forked from pool/libgcrypt
Pedro Monreal Gonzalez
b5b243be7f
* Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193
107 lines
3.3 KiB
Diff
107 lines
3.3 KiB
Diff
From e5989e08a556117ec3f19f098765963358b71051 Mon Sep 17 00:00:00 2001
|
|
From: NIIBE Yutaka <gniibe@fsij.org>
|
|
Date: Wed, 26 Feb 2025 13:51:36 +0900
|
|
Subject: [PATCH 3/4] tests: Update t-fips-service-ind using GCRY_MD_SHA256 for
|
|
KDF tests.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
* tests/t-fips-service-ind.c (check_kdf_derive): Use GCRY_MD_SHA256.
|
|
|
|
--
|
|
|
|
GnuPG-bug-id: 7338
|
|
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
|
|
---
|
|
tests/t-fips-service-ind.c | 38 +++++++++++++++++++-------------------
|
|
1 file changed, 19 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/tests/t-fips-service-ind.c b/tests/t-fips-service-ind.c
|
|
index bec6c27e..99b84c8f 100644
|
|
--- a/tests/t-fips-service-ind.c
|
|
+++ b/tests/t-fips-service-ind.c
|
|
@@ -1621,13 +1621,13 @@ check_kdf_derive (void)
|
|
} tv[] = {
|
|
{
|
|
"passwordPASSWORDpassword", 24,
|
|
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
|
|
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
|
|
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
|
4096,
|
|
25,
|
|
- "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
|
|
- "\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96"
|
|
- "\x4c\xf2\xf0\x70\x38",
|
|
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8"
|
|
+ "\x14\xb8\x11\x6e\x84\xcf\x2b\x17\x34\x7e"
|
|
+ "\xbc\x18\x00\x18\x1c",
|
|
0
|
|
},
|
|
{
|
|
@@ -1644,45 +1644,45 @@ check_kdf_derive (void)
|
|
},
|
|
{
|
|
"passwor", 7,
|
|
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
|
|
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
|
|
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
|
4096,
|
|
25,
|
|
- "\xf4\x93\xee\x2b\xbf\x44\x0b\x9e\x64\x53"
|
|
- "\xc2\xb3\x87\xdc\x73\xf8\xfd\xe6\x97\xda"
|
|
- "\xb8\x24\xa0\x26\x50",
|
|
+ "\x2d\x72\xa9\xe5\x4e\x2f\x37\x6e\xe5\xe4"
|
|
+ "\xf5\x55\x76\xb5\xaa\x49\x73\x01\x97\x1c"
|
|
+ "\xad\x3a\x7c\xc4\xde",
|
|
1 /* not-compliant because passphrase len is too small */
|
|
},
|
|
{
|
|
"passwordPASSWORDpassword", 24,
|
|
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
|
|
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
|
|
"saltSALTsaltSAL", 15,
|
|
4096,
|
|
25,
|
|
- "\x14\x05\xa4\x2a\xf4\xa8\x12\x14\x7b\x65"
|
|
- "\x8f\xaa\xf0\x7f\x25\xe5\x0f\x0b\x2b\xb7"
|
|
- "\xcf\x8d\x29\x23\x4b",
|
|
+ "\xf7\x55\xdd\x3c\x5e\xfb\x23\x06\xa7\x85"
|
|
+ "\x94\xa7\x31\x12\x45\xcf\x5a\x4b\xdc\x09"
|
|
+ "\xee\x65\x4b\x50\x3f",
|
|
1 /* not-compliant because salt len is too small */
|
|
},
|
|
{
|
|
"passwordPASSWORDpassword", 24,
|
|
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
|
|
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
|
|
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
|
999,
|
|
25,
|
|
- "\xac\xf8\xb4\x67\x41\xc7\xf3\xd1\xa0\xc0"
|
|
- "\x08\xbe\x9b\x23\x96\x78\xbd\x93\xda\x4a"
|
|
- "\x30\xd4\xfb\xf0\x33",
|
|
+ "\x09\x3e\x1a\xd8\x63\x30\x71\x9c\x17\xcf"
|
|
+ "\xb0\x53\x3e\x1f\xc8\x51\x29\x71\x54\x28"
|
|
+ "\x5d\xf7\x8e\x41\xaa",
|
|
1 /* not-compliant because too few iterations */
|
|
},
|
|
{
|
|
"passwordPASSWORDpassword", 24,
|
|
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
|
|
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA256,
|
|
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
|
4096,
|
|
13,
|
|
- "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
|
|
- "\xd8\x36\x62",
|
|
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8"
|
|
+ "\x14\xb8\x11",
|
|
1 /* not-compliant because key size too small */
|
|
},
|
|
{
|
|
--
|
|
2.49.0
|
|
|