gnutls/gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

Index: gnutls-3.8.0/lib/fips.c
===================================================================
--- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
@@ -171,16 +171,28 @@ struct hmac_entry {
 struct hmac_file {
 	int version;
 	struct hmac_entry gnutls;
+#if 0
+	/* Disable nettle, hogweed and gpm HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	struct hmac_entry nettle;
 	struct hmac_entry hogweed;
 	struct hmac_entry gmp;
+#endif
 };
 
 struct lib_paths {
 	char gnutls[GNUTLS_PATH_MAX];
+#if 0
+	/* Disable nettle, hogweed and gpm HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	char nettle[GNUTLS_PATH_MAX];
 	char hogweed[GNUTLS_PATH_MAX];
 	char gmp[GNUTLS_PATH_MAX];
+#endif
 };
 
 /*
@@ -241,12 +253,18 @@ static int handler(void *user, const cha
 		}
 	} else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
 		return lib_handler(&p->gnutls, section, name, value);
+#if 0
+	/* Disable nettle, hogweed and gpm HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	} else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
 		return lib_handler(&p->nettle, section, name, value);
 	} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
 		return lib_handler(&p->hogweed, section, name, value);
 	} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
 		return lib_handler(&p->gmp, section, name, value);
+#endif
 	} else {
 		return 0;
 	}
@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info
 
 	if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+	/* Disable nettle, hogweed and gpm HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
 	else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
 	else if (!strcmp(soname, GMP_LIBRARY_SONAME))
 		_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+#endif
 	return 0;
 }
 
@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat
 		_gnutls_debug_log("Gnutls library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
 	}
+#if 0
+	/* Disable nettle, hogweed and gpm HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	if (paths->nettle[0] == '\0') {
 		_gnutls_debug_log("Nettle library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat
 		_gnutls_debug_log("Gmp library path was not found\n");
 		return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
 	}
-
+#endif
 	return GNUTLS_E_SUCCESS;
 }
 
@@ -467,6 +496,11 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
 	if (ret < 0)
 		return ret;
+# if 0
+	/* Disable nettle, hogweed and gpm HMAC verification as
+	 * they are calculated during build of the respective
+	 * packages and can differ from the ones listed here.
+	 */
 	ret = check_lib_hmac(&hmac.nettle, paths.nettle);
 	if (ret < 0)
 		return ret;
@@ -476,6 +510,7 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&hmac.gmp, paths.gmp);
 	if (ret < 0)
 		return ret;
+# endif
 
 	return 0;
 }