diff --git a/gnutls-3.8.0.tar.xz b/gnutls-3.8.0.tar.xz deleted file mode 100644 index d57e970..0000000 --- a/gnutls-3.8.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0ea0d11a1660a1e63f960f157b197abe6d0c8cb3255be24e1fb3815930b9bdc5 -size 6378480 diff --git a/gnutls-3.8.0.tar.xz.sig b/gnutls-3.8.0.tar.xz.sig deleted file mode 100644 index f22d076..0000000 Binary files a/gnutls-3.8.0.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.8.1.tar.xz b/gnutls-3.8.1.tar.xz new file mode 100644 index 0000000..320348f --- /dev/null +++ b/gnutls-3.8.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c +size 6447056 diff --git a/gnutls-3.8.1.tar.xz.sig b/gnutls-3.8.1.tar.xz.sig new file mode 100644 index 0000000..b455610 Binary files /dev/null and b/gnutls-3.8.1.tar.xz.sig differ diff --git a/gnutls-FIPS-140-3-references.patch b/gnutls-FIPS-140-3-references.patch index bfc6651..531506c 100644 --- a/gnutls-FIPS-140-3-references.patch +++ b/gnutls-FIPS-140-3-references.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.8.0/configure.ac +Index: gnutls-3.8.1/configure.ac =================================================================== ---- gnutls-3.8.0.orig/configure.ac -+++ gnutls-3.8.0/configure.ac -@@ -586,19 +586,19 @@ LT_INIT([disable-static,win32-dll,shared +--- gnutls-3.8.1.orig/configure.ac ++++ gnutls-3.8.1/configure.ac +@@ -623,19 +623,19 @@ LT_INIT([disable-static,win32-dll,shared AC_LIB_HAVE_LINKFLAGS(dl,, [#include ], [dladdr (0, 0);]) AC_ARG_ENABLE(fips140-mode, @@ -25,10 +25,10 @@ Index: gnutls-3.8.0/configure.ac AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], [specify the FIPS140 module name]), -Index: gnutls-3.8.0/doc/cha-gtls-app.texi +Index: gnutls-3.8.1/doc/cha-gtls-app.texi =================================================================== ---- gnutls-3.8.0.orig/doc/cha-gtls-app.texi -+++ gnutls-3.8.0/doc/cha-gtls-app.texi +--- gnutls-3.8.1.orig/doc/cha-gtls-app.texi ++++ gnutls-3.8.1/doc/cha-gtls-app.texi @@ -222,7 +222,7 @@ CPU. The currently available options are @end itemize @@ -38,10 +38,10 @@ Index: gnutls-3.8.0/doc/cha-gtls-app.texi if set to one it will force the FIPS mode enablement. @end multitable -Index: gnutls-3.8.0/doc/cha-internals.texi +Index: gnutls-3.8.1/doc/cha-internals.texi =================================================================== ---- gnutls-3.8.0.orig/doc/cha-internals.texi -+++ gnutls-3.8.0/doc/cha-internals.texi +--- gnutls-3.8.1.orig/doc/cha-internals.texi ++++ gnutls-3.8.1/doc/cha-internals.texi @@ -14,7 +14,7 @@ happens inside the black box. * TLS Hello Extension Handling:: * Cryptographic Backend:: @@ -162,11 +162,11 @@ Index: gnutls-3.8.0/doc/cha-internals.texi operation. It can be attached to the current execution thread with @funcref{gnutls_fips140_push_context} and its internal state will be updated until it is detached with -Index: gnutls-3.8.0/doc/enums.texi +Index: gnutls-3.8.1/doc/enums.texi =================================================================== ---- gnutls-3.8.0.orig/doc/enums.texi -+++ gnutls-3.8.0/doc/enums.texi -@@ -1176,7 +1176,7 @@ application traffic secret is installed +--- gnutls-3.8.1.orig/doc/enums.texi ++++ gnutls-3.8.1/doc/enums.texi +@@ -1184,7 +1184,7 @@ application traffic secret is installed @c gnutls_fips_mode_t @table @code @item GNUTLS_@-FIPS140_@-DISABLED @@ -175,7 +175,7 @@ Index: gnutls-3.8.0/doc/enums.texi @item GNUTLS_@-FIPS140_@-STRICT The default mode; all forbidden operations will cause an operation failure via error code. -@@ -1184,8 +1184,8 @@ operation failure via error code. +@@ -1192,8 +1192,8 @@ operation failure via error code. A transient state during library initialization. That state cannot be set or seen by applications. @item GNUTLS_@-FIPS140_@-LAX @@ -186,10 +186,10 @@ Index: gnutls-3.8.0/doc/enums.texi application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode +Index: gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode =================================================================== ---- gnutls-3.8.0.orig/doc/functions/gnutls_fips140_set_mode -+++ gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode +--- gnutls-3.8.1.orig/doc/functions/gnutls_fips140_set_mode ++++ gnutls-3.8.1/doc/functions/gnutls_fips140_set_mode @@ -3,7 +3,7 @@ @@ -215,11 +215,11 @@ Index: gnutls-3.8.0/doc/functions/gnutls_fips140_set_mode values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.8.0/doc/gnutls.html +Index: gnutls-3.8.1/doc/gnutls.html =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.html -+++ gnutls-3.8.0/doc/gnutls.html -@@ -486,7 +486,7 @@ Documentation License”. +--- gnutls-3.8.1.orig/doc/gnutls.html ++++ gnutls-3.8.1/doc/gnutls.html +@@ -484,7 +484,7 @@ Documentation License”.
  • 11.4 TLS Extension Handling
  • 11.5 Cryptographic Backend
  • 11.6 Random Number Generators
    • @@ -228,16 +228,16 @@ Index: gnutls-3.8.0/doc/gnutls.html
  • Appendix A Upgrading from previous versions
  • Appendix B Support -@@ -9009,7 +9009,7 @@ CPU. The currently available options are -
  • 0x200000: Enable VIA PHE -
  • 0x400000: Enable VIA PHE SHA512 +@@ -9035,7 +9035,7 @@ CPU. The currently available options are +
  • 0x200000: Enable VIA PHE +
  • 0x400000: Enable VIA PHE SHA512
    • --GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-2 (see FIPS140-2 mode) -+GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-3 (see FIPS140-3 mode) +-GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-2 (see FIPS140-2 mode) ++GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-3 (see FIPS140-3 mode) if set to one it will force the FIPS mode enablement. + - -@@ -18459,7 +18459,7 @@ None: +@@ -18437,7 +18437,7 @@ None: --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library - file must pre-exist @@ -246,7 +246,7 @@ Index: gnutls-3.8.0/doc/gnutls.html --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -@@ -19436,7 +19436,7 @@ happens inside the black box. +@@ -19445,7 +19445,7 @@ happens inside the black box.
  • TLS Extension Handling
  • Cryptographic Backend
  • Random Number Generators
    • @@ -254,31 +254,31 @@ Index: gnutls-3.8.0/doc/gnutls.html +
  • FIPS140-3 mode
    • -
    -@@ -19965,7 +19965,7 @@ For more information see -
    + --

    11.7 FIPS140-2 mode

    -+

    11.7 FIPS140-3 mode

    +-

    11.7 FIPS140-2 mode

    ++

    11.7 FIPS140-3 mode

    -

    GnuTLS can operate in a special mode for FIPS140-2. That mode of operation -is for the conformance to NIST’s FIPS140-2 publication, which consists of policies @@ -291,9 +291,9 @@ Index: gnutls-3.8.0/doc/gnutls.html

    -

    There are two distinct library states with regard to FIPS140-2: the FIPS140-2 +

    There are two distinct library states with regard to FIPS140-3: the FIPS140-3 - mode is installed if /etc/system-fips is present, and the --FIPS140-2 mode is enabled if /proc/sys/crypto/fips_enabled -+FIPS140-3 mode is enabled if /proc/sys/crypto/fips_enabled + mode is installed if /etc/system-fips is present, and the +-FIPS140-2 mode is enabled if /proc/sys/crypto/fips_enabled ++FIPS140-3 mode is enabled if /proc/sys/crypto/fips_enabled contains ’1’, which is typically set with the “fips=1” kernel command line option.

    @@ -301,62 +301,62 @@ Index: gnutls-3.8.0/doc/gnutls.html +

    When the FIPS140-3 mode is installed, the operation of the library is modified as follows.

    -
      -@@ -20134,12 +20134,12 @@ as follows. -
    • Algorithm self-tests are run on library load +
        +@@ -20143,12 +20143,12 @@ as follows. +
      • Algorithm self-tests are run on library load
      -

      When the FIPS140-2 mode is enabled, The operation of the library is in addition +

      When the FIPS140-3 mode is enabled, The operation of the library is in addition modified as follows.

      -
        --
      • Only approved by FIPS140-2 algorithms are enabled --
      • Only approved by FIPS140-2 key lengths are allowed for key generation -+
      • Only approved by FIPS140-3 algorithms are enabled -+
      • Only approved by FIPS140-3 key lengths are allowed for key generation -
      • Any cryptographic operation will be refused if any of the self-tests failed +
          +-
        • Only approved by FIPS140-2 algorithms are enabled +-
        • Only approved by FIPS140-2 key lengths are allowed for key generation ++
        • Only approved by FIPS140-3 algorithms are enabled ++
        • Only approved by FIPS140-3 key lengths are allowed for key generation +
        • Any cryptographic operation will be refused if any of the self-tests failed
        -@@ -20148,7 +20148,7 @@ modified as follows. - environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS will disable +@@ -20157,7 +20157,7 @@ modified as follows. + environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS will disable the library integrity tests on startup, and the variable - GNUTLS_FORCE_FIPS_MODE can be set to force a value from --Figure 11.5, i.e., ’1’ will enable the FIPS140-2 -+Figure 11.5, i.e., ’1’ will enable the FIPS140-3 + GNUTLS_FORCE_FIPS_MODE can be set to force a value from +-Figure 11.5, i.e., ’1’ will enable the FIPS140-2 ++Figure 11.5, i.e., ’1’ will enable the FIPS140-3 mode, while ’0’ will disable it.

        The integrity checks for the dependent libraries and GnuTLS are performed -@@ -20156,13 +20156,13 @@ using ’.hmac’ files which ar +@@ -20165,13 +20165,13 @@ using ’.hmac’ files which ar key for the operations can be provided on compile-time with the configure option ’–with-fips140-key’. The MAC algorithm used is HMAC-SHA256.

        -

        On runtime an application can verify whether the library is in FIPS140-2 +

        On runtime an application can verify whether the library is in FIPS140-3 - mode using the gnutls_fips140_mode_enabled function. + mode using the gnutls_fips140_mode_enabled function.

        --

        Relaxing FIPS140-2 requirements

        -+

        Relaxing FIPS140-3 requirements

        +-

        Relaxing FIPS140-2 requirements

        ++

        Relaxing FIPS140-3 requirements

        The library by default operates in a strict enforcing mode, ensuring that -all constraints imposed by the FIPS140-2 specification are enforced. However +all constraints imposed by the FIPS140-3 specification are enforced. However - the application can relax these requirements via gnutls_fips140_set_mode - which can switch to alternative modes as in Figure 11.5. + the application can relax these requirements via gnutls_fips140_set_mode + which can switch to alternative modes as in Figure 11.5.

        -@@ -20171,7 +20171,7 @@ which can switch to alternative modes as +@@ -20180,7 +20180,7 @@ which can switch to alternative modes as -
        -
        GNUTLS_FIPS140_DISABLED
        +
        +
        GNUTLS_FIPS140_DISABLED
        -

        The FIPS140-2 mode is disabled. +

        The FIPS140-3 mode is disabled.

        -
        GNUTLS_FIPS140_STRICT
        +
        GNUTLS_FIPS140_STRICT

        The default mode; all forbidden operations will cause an -@@ -20182,8 +20182,8 @@ operation failure via error code. +@@ -20191,8 +20191,8 @@ operation failure via error code. cannot be set or seen by applications.

        -
        GNUTLS_FIPS140_LAX
        +
        GNUTLS_FIPS140_LAX
        -

        The library still uses the FIPS140-2 relevant algorithms but all -forbidden by FIPS140-2 operations are allowed; this is useful when the +

        The library still uses the FIPS140-3 relevant algorithms but all @@ -364,17 +364,17 @@ Index: gnutls-3.8.0/doc/gnutls.html application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).

        -@@ -20195,7 +20195,7 @@ to a message to the audit callback funct +@@ -20204,7 +20204,7 @@ to a message to the audit callback funct -

        Figure 11.5: The gnutls_fips_mode_t enumeration.

    +

    Figure 11.5: The gnutls_fips_mode_t enumeration.

    The intention of this API is to be used by applications which may run in -FIPS140-2 mode, while they utilize few algorithms not in the allowed set, +FIPS140-3 mode, while they utilize few algorithms not in the allowed set, e.g., for non-security related purposes. In these cases applications should wrap the non-compliant code within blocks like the following.

    -@@ -20224,9 +20224,9 @@ if (gnutls_fips140_mode_enabled()) -

    The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the +@@ -20233,9 +20233,9 @@ if (gnutls_fips140_mode_enabled()) +

    The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the previous calls is to localize the change in the mode. Note also, that such a block has no effect when the library is not operating -under FIPS140-2 mode, and thus it can be considered a no-op. @@ -383,41 +383,41 @@ Index: gnutls-3.8.0/doc/gnutls.html -

    Applications could also switch FIPS140-2 mode explicitly off, by calling +

    Applications could also switch FIPS140-3 mode explicitly off, by calling

    - 
    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
+ 
    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
    -@@ -20249,7 +20249,7 @@ performed within a given context. -
    int gnutls_fips140_pop_context ( void)
    +@@ -20258,7 +20258,7 @@ performed within a given context. +
    int gnutls_fips140_pop_context ( void)
    --

    The gnutls_fips140_context_t represents the FIPS140-2 mode of -+

    The gnutls_fips140_context_t represents the FIPS140-3 mode of +-

    The gnutls_fips140_context_t represents the FIPS140-2 mode of ++

    The gnutls_fips140_context_t represents the FIPS140-3 mode of operation. It can be attached to the current execution thread with - gnutls_fips140_push_context and its internal state will be + gnutls_fips140_push_context and its internal state will be updated until it is detached with -@@ -20615,8 +20615,8 @@ Previous: -

    GnuTLS has support for the FIPS 140-2 certification under Red Hat Enterprise Linux. --See FIPS140-2 mode for more information. +-See FIPS140-2 mode for more information. +

    GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. -+See FIPS140-3 mode for more information. ++See FIPS140-3 mode for more information.

    -@@ -24526,7 +24526,7 @@ unusable. This function is not thread-s -

    gnutls_fips140_set_mode

    -
    -
    Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t mode, unsigned flags)
    --

    mode: the FIPS140-2 mode to switch to -+

    mode: the FIPS140-3 mode to switch to +@@ -24544,7 +24544,7 @@ unusable. This function is not thread-s +

    gnutls_fips140_set_mode

    +
    +
    Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t mode, unsigned flags)
    +-

    mode: the FIPS140-2 mode to switch to ++

    mode: the FIPS140-3 mode to switch to

    -

    flags: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD +

    flags: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD

    -@@ -24535,13 +24535,13 @@ unusable. This function is not thread-s +@@ -24553,13 +24553,13 @@ unusable. This function is not thread-s behavior with no flags after threads are created is undefined.

    -

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified +

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified -then this call will change the FIPS140-2 mode for this particular +then this call will change the FIPS140-3 mode for this particular thread and not for the whole process. That way an application @@ -427,23 +427,23 @@ Index: gnutls-3.8.0/doc/gnutls.html

    This function never fails but will be a no-op if used when -the library is not in FIPS140-2 mode. When asked to switch to unknown +the library is not in FIPS140-3 mode. When asked to switch to unknown - values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library - switches to GNUTLS_FIPS140_STRICT mode. + values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library + switches to GNUTLS_FIPS140_STRICT mode.

    -@@ -46662,7 +46662,7 @@ Next: gnutls_fingerprintCore TLS API - gnutls_fips140_context_deinitCore TLS API - gnutls_fips140_context_initCore TLS API --gnutls_fips140_get_operation_stateFIPS140-2 mode -+gnutls_fips140_get_operation_stateFIPS140-3 mode - gnutls_fips140_get_operation_stateCore TLS API - gnutls_fips140_mode_enabledCore TLS API - gnutls_fips140_pop_contextCore TLS API -Index: gnutls-3.8.0/doc/gnutls.info-3 +@@ -46765,7 +46765,7 @@ Next: gnutls_fingerprintCore TLS API + gnutls_fips140_context_deinitCore TLS API + gnutls_fips140_context_initCore TLS API +-gnutls_fips140_get_operation_stateFIPS140-2 mode ++gnutls_fips140_get_operation_stateFIPS140-3 mode + gnutls_fips140_get_operation_stateCore TLS API + gnutls_fips140_mode_enabledCore TLS API + gnutls_fips140_pop_contextCore TLS API +Index: gnutls-3.8.1/doc/gnutls.info-3 =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info-3 -+++ gnutls-3.8.0/doc/gnutls.info-3 -@@ -1631,7 +1631,7 @@ to 'more'. Both will exit with a status +--- gnutls-3.8.1.orig/doc/gnutls.info-3 ++++ gnutls-3.8.1/doc/gnutls.info-3 +@@ -2241,7 +2241,7 @@ to ‘more’. Both will exit with a st --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library - file must pre-exist @@ -452,7 +452,7 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -@@ -2732,7 +2732,7 @@ to know what happens inside the black bo +@@ -3379,7 +3379,7 @@ to know what happens inside the black bo * TLS Hello Extension Handling:: * Cryptographic Backend:: * Random Number Generators-internals:: @@ -461,8 +461,8 @@ Index: gnutls-3.8.0/doc/gnutls.info-3  File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS -@@ -3264,7 +3264,7 @@ and abstract key types::. - kernel implementation of '/dev/crypto'. +@@ -3911,7 +3911,7 @@ and abstract key types::. + kernel implementation of ‘/dev/crypto’.  -File: gnutls.info, Node: Random Number Generators-internals, Next: FIPS140-2 mode, Prev: Cryptographic Backend, Up: Internal architecture of GnuTLS @@ -470,7 +470,7 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 11.6 Random Number Generators ============================= -@@ -3274,7 +3274,7 @@ About the generators +@@ -3921,7 +3921,7 @@ About the generators GnuTLS provides two random generators. The default, and the AES-DRBG random generator which is only used when the library is compiled with @@ -479,102 +479,8 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 The default generator - inner workings -------------------------------------- -@@ -3423,25 +3423,25 @@ after observing the output of the PRNG. - the above paragraph, all levels are immune to such attack. - -  --File: gnutls.info, Node: FIPS140-2 mode, Prev: Random Number Generators-internals, Up: Internal architecture of GnuTLS -+File: gnutls.info, Node: FIPS140-3 mode, Prev: Random Number Generators-internals, Up: Internal architecture of GnuTLS - --11.7 FIPS140-2 mode -+11.7 FIPS140-3 mode - =================== - --GnuTLS can operate in a special mode for FIPS140-2. That mode of --operation is for the conformance to NIST's FIPS140-2 publication, which -+GnuTLS can operate in a special mode for FIPS140-3. That mode of -+operation is for the conformance to NIST's FIPS140-3 publication, which - consists of policies for cryptographic modules (such as software - libraries). Its implementation in GnuTLS is designed for Red Hat - Enterprise Linux, and can only be enabled when the library is explicitly - compiled with the '-enable-fips140-mode' configure option. - --There are two distinct library states with regard to FIPS140-2: the --FIPS140-2 mode is _installed_ if '/etc/system-fips' is present, and the --FIPS140-2 mode is _enabled_ if '/proc/sys/crypto/fips_enabled' contains -+There are two distinct library states with regard to FIPS140-3: the -+FIPS140-3 mode is _installed_ if '/etc/system-fips' is present, and the -+FIPS140-3 mode is _enabled_ if '/proc/sys/crypto/fips_enabled' contains - '1', which is typically set with the "fips=1" kernel command line - option. - --When the FIPS140-2 mode is installed, the operation of the library is -+When the FIPS140-3 mode is installed, the operation of the library is - modified as follows. - - * The random generator used switches to DRBG-AES -@@ -3449,11 +3449,11 @@ modified as follows. - startup - * Algorithm self-tests are run on library load - --When the FIPS140-2 mode is enabled, The operation of the library is in -+When the FIPS140-3 mode is enabled, The operation of the library is in - addition modified as follows. - -- * Only approved by FIPS140-2 algorithms are enabled -- * Only approved by FIPS140-2 key lengths are allowed for key -+ * Only approved by FIPS140-3 algorithms are enabled -+ * Only approved by FIPS140-3 key lengths are allowed for key - generation - * Any cryptographic operation will be refused if any of the - self-tests failed -@@ -3462,7 +3462,7 @@ There are also few environment variables - The environment variable 'GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS' will - disable the library integrity tests on startup, and the variable - 'GNUTLS_FORCE_FIPS_MODE' can be set to force a value from *note Figure --11.5: gnutls_fips_mode_t, i.e., '1' will enable the FIPS140-2 mode, -+11.5: gnutls_fips_mode_t, i.e., '1' will enable the FIPS140-3 mode, - while '0' will disable it. - - The integrity checks for the dependent libraries and GnuTLS are -@@ -3471,20 +3471,20 @@ library. The key for the operations can - with the configure option '-with-fips140-key'. The MAC algorithm used - is HMAC-SHA256. - --On runtime an application can verify whether the library is in FIPS140-2 -+On runtime an application can verify whether the library is in FIPS140-3 - mode using the *note gnutls_fips140_mode_enabled:: function. - --Relaxing FIPS140-2 requirements -+Relaxing FIPS140-3 requirements - ------------------------------- - - The library by default operates in a strict enforcing mode, ensuring --that all constraints imposed by the FIPS140-2 specification are -+that all constraints imposed by the FIPS140-3 specification are - enforced. However the application can relax these requirements via - *note gnutls_fips140_set_mode:: which can switch to alternative modes as - in *note Figure 11.5: gnutls_fips_mode_t. - - 'GNUTLS_FIPS140_DISABLED' -- The FIPS140-2 mode is disabled. -+ The FIPS140-3 mode is disabled. - 'GNUTLS_FIPS140_STRICT' - The default mode; all forbidden operations will cause an operation - failure via error code. -@@ -3492,8 +3492,8 @@ in *note Figure 11.5: gnutls_fips_mode_t - A transient state during library initialization. That state cannot - be set or seen by applications. - 'GNUTLS_FIPS140_LAX' -- The library still uses the FIPS140-2 relevant algorithms but all -- forbidden by FIPS140-2 operations are allowed; this is useful when -+ The library still uses the FIPS140-3 relevant algorithms but all -+ forbidden by FIPS140-3 operations are allowed; this is useful when - the application is aware of the followed security policy, and needs - to utilize disallowed operations for other reasons (e.g., - compatibility). -@@ -3506,7 +3506,7 @@ in *note Figure 11.5: gnutls_fips_mode_t - Figure 11.5: The 'gnutls_fips_mode_t' enumeration. +@@ -4153,7 +4153,7 @@ in *note Figure 11.5: gnutls_fips_mode_t + Figure 11.5: The ‘gnutls_fips_mode_t’ enumeration. The intention of this API is to be used by applications which may run in -FIPS140-2 mode, while they utilize few algorithms not in the allowed @@ -582,9 +488,9 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 set, e.g., for non-security related purposes. In these cases applications should wrap the non-compliant code within blocks like the following. -@@ -3530,10 +3530,10 @@ are macros to simplify the following seq +@@ -4177,10 +4177,10 @@ are macros to simplify the following seq - The reason of the 'GNUTLS_FIPS140_SET_MODE_THREAD' flag in the previous + The reason of the ‘GNUTLS_FIPS140_SET_MODE_THREAD’ flag in the previous calls is to localize the change in the mode. Note also, that such a -block has no effect when the library is not operating under FIPS140-2 +block has no effect when the library is not operating under FIPS140-3 @@ -595,16 +501,7 @@ Index: gnutls-3.8.0/doc/gnutls.info-3 gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); Service indicator -@@ -3552,7 +3552,7 @@ within a given context. - 'INT *note gnutls_fips140_push_context:: (gnutls_fips140_context_t CONTEXT)' - 'INT *note gnutls_fips140_pop_context:: ( VOID)' - --The 'gnutls_fips140_context_t' represents the FIPS140-2 mode of -+The 'gnutls_fips140_context_t' represents the FIPS140-3 mode of - operation. It can be attached to the current execution thread with - *note gnutls_fips140_push_context:: and its internal state will be - updated until it is detached with *note gnutls_fips140_pop_context::. -@@ -4010,8 +4010,8 @@ There are certifications from national o +@@ -4662,8 +4662,8 @@ There are certifications from national o practices, such as unit testing and reliance on well known crypto primitives. @@ -615,34 +512,19 @@ Index: gnutls-3.8.0/doc/gnutls.info-3  File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top -@@ -8476,7 +8476,7 @@ gnutls_fips140_set_mode +@@ -9128,7 +9128,7 @@ gnutls_fips140_set_mode -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE, unsigned FLAGS) - MODE: the FIPS140-2 mode to switch to + MODE: the FIPS140-3 mode to switch to - FLAGS: should be zero or 'GNUTLS_FIPS140_SET_MODE_THREAD' + FLAGS: should be zero or ‘GNUTLS_FIPS140_SET_MODE_THREAD’ -@@ -8486,12 +8486,12 @@ gnutls_fips140_set_mode - undefined. - - When the flag 'GNUTLS_FIPS140_SET_MODE_THREAD' is specified then -- this call will change the FIPS140-2 mode for this particular thread -+ this call will change the FIPS140-3 mode for this particular thread - and not for the whole process. That way an application can utilize - this function to set and reset mode for specific operations. - - This function never fails but will be a no-op if used when the -- library is not in FIPS140-2 mode. When asked to switch to unknown -+ library is not in FIPS140-3 mode. When asked to switch to unknown - values for 'mode' or to 'GNUTLS_FIPS140_SELFTESTS' mode, the - library switches to 'GNUTLS_FIPS140_STRICT' mode. - -Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi +Index: gnutls-3.8.1/doc/invoke-gnutls-cli.texi =================================================================== ---- gnutls-3.8.0.orig/doc/invoke-gnutls-cli.texi -+++ gnutls-3.8.0/doc/invoke-gnutls-cli.texi +--- gnutls-3.8.1.orig/doc/invoke-gnutls-cli.texi ++++ gnutls-3.8.1/doc/invoke-gnutls-cli.texi @@ -99,7 +99,7 @@ None: --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library @@ -652,10 +534,10 @@ Index: gnutls-3.8.0/doc/invoke-gnutls-cli.texi --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1 +Index: gnutls-3.8.1/doc/manpages/gnutls-cli.1 =================================================================== ---- gnutls-3.8.0.orig/doc/manpages/gnutls-cli.1 -+++ gnutls-3.8.0/doc/manpages/gnutls-cli.1 +--- gnutls-3.8.1.orig/doc/manpages/gnutls-cli.1 ++++ gnutls-3.8.1/doc/manpages/gnutls-cli.1 @@ -389,7 +389,7 @@ Specify the PKCS #11 provider library. This will override the default options in /etc/gnutls/pkcs11.conf .TP @@ -665,11 +547,11 @@ Index: gnutls-3.8.0/doc/manpages/gnutls-cli.1 .sp .TP .NOP \f\*[B-Font]\-\-list\-config\f[] -Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html +Index: gnutls-3.8.1/doc/reference/html/gnutls-gnutls.html =================================================================== ---- gnutls-3.8.0.orig/doc/reference/html/gnutls-gnutls.html -+++ gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html -@@ -20580,12 +20580,12 @@ gnutls_fips140_set_mode (

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -684,7 +566,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library switches to GNUTLS_FIPS140_STRICT mode.

    -@@ -20600,7 +20600,7 @@ switches to

    mode

    @@ -693,7 +575,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html   -@@ -25568,7 +25568,7 @@ encryption

    +@@ -25880,7 +25880,7 @@ encryption

    enum gnutls_fips_mode_t

    @@ -702,7 +584,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html

    Members

    -@@ -25581,7 +25581,7 @@ encryption

    +@@ -25893,7 +25893,7 @@ encryption

    -@@ -25604,8 +25604,8 @@ operation failure via error code.

    +@@ -25916,8 +25916,8 @@ operation failure via error code.

    -@@ -27241,4 +27241,4 @@ This is used by
    Generated by GTK-Doc V1.33.1 - \ No newline at end of file + -Index: gnutls-3.8.0/lib/fips.c +Index: gnutls-3.8.1/lib/fips.c =================================================================== ---- gnutls-3.8.0.orig/lib/fips.c -+++ gnutls-3.8.0/lib/fips.c +--- gnutls-3.8.1.orig/lib/fips.c ++++ gnutls-3.8.1/lib/fips.c @@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void) } @@ -751,7 +633,7 @@ Index: gnutls-3.8.0/lib/fips.c ret = GNUTLS_FIPS140_SELFTESTS; goto exit; } -@@ -694,7 +694,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -692,7 +692,7 @@ unsigned gnutls_fips140_mode_enabled(voi /** * gnutls_fips140_set_mode: @@ -760,7 +642,7 @@ Index: gnutls-3.8.0/lib/fips.c * @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD * * That function is not thread-safe when changing the mode with no flags -@@ -702,13 +702,13 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -700,13 +700,13 @@ unsigned gnutls_fips140_mode_enabled(voi * behavior with no flags after threads are created is undefined. * * When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -776,28 +658,29 @@ Index: gnutls-3.8.0/lib/fips.c * values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library * switches to %GNUTLS_FIPS140_STRICT mode. * -@@ -719,9 +719,9 @@ void gnutls_fips140_set_mode(gnutls_fips - #ifdef ENABLE_FIPS140 +@@ -718,10 +718,10 @@ void gnutls_fips140_set_mode(gnutls_fips gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled(); - if (prev == GNUTLS_FIPS140_DISABLED || prev == GNUTLS_FIPS140_SELFTESTS) { + if (prev == GNUTLS_FIPS140_DISABLED || + prev == GNUTLS_FIPS140_SELFTESTS) { - /* we need to run self-tests first to be in FIPS140-2 mode */ + /* we need to run self-tests first to be in FIPS140-3 mode */ - _gnutls_audit_log(NULL, -- "The library should be initialized in FIPS140-2 mode to do that operation\n"); -+ "The library should be initialized in FIPS140-3 mode to do that operation\n"); + _gnutls_audit_log( + NULL, +- "The library should be initialized in FIPS140-2 mode to do that operation\n"); ++ "The library should be initialized in FIPS140-3 mode to do that operation\n"); return; } -@@ -733,7 +733,7 @@ void gnutls_fips140_set_mode(gnutls_fips - break; +@@ -734,7 +734,7 @@ void gnutls_fips140_set_mode(gnutls_fips case GNUTLS_FIPS140_SELFTESTS: - _gnutls_audit_log(NULL, -- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); -+ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); + _gnutls_audit_log( + NULL, +- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); ++ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); mode = GNUTLS_FIPS140_STRICT; break; default: -@@ -908,7 +908,7 @@ void _gnutls_switch_fips_state(gnutls_fi +@@ -910,7 +910,7 @@ void _gnutls_switch_fips_state(gnutls_fi } if (!_tfips_context) { @@ -806,35 +689,35 @@ Index: gnutls-3.8.0/lib/fips.c return; } -@@ -921,7 +921,7 @@ void _gnutls_switch_fips_state(gnutls_fi - /* initial can be transitioned to any state */ +@@ -924,7 +924,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { - _gnutls_audit_log(NULL, -- "FIPS140-2 operation mode switched from initial to %s\n", -+ "FIPS140-3 operation mode switched from initial to %s\n", - operation_state_to_string(state)); + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode switched from initial to %s\n", ++ "FIPS140-3 operation mode switched from initial to %s\n", + operation_state_to_string(state)); } _tfips_context->state = state; -@@ -931,7 +931,7 @@ void _gnutls_switch_fips_state(gnutls_fi - if (likely(state == GNUTLS_FIPS140_OP_NOT_APPROVED)) { +@@ -935,7 +935,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { - _gnutls_audit_log(NULL, -- "FIPS140-2 operation mode switched from approved to %s\n", -+ "FIPS140-3 operation mode switched from approved to %s\n", - operation_state_to_string - (state)); + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode switched from approved to %s\n", ++ "FIPS140-3 operation mode switched from approved to %s\n", + operation_state_to_string(state)); } -@@ -943,7 +943,7 @@ void _gnutls_switch_fips_state(gnutls_fi - /* other transitions are prohibited */ + _tfips_context->state = state; +@@ -947,7 +947,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { - _gnutls_audit_log(NULL, -- "FIPS140-2 operation mode cannot be switched from %s to %s\n", -+ "FIPS140-3 operation mode cannot be switched from %s to %s\n", - operation_state_to_string - (_tfips_context->state), - operation_state_to_string(state)); -@@ -1004,7 +1004,7 @@ int gnutls_fips140_run_self_tests(void) - if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_DISABLED && ret < 0) { + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode cannot be switched from %s to %s\n", ++ "FIPS140-3 operation mode cannot be switched from %s to %s\n", + operation_state_to_string( + _tfips_context->state), + operation_state_to_string(state)); +@@ -1009,7 +1009,7 @@ int gnutls_fips140_run_self_tests(void) + ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); _gnutls_audit_log(NULL, - "FIPS140-2 self testing part 2 failed\n"); @@ -842,40 +725,42 @@ Index: gnutls-3.8.0/lib/fips.c } else { /* Restore the previous library state */ _gnutls_switch_lib_state(prev_lib_state); -@@ -1016,7 +1016,7 @@ int gnutls_fips140_run_self_tests(void) +@@ -1021,7 +1021,7 @@ int gnutls_fips140_run_self_tests(void) if (gnutls_fips140_pop_context() < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); - _gnutls_audit_log(NULL, -- "FIPS140-2 context restoration failed\n"); -+ "FIPS140-3 context restoration failed\n"); + _gnutls_audit_log( +- NULL, "FIPS140-2 context restoration failed\n"); ++ NULL, "FIPS140-3 context restoration failed\n"); } gnutls_fips140_context_deinit(fips_context); } -Index: gnutls-3.8.0/lib/fips.h +Index: gnutls-3.8.1/lib/fips.h =================================================================== ---- gnutls-3.8.0.orig/lib/fips.h -+++ gnutls-3.8.0/lib/fips.h -@@ -158,16 +158,16 @@ is_cipher_algo_allowed_in_fips(gnutls_ci +--- gnutls-3.8.1.orig/lib/fips.h ++++ gnutls-3.8.1/lib/fips.h +@@ -160,7 +160,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci } - # ifdef ENABLE_FIPS140 + #ifdef ENABLE_FIPS140 -/* This will test the condition when in FIPS140-2 mode +/* This will test the condition when in FIPS140-3 mode * and return an error if necessary or ignore */ - # define FIPS_RULE(condition, ret_error, ...) { \ - gnutls_fips_mode_t _mode = _gnutls_fips_mode_enabled(); \ - if (_mode != GNUTLS_FIPS140_DISABLED) { \ - if (condition) { \ - if (_mode == GNUTLS_FIPS140_LOG) { \ -- _gnutls_audit_log(NULL, "fips140-2: allowing "__VA_ARGS__); \ -+ _gnutls_audit_log(NULL, "fips140-3: allowing "__VA_ARGS__); \ - } else if (_mode != GNUTLS_FIPS140_LAX) { \ -- _gnutls_debug_log("fips140-2: disallowing "__VA_ARGS__); \ -+ _gnutls_debug_log("fips140-3: disallowing "__VA_ARGS__); \ - return ret_error; \ - } \ - } \ -@@ -181,7 +181,7 @@ inline static bool is_mac_algo_allowed(g + #define FIPS_RULE(condition, ret_error, ...) \ + { \ +@@ -170,10 +170,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci + if (_mode == GNUTLS_FIPS140_LOG) { \ + _gnutls_audit_log( \ + NULL, \ +- "fips140-2: allowing " __VA_ARGS__); \ ++ "fips140-3: allowing " __VA_ARGS__); \ + } else if (_mode != GNUTLS_FIPS140_LAX) { \ + _gnutls_debug_log( \ +- "fips140-2: disallowing " __VA_ARGS__); \ ++ "fips140-3: disallowing " __VA_ARGS__); \ + return ret_error; \ + } \ + } \ +@@ -188,7 +188,7 @@ inline static bool is_mac_algo_allowed(g switch (mode) { case GNUTLS_FIPS140_LOG: _gnutls_audit_log(NULL, @@ -884,7 +769,7 @@ Index: gnutls-3.8.0/lib/fips.h gnutls_mac_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -@@ -203,7 +203,7 @@ inline static bool is_cipher_algo_allowe +@@ -210,7 +210,7 @@ inline static bool is_cipher_algo_allowe switch (mode) { case GNUTLS_FIPS140_LOG: _gnutls_audit_log(NULL, @@ -893,11 +778,11 @@ Index: gnutls-3.8.0/lib/fips.h gnutls_cipher_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -Index: gnutls-3.8.0/lib/global.c +Index: gnutls-3.8.1/lib/global.c =================================================================== ---- gnutls-3.8.0.orig/lib/global.c -+++ gnutls-3.8.0/lib/global.c -@@ -326,12 +326,12 @@ static int _gnutls_global_init(unsigned +--- gnutls-3.8.1.orig/lib/global.c ++++ gnutls-3.8.1/lib/global.c +@@ -337,12 +337,12 @@ static int _gnutls_global_init(unsigned #ifdef ENABLE_FIPS140 res = _gnutls_fips_mode_enabled(); @@ -912,31 +797,31 @@ Index: gnutls-3.8.0/lib/global.c _gnutls_priority_update_fips(); /* first round of self checks, these are done on the -@@ -341,7 +341,7 @@ static int _gnutls_global_init(unsigned +@@ -352,7 +352,7 @@ static int _gnutls_global_init(unsigned if (ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); - _gnutls_audit_log(NULL, -- "FIPS140-2 self testing part1 failed\n"); -+ "FIPS140-3 self testing part1 failed\n"); + _gnutls_audit_log( +- NULL, "FIPS140-2 self testing part1 failed\n"); ++ NULL, "FIPS140-3 self testing part1 failed\n"); if (res != 2) { gnutls_assert(); goto out; -@@ -364,7 +364,7 @@ static int _gnutls_global_init(unsigned +@@ -375,7 +375,7 @@ static int _gnutls_global_init(unsigned if (ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); - _gnutls_audit_log(NULL, -- "FIPS140-2 self testing part 2 failed\n"); -+ "FIPS140-3 self testing part 2 failed\n"); + _gnutls_audit_log( +- NULL, "FIPS140-2 self testing part 2 failed\n"); ++ NULL, "FIPS140-3 self testing part 2 failed\n"); if (res != 2) { gnutls_assert(); goto out; -Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in +Index: gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in =================================================================== ---- gnutls-3.8.0.orig/lib/includes/gnutls/gnutls.h.in -+++ gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in -@@ -3278,16 +3278,16 @@ void - gnutls_alert_set_read_function(gnutls_session_t session, - gnutls_alert_read_func func); +--- gnutls-3.8.1.orig/lib/includes/gnutls/gnutls.h.in ++++ gnutls-3.8.1/lib/includes/gnutls/gnutls.h.in +@@ -3192,16 +3192,16 @@ typedef int (*gnutls_alert_read_func)(gn + void gnutls_alert_set_read_function(gnutls_session_t session, + gnutls_alert_read_func func); -/* FIPS140-2 related functions */ +/* FIPS140-3 related functions */ @@ -955,7 +840,7 @@ Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in * application is aware of the followed security policy, and needs * to utilize disallowed operations for other reasons (e.g., compatibility). * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results -@@ -3295,7 +3295,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -3209,7 +3209,7 @@ unsigned gnutls_fips140_mode_enabled(voi * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state * cannot be set or seen by applications. * @@ -964,11 +849,11 @@ Index: gnutls-3.8.0/lib/includes/gnutls/gnutls.h.in */ typedef enum gnutls_fips_mode_t { GNUTLS_FIPS140_DISABLED = 0, -Index: gnutls-3.8.0/src/cli.c +Index: gnutls-3.8.1/src/cli.c =================================================================== ---- gnutls-3.8.0.orig/src/cli.c -+++ gnutls-3.8.0/src/cli.c -@@ -1650,10 +1650,10 @@ static void cmd_parser(int argc, char ** +--- gnutls-3.8.1.orig/src/cli.c ++++ gnutls-3.8.1/src/cli.c +@@ -1634,10 +1634,10 @@ static void cmd_parser(int argc, char ** if (HAVE_OPT(FIPS140_MODE)) { if (gnutls_fips140_mode_enabled() != 0) { @@ -981,11 +866,11 @@ Index: gnutls-3.8.0/src/cli.c exit(1); } -Index: gnutls-3.8.0/src/gnutls-cli-options.c +Index: gnutls-3.8.1/src/gnutls-cli-options.c =================================================================== ---- gnutls-3.8.0.orig/src/gnutls-cli-options.c -+++ gnutls-3.8.0/src/gnutls-cli-options.c -@@ -785,7 +785,7 @@ usage (FILE *out, int status) +--- gnutls-3.8.1.orig/src/gnutls-cli-options.c ++++ gnutls-3.8.1/src/gnutls-cli-options.c +@@ -791,7 +791,7 @@ usage (FILE *out, int status) " --inline-commands-prefix=str Change the default delimiter for inline commands\n" " --provider=file Specify the PKCS #11 provider library\n" " - file must pre-exist\n" @@ -994,10 +879,10 @@ Index: gnutls-3.8.0/src/gnutls-cli-options.c " --list-config Reports the configuration of the library\n" " --logfile=str Redirect informational messages to a specific file\n" " --keymatexport=str Label used for exporting keying material\n" -Index: gnutls-3.8.0/tests/cert-tests/gost.sh +Index: gnutls-3.8.1/tests/cert-tests/gost.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/gost.sh -+++ gnutls-3.8.0/tests/cert-tests/gost.sh +--- gnutls-3.8.1.orig/tests/cert-tests/gost.sh ++++ gnutls-3.8.1/tests/cert-tests/gost.sh @@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1007,10 +892,10 @@ Index: gnutls-3.8.0/tests/cert-tests/gost.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-corner-cases.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-corner-cases.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12-corner-cases.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1020,10 +905,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12-corner-cases.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-encode.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-encode.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12-encode.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1033,10 +918,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12-encode.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12-gost.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12-gost.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12-gost.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1046,10 +931,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12-gost.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs12.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs12.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs12.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs12.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs12.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1059,10 +944,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs12.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-decode.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-decode.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8-decode.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1072,10 +957,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8-decode.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-eddsa.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-eddsa.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8-eddsa.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1085,10 +970,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8-eddsa.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8-gost.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8-gost.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8-gost.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1098,10 +983,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8-gost.sh exit 77 fi -Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh +Index: gnutls-3.8.1/tests/cert-tests/pkcs8.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cert-tests/pkcs8.sh -+++ gnutls-3.8.0/tests/cert-tests/pkcs8.sh +--- gnutls-3.8.1.orig/tests/cert-tests/pkcs8.sh ++++ gnutls-3.8.1/tests/cert-tests/pkcs8.