Accepting request 1003573 from home:pmonrealgonzalez:branches:security:tls

- FIPS: Run the CFB8 cipher selftest without offset [bsc#1203245] * CFB8 list of ciphers: GNUTLS_CIPHER_AES_{128,192,256}_CFB8 * Add gnutls-FIPS-Run-CFB8-without-offset.patch OBS-URL: https://build.opensuse.org/request/show/1003573 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=74
2022-09-14 15:37:16 +00:00 · 2022-09-14 15:37:16 +00:00 · dad9b3c9fd
commit dad9b3c9fd
parent 5fcfc4e55e
3 changed files with 38 additions and 0 deletions
--- a/gnutls-FIPS-Run-CFB8-without-offset.patch
+++ b/gnutls-FIPS-Run-CFB8-without-offset.patch
@ -0,0 +1,29 @@
+Index: gnutls-3.7.7/lib/crypto-selftests.c
+===================================================================
+--- gnutls-3.7.7.orig/lib/crypto-selftests.c
+++ gnutls-3.7.7/lib/crypto-selftests.c
+@@ -2735,6 +2735,16 @@ int gnutls_cipher_self_test(unsigned fla
+ 		NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead,
+ 		     chacha_poly1305_vectors);
+ 		FALLTHROUGH;
+		CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
+		     aes128_cfb8_vectors);
+		FALLTHROUGH;
+		CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
+		     aes192_cfb8_vectors);
+		FALLTHROUGH;
+		CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
+		      aes256_cfb8_vectors);
+		FALLTHROUGH;
+#if 0
+ 		CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
+ 		      test_cipher_all_block_sizes,
+ 		      aes128_cfb8_vectors);
+@@ -2747,6 +2757,7 @@ int gnutls_cipher_self_test(unsigned fla
+ 		      test_cipher_all_block_sizes,
+ 		      aes256_cfb8_vectors);
+ 		FALLTHROUGH;
+#endif
+ 		CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher,
+ 		     aes128_xts_vectors);
+ 		FALLTHROUGH;
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Sep 14 15:25:46 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- FIPS: Run the CFB8 cipher selftest without offset [bsc#1203245]
+  * CFB8 list of ciphers: GNUTLS_CIPHER_AES_{128,192,256}_CFB8
+  * Add gnutls-FIPS-Run-CFB8-without-offset.patch
+
 -------------------------------------------------------------------
 Tue Sep 13 18:08:03 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/gnutls.spec
+++ b/gnutls.spec
@ -57,6 +57,8 @@ Patch5:         gnutls-FIPS-jitterentropy.patch
 %endif
 #PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
 Patch6:         gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
+#PATCH-FIX-SUSE bsc#1203245 FIPS: Run the CFB8 cipher selftests without offset
+Patch7:         gnutls-FIPS-Run-CFB8-without-offset.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge