Cryptographic Backend
  • 11.6 Random Number Generators
    • @@ -228,16 +228,16 @@ Index: gnutls-3.8.0/doc/gnutls.html
  • Appendix A Upgrading from previous versions
  • Appendix B Support -@@ -9009,7 +9009,7 @@ CPU. The currently available options are -
  • 0x200000: Enable VIA PHE -
  • 0x400000: Enable VIA PHE SHA512 +@@ -9035,7 +9035,7 @@ CPU. The currently available options are +
  • 0x200000: Enable VIA PHE +
  • 0x400000: Enable VIA PHE SHA512
    • --GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-2 (see FIPS140-2 mode) -+GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-3 (see FIPS140-3 mode) +-GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-2 (see FIPS140-2 mode) ++GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-3 (see FIPS140-3 mode) if set to one it will force the FIPS mode enablement. + - -@@ -18459,7 +18459,7 @@ None: +@@ -18437,7 +18437,7 @@ None: --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library - file must pre-exist @@ -246,7 +246,7 @@ Index: gnutls-3.8.0/doc/gnutls.html --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -@@ -19436,7 +19436,7 @@ happens inside the black box. +@@ -19445,7 +19445,7 @@ happens inside the black box.
  • TLS Extension Handling
  • Cryptographic Backend
  • Random Number Generators
    • @@ -254,31 +254,31 @@ Index: gnutls-3.8.0/doc/gnutls.html +
  • FIPS140-3 mode
    • -
    -@@ -19965,7 +19965,7 @@ For more information see -
    + --

    11.7 FIPS140-2 mode

    -+

    11.7 FIPS140-3 mode

    +-

    11.7 FIPS140-2 mode

    ++

    11.7 FIPS140-3 mode

    -

    GnuTLS can operate in a special mode for FIPS140-2. That mode of operation -is for the conformance to NIST’s FIPS140-2 publication, which consists of policies @@ -291,9 +291,9 @@ Index: gnutls-3.8.0/doc/gnutls.html

    -

    There are two distinct library states with regard to FIPS140-2: the FIPS140-2 +

    There are two distinct library states with regard to FIPS140-3: the FIPS140-3 - mode is installed if /etc/system-fips is present, and the --FIPS140-2 mode is enabled if /proc/sys/crypto/fips_enabled -+FIPS140-3 mode is enabled if /proc/sys/crypto/fips_enabled + mode is installed if /etc/system-fips is present, and the +-FIPS140-2 mode is enabled if /proc/sys/crypto/fips_enabled ++FIPS140-3 mode is enabled if /proc/sys/crypto/fips_enabled contains ’1’, which is typically set with the “fips=1” kernel command line option.

    @@ -301,62 +301,62 @@ Index: gnutls-3.8.0/doc/gnutls.html +

    When the FIPS140-3 mode is installed, the operation of the library is modified as follows.

    -
      -@@ -20134,12 +20134,12 @@ as follows. -
    • Algorithm self-tests are run on library load +
        +@@ -20143,12 +20143,12 @@ as follows. +
      • Algorithm self-tests are run on library load
      -

      When the FIPS140-2 mode is enabled, The operation of the library is in addition +

      When the FIPS140-3 mode is enabled, The operation of the library is in addition modified as follows.

      -
        --
      • Only approved by FIPS140-2 algorithms are enabled --
      • Only approved by FIPS140-2 key lengths are allowed for key generation -+
      • Only approved by FIPS140-3 algorithms are enabled -+
      • Only approved by FIPS140-3 key lengths are allowed for key generation -
      • Any cryptographic operation will be refused if any of the self-tests failed +
          +-
        • Only approved by FIPS140-2 algorithms are enabled +-
        • Only approved by FIPS140-2 key lengths are allowed for key generation ++
        • Only approved by FIPS140-3 algorithms are enabled ++
        • Only approved by FIPS140-3 key lengths are allowed for key generation +
        • Any cryptographic operation will be refused if any of the self-tests failed
        -@@ -20148,7 +20148,7 @@ modified as follows. - environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS will disable +@@ -20157,7 +20157,7 @@ modified as follows. + environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS will disable the library integrity tests on startup, and the variable - GNUTLS_FORCE_FIPS_MODE can be set to force a value from --Figure 11.5, i.e., ’1’ will enable the FIPS140-2 -+Figure 11.5, i.e., ’1’ will enable the FIPS140-3 + GNUTLS_FORCE_FIPS_MODE can be set to force a value from +-Figure 11.5, i.e., ’1’ will enable the FIPS140-2 ++Figure 11.5, i.e., ’1’ will enable the FIPS140-3 mode, while ’0’ will disable it.

        The integrity checks for the dependent libraries and GnuTLS are performed -@@ -20156,13 +20156,13 @@ using ’.hmac’ files which ar +@@ -20165,13 +20165,13 @@ using ’.hmac’ files which ar key for the operations can be provided on compile-time with the configure option ’–with-fips140-key’. The MAC algorithm used is HMAC-SHA256.

        -

        On runtime an application can verify whether the library is in FIPS140-2 +

        On runtime an application can verify whether the library is in FIPS140-3 - mode using the gnutls_fips140_mode_enabled function. + mode using the gnutls_fips140_mode_enabled function.

        --

        Relaxing FIPS140-2 requirements

        -+

        Relaxing FIPS140-3 requirements

        +-

        Relaxing FIPS140-2 requirements

        ++

        Relaxing FIPS140-3 requirements

        The library by default operates in a strict enforcing mode, ensuring that -all constraints imposed by the FIPS140-2 specification are enforced. However +all constraints imposed by the FIPS140-3 specification are enforced. However - the application can relax these requirements via gnutls_fips140_set_mode - which can switch to alternative modes as in Figure 11.5. + the application can relax these requirements via gnutls_fips140_set_mode + which can switch to alternative modes as in Figure 11.5.

        -@@ -20171,7 +20171,7 @@ which can switch to alternative modes as +@@ -20180,7 +20180,7 @@ which can switch to alternative modes as -
        -
        GNUTLS_FIPS140_DISABLED
        +
        +
        GNUTLS_FIPS140_DISABLED
        -

        The FIPS140-2 mode is disabled. +

        The FIPS140-3 mode is disabled.

        -
        GNUTLS_FIPS140_STRICT
        +
        GNUTLS_FIPS140_STRICT

        The default mode; all forbidden operations will cause an -@@ -20182,8 +20182,8 @@ operation failure via error code. +@@ -20191,8 +20191,8 @@ operation failure via error code. cannot be set or seen by applications.

        -
        GNUTLS_FIPS140_LAX
        +
        GNUTLS_FIPS140_LAX
        -

        The library still uses the FIPS140-2 relevant algorithms but all -forbidden by FIPS140-2 operations are allowed; this is useful when the +

        The library still uses the FIPS140-3 relevant algorithms but all @@ -364,17 +364,17 @@ Index: gnutls-3.8.0/doc/gnutls.html application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).

        -@@ -20195,7 +20195,7 @@ to a message to the audit callback funct +@@ -20204,7 +20204,7 @@ to a message to the audit callback funct -

        Figure 11.5: The gnutls_fips_mode_t enumeration.

    +

    Figure 11.5: The gnutls_fips_mode_t enumeration.

    The intention of this API is to be used by applications which may run in -FIPS140-2 mode, while they utilize few algorithms not in the allowed set, +FIPS140-3 mode, while they utilize few algorithms not in the allowed set, e.g., for non-security related purposes. In these cases applications should wrap the non-compliant code within blocks like the following.

