Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
gnutls.33311
gnutls-FIPS-Set-error-state-when-jent-init-fail...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-FIPS-Set-error-state-when-jent-init-failed.patch of Package gnutls.33311
--- lib/nettle/sysrng-linux.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: gnutls-3.7.3/lib/nettle/sysrng-linux.c =================================================================== --- gnutls-3.7.3.orig/lib/nettle/sysrng-linux.c +++ gnutls-3.7.3/lib/nettle/sysrng-linux.c @@ -49,11 +49,13 @@ get_entropy_func _rnd_get_system_entropy = NULL; #if defined(__linux__) -# ifdef ENABLE_FIPS140 +# if defined(ENABLE_FIPS140) # define HAVE_JENT # include <jitterentropy.h> static int jent_initialized = 0; static struct rand_data* ec = NULL; +/* Declare function to fix a missing-prototypes compilation warning */ +void FIPS_jent_entropy_deinit(void); # endif # ifdef HAVE_GETRANDOM # include <sys/random.h> @@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si # endif # endif -# if defined(HAVE_JENT) +# if defined(ENABLE_FIPS140) +# if defined(HAVE_JENT) /* check whether the CPU Jitter entropy collector is available. */ static unsigned FIPS_jent_entropy_init(void) { @@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent( return 0; } +# endif # endif static unsigned have_getrandom(void) @@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void) int urandom_fd; #if defined(__linux__) -# if defined(HAVE_JENT) +# if defined(ENABLE_FIPS140) +# if defined(HAVE_JENT) /* Enable jitterentropy usage if available */ if (FIPS_jent_entropy_init()) { _rnd_get_system_entropy = _rnd_get_system_entropy_jent; @@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void) return 0; } else { _gnutls_debug_log("jitterentropy is not available\n"); + /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */ + if (_gnutls_fips_mode_enabled()) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + _gnutls_switch_lib_state(LIB_STATE_ERROR); + return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR); + } } +# endif # endif /* Enable getrandom() usage if available */ if (have_getrandom()) { @@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void) { /* A no-op now when we open and close /dev/urandom every time */ #if defined(__linux__) -# if defined(HAVE_JENT) +# if defined(ENABLE_FIPS140) +# if defined(HAVE_JENT) FIPS_jent_entropy_deinit(); +# endif # endif #endif return; Index: gnutls-3.7.3/tests/Makefile.am =================================================================== --- gnutls-3.7.3.orig/tests/Makefile.am +++ gnutls-3.7.3/tests/Makefile.am @@ -205,7 +205,7 @@ ctests += mini-record-2 simple gnutls_hm dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ - set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \ + set_x509_key_file_ocsp client-fastopen srp rng-pthread \ safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \ safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \ rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor