openssl-1_1/openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch

46 lines
1.8 KiB
Diff

Index: openssl-1.1.1l/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.1l/crypto/fips/fips_kdf_selftest.c
@@ -63,18 +63,20 @@ int FIPS_selftest_pbkdf2(void)
{
int ret = 0;
EVP_KDF_CTX *kctx;
- unsigned char out[32];
+ unsigned char out[40];
if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
goto err;
}
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS,
+ "passwordPASSWORDpassword", (size_t)24) <= 0) {
goto err;
}
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", (size_t)36) <= 0) {
goto err;
}
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096) <= 0) {
goto err;
}
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
@@ -86,10 +88,11 @@ int FIPS_selftest_pbkdf2(void)
{
const unsigned char expected[sizeof(out)] = {
- 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
- 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
- 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
- 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
+ 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
+ 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
+ 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
+ 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1,
+ 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9
};
if (memcmp(out, expected, sizeof(expected))) {
goto err;