    -@@ -20224,9 +20224,9 @@ if (gnutls_fips140_mode_enabled()) -

    The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the +@@ -20233,9 +20233,9 @@ if (gnutls_fips140_mode_enabled()) +

    The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous calls is to localize the change in the mode. Note also, that such a block has no effect when the library is not operating -under FIPS140-2 mode, and thus it can be considered a no-op. @@ -383,41 +383,41 @@ Index: gnutls-3.8.0/doc/gnutls.html -

    Applications could also switch FIPS140-2 mode explicitly off, by calling +

    Applications could also switch FIPS140-3 mode explicitly off, by calling

    - 
    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
+ 
    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
    -@@ -20249,7 +20249,7 @@ performed within a given context. -
    int gnutls_fips140_pop_context ( void)
    +@@ -20258,7 +20258,7 @@ performed within a given context. +
    int gnutls_fips140_pop_context ( void)
    --

    The gnutls_fips140_context_t represents the FIPS140-2 mode of -+

    The gnutls_fips140_context_t represents the FIPS140-3 mode of +-

    The gnutls_fips140_context_t represents the FIPS140-2 mode of ++

    The gnutls_fips140_context_t represents the FIPS140-3 mode of operation. It can be attached to the current execution thread with - gnutls_fips140_push_context and its internal state will be + gnutls_fips140_push_context and its internal state will be updated until it is detached with -@@ -20615,8 +20615,8 @@ Previous: -

    GnuTLS has support for the FIPS 140-2 certification under Red Hat Enterprise Linux. --See FIPS140-2 mode for more information. +-See FIPS140-2 mode for more information. +

    GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. -+See FIPS140-3 mode for more information. ++See FIPS140-3 mode for more information.

    -@@ -24526,7 +24526,7 @@ unusable. This function is not thread-s -

    gnutls_fips140_set_mode

    -
    -
    Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t mode, unsigned flags)
    --

    mode: the FIPS140-2 mode to switch to -+

    mode: the FIPS140-3 mode to switch to +@@ -24544,7 +24544,7 @@ unusable. This function is not thread-s +

    gnutls_fips140_set_mode

    +
    +
    Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t mode, unsigned flags)
    +-

    mode: the FIPS140-2 mode to switch to ++

    mode: the FIPS140-3 mode to switch to

    -

    flags: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD +

    flags: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD

    -@@ -24535,13 +24535,13 @@ unusable. This function is not thread-s +@@ -24553,13 +24553,13 @@ unusable. This function is not thread-s behavior with no flags after threads are created is undefined.

    -

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified +

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified -then this call will change the FIPS140-2 mode for this particular +then this call will change the FIPS140-3 mode for this particular thread and not for the whole process. That way an application @@ -427,23 +427,23 @@ Index: gnutls-3.8.0/doc/gnutls.html

    This function never fails but will be a no-op if used when -the library is not in FIPS140-2 mode. When asked to switch to unknown +the library is not in FIPS140-3 mode. When asked to switch to unknown - values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library - switches to GNUTLS_FIPS140_STRICT mode. + values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library + switches to GNUTLS_FIPS140_STRICT mode.

    -@@ -46662,7 +46662,7 @@ Next: gnutls_fingerprintCore TLS API - gnutls_fips140_context_deinitCore TLS API - gnutls_fips140_context_initCore TLS API --gnutls_fips140_get_operation_stateFIPS140-2 mode -+gnutls_fips140_get_operation_stateFIPS140-3 mode - gnutls_fips140_get_operation_stateCore TLS API - gnutls_fips140_mode_enabledCore TLS API - gnutls_fips140_pop_contextCore TLS API -Index: gnutls-3.8.0/doc/gnutls.info-3 +@@ -46765,7 +46765,7 @@ Next: gnutls_fingerprintCore TLS API + gnutls_fips140_context_deinitCore TLS API + gnutls_fips140_context_initCore TLS API +-gnutls_fips140_get_operation_stateFIPS140-2 mode ++gnutls_fips140_get_operation_stateFIPS140-3 mode + gnutls_fips140_get_operation_stateCore TLS API + gnutls_fips140_mode_enabledCore TLS API + gnutls_fips140_pop_contextCore TLS API +Index: gnutls-3.8.1/doc/gnutls.info-3 =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info-3 -+++ gnutls-3.8.0/doc/gnutls.info-3 -@@ -1631,7 +1631,7 @@ to 'more'. Both will exit with a status +--- gnutls-3.8.1.orig/doc/gnutls.info-3 ++++ gnutls-3.8.1/doc/gnutls.info-3 +@@ -2241,7 +2241,7 @@ to ‘more’. Both will exit with a st --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library - file must pre-exist @@ -452,7 +452,7 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -@@ -2732,7 +2732,7 @@ to know what happens inside the black bo +@@ -3379,7 +3379,7 @@ to know what happens inside the black bo * TLS Hello Extension Handling:: * Cryptographic Backend:: * Random Number Generators-internals:: @@ -461,8 +461,8 @@ Index: gnutls-3.8.0/doc/gnutls.info-3  File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS -@@ -3264,7 +3264,7 @@ and abstract key types::. - kernel implementation of '/dev/crypto'. +@@ -3911,7 +3911,7 @@ and abstract key types::. + kernel implementation of ‘/dev/crypto’.  -File: gnutls.info, Node: Random Number Generators-internals, Next: FIPS140-2 mode, Prev: Cryptographic Backend, Up: Internal architecture of GnuTLS @@ -470,7 +470,7 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 11.6 Random Number Generators ============================= -@@ -3274,7 +3274,7 @@ About the generators +@@ -3921,7 +3921,7 @@ About the generators GnuTLS provides two random generators. The default, and the AES-DRBG random generator which is only used when the library is compiled with @@ -479,102 +479,8 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 The default generator - inner workings -------------------------------------- -@@ -3423,25 +3423,25 @@ after observing the output of the PRNG. - the above paragraph, all levels are immune to such attack. - -  --File: gnutls.info, Node: FIPS140-2 mode, Prev: Random Number Generators-internals, Up: Internal architecture of GnuTLS -+File: gnutls.info, Node: FIPS140-3 mode, Prev: Random Number Generators-internals, Up: Internal architecture of GnuTLS - --11.7 FIPS140-2 mode -+11.7 FIPS140-3 mode - =================== - --GnuTLS can operate in a special mode for FIPS140-2. That mode of --operation is for the conformance to NIST's FIPS140-2 publication, which -+GnuTLS can operate in a special mode for FIPS140-3. That mode of -+operation is for the conformance to NIST's FIPS140-3 publication, which - consists of policies for cryptographic modules (such as software - libraries). Its implementation in GnuTLS is designed for Red Hat - Enterprise Linux, and can only be enabled when the library is explicitly - compiled with the '-enable-fips140-mode' configure option. - --There are two distinct library states with regard to FIPS140-2: the --FIPS140-2 mode is _installed_ if '/etc/system-fips' is present, and the --FIPS140-2 mode is _enabled_ if '/proc/sys/crypto/fips_enabled' contains -+There are two distinct library states with regard to FIPS140-3: the -+FIPS140-3 mode is _installed_ if '/etc/system-fips' is present, and the -+FIPS140-3 mode is _enabled_ if '/proc/sys/crypto/fips_enabled' contains - '1', which is typically set with the "fips=1" kernel command line - option. - --When the FIPS140-2 mode is installed, the operation of the library is -+When the FIPS140-3 mode is installed, the operation of the library is - modified as follows. - - * The random generator used switches to DRBG-AES -@@ -3449,11 +3449,11 @@ modified as follows. - startup - * Algorithm self-tests are run on library load - --When the FIPS140-2 mode is enabled, The operation of the library is in -+When the FIPS140-3 mode is enabled, The operation of the library is in - addition modified as follows. - -- * Only approved by FIPS140-2 algorithms are enabled -- * Only approved by FIPS140-2 key lengths are allowed for key -+ * Only approved by FIPS140-3 algorithms are enabled -+ * Only approved by FIPS140-3 key lengths are allowed for key - generation - * Any cryptographic operation will be refused if any of the - self-tests failed -@@ -3462,7 +3462,7 @@ There are also few environment variables - The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will - disable the library integrity tests on startup, and the variable - 'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure --11.5: gnutls_fips_mode_t, i.e., '1' will enable the FIPS140-2 mode, -+11.5: gnutls_fips_mode_t, i.e., '1' will enable the FIPS140-3 mode, - while '0' will disable it. - - The integrity checks for the dependent libraries and GnuTLS are -@@ -3471,20 +3471,20 @@ library. The key for the operations can - with the configure option '-with-fips140-key'. The MAC algorithm used - is HMAC-SHA256. - --On runtime an application can verify whether the library is in FIPS140-2 -+On runtime an application can verify whether the library is in FIPS140-3 - mode using the *note gnutls_fips140_mode_enabled:: function. - --Relaxing FIPS140-2 requirements -+Relaxing FIPS140-3 requirements - ------------------------------- - - The library by default operates in a strict enforcing mode, ensuring --that all constraints imposed by the FIPS140-2 specification are -+that all constraints imposed by the FIPS140-3 specification are - enforced. However the application can relax these requirements via - *note gnutls_fips140_set_mode:: which can switch to alternative modes as - in *note Figure 11.5: gnutls_fips_mode_t. - - 'GNUTLS_FIPS140_DISABLED' -- The FIPS140-2 mode is disabled. -+ The FIPS140-3 mode is disabled. - 'GNUTLS_FIPS140_STRICT' - The default mode; all forbidden operations will cause an operation - failure via error code. -@@ -3492,8 +3492,8 @@ in *note Figure 11.5: gnutls_fips_mode_t - A transient state during library initialization. That state cannot - be set or seen by applications. - 'GNUTLS_FIPS140_LAX' -- The library still uses the FIPS140-2 relevant algorithms but all -- forbidden by FIPS140-2 operations are allowed; this is useful when -+ The library still uses the FIPS140-3 relevant algorithms but all -+ forbidden by FIPS140-3 operations are allowed; this is useful when - the application is aware of the followed security policy, and needs - to utilize disallowed operations for other reasons (e.g., - compatibility). -@@ -3506,7 +3506,7 @@ in *note Figure 11.5: gnutls_fips_mode_t - Figure 11.5: The 'gnutls_fips_mode_t' enumeration. +@@ -4153,7 +4153,7 @@ in *note Figure 11.5: gnutls_fips_mode_t + Figure 11.5: The ‘gnutls_fips_mode_t’ enumeration. The intention of this API is to be used by applications which may run in -FIPS140-2 mode, while they utilize few algorithms not in the allowed @@ -582,9 +488,9 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 set, e.g., for non-security related purposes. In these cases applications should wrap the non-compliant code within blocks like the following. -@@ -3530,10 +3530,10 @@ are macros to simplify the following seq +@@ -4177,10 +4177,10 @@ are macros to simplify the following seq - The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous + The reason of the ‘GNUTLS_FIPS140_SET_MODE_THREAD’ flag in the previous calls is to localize the change in the mode. Note also, that such a -block has no effect when the library is not operating under FIPS140-2 +block has no effect when the library is not operating under FIPS140-3 @@ -595,16 +501,7 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); Service indicator -@@ -3552,7 +3552,7 @@ within a given context. - 'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)' - 'INT *note gnutls_fips140_pop_context:: ( VOID)' - --The 'gnutls_fips140_context_t' represents the FIPS140-2 mode of -+The 'gnutls_fips140_context_t' represents the FIPS140-3 mode of - operation. It can be attached to the current execution thread with - *note gnutls_fips140_push_context:: and its internal state will be - updated until it is detached with *note gnutls_fips140_pop_context::. -@@ -4010,8 +4010,8 @@ There are certifications from national o +@@ -4662,8 +4662,8 @@ There are certifications from national o practices, such as unit testing and reliance on well known crypto primitives. @@ -615,34 +512,19 @@ Index: gnutls-3.8.0/doc/gnutls.info-3  File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top -@@ -8476,7 +8476,7 @@ gnutls_fips140_set_mode +@@ -9128,7 +9128,7 @@ gnutls_fips140_set_mode -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE, unsigned FLAGS) - MODE: the FIPS140-2 mode to switch to + MODE: the FIPS140-3 mode to switch to - FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD' + FLAGS: should be zero or ‘GNUTLS_FIPS140_SET_MODE_THREAD’ -@@ -8486,12 +8486,12 @@ gnutls_fips140_set_mode - undefined. - - When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then -- this call will change the FIPS140-2 mode for this particular thread -+ this call will change the FIPS140-3 mode for this particular thread - and not for the whole process. That way an application can utilize - this function to set and reset mode for specific operations. - - This function never fails but will be a no-op if used when the -- library is not in FIPS140-2 mode. When asked to switch to unknown -+ library is not in FIPS140-3 mode. When asked to switch to unknown - values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the - library switches to 'GNUTLS_FIPS140_STRICT' mode. - -Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi +Index: gnutls-3.8.1/doc/invoke-gnutls-cli.texi =================================================================== ---- gnutls-3.8.0.orig/doc/invoke-gnutls-cli.texi -+++ gnutls-3.8.0/doc/invoke-gnutls-cli.texi +--- gnutls-3.8.1.orig/doc/invoke-gnutls-cli.texi ++++ gnutls-3.8.1/doc/invoke-gnutls-cli.texi @@ -99,7 +99,7 @@ None: --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library @@ -652,10 +534,10 @@ Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1 +Index: gnutls-3.8.1/doc/manpages/gnutls-cli.1 =================================================================== ---- gnutls-3.8.0.orig/doc/manpages/gnutls-cli.1 -+++ gnutls-3.8.0/doc/manpages/gnutls-cli.1 +--- gnutls-3.8.1.orig/doc/manpages/gnutls-cli.1 ++++ gnutls-3.8.1/doc/manpages/gnutls-cli.1 @@ -389,7 +389,7 @@ Specify the PKCS #11 provider library. This will override the default options in /etc/gnutls/pkcs11.conf .TP @@ -665,11 +547,11 @@ Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1 .sp .TP .NOP \f\*[B-Font]\-\-list\-config\f[] -Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html +Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html =================================================================== ---- gnutls-3.8.0.orig/doc/reference/html/gnutls-gnutls.html -+++ gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html -@@ -20580,12 +20580,12 @@ gnutls_fips140_set_mode (

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -684,7 +566,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library switches to GNUTLS_FIPS140_STRICT mode.

    -@@ -20600,7 +20600,7 @@ switches to

    mode

    @@ -693,7 +575,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html   -@@ -25568,7 +25568,7 @@ encryption

    +@@ -25880,7 +25880,7 @@ encryption

    enum gnutls_fips_mode_t

    @@ -702,7 +584,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html

    Members

    -@@ -25581,7 +25581,7 @@ encryption

    +@@ -25893,7 +25893,7 @@ encryption

    -@@ -25604,8 +25604,8 @@ operation failure via error code.

    +@@ -25916,8 +25916,8 @@ operation failure via error code.

