rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

Accepting request 1089748 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1089748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=149
This commit is contained in:
Dominique Leuenberger 2023-05-30 20:01:41 +00:00 committed by Git OBS Bridge
commit b8bcedc791
3 changed files with 98 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
baselibs.conf
View File

@ -1,7 +1,7 @@
libgnutls30 libgnutls30
obsoletes "gnutls-<targettype>" obsoletes "gnutls-<targettype>"
provides "libgnutls30-<targettype> = <version>-%release" provides "libgnutls30-hmac-<targettype> = <version>-%release"
obsoletes "libgnutls30-<targettype> < <version>-%release" obsoletes "libgnutls30-hmac-<targettype> < <version>-%release"
libgnutls-devel libgnutls-devel
requires -libgnutls-<targettype> requires -libgnutls-<targettype>
requires "libgnutls30-<targettype> = <version>" requires "libgnutls30-<targettype> = <version>"

92
gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
View File

@ -2,7 +2,95 @@ Index: gnutls-3.8.0/lib/fips.c
=================================================================== ===================================================================
--- gnutls-3.8.0.orig/lib/fips.c --- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c +++ gnutls-3.8.0/lib/fips.c
@@ -467,6 +467,11 @@ static int check_binary_integrity(void) @@ -171,16 +171,28 @@ struct hmac_entry {
struct hmac_file {
int version;
struct hmac_entry gnutls;
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
struct hmac_entry nettle;
struct hmac_entry hogweed;
struct hmac_entry gmp;
+#endif
};
struct lib_paths {
char gnutls[GNUTLS_PATH_MAX];
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
char nettle[GNUTLS_PATH_MAX];
char hogweed[GNUTLS_PATH_MAX];
char gmp[GNUTLS_PATH_MAX];
+#endif
};
/*
@@ -241,12 +253,18 @@ static int handler(void *user, const cha
}
} else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
return lib_handler(&p->gnutls, section, name, value);
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
} else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
return lib_handler(&p->nettle, section, name, value);
} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
return lib_handler(&p->hogweed, section, name, value);
} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
return lib_handler(&p->gmp, section, name, value);
+#endif
} else {
return 0;
}
@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info
if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+#endif
return 0;
}
@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gnutls library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#if 0
+ /* Disable nettle, hogweed and gpm HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
if (paths->nettle[0] == '\0') {
_gnutls_debug_log("Nettle library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gmp library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
-
+#endif
return GNUTLS_E_SUCCESS;
}
@@ -467,6 +496,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls); ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
if (ret < 0) if (ret < 0)
return ret; return ret;
@ -14,7 +102,7 @@ Index: gnutls-3.8.0/lib/fips.c
ret = check_lib_hmac(&hmac.nettle, paths.nettle); ret = check_lib_hmac(&hmac.nettle, paths.nettle);
if (ret < 0) if (ret < 0)
return ret; return ret;
@@ -476,6 +481,7 @@ static int check_binary_integrity(void) @@ -476,6 +510,7 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gmp, paths.gmp); ret = check_lib_hmac(&hmac.gmp, paths.gmp);
if (ret < 0) if (ret < 0)
return ret; return ret;

6
gnutls.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon May 29 07:27:23 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476]
Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 24 11:01:10 UTC 2023 - Pedro Monreal <pmonreal@suse.com> Wed May 24 11:01:10 UTC 2023 - Pedro Monreal <pmonreal@suse.com>