File gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch of Package gnutls
Index: gnutls-3.8.7/lib/fips.c
===================================================================
--- gnutls-3.8.7.orig/lib/fips.c
+++ gnutls-3.8.7/lib/fips.c
@@ -177,20 +177,32 @@ struct hmac_entry {
struct hmac_file {
int version;
struct hmac_entry gnutls;
+#if 0
+ /* Disable nettle, hogweed and gmp HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
struct hmac_entry nettle;
struct hmac_entry hogweed;
#ifdef GMP_LIBRARY_SONAME
struct hmac_entry gmp;
#endif
+#endif
};
struct lib_paths {
char gnutls[GNUTLS_PATH_MAX];
+#if 0
+ /* Disable nettle, hogweed and gmp HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
char nettle[GNUTLS_PATH_MAX];
char hogweed[GNUTLS_PATH_MAX];
#ifdef GMP_LIBRARY_SONAME
char gmp[GNUTLS_PATH_MAX];
#endif
+#endif
};
/*
@@ -250,6 +262,11 @@ static int handler(void *user, const cha
}
} else if (!strcmp(section, GNUTLS_LIBRARY_SONAME)) {
return lib_handler(&p->gnutls, section, name, value);
+#if 0
+ /* Disable nettle, hogweed and gmp HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
} else if (!strcmp(section, NETTLE_LIBRARY_SONAME)) {
return lib_handler(&p->nettle, section, name, value);
} else if (!strcmp(section, HOGWEED_LIBRARY_SONAME)) {
@@ -258,6 +275,7 @@ static int handler(void *user, const cha
} else if (!strcmp(section, GMP_LIBRARY_SONAME)) {
return lib_handler(&p->gmp, section, name, value);
#endif
+#endif
} else {
return 0;
}
@@ -403,6 +422,11 @@ static int callback(struct dl_phdr_info
if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
+#if 0
+ /* Disable nettle, hogweed and gmp HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
@@ -411,6 +435,7 @@ static int callback(struct dl_phdr_info
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
#endif
+#endif
return 0;
}
@@ -423,6 +448,11 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Gnutls library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#if 0
+ /* Disable nettle, hogweed and gmp HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
if (paths->nettle[0] == '\0') {
_gnutls_debug_log("Nettle library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
@@ -437,6 +467,7 @@ static int load_lib_paths(struct lib_pat
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
#endif
+#endif
return GNUTLS_E_SUCCESS;
}
@@ -483,6 +514,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
if (ret < 0)
return ret;
+# if 0
+ /* Disable nettle, hogweed and gmp HMAC verification as
+ * they are calculated during build of the respective
+ * packages and can differ from the ones listed here.
+ */
ret = check_lib_hmac(&hmac.nettle, paths.nettle);
if (ret < 0)
return ret;
@@ -494,6 +530,7 @@ static int check_binary_integrity(void)
if (ret < 0)
return ret;
#endif
+#endif
return 0;
}