    -@@ -27241,4 +27241,4 @@ This is used by
    Generated by GTK-Doc V1.33.1 - \ No newline at end of file + -Index: gnutls-3.8.0/lib/fips.c +Index: gnutls-3.8.1/lib/fips.c =================================================================== ---- gnutls-3.8.0.orig/lib/fips.c -+++ gnutls-3.8.0/lib/fips.c +--- gnutls-3.8.1.orig/lib/fips.c ++++ gnutls-3.8.1/lib/fips.c @@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void) } @@ -751,7 +633,7 @@ Index: gnutls-3.8.0/lib/fips.c ret = GNUTLS_FIPS140_SELFTESTS; goto exit; } -@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -692,7 +692,7 @@ unsigned gnutls_fips140_mode_enabled(voi /** * gnutls_fips140_set_mode: @@ -760,7 +642,7 @@ Index: gnutls-3.8.0/lib/fips.c * @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD * * That function is not thread-safe when changing the mode with no flags -@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -700,13 +700,13 @@ unsigned gnutls_fips140_mode_enabled(voi * behavior with no flags after threads are created is undefined. * * When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -776,28 +658,29 @@ Index: gnutls-3.8.0/lib/fips.c * values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library * switches to %GNUTLS_FIPS140_STRICT mode. * -@@ -719,9 +719,9 @@ void gnutls_fips140_set_mode(gnutls_fips - #ifdef ENABLE_FIPS140 +@@ -718,10 +718,10 @@ void gnutls_fips140_set_mode(gnutls_fips gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled(); - if (prev == GNUTLS_FIPS140_DISABLED || prev == GNUTLS_FIPS140_SELFTESTS) { + if (prev == GNUTLS_FIPS140_DISABLED || + prev == GNUTLS_FIPS140_SELFTESTS) { - /* we need to run self-tests first to be in FIPS140-2 mode */ + /* we need to run self-tests first to be in FIPS140-3 mode */ - _gnutls_audit_log(NULL, -- "The library should be initialized in FIPS140-2 mode to do that operation\n"); -+ "The library should be initialized in FIPS140-3 mode to do that operation\n"); + _gnutls_audit_log( + NULL, +- "The library should be initialized in FIPS140-2 mode to do that operation\n"); ++ "The library should be initialized in FIPS140-3 mode to do that operation\n"); return; } -@@ -733,7 +733,7 @@ void gnutls_fips140_set_mode(gnutls_fips - break; +@@ -734,7 +734,7 @@ void gnutls_fips140_set_mode(gnutls_fips case GNUTLS_FIPS140_SELFTESTS: - _gnutls_audit_log(NULL, -- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); -+ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); + _gnutls_audit_log( + NULL, +- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); ++ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); mode = GNUTLS_FIPS140_STRICT; break; default: -@@ -908,7 +908,7 @@ void _gnutls_switch_fips_state(gnutls_fi +@@ -910,7 +910,7 @@ void _gnutls_switch_fips_state(gnutls_fi } if (!_tfips_context) { @@ -806,35 +689,35 @@ Index: gnutls-3.8.0/lib/fips.c return; } -@@ -921,7 +921,7 @@ void _gnutls_switch_fips_state(gnutls_fi - /* initial can be transitioned to any state */ +@@ -924,7 +924,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { - _gnutls_audit_log(NULL, -- "FIPS140-2 operation mode switched from initial to %s\n", -+ "FIPS140-3 operation mode switched from initial to %s\n", - operation_state_to_string(state)); + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode switched from initial to %s\n", ++ "FIPS140-3 operation mode switched from initial to %s\n", + operation_state_to_string(state)); } _tfips_context->state = state; -@@ -931,7 +931,7 @@ void _gnutls_switch_fips_state(gnutls_fi - if (likely(state == GNUTLS_FIPS140_OP_NOT_APPROVED)) { +@@ -935,7 +935,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { - _gnutls_audit_log(NULL, -- "FIPS140-2 operation mode switched from approved to %s\n", -+ "FIPS140-3 operation mode switched from approved to %s\n", - operation_state_to_string - (state)); + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode switched from approved to %s\n", ++ "FIPS140-3 operation mode switched from approved to %s\n", + operation_state_to_string(state)); } -@@ -943,7 +943,7 @@ void _gnutls_switch_fips_state(gnutls_fi - /* other transitions are prohibited */ + _tfips_context->state = state; +@@ -947,7 +947,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { - _gnutls_audit_log(NULL, -- "FIPS140-2 operation mode cannot be switched from %s to %s\n", -+ "FIPS140-3 operation mode cannot be switched from %s to %s\n", - operation_state_to_string - (_tfips_context->state), - operation_state_to_string(state)); -@@ -1004,7 +1004,7 @@ int gnutls_fips140_run_self_tests(void) - if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && ret < 0) { + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode cannot be switched from %s to %s\n", ++ "FIPS140-3 operation mode cannot be switched from %s to %s\n", + operation_state_to_string( + _tfips_context->state), + operation_state_to_string(state)); +@@ -1009,7 +1009,7 @@ int gnutls_fips140_run_self_tests(void) + ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); _gnutls_audit_log(NULL, - "FIPS140-2 self testing part 2 failed\n"); @@ -842,40 +725,42 @@ Index: gnutls-3.8.0/lib/fips.c } else { /* Restore the previous library state */ _gnutls_switch_lib_state(prev_lib_state); -@@ -1016,7 +1016,7 @@ int gnutls_fips140_run_self_tests(void) +@@ -1021,7 +1021,7 @@ int gnutls_fips140_run_self_tests(void) if (gnutls_fips140_pop_context() < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); - _gnutls_audit_log(NULL, -- "FIPS140-2 context restoration failed\n"); -+ "FIPS140-3 context restoration failed\n"); + _gnutls_audit_log( +- NULL, "FIPS140-2 context restoration failed\n"); ++ NULL, "FIPS140-3 context restoration failed\n"); } gnutls_fips140_context_deinit(fips_context); } -Index: gnutls-3.8.0/lib/fips.h +Index: gnutls-3.8.1/lib/fips.h =================================================================== ---- gnutls-3.8.0.orig/lib/fips.h -+++ gnutls-3.8.0/lib/fips.h -@@ -158,16 +158,16 @@ is_cipher_algo_allowed_in_fips(gnutls_ci +--- gnutls-3.8.1.orig/lib/fips.h ++++ gnutls-3.8.1/lib/fips.h +@@ -160,7 +160,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci } - # ifdef ENABLE_FIPS140 + #ifdef ENABLE_FIPS140 -/* This will test the condition when in FIPS140-2 mode +/* This will test the condition when in FIPS140-3 mode * and return an error if necessary or ignore */ - # define FIPS_RULE(condition, ret_error, ...) { \ - gnutls_fips_mode_t _mode = _gnutls_fips_mode_enabled(); \ - if (_mode != GNUTLS_FIPS140_DISABLED) { \ - if (condition) { \ - if (_mode == GNUTLS_FIPS140_LOG) { \ -- _gnutls_audit_log(NULL, "fips140-2: allowing "__VA_ARGS__); \ -+ _gnutls_audit_log(NULL, "fips140-3: allowing "__VA_ARGS__); \ - } else if (_mode != GNUTLS_FIPS140_LAX) { \ -- _gnutls_debug_log("fips140-2: disallowing "__VA_ARGS__); \ -+ _gnutls_debug_log("fips140-3: disallowing "__VA_ARGS__); \ - return ret_error; \ - } \ - } \ -@@ -181,7 +181,7 @@ inline static bool is_mac_algo_allowed(g + #define FIPS_RULE(condition, ret_error, ...) \ + { \ +@@ -170,10 +170,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci + if (_mode == GNUTLS_FIPS140_LOG) { \ + _gnutls_audit_log( \ + NULL, \ +- "fips140-2: allowing " __VA_ARGS__); \ ++ "fips140-3: allowing " __VA_ARGS__); \ + } else if (_mode != GNUTLS_FIPS140_LAX) { \ + _gnutls_debug_log( \ +- "fips140-2: disallowing " __VA_ARGS__); \ ++ "fips140-3: disallowing " __VA_ARGS__); \ + return ret_error; \ + } \ + } \ +@@ -188,7 +188,7 @@ inline static bool is_mac_algo_allowed(g switch (mode) { case