Index: gnutls-3.8.7/lib/fips.c =================================================================== --- gnutls-3.8.7.orig/lib/fips.c +++ gnutls-3.8.7/lib/fips.c @@ -177,20 +177,32 @@ struct hmac_entry { struct hmac_file { int version; struct hmac_entry gnutls; +#if 0 + /* Disable nettle, hogweed and gmp HMAC verification as + * they are calculated during build of the respective + * packages and can differ from the ones listed here. + */ struct hmac_entry nettle; struct hmac_entry hogweed; #ifdef GMP_LIBRARY_SONAME struct hmac_entry gmp; #endif +#endif }; struct lib_paths { char gnutls[GNUTLS_PATH_MAX]; +#if 0 + /* Disable nettle, hogweed and gmp HMAC verification as + * they are calculated during build of the respective + * packages and can differ from the ones listed here. + */ char nettle[GNUTLS_PATH_MAX]; char hogweed[GNUTLS_PATH_MAX]; #ifdef GMP_LIBRARY_SONAME char gmp[GNUTLS_PATH_MAX]; #endif +#endif }; /* @@ -250,6 +262,11 @@ static int handler(void *user, const cha } } else if (!strcmp(section, GNUTLS_LIBRARY_SONAME)) { return lib_handler(&p->gnutls, section, name, value); +#if 0 + /* Disable nettle, hogweed and gmp HMAC verification as + * they are calculated during build of the respective + * packages and can differ from the ones listed here. + */ } else if (!strcmp(section, NETTLE_LIBRARY_SONAME)) { return lib_handler(&p->nettle, section, name, value); } else if (!strcmp(section, HOGWEED_LIBRARY_SONAME)) { @@ -258,6 +275,7 @@ static int handler(void *user, const cha } else if (!strcmp(section, GMP_LIBRARY_SONAME)) { return lib_handler(&p->gmp, section, name, value); #endif +#endif } else { return 0; } @@ -403,6 +422,11 @@ static int callback(struct dl_phdr_info if (!strcmp(soname, GNUTLS_LIBRARY_SONAME)) _gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path); +#if 0 + /* Disable nettle, hogweed and gmp HMAC verification as + * they are calculated during build of the respective + * packages and can differ from the ones listed here. + */ else if (!strcmp(soname, NETTLE_LIBRARY_SONAME)) _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path); else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) @@ -411,6 +435,7 @@ static int callback(struct dl_phdr_info else if (!strcmp(soname, GMP_LIBRARY_SONAME)) _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path); #endif +#endif return 0; } @@ -423,6 +448,11 @@ static int load_lib_paths(struct lib_pat _gnutls_debug_log("Gnutls library path was not found\n"); return gnutls_assert_val(GNUTLS_E_FILE_ERROR); } +#if 0 + /* Disable nettle, hogweed and gmp HMAC verification as + * they are calculated during build of the respective + * packages and can differ from the ones listed here. + */ if (paths->nettle[0] == '\0') { _gnutls_debug_log("Nettle library path was not found\n"); return gnutls_assert_val(GNUTLS_E_FILE_ERROR); @@ -437,6 +467,7 @@ static int load_lib_paths(struct lib_pat return gnutls_assert_val(GNUTLS_E_FILE_ERROR); } #endif +#endif return GNUTLS_E_SUCCESS; } @@ -483,6 +514,11 @@ static int check_binary_integrity(void) ret = check_lib_hmac(&hmac.gnutls, paths.gnutls); if (ret < 0) return ret; +# if 0 + /* Disable nettle, hogweed and gmp HMAC verification as + * they are calculated during build of the respective + * packages and can differ from the ones listed here. + */ ret = check_lib_hmac(&hmac.nettle, paths.nettle); if (ret < 0) return ret; @@ -494,6 +530,7 @@ static int check_binary_integrity(void) if (ret < 0) return ret; #endif +#endif return 0; }