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -1111,10 +996,10 @@ Index: gnutls-3.8.0/tests/cert-tests/pkcs8.sh exit 77 fi -Index: gnutls-3.8.0/tests/cipher-listings.sh +Index: gnutls-3.8.1/tests/cipher-listings.sh =================================================================== ---- gnutls-3.8.0.orig/tests/cipher-listings.sh -+++ gnutls-3.8.0/tests/cipher-listings.sh +--- gnutls-3.8.1.orig/tests/cipher-listings.sh ++++ gnutls-3.8.1/tests/cipher-listings.sh @@ -63,7 +63,7 @@ check() ${CLI} --fips140-mode @@ -1124,10 +1009,10 @@ Index: gnutls-3.8.0/tests/cipher-listings.sh exit 77 fi -Index: gnutls-3.8.0/tests/testpkcs11.sh +Index: gnutls-3.8.1/tests/testpkcs11.sh =================================================================== ---- gnutls-3.8.0.orig/tests/testpkcs11.sh -+++ gnutls-3.8.0/tests/testpkcs11.sh +--- gnutls-3.8.1.orig/tests/testpkcs11.sh ++++ gnutls-3.8.1/tests/testpkcs11.sh @@ -26,7 +26,7 @@ RETCODE=0 @@ -1137,10 +1022,10 @@ Index: gnutls-3.8.0/tests/testpkcs11.sh exit 77 fi -Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t +Index: gnutls-3.8.1/doc/enums/gnutls_fips_mode_t =================================================================== ---- gnutls-3.8.0.orig/doc/enums/gnutls_fips_mode_t -+++ gnutls-3.8.0/doc/enums/gnutls_fips_mode_t +--- gnutls-3.8.1.orig/doc/enums/gnutls_fips_mode_t ++++ gnutls-3.8.1/doc/enums/gnutls_fips_mode_t @@ -3,7 +3,7 @@ @c gnutls_fips_mode_t @table @code @@ -1161,10 +1046,10 @@ Index: gnutls-3.8.0/doc/enums/gnutls_fips_mode_t application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.8.0/doc/gnutls-api.texi +Index: gnutls-3.8.1/doc/gnutls-api.texi =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls-api.texi -+++ gnutls-3.8.0/doc/gnutls-api.texi +--- gnutls-3.8.1.orig/doc/gnutls-api.texi ++++ gnutls-3.8.1/doc/gnutls-api.texi @@ -3275,7 +3275,7 @@ unusable. This function is not thread-s @subheading gnutls_fips140_set_mode @anchor{gnutls_fips140_set_mode} @@ -1190,11 +1075,11 @@ Index: gnutls-3.8.0/doc/gnutls-api.texi values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.8.0/lib/ext/session_ticket.c +Index: gnutls-3.8.1/lib/ext/session_ticket.c =================================================================== ---- gnutls-3.8.0.orig/lib/ext/session_ticket.c -+++ gnutls-3.8.0/lib/ext/session_ticket.c -@@ -536,7 +536,7 @@ int gnutls_session_ticket_key_generate(g +--- gnutls-3.8.1.orig/lib/ext/session_ticket.c ++++ gnutls-3.8.1/lib/ext/session_ticket.c +@@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g { if (_gnutls_fips_mode_enabled()) { int ret; @@ -1203,11 +1088,11 @@ Index: gnutls-3.8.0/lib/ext/session_ticket.c * some limits on allowed key size, thus it is not * used. These limits do not affect this function as * it does not generate a "key" but rather key material -Index: gnutls-3.8.0/lib/libgnutls.map +Index: gnutls-3.8.1/lib/libgnutls.map =================================================================== ---- gnutls-3.8.0.orig/lib/libgnutls.map -+++ gnutls-3.8.0/lib/libgnutls.map -@@ -1418,7 +1418,7 @@ GNUTLS_FIPS140_3_4 { +--- gnutls-3.8.1.orig/lib/libgnutls.map ++++ gnutls-3.8.1/lib/libgnutls.map +@@ -1428,7 +1428,7 @@ GNUTLS_FIPS140_3_4 { gnutls_hkdf_self_test; gnutls_pbkdf2_self_test; gnutls_tlsprf_self_test; @@ -1216,10 +1101,10 @@ Index: gnutls-3.8.0/lib/libgnutls.map drbg_aes_reseed; drbg_aes_init; drbg_aes_generate; -Index: gnutls-3.8.0/lib/nettle/mac.c +Index: gnutls-3.8.1/lib/nettle/mac.c =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/mac.c -+++ gnutls-3.8.0/lib/nettle/mac.c +--- gnutls-3.8.1.orig/lib/nettle/mac.c ++++ gnutls-3.8.1/lib/nettle/mac.c @@ -262,7 +262,7 @@ static void _wrap_gmac_digest(void *_ctx static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) @@ -1229,7 +1114,7 @@ Index: gnutls-3.8.0/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ ctx->set_nonce = NULL; -@@ -649,7 +649,7 @@ static void _md5_sha1_digest(void *_ctx, +@@ -648,7 +648,7 @@ static void _md5_sha1_digest(void *_ctx, static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx) { @@ -1238,23 +1123,10 @@ Index: gnutls-3.8.0/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ switch (algo) { case GNUTLS_DIG_MD5: -Index: gnutls-3.8.0/doc/gnutls.info-2 +Index: gnutls-3.8.1/config.h.in =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info-2 -+++ gnutls-3.8.0/doc/gnutls.info-2 -@@ -687,7 +687,7 @@ Variable Purpose - * 0x400000: Enable VIA PHE SHA512 - - 'GNUTLS_FORCE_FIPS_MODE'In setups where GnuTLS is compiled with support -- for FIPS140-2 (see *note FIPS140-2 mode::) if -+ for FIPS140-3 (see *note FIPS140-3 mode::) if - set to one it will force the FIPS mode - enablement. - -Index: gnutls-3.8.0/config.h.in -=================================================================== ---- gnutls-3.8.0.orig/config.h.in -+++ gnutls-3.8.0/config.h.in +--- gnutls-3.8.1.orig/config.h.in ++++ gnutls-3.8.1/config.h.in @@ -82,7 +82,7 @@ /* enable DHE */ #undef ENABLE_ECDHE @@ -1273,11 +1145,11 @@ Index: gnutls-3.8.0/config.h.in #undef FIPS_KEY /* The FIPS140 module name */ -Index: gnutls-3.8.0/configure +Index: gnutls-3.8.1/configure =================================================================== ---- gnutls-3.8.0.orig/configure -+++ gnutls-3.8.0/configure -@@ -3775,7 +3775,7 @@ Optional Features: +--- gnutls-3.8.1.orig/configure ++++ gnutls-3.8.1/configure +@@ -3826,7 +3826,7 @@ Optional Features: --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) @@ -1286,11 +1158,11 @@ Index: gnutls-3.8.0/configure --enable-strict-x509 enable stricter sanity checks for x509 certificates --disable-non-suiteb-curves disable curves not in SuiteB -Index: gnutls-3.8.0/doc/cha-support.texi +Index: gnutls-3.8.1/doc/cha-support.texi =================================================================== ---- gnutls-3.8.0.orig/doc/cha-support.texi -+++ gnutls-3.8.0/doc/cha-support.texi -@@ -135,5 +135,5 @@ There are certifications from national o +--- gnutls-3.8.1.orig/doc/cha-support.texi ++++ gnutls-3.8.1/doc/cha-support.texi +@@ -134,5 +134,5 @@ There are certifications from national o to an auditor that the crypto component follows some best practices, such as unit testing and reliance on well known crypto primitives. @@ -1298,36 +1170,23 @@ Index: gnutls-3.8.0/doc/cha-support.texi -See @ref{FIPS140-2 mode} for more information. +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. +See @ref{FIPS140-3 mode} for more information. -Index: gnutls-3.8.0/doc/gnutls.info-6 +Index: gnutls-3.8.1/doc/gnutls.info =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info-6 -+++ gnutls-3.8.0/doc/gnutls.info-6 -@@ -7982,7 +7982,7 @@ Function and Data Index - * gnutls_fingerprint: Core TLS API. (line 3513) - * gnutls_fips140_context_deinit: Core TLS API. (line 3540) - * gnutls_fips140_context_init: Core TLS API. (line 3551) --* gnutls_fips140_get_operation_state: FIPS140-2 mode. (line 138) -+* gnutls_fips140_get_operation_state: FIPS140-3 mode. (line 138) - * gnutls_fips140_get_operation_state <1>: Core TLS API. (line 3564) - * gnutls_fips140_mode_enabled: Core TLS API. (line 3578) - * gnutls_fips140_pop_context: Core TLS API. (line 3596) -Index: gnutls-3.8.0/doc/gnutls.info +--- gnutls-3.8.1.orig/doc/gnutls.info ++++ gnutls-3.8.1/doc/gnutls.info +@@ -618,7 +618,7 @@ Ref: fig-crypto-layers743604 + Ref: Cryptographic Backend-Footnote-1746916 + Ref: Cryptographic Backend-Footnote-2747001 + Node: Random Number Generators-internals747113 +-Node: FIPS140-2 mode754583 ++Node: FIPS140-3 mode754583 + Ref: gnutls_fips_mode_t757281 + Node: Upgrading from previous versions760950 + Node: Support775192 +Index: gnutls-3.8.1/src/gnutls-cli-options.json =================================================================== ---- gnutls-3.8.0.orig/doc/gnutls.info -+++ gnutls-3.8.0/doc/gnutls.info -@@ -611,7 +611,7 @@ Ref: fig-crypto-layers730201 - Ref: Cryptographic Backend-Footnote-1733485 - Ref: Cryptographic Backend-Footnote-2733570 - Node: Random Number Generators-internals733678 --Node: FIPS140-2 mode741042 -+Node: FIPS140-3 mode741042 - Ref: gnutls_fips_mode_t743678 - Node: Upgrading from previous versions747275 - Node: Support761269 -Index: gnutls-3.8.0/src/gnutls-cli-options.json -=================================================================== ---- gnutls-3.8.0.orig/src/gnutls-cli-options.json -+++ gnutls-3.8.0/src/gnutls-cli-options.json +--- gnutls-3.8.1.orig/src/gnutls-cli-options.json ++++ gnutls-3.8.1/src/gnutls-cli-options.json @@ -372,7 +372,7 @@ }, { diff --git a/gnutls-FIPS-PCT-DH.patch b/gnutls-FIPS-PCT-DH.patch deleted file mode 100644 index a764823..0000000 --- a/gnutls-FIPS-PCT-DH.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001 -From: Pedro Monreal -Date: Thu, 16 Feb 2023 17:02:38 +0100 -Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation - -Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise -Consistency check, even if we only support ephemeral DH, as it is -required by FIPS 140-3 IG 10.3.A. - -Signed-off-by: Pedro Monreal -Co-authored-by: Daiki Ueno ---- - lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++ - 1 file changed, 29 insertions(+) - -Index: gnutls-3.8.0/lib/nettle/pk.c -=================================================================== ---- gnutls-3.8.0.orig/lib/nettle/pk.c -+++ gnutls-3.8.0/lib/nettle/pk.c -@@ -2520,6 +2520,35 @@ static int pct_test(gnutls_pk_algorithm_ - } - break; - case GNUTLS_PK_DH: -+ { -+ mpz_t y; -+ -+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance -+ * of Pair-wise Consistency check, even if we only -+ * support ephemeral DH, as it is required by FIPS -+ * 140-3 IG 10.3.A. -+ * -+ * Use the private key, x, along with the generator g -+ * and prime modulus p included in the domain -+ * parameters associated with the key pair to compute -+ * g^x mod p. Compare the result to the public key, y. -+ */ -+ mpz_init(y); -+ mpz_powm(y, -+ TOMPZ(params->params[DSA_G]), -+ TOMPZ(params->params[DSA_X]), -+ TOMPZ(params->params[DSA_P])); -+ if (unlikely -+ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_PK_GENERATION_ERROR); -+ mpz_clear(y); -+ goto cleanup; -+ } -+ mpz_clear(y); -+ break; -+ } - case GNUTLS_PK_ECDH_X25519: - case GNUTLS_PK_ECDH_X448: - ret = 0; diff --git a/gnutls-FIPS-PCT-ECDH.patch b/gnutls-FIPS-PCT-ECDH.patch deleted file mode 100644 index 5dbb403..0000000 --- a/gnutls-FIPS-PCT-ECDH.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 5030f40332ada4f90e80838a2232da36ce03757a Mon Sep 17 00:00:00 2001 -From: Pedro Monreal -Date: Fri, 24 Feb 2023 22:02:48 +0000 -Subject: [PATCH] ecdh: perform SP800-56A rev3 full pubkey validation on key - derivation - -This implements full public key validation required in -SP800-56A rev3, section 5.6.2.3.3. - -Co-authored-by: Daiki Ueno -Signed-off-by: Pedro Monreal ---- - lib/nettle/pk.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 125 insertions(+), 3 deletions(-) - -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index 6adf958a61..d30bca594f 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -71,6 +71,9 @@ - static inline const struct ecc_curve *get_supported_nist_curve(int curve); - static inline const struct ecc_curve *get_supported_gost_curve(int curve); - -+static inline const char *get_supported_nist_curve_order(int curve); -+static inline const char *get_supported_nist_curve_modulus(int curve); -+ - /* When these callbacks are used for a nettle operation, the - * caller must check the macro HAVE_LIB_ERROR() after the operation - * is complete. If the macro is true, the operation is to be considered -@@ -406,6 +409,10 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - struct ecc_scalar ecc_priv; - struct ecc_point ecc_pub; - const struct ecc_curve *curve; -+ struct ecc_scalar n; -+ struct ecc_scalar m; -+ struct ecc_point r; -+ mpz_t x, y, xx, yy, nn, mm; - - out->data = NULL; - -@@ -428,17 +435,28 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - not_approved = true; - } - -+ mpz_init(x); -+ mpz_init(y); -+ mpz_init(xx); -+ mpz_init(yy); -+ mpz_init(nn); -+ mpz_init(mm); -+ -+ ecc_scalar_init(&n, curve); -+ ecc_scalar_init(&m, curve); -+ ecc_point_init(&r, curve); -+ - ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve); - if (ret < 0) { - gnutls_assert(); -- goto cleanup; -+ goto ecc_fail_cleanup; - } - - ret = _ecc_params_to_privkey(priv, &ecc_priv, curve); - if (ret < 0) { - ecc_point_clear(&ecc_pub); - gnutls_assert(); -- goto cleanup; -+ goto ecc_fail_cleanup; - } - - out->size = gnutls_ecc_curve_get_size(priv->curve); -@@ -449,14 +467,118 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, - goto ecc_cleanup; - } - -+ /* Perform ECC Full Public-Key Validation Routine -+ * according to SP800-56A (revision 3), 5.6.2.3.3. -+ */ -+ -+ /* Step 1: verify that Q is not an identity -+ * element (an infinity point). Note that this -+ * cannot happen in the nettle implementation, -+ * because it cannot represent an infinity point -+ * on curves. */ - ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, - out->size); -- if (ret < 0) -+ if (ret < 0) { - gnutls_free(out->data); -+ goto ecc_cleanup; -+ } -+#ifdef ENABLE_FIPS140 -+ if (_gnutls_fips_mode_enabled()) { -+ const char *order, *modulus; -+ -+ ecc_point_mul(&r, &ecc_priv, &ecc_pub); -+ ecc_point_get(&r, x, y); -+ -+ /* Step 2: verify that both coordinates of Q are -+ * in the range [0, p - 1]. -+ * -+ * Step 3: verify that Q lie on the curve -+ * -+ * Both checks are performed in nettle. */ -+ if (!ecc_point_set(&r, x, y)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_cleanup; -+ } -+ -+ /* Step 4: verify that n * Q, where n is the -+ * curve order, result in an identity element -+ * -+ * Since nettle internally cannot represent an -+ * identity element on curves, we validate this -+ * instead: -+ * -+ * (n - 1) * Q = -Q -+ * -+ * That effectively means: n * Q = -Q + Q = O -+ */ -+ order = -+ get_supported_nist_curve_order(priv->curve); -+ if (unlikely(order == NULL)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_INTERNAL_ERROR); -+ goto ecc_cleanup; -+ } -+ -+ ret = mpz_set_str(nn, order, 16); -+ if (unlikely(ret < 0)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_MPI_SCAN_FAILED); -+ goto ecc_cleanup; -+ } -+ -+ modulus = -+ get_supported_nist_curve_modulus -+ (priv->curve); -+ if (unlikely(modulus == NULL)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_INTERNAL_ERROR); -+ goto ecc_cleanup; -+ } -+ -+ ret = mpz_set_str(mm, modulus, 16); -+ if (unlikely(ret < 0)) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_MPI_SCAN_FAILED); -+ goto ecc_cleanup; -+ } -+ -+ /* (n - 1) * Q = -Q */ -+ mpz_sub_ui(nn, nn, 1); -+ ecc_scalar_set(&n, nn); -+ ecc_point_mul(&r, &n, &r); -+ ecc_point_get(&r, xx, yy); -+ mpz_sub(mm, mm, y); -+ -+ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { -+ ret = -+ gnutls_assert_val -+ (GNUTLS_E_ILLEGAL_PARAMETER); -+ goto ecc_cleanup; -+ } -+ } else { -+ not_approved = true; -+ } -+#endif - - ecc_cleanup: - ecc_point_clear(&ecc_pub); - ecc_scalar_zclear(&ecc_priv); -+ ecc_fail_cleanup: -+ mpz_clear(x); -+ mpz_clear(y); -+ mpz_clear(xx); -+ mpz_clear(yy); -+ mpz_clear(nn); -+ mpz_clear(mm); -+ ecc_point_clear(&r); -+ ecc_scalar_clear(&n); -+ ecc_scalar_clear(&m); - if (ret < 0) - goto cleanup; - break; --- -GitLab diff --git a/gnutls-FIPS-jitterentropy.patch b/gnutls-FIPS-jitterentropy.patch index 244981a..bdd00ba 100644 --- a/gnutls-FIPS-jitterentropy.patch +++ b/gnutls-FIPS-jitterentropy.patch @@ -1,7 +1,7 @@ -Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c +Index: gnutls-3.8.1/lib/nettle/sysrng-linux.c =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/sysrng-linux.c -+++ gnutls-3.8.0/lib/nettle/sysrng-linux.c +--- gnutls-3.8.1.orig/lib/nettle/sysrng-linux.c ++++ gnutls-3.8.1/lib/nettle/sysrng-linux.c @@ -49,6 +49,15 @@ get_entropy_func _rnd_get_system_entropy = NULL; @@ -15,12 +15,12 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c +/* Declare function to fix a missing-prototypes compilation warning */ +void FIPS_jent_entropy_deinit(void); +# endif - # ifdef HAVE_GETRANDOM - # include - # else -@@ -67,6 +76,101 @@ static ssize_t _getrandom0(void *buf, si - # endif - # endif + #ifdef HAVE_GETRANDOM + #include + #else +@@ -68,6 +77,101 @@ static ssize_t _getrandom0(void *buf, si + #endif + #endif +# if defined(ENABLE_FIPS140) +# if defined(HAVE_JENT) @@ -120,7 +120,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c static unsigned have_getrandom(void) { char c; -@@ -162,6 +266,24 @@ int _rnd_system_entropy_init(void) +@@ -163,6 +267,24 @@ int _rnd_system_entropy_init(void) int urandom_fd; #if defined(__linux__) @@ -145,7 +145,7 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c /* Enable getrandom() usage if available */ if (have_getrandom()) { _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom; -@@ -192,5 +314,12 @@ int _rnd_system_entropy_init(void) +@@ -193,5 +315,12 @@ int _rnd_system_entropy_init(void) void _rnd_system_entropy_deinit(void) { /* A no-op now when we open and close /dev/urandom every time */ @@ -158,11 +158,11 @@ Index: gnutls-3.8.0/lib/nettle/sysrng-linux.c +#endif return; } -Index: gnutls-3.8.0/lib/nettle/Makefile.in +Index: gnutls-3.8.1/lib/nettle/Makefile.in =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/Makefile.in -+++ gnutls-3.8.0/lib/nettle/Makefile.in -@@ -399,7 +399,7 @@ am__v_CC_1 = +--- gnutls-3.8.1.orig/lib/nettle/Makefile.in ++++ gnutls-3.8.1/lib/nettle/Makefile.in +@@ -402,7 +402,7 @@ am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -171,10 +171,10 @@ Index: gnutls-3.8.0/lib/nettle/Makefile.in AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; -Index: gnutls-3.8.0/lib/nettle/Makefile.am +Index: gnutls-3.8.1/lib/nettle/Makefile.am =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/Makefile.am -+++ gnutls-3.8.0/lib/nettle/Makefile.am +--- gnutls-3.8.1.orig/lib/nettle/Makefile.am ++++ gnutls-3.8.1/lib/nettle/Makefile.am @@ -20,7 +20,7 @@ include $(top_srcdir)/lib/common.mk @@ -184,10 +184,10 @@ Index: gnutls-3.8.0/lib/nettle/Makefile.am AM_CPPFLAGS = \ -I$(srcdir)/int \ -Index: gnutls-3.8.0/lib/nettle/rnd-fips.c +Index: gnutls-3.8.1/lib/nettle/rnd-fips.c =================================================================== ---- gnutls-3.8.0.orig/lib/nettle/rnd-fips.c -+++ gnutls-3.8.0/lib/nettle/rnd-fips.c +--- gnutls-3.8.1.orig/lib/nettle/rnd-fips.c ++++ gnutls-3.8.1/lib/nettle/rnd-fips.c @@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; @@ -210,10 +210,10 @@ Index: gnutls-3.8.0/lib/nettle/rnd-fips.c ret = get_entropy(fctx, buffer, sizeof(buffer)); if (ret < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); -Index: gnutls-3.8.0/tests/Makefile.am +Index: gnutls-3.8.1/tests/Makefile.am =================================================================== ---- gnutls-3.8.0.orig/tests/Makefile.am -+++ gnutls-3.8.0/tests/Makefile.am +--- gnutls-3.8.1.orig/tests/Makefile.am ++++ gnutls-3.8.1/tests/Makefile.am @@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ diff --git a/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch b/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch new file mode 100644 index 0000000..fe4a46b --- /dev/null +++ b/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch @@ -0,0 +1,56 @@ +From abfa8634db940115a11a07596ce53c8f9c4f87d2 Mon Sep 17 00:00:00 2001 +From: Adrian Bunk +Date: Sun, 6 Aug 2023 22:46:22 +0300 +Subject: [PATCH] Move the GNUTLS_NO_EXTENSIONS compatibility #define to + gnutls.h + +Signed-off-by: Adrian Bunk +--- + lib/ext/ext_master_secret.h | 3 --- + lib/includes/gnutls/gnutls.h.in | 3 +++ + lib/state.h | 3 --- + 3 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/ext/ext_master_secret.h b/lib/ext/ext_master_secret.h +index 45d38178bd..419335b4e3 100644 +--- a/lib/ext/ext_master_secret.h ++++ b/lib/ext/ext_master_secret.h +@@ -23,9 +23,6 @@ + #ifndef GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H + #define GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H + +-/* Keep backward compatibility */ +-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS +- + #include + + extern const hello_ext_entry_st ext_mod_ext_master_secret; +diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in +index ec132cb5c3..fc64c7a228 100644 +--- a/lib/includes/gnutls/gnutls.h.in ++++ b/lib/includes/gnutls/gnutls.h.in +@@ -542,6 +542,9 @@ typedef enum { + #define GNUTLS_ENABLE_CERT_TYPE_NEG 0 + // Here for compatibility reasons + ++/* Keep backward compatibility */ ++#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS ++ + /** + * gnutls_alert_level_t: + * @GNUTLS_AL_WARNING: Alert of warning severity. +diff --git a/lib/state.h b/lib/state.h +index dc086bcf0d..975ceee3a7 100644 +--- a/lib/state.h ++++ b/lib/state.h +@@ -110,7 +110,4 @@ inline static int _gnutls_PRF(gnutls_session_t session, const uint8_t *secret, + + #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509 + +-/* Keep backward compatibility */ +-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS +- + #endif /* GNUTLS_LIB_STATE_H */ +-- +GitLab + diff --git a/gnutls-srp-test-SIGPIPE.patch b/gnutls-srp-test-SIGPIPE.patch new file mode 100644 index 0000000..586ec3f --- /dev/null +++ b/gnutls-srp-test-SIGPIPE.patch @@ -0,0 +1,22 @@ +Index: gnutls-3.8.1/tests/srp.c +=================================================================== +--- gnutls-3.8.1.orig/tests/srp.c ++++ gnutls-3.8.1/tests/srp.c +@@ -287,7 +289,7 @@ static void start(const char *name, cons + if (child) { + int status; + /* parent */ +- close(fd[0]); ++ /* close(fd[0]); */ + client(fd[1], prio, user, pass, exp_err); + if (exp_err < 0) { + kill(child, SIGTERM); +@@ -297,7 +299,7 @@ static void start(const char *name, cons + check_wait_status(status); + } + } else { +- close(fd[1]); ++ /* close(fd[1]); */ + server(fd[0], prio); + exit(0); + } diff --git a/gnutls.changes b/gnutls.changes index 25e8ab9..3b0137e 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,64 @@ +------------------------------------------------------------------- +Tue Aug 22 15:00:57 UTC 2023 - Pedro Monreal + +- Fix missing GNUTLS_NO_EXTENSIONS compatibility. + * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634 + * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch + +------------------------------------------------------------------- +Mon Aug 21 09:33:40 UTC 2023 - Pedro Monreal + +- tests: Fix the SRP test that fails with SIGPIPE signal return due + to a socket being closed before using it. + * Add gnutls-srp-test-SIGPIPE.patch + +------------------------------------------------------------------- +Mon Aug 7 07:51:59 UTC 2023 - Pedro Monreal + +- Update to version 3.8.1: + * libgnutls: ClientHello extensions are randomized by default + To make fingerprinting harder, TLS extensions in ClientHello + messages are shuffled. As this behavior may cause compatibility + issue with legacy applications that do not accept the last + extension without payload, the behavior can be reverted with the + %NO_SHUFFLE_EXTENSIONS priority keyword. + * libgnutls: Add support for RFC 9258 external PSK importer. + This enables to deploy the same PSK across multiple TLS versions + (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application + needs to set up a callback that formats the PSK identity using + gnutls_psk_format_imported_identity(). + * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to + %GNUTLS_NO_DEFAULT_EXTENSIONS. + * libgnutls: Add additional PBKDF limit checks in FIPS mode as + defined in SP 800-132. Minimum salt length is 128 bits and + minimum iterations bound is 1000 for PBKDF in FIPS mode. + * libgnutls: Add a mechanism to control whether to enforce extended + master secret (RFC 7627). FIPS 140-3 mandates the use of TLS + session hash (extended master secret, EMS) in TLS 1.2. To enforce + this, a new priority keyword %FORCE_SESSION_HASH is added and if + it is set and EMS is not set, the peer aborts the connection. This + behavior is the default in FIPS mode, though it can be overridden + through the configuration file with the "tls-session-hash" option. + In either case non-EMS PRF is reported as a non-approved operation + through the FIPS service indicator. + * New option --attime to specify current time. + To make testing with different timestamp to the system easier, the + tools doing certificate verification now provide a new option + --attime, which takes an arbitrary time. + * API and ABI modifications: + gnutls_psk_client_credentials_function3: New typedef + gnutls_psk_server_credentials_function3: New typedef + gnutls_psk_set_server_credentials_function3: New function + gnutls_psk_set_client_credentials_function3: New function + gnutls_psk_format_imported_identity: New function + GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags + * Rebase patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-jitterentropy.patch + * Remove patches merged/fixed upstream: + - gnutls-FIPS-PCT-DH.patch + - gnutls-FIPS-PCT-ECDH.patch + ------------------------------------------------------------------- Mon May 29 07:27:23 UTC 2023 - Pedro Monreal diff --git a/gnutls.spec b/gnutls.spec index a8dbc1f..da69156 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -40,7 +40,7 @@ %endif %bcond_with tpm Name: gnutls -Version: 3.8.0 +Version: 3.8.1 Release: 0 Summary: The GNU Transport Layer Security Library License: GPL-3.0-or-later AND LGPL-2.1-or-later @@ -56,17 +56,18 @@ Source4: gnutls.rpmlintrc Patch0: gnutls-3.5.11-skip-trust-store-tests.patch Patch1: gnutls-FIPS-TLS_KDF_selftest.patch Patch2: gnutls-disable-flaky-test-dtls-resume.patch +# PATCH-FIX-OPENSUSE The srp test fails with SIGPIPE +Patch3: gnutls-srp-test-SIGPIPE.patch +# PATCH-FIX-OPENSUSE Fix missing GNUTLS_NO_EXTENSIONS compatibility +Patch4: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch # FIPS 140-3 patches: -#PATCH-FIX-SUSE bsc#1207183 FIPS: DH/ECDH PCT public key regeneration -Patch100: gnutls-FIPS-PCT-DH.patch -Patch101: gnutls-FIPS-PCT-ECDH.patch #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 -Patch102: gnutls-FIPS-140-3-references.patch +Patch100: gnutls-FIPS-140-3-references.patch #PATCH-FIX-SUSE bsc#1211476 FIPS: Skip fixed HMAC verification for nettle, hogweed and gmp -Patch103: gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch +Patch101: gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy -Patch104: gnutls-FIPS-jitterentropy.patch +Patch102: gnutls-FIPS-jitterentropy.patch %endif BuildRequires: autogen BuildRequires: automake

    GNUTLS_FIPS140_DISABLED

    		 @@ -711,7 +593,7 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html  

    GNUTLS_FIPS140_LAX

    		 @@ -722,17 +604,17 @@ Index: gnutls-3.8.0/doc/reference/html/gnutls-gnutls.html application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).