GNUTLS_FIPS140_LOG: _gnutls_audit_log(NULL, @@ -884,7 +769,7 @@ Index: gnutls-3.8.0/lib/fips.h gnutls_mac_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -@@ -203,7 +203,7 @@ inline static bool is_cipher_algo_allowe +@@ -210,7 +210,7 @@ inline static bool is_cipher_algo_allowe switch (mode) { case GNUTLS_FIPS140_LOG: _gnutls_audit_log(NULL, @@ -893,11 +778,11 @@ Index: gnutls-3.8.0/lib/fips.h gnutls_cipher_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -Index: gnutls-3.8.0/lib/global.c +Index: gnutls-3.8.1/lib/global.c =================================================================== ---- gnutls-3.8.0.orig/lib/global.c -+++ gnutls-3.8.0/lib/global.c -@@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned +--- gnutls-3.8.1.orig/lib/global.c ++++ gnutls-3.8.1/lib/global.c +@@ -337,12 +337,12 @@ static int _gnutls_global_init(unsigned #ifdef ENABLE_FIPS140 res = _gnutls_fips_mode_enabled(); @@ -912,31 +797,31 @@ Index: gnutls-3.8.0/lib/global.c _gnutls_priority_update_fips(); /* first round of self checks, these are done on the -@@ -341,7 +341,7 @@ static int _gnutls_global_init(unsigned +@@ -352,7 +352,7 @@ static int _gnutls_global_init(unsigned if (ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); - _gnutls_audit_log(NULL, -- "FIPS140-2 self testing part1 failed\n"); -+ "FIPS140-3 self testing part1 failed\n"); + _gnutls_audit_log( +- NULL, "FIPS140-2 self testing part1 failed\n"); ++ NULL, "FIPS140-3 self testing part1 failed\n"); if (res != 2) { gnutls_assert(); goto out; -@@ -364,7 +364,7 @@ static int _gnutls_global_init(unsigned +@@ -375,7 +375,7 @@ static int _gnutls_global_init(unsigned if (ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); - _gnutls_audit_log(NULL, -- "FIPS140-2 self testing part 2 failed\n"); -+ "FIPS140-3 self testing part 2 failed\n"); + _gnutls_audit_log( +- NULL, "FIPS140-2 self testing part 2 failed\n"); ++ NULL, "FIPS140-3 self testing part 2 failed\n"); if (res != 2) { gnutls_assert(); goto out; -Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in +Index: gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in =================================================================== ---- gnutls-3.8.0.orig/lib/includes/gnutls/gnutls.h.in -+++ gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in -@@ -3278,16 +3278,16 @@ void - gnutls_alert_set_read_function(gnutls_session_t session, - gnutls_alert_read_func func); +--- gnutls-3.8.1.orig/lib/includes/gnutls/gnutls.h.in ++++ gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in +@@ -3192,16 +3192,16 @@ typedef int (*gnutls_alert_read_func)(gn + void gnutls_alert_set_read_function(gnutls_session_t session, + gnutls_alert_read_func func); -/* FIPS140-2 related functions */ +/* FIPS140-3 related functions */ @@ -955,7 +840,7 @@ Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in * application is aware of the followed security policy, and needs * to utilize disallowed operations for other reasons (e.g., compatibility). * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results -@@ -3295,7 +3295,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -3209,7 +3209,7 @@ unsigned gnutls_fips140_mode_enabled(voi * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state * cannot be set or seen by applications. * @@ -964,11 +849,11 @@ Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in */ typedef enum gnutls_fips_mode_t { GNUTLS_FIPS140_DISABLED = 0, -Index: gnutls-3.8.0/src/cli.c +Index: gnutls-3.8.1/src/cli.c =================================================================== ---- gnutls-3.8.0.orig/src/cli.c -+++ gnutls-3.8.0/src/cli.c -@@ -1650,10 +1650,10 @@ static void cmd_parser(int argc, char ** +--- gnutls-3.8.1.orig/src/cli.c ++++ gnutls-3.8.1/src/cli.c +@@ -1634,10 +1634,10 @@ static void cmd_parser(int argc, char ** if (HAVE_OPT(FIPS140_MODE)) { if (gnutls_fips140_mode_enabled() != 0) { @@ -981,11 +866,11 @@ Index: gnutls-3.8.0/src/cli.c exit(1); } -Index: gnutls-3.8.0/src/gnutls-cli-options.c +Index: gnutls-3.8.1/src/gnutls-cli-options.c =================================================================== ---- gnutls-3.8.0.orig/src/gnutls-cli-options.c -+++ gnutls-3.8.0/src/gnutls-cli-options.c -@@ -785,7 +785,7 @@ usage (FILE *out, int status) +--- gnutls-3.8.1.orig/src/gnutls-cli-options.c ++++ gnutls-3.8.1/src/gnutls-cli-options.c +@@ -791,7 +791,7 @@ usage (FILE *out, int status) " --inline-commands-prefix=str Change the default delimiter for inline commands\n" " --provider=file Specify the PKCS #11 provider library\n" " - file must pre-exist\n" @@ -994,10 +879,10 @@ Index: gnutls-3.8.0/src/gnutls-cli-options.c " --list-config Reports the configuration of the library\n" " --logfile=str Redirect informational messages to a specific file\n" " --keymatexport=str Label used for exporting keying material\n" -Index: gnutls-3.8.0/tests/cert-tests/gost.sh +Index: gnutls-3.8.1/tests/cert-tests/gost.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/gost.sh -+++ gnutls-3.8.0/tests/cert-tests/gost.sh +--- gnutls-3.8.1.orig/tests/cert-tests/gost.sh ++++ gnutls-3.8.1/tests/cert-tests/gost.sh @@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1007,10 +892,10 @@ Index: gnutls-3.8.0/tests/cert-tests/gost.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-corner-cases.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-corner-cases.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1020,10 +905,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-encode.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-encode.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1033,10 +918,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-gost.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-gost.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1046,10 +931,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1059,10 +944,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-decode.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-decode.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1072,10 +957,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-eddsa.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-eddsa.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1085,10 +970,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-gost.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-gost.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1098,10 +983,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1111,10 +996,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh exit 77 fi -Index: gnutls-3.8.0/tests/cipher-listings.sh +Index: gnutls-3.8.1/tests/cipher-listings.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cipher-listings.sh -+++ gnutls-3.8.0/tests/cipher-listings.sh +--- gnutls-3.8.1.orig/tests/cipher-listings.sh ++++ gnutls-3.8.1/tests/cipher-listings.sh @@ -63,7 +63,7 @@ check() ${CLI} --fips140-mode @@ -1124,10 +1009,10 @@ Index: gnutls-3.8.0/tests/cipher-listings.sh exit 77 fi -Index: gnutls-3.8.0/tests/testpkcs11.sh +Index: gnutls-3.8.1/tests/testpkcs11.sh =================================================================== ---- gnutls-3.8.0.orig/tests/testpkcs11.sh -+++ gnutls-3.8.0/tests/testpkcs11.sh +--- gnutls-3.8.1.orig/tests/testpkcs11.sh ++++ gnutls-3.8.1/tests/testpkcs11.sh @@ -26,7 +26,7 @@ RETCODE=0 @@ -1137,10 +1022,10 @@ Index: gnutls-3.8.0/tests/testpkcs11.sh exit 77 fi -Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t +Index: gnutls-3.8.1/doc/enums/gnutls_fips_mode_t =================================================================== ---- gnutls-3.8.0.orig/doc/enums/gnutls_fips_mode_t -+++ gnutls-3.8.0/doc/enums/gnutls_fips_mode_t +--- gnutls-3.8.1.orig/doc/enums/gnutls_fips_mode_t ++++ gnutls-3.8.1/doc/enums/gnutls_fips_mode_t @@ -3,7 +3,7 @@ @c gnutls_fips_mode_t @table @code @@ -1161,10 +1046,10 @@ Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.8.0/doc/gnutls-api.texi +Index: gnutls-3.8.1/doc/gnutls-api.texi =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls-api.texi -+++ gnutls-3.8.0/doc/gnutls-api.texi +--- gnutls-3.8.1.orig/doc/gnutls-api.texi ++++ gnutls-3.8.1/doc/gnutls-api.texi @@ -3275,7 +3275,7 @@ unusable. This function is not thread-s @subheading gnutls_fips140_set_mode @anchor{gnutls_fips140_set_mode} @@ -1190,11 +1075,11 @@ Index: gnutls-3.8.0/doc/gnutls-api.texi values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.8.0/lib/ext/session_ticket.c +Index: gnutls-3.8.1/lib/ext/session_ticket.c =================================================================== ---- gnutls-3.8.0.orig/lib/ext/session_ticket.c -+++ gnutls-3.8.0/lib/ext/session_ticket.c -@@ -536,7 +536,7 @@ int gnutls_session_ticket_key_generate(g +--- gnutls-3.8.1.orig/lib/ext/session_ticket.c ++++ gnutls-3.8.1/lib/ext/session_ticket.c +@@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g { if (_gnutls_fips_mode_enabled()) { int ret; @@ -1203,11 +1088,11 @@ Index: gnutls-3.8.0/lib/ext/session_ticket.c * some limits on allowed key size, thus it is not * used. These limits do not affect this function as * it does not generate a "key" but rather key material -Index: gnutls-3.8.0/lib/libgnutls.map +Index: gnutls-3.8.1/lib/libgnutls.map =================================================================== ---- gnutls-3.8.0.orig/lib/libgnutls.map -+++ gnutls-3.8.0/lib/libgnutls.map -@@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 { +--- gnutls-3.8.1.orig/lib/libgnutls.map ++++ gnutls-3.8.1/lib/libgnutls.map +@@ -1428,7 +1428,7 @@ GNUTLS_FIPS140_3_4 { gnutls_hkdf_self_test; gnutls_pbkdf2_self_test; gnutls_tlsprf_self_test; @@ -1216,10 +1101,10 @@ Index: gnutls-3.8.0/lib/libgnutls.map drbg_aes_reseed; drbg_aes_init; drbg_aes_generate; -Index: gnutls-3.8.0/lib/nettle/mac.c +Index: gnutls-3.8.1/lib/nettle/mac.c =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/mac.c -+++ gnutls-3.8.0/lib/nettle/mac.c +--- gnutls-3.8.1.orig/lib/nettle/mac.c ++++ gnutls-3.8.1/lib/nettle/mac.c @@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) @@ -1229,7 +1114,7 @@ Index: gnutls-3.8.0/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ ctx->set_nonce = NULL; -@@ -649,7 +649,7 @@ static void _md5_sha1_digest(void *_ctx, +@@ -648,7 +648,7 @@ static void _md5_sha1_digest(void *_ctx, static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx) { @@ -1238,23 +1123,10 @@ Index: gnutls-3.8.0/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ switch (algo) { case GNUTLS_DIG_MD5: -Index: gnutls-3.8.0/doc/gnutls.info-2 +Index: gnutls-3.8.1/config.h.in =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info-2 -+++ gnutls-3.8.0/doc/gnutls.info-2 -@@ -687,7 +687,7 @@ Variable Purpose - * 0x400000: Enable VIA PHE SHA512 - - 'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support -- for FIPS140-2 (see *note FIPS140-2 mode::) if -+ for FIPS140-3 (see *note FIPS140-3 mode::) if - set to one it will force the FIPS mode - enablement. - -Index: gnutls-3.8.0/config.h.in -=================================================================== ---- gnutls-3.8.0.orig/config.h.in -+++ gnutls-3.8.0/config.h.in +--- gnutls-3.8.1.orig/config.h.in ++++ gnutls-3.8.1/config.h.in @@ -82,7 +82,7 @@ /* enable DHE */ #undef ENABLE_ECDHE @@ -1273,11 +1145,11 @@ Index: gnutls-3.8.0/config.h.in #undef FIPS_KEY /* The FIPS140 module name */ -Index: gnutls-3.8.0/configure +Index: gnutls-3.8.1/configure =================================================================== ---- gnutls-3.8.0.orig/configure -+++ gnutls-3.8.0/configure -@@ -3775,7 +3775,7 @@ Optional Features: +--- gnutls-3.8.1.orig/configure ++++ gnutls-3.8.1/configure +@@ -3826,7 +3826,7 @@ Optional Features: --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) @@ -1286,11 +1158,11 @@ Index: gnutls-3.8.0/configure --enable-strict-x509 enable stricter sanity checks for x509 certificates --disable-non-suiteb-curves disable curves not in SuiteB -Index: gnutls-3.8.0/doc/cha-support.texi +Index: gnutls-3.8.1/doc/cha-support.texi =================================================================== ---- gnutls-3.8.0.orig/doc/cha-support.texi -+++ gnutls-3.8.0/doc/cha-support.texi -@@ -135,5 +135,5 @@ There are certifications from national o +--- gnutls-3.8.1.orig/doc/cha-support.texi ++++ gnutls-3.8.1/doc/cha-support.texi +@@ -134,5 +134,5 @@ There are certifications from national o to an auditor that the crypto component follows some best practices, such as unit testing and reliance on well known crypto primitives. @@ -1298,36 +1170,23 @@ Index: gnutls-3.8.0/doc/cha-support.texi -See @ref{FIPS140-2 mode} for more information. +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. +See @ref{FIPS140-3 mode} for more information. -Index: gnutls-3.8.0/doc/gnutls.info-6 +Index: gnutls-3.8.1/doc/gnutls.info =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info-6 -+++ gnutls-3.8.0/doc/gnutls.info-6 -@@ -7982,7 +7982,7 @@ Function and Data Index - * gnutls_fingerprint: Core TLS API. (line 3513) - * gnutls_fips140_context_deinit: Core TLS API. (line 3540) - * gnutls_fips140_context_init: Core TLS API. (line 3551) --* gnutls_fips140_get_operation_state: FIPS140-2 mode. (line 138) -+* gnutls_fips140_get_operation_state: FIPS140-3 mode. (line 138) - * gnutls_fips140_get_operation_state <1>: Core TLS API. (line 3564) - * gnutls_fips140_mode_enabled: Core TLS API. (line 3578) - * gnutls_fips140_pop_context: Core TLS API. (line 3596) -Index: gnutls-3.8.0/doc/gnutls.info +--- gnutls-3.8.1.orig/doc/gnutls.info ++++ gnutls-3.8.1/doc/gnutls.info +@@ -618,7 +618,7 @@ Ref: fig-crypto-layers743604 + Ref: Cryptographic Backend-Footnote-1746916 + Ref: Cryptographic Backend-Footnote-2747001 + Node: Random Number Generators-internals747113 +-Node: FIPS140-2 mode754583 ++Node: FIPS140-3 mode754583 + Ref: gnutls_fips_mode_t757281 + Node: Upgrading from previous versions760950 + Node: Support775192 +Index: gnutls-3.8.1/src/gnutls-cli-options.json =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info -+++ gnutls-3.8.0/doc/gnutls.info -@@ -611,7 +611,7 @@ Ref: fig-crypto-layers730201 - Ref: Cryptographic Backend-Footnote-1733485 - Ref: Cryptographic Backend-Footnote-2733570 - Node: Random Number Generators-internals733678 --Node: FIPS140-2 mode741042 -+Node: FIPS140-3 mode741042 - Ref: gnutls_fips_mode_t743678 - Node: Upgrading from previous versions747275 - Node: Support761269 -Index: gnutls-3.8.0/src/gnutls-cli-options.json -=================================================================== ---- gnutls-3.8.0.orig/src/gnutls-cli-options.json -+++ gnutls-3.8.0/src/gnutls-cli-options.json +--- gnutls-3.8.1.orig/src/gnutls-cli-options.json ++++ gnutls-3.8.1/src/gnutls-cli-options.json @@ -372,7 +372,7 @@ }, { diff --git a/gnutls-FIPS-PCT-DH.patch b/gnutls-FIPS-PCT-DH.patch deleted file mode 100644 index a764823..0000000 --- a/gnutls-FIPS-PCT-DH.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001 -From: Pedro Monreal -Date: Thu, 16 Feb 2023 17:02:38 +0100 -Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation - -Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise -Consistency check, even if we only support ephemeral DH, as it is -required by FIPS 140-3 IG 10.3.A. - -Signed-off-by: Pedro Monreal -Co-authored-by: Daiki Ueno ---- - lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++ - 1 file changed, 29 insertions(+) - -Index: gnutls-3.8.0/lib/nettle/pk.c -=================================================================== ---- gnutls-3.8.0.orig/lib/nettle/pk.c -+++ gnutls-3.8.0/lib/nettle/pk.c -@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_ - } - break; - case GNUTLS_PK_DH: -+ { -+ mpz_t y; -+ -+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance -+ * of Pair-wise Consistency check, even if we only -+ * support ephemeral DH, as it is required by FIPS -+ * 140-3 IG 10.3.A. -+ * -+ * Use the private key, x, along with the generator g -+ * and prime modulus p included in the domain -+ * parameters associated with the key pair to compute -+ * g^x mod p. Compare the result to the public key, y. -+ */ -+ mpz_init(y); -+ mpz_powm(y, -+ TOMPZ(params->params[DSA_G]), -+ TOMPZ(params->params[DSA_X]), -+ TOMPZ(params->params[DSA_P])); -+ if (unlikely -+ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_PK_GENERATION_ERROR); -+ mpz_clear(y); -+ goto cleanup; -+ } -+ mpz_clear(y); -+ break; -+ } - case GNUTLS_PK_ECDH_X25519: - case GNUTLS_PK_ECDH_X448: - ret = 0; diff --git a/gnutls-FIPS-PCT-ECDH.patch b/gnutls-FIPS-PCT-ECDH.patch deleted file mode 100644 index 5dbb403..0000000 --- a/gnutls-FIPS-PCT-ECDH.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001 -From: Pedro Monreal -Date: Fri, 24 Feb 2023 22:02:48 +0000 -Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key - derivation - -This implements full public key validation required in -SP800-56A rev3, section 5.6.2.3.3. - -Co-authored-by: Daiki Ueno -Signed-off-by: Pedro Monreal ---- - lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 125 insertions(+), 3 deletions(-) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 6adf958a61..d30bca594f 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -71,6 +71,9 @@ - static inline const struct ecc_curve *get_supported_nist_curve(int curve); - static inline const struct ecc_curve *get_supported_gost_curve(int curve); - -+static inline const char *get_supported_nist_curve_order(int curve); -+static inline const char *get_supported_nist_curve_modulus(int curve); -+ - /* When these callbacks are used for a nettle operation, the - * caller must check the macro HAVE_LIB_ERROR() after the operation - * is complete. If the macro is true, the operation is to be considered -@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - struct ecc_scalar ecc_priv; - struct ecc_point ecc_pub; - const struct ecc_curve *curve; -+ struct ecc_scalar n; -+ struct ecc_scalar m; -+ struct ecc_point r; -+ mpz_t x, y, xx, yy, nn, mm; - - out->data = NULL; - -@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - not_approved = true; - } - -+ mpz_init(x); -+ mpz_init(y); -+ mpz_init(xx); -+ mpz_init(yy); -+ mpz_init(nn); -+ mpz_init(mm); -+ -+ ecc_scalar_init(&n, curve); -+ ecc_scalar_init(&m, curve); -+ ecc_point_init(&r, curve); -+ - ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve); - if (ret < 0) { - gnutls_assert(); -- goto cleanup; -+ goto ecc_fail_cleanup; - } - - ret = _ecc_params_to_privkey(priv, &ecc_priv, curve); - if (ret < 0) { - ecc_point_clear(&ecc_pub); - gnutls_assert(); -- goto cleanup; -+ goto ecc_fail_cleanup; - } - - out->size = gnutls_ecc_curve_get_size(priv->curve); -@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - goto ecc_cleanup; - } - -+ /* Perform ECC Full Public-Key Validation Routine -+ * according to SP800-56A (revision 3), 5.6.2.3.3. -+ */ -+ -+ /* Step 1: verify that Q is not an identity -+ * element (an infinity point). Note that this -+ * cannot happen in the nettle implementation, -+ * because it cannot represent an infinity point -+ * on curves. */ - ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, - out->size); -- if (ret < 0) -+ if (ret < 0) { - gnutls_free(out->data); -+ goto ecc_cleanup; -+ } -+#ifdef ENABLE_FIPS140 -+ if (_gnutls_fips_mode_enabled()) { -+ const char *order, *modulus; -+ -+ ecc_point_mul(&r, &ecc_priv, &ecc_pub); -+ ecc_point_get(&r, x, y); -+ -+ /* Step 2: verify that both coordinates of Q are -+ * in the range [0, p - 1]. -+ * -+ * Step 3: verify that Q lie on the curve -+ * -+ * Both checks are performed in nettle. */ -+ if (!ecc_point_set(&r, x, y)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_cleanup; -+ } -+ -+ /* Step 4: verify that n * Q, where n is the -+ * curve order, result in an identity element -+ * -+ * Since nettle internally cannot represent an -+ * identity element on curves, we validate this -+ * instead: -+ * -+ * (n - 1) * Q = -Q -+ * -+ * That effectively means: n * Q = -Q + Q = O -+ */ -+ order = -+ get_supported_nist_curve_order(priv->curve); -+ if (unlikely(order == NULL)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_INTERNAL_ERROR); -+ goto ecc_cleanup; -+ } -+ -+ ret = mpz_set_str(nn, order, 16); -+ if (unlikely(ret < 0)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_MPI_SCAN_FAILED); -+ goto ecc_cleanup; -+ } -+ -+ modulus = -+ get_supported_nist_curve_modulus -+ (priv->curve); -+ if (unlikely(modulus == NULL)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_INTERNAL_ERROR); -+ goto ecc_cleanup; -+ } -+ -+ ret = mpz_set_str(mm, modulus, 16); -+ if (unlikely(ret < 0)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_MPI_SCAN_FAILED); -+ goto ecc_cleanup; -+ } -+ -+ /* (n - 1) * Q = -Q */ -+ mpz_sub_ui(nn, nn, 1); -+ ecc_scalar_set(&n, nn); -+ ecc_point_mul(&r, &n, &r); -+ ecc_point_get(&r, xx, yy); -+ mpz_sub(mm, mm, y); -+ -+ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_cleanup; -+ } -+ } else { -+ not_approved = true; -+ } -+#endif - - ecc_cleanup: - ecc_point_clear(&ecc_pub); - ecc_scalar_zclear(&ecc_priv); -+ ecc_fail_cleanup: -+ mpz_clear(x); -+ mpz_clear(y); -+ mpz_clear(xx); -+ mpz_clear(yy); -+ mpz_clear(nn); -+ mpz_clear(mm); -+ ecc_point_clear(&r); -+ ecc_scalar_clear(&n); -+ ecc_scalar_clear(&m); - if (ret < 0) - goto cleanup; - break; --- -GitLab diff --git a/gnutls-FIPS-jitterentropy.patch b/gnutls-FIPS-jitterentropy.patch index 244981a..bdd00ba 100644 --- a/gnutls-FIPS-jitterentropy.patch +++ b/gnutls-FIPS-jitterentropy.patch @@ -1,7 +1,7 @@ -Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c +Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c -+++ gnutls-3.8.0/lib/nettle/sysrng-linux.c +--- gnutls-3.8.1.orig/lib/nettle/sysrng-linux.c ++++ gnutls-3.8.1/lib/nettle/sysrng-linux.c @@ -49,6 +49,15 @@ get_entropy_func _rnd_get_system_entropy = NULL; @@ -15,12 +15,12 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c +/* Declare function to fix a missing-prototypes compilation warning */ +void FIPS_jent_entropy_deinit(void); +# endif - # ifdef HAVE_GETRANDOM - # include - # else -@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si - # endif - # endif + #ifdef HAVE_GETRANDOM + #include + #else +@@ -68,6 +77,101 @@ static ssize_t _getrandom0(void *buf, si + #endif + #endif +# if defined(ENABLE_FIPS140) +# if defined(HAVE_JENT) @@ -120,7 +120,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c static unsigned have_getrandom(void) { char c; -@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void) +@@ -163,6 +267,24 @@ int _rnd_system_entropy_init(void) int urandom_fd; #if defined(__linux__) @@ -145,7 +145,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c /* Enable getrandom() usage if available */ if (have_getrandom()) { _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom; -@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void) +@@ -193,5 +315,12 @@ int _rnd_system_entropy_init(void) void _rnd_system_entropy_deinit(void) { /* A no-op now when we open and close /dev/urandom every time */ @@ -158,11 +158,11 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c +#endif return; } -Index: gnutls-3.8.0/lib/nettle/Makefile.in +Index: gnutls-3.8.1/lib/nettle/Makefile.in =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/Makefile.in -+++ gnutls-3.8.0/lib/nettle/Makefile.in -@@ -399,7 +399,7 @@ am__v_CC_1 = +--- gnutls-3.8.1.orig/lib/nettle/Makefile.in ++++ gnutls-3.8.1/lib/nettle/Makefile.in +@@ -402,7 +402,7 @@ am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -171,10 +171,10 @@ Index: gnutls-3.8.0/lib/nettle/Makefile.in AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; -Index: gnutls-3.8.0/lib/nettle/Makefile.am +Index: gnutls-3.8.1/lib/nettle/Makefile.am =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/Makefile.am -+++ gnutls-3.8.0/lib/nettle/Makefile.am +--- gnutls-3.8.1.orig/lib/nettle/Makefile.am ++++ gnutls-3.8.1/lib/nettle/Makefile.am @@ -20,7 +20,7 @@ include $(top_srcdir)/lib/common.mk @@ -184,10 +184,10 @@ Index: gnutls-3.8.0/lib/nettle/Makefile.am AM_CPPFLAGS = \ -I$(srcdir)/int \ -Index: gnutls-3.8.0/lib/nettle/rnd-fips.c +Index: gnutls-3.8.1/lib/nettle/rnd-fips.c =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c -+++ gnutls-3.8.0/lib/nettle/rnd-fips.c +--- gnutls-3.8.1.orig/lib/nettle/rnd-fips.c ++++ gnutls-3.8.1/lib/nettle/rnd-fips.c @@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; @@ -210,10 +210,10 @@ Index: gnutls-3.8.0/lib/nettle/rnd-fips.c ret = get_entropy(fctx, buffer, sizeof(buffer)); if (ret < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); -Index: gnutls-3.8.0/tests/Makefile.am +Index: gnutls-3.8.1/tests/Makefile.am =================================================================== ---- gnutls-3.8.0.orig/tests/Makefile.am -+++ gnutls-3.8.0/tests/Makefile.am +--- gnutls-3.8.1.orig/tests/Makefile.am ++++ gnutls-3.8.1/tests/Makefile.am @@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ diff --git a/gnutls-srp-test-SIGPIPE.patch b/gnutls-srp-test-SIGPIPE.patch new file mode 100644 index 0000000..586ec3f --- /dev/null +++ b/gnutls-srp-test-SIGPIPE.patch @@ -0,0 +1,22 @@ +Index: gnutls-3.8.1/tests/srp.c +=================================================================== +--- gnutls-3.8.1.orig/tests/srp.c ++++ gnutls-3.8.1/tests/srp.c +@@ -287,7 +289,7 @@ static void start(const char *name, cons + if (child) { + int status; + /* parent */ +- close(fd[0]); ++ /* close(fd[0]); */ + client(fd[1], prio, user, pass, exp_err); + if (exp_err < 0) { + kill(child, SIGTERM); +@@ -297,7 +299,7 @@ static void start(const char *name, cons + check_wait_status(status); + } + } else { +- close(fd[1]); ++ /* close(fd[1]); */ + server(fd[0], prio); + exit(0); + } diff --git a/gnutls.changes b/gnutls.changes index 25e8ab9..ee40792 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Mon Aug 21 09:33:40 UTC 2023 - Pedro Monreal + +- tests: Fix the SRP test that fails with SIGPIPE signal return due + to a socket being closed before using it. + * Add gnutls-srp-test-SIGPIPE.patch + +------------------------------------------------------------------- +Mon Aug 7 07:51:59 UTC 2023 - Pedro Monreal + +- Update to version 3.8.1: + * libgnutls: ClientHello extensions are randomized by default + To make fingerprinting harder, TLS extensions in ClientHello + messages are shuffled. As this behavior may cause compatibility + issue with legacy applications that do not accept the last + extension without payload, the behavior can be reverted with the + %NO_SHUFFLE_EXTENSIONS priority keyword. + * libgnutls: Add support for RFC 9258 external PSK importer. + This enables to deploy the same PSK across multiple TLS versions + (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application + needs to set up a callback that formats the PSK identity using + gnutls_psk_format_imported_identity(). + * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to + %GNUTLS_NO_DEFAULT_EXTENSIONS. + * libgnutls: Add additional PBKDF limit checks in FIPS mode as + defined in SP 800-132. Minimum salt length is 128 bits and + minimum iterations bound is 1000 for PBKDF in FIPS mode. + * libgnutls: Add a mechanism to control whether to enforce extended + master secret (RFC 7627). FIPS 140-3 mandates the use of TLS + session hash (extended master secret, EMS) in TLS 1.2. To enforce + this, a new priority keyword %FORCE_SESSION_HASH is added and if + it is set and EMS is not set, the peer aborts the connection. This + behavior is the default in FIPS mode, though it can be overridden + through the configuration file with the "tls-session-hash" option. + In either case non-EMS PRF is reported as a non-approved operation + through the FIPS service indicator. + * New option --attime to specify current time. + To make testing with different timestamp to the system easier, the + tools doing certificate verification now provide a new option + --attime, which takes an arbitrary time. + * API and ABI modifications: + gnutls_psk_client_credentials_function3: New typedef + gnutls_psk_server_credentials_function3: New typedef + gnutls_psk_set_server_credentials_function3: New function + gnutls_psk_set_client_credentials_function3: New function + gnutls_psk_format_imported_identity: New function + GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags + * Rebase patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-jitterentropy.patch + * Remove patches merged/fixed upstream: + - gnutls-FIPS-PCT-DH.patch + - gnutls-FIPS-PCT-ECDH.patch + ------------------------------------------------------------------- Mon May 29 07:27:23 UTC 2023 - Pedro Monreal diff --git a/gnutls.spec b/gnutls.spec index a8dbc1f..e4eca43 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -40,7 +40,7 @@ %endif %bcond_with tpm Name: gnutls -Version: 3.8.0 +Version: 3.8.1 Release: 0 Summary: The GNU Transport Layer Security Library License: GPL-3.0-or-later AND LGPL-2.1-or-later @@ -56,17 +56,16 @@ Source4: gnutls.rpmlintrc Patch0: gnutls-3.5.11-skip-trust-store-tests.patch Patch1: gnutls-FIPS-TLS_KDF_selftest.patch Patch2: gnutls-disable-flaky-test-dtls-resume.patch +# PATCH-FIX-OPENSUSE The srp test fails with SIGPIPE +Patch3: gnutls-srp-test-SIGPIPE.patch # FIPS 140-3 patches: -#PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration -Patch100: gnutls-FIPS-PCT-DH.patch -Patch101: gnutls-FIPS-PCT-ECDH.patch #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 -Patch102: gnutls-FIPS-140-3-references.patch +Patch100: gnutls-FIPS-140-3-references.patch #PATCH-FIX-SUSE bsc#1211476 FIPS: Skip fixed HMAC verification for nettle, hogweed and gmp -Patch103: gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch +Patch101: gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy -Patch104: gnutls-FIPS-jitterentropy.patch +Patch102: gnutls-FIPS-jitterentropy.patch %endif BuildRequires: autogen BuildRequires: automake

    GNUTLS_FIPS140_DISABLED

    		 @@ -711,7 +593,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html  

    GNUTLS_FIPS140_LAX

    		 @@ -722,17 +604,17 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).