rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity
gnutls/gnutls-FIPS-PBKDF2-KAT-requirements.patch
Marcus Meissner d9b5f828c5 Accepting request 979523 from home:1Antoine1:branches:security:tls 
- Update to version 3.7.6:
  * libgnutls: Fixed invalid write when gnutls_realloc_zero() is
    called with new_size < old_size. This bug caused heap
    corruption when gnutls_realloc_zero() has been set as gmp
    reallocfunc.
  * Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed
    upstream.

- Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory
  corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367,
  boo#1199929).

- update to 3.7.5:
  * add options disable session ticket usage in TLS 1.2 because
    it does not provide forward secrecy
  * For TLS 1.3 where session tickets do provide forward secrecy,
    the PFS priority string now only disables session tickets in
    TLS 1.2.
  * Future backward incompatibility: in the next major release of
     GnuTLS those flag and modifier are planned to be removed
  * gnutls-cli, gnutls-serv: Channel binding for printing
    information has been changed from tls-unique to tls-exporter
    as tls-unique is not supported in TLS 1.3.
  * Certificate sanity checks has been enhanced to make gnutls
    more RFC 5280 compliant:
  * Removed 3DES from FIPS approved algorithms
  * Optimized support for AES-SIV-CMAC algorithms
  * libgnutls: HKDF and AES-GCM algorithms are now approved in
    FIPS-140 mode when used in TLS

OBS-URL: https://build.opensuse.org/request/show/979523
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=67
2022-05-30 08:08:31 +00:00

23 lines
919 B
Diff
Raw Blame History

Index: gnutls-3.7.5/lib/crypto-selftests.c
===================================================================
--- gnutls-3.7.5.orig/lib/crypto-selftests.c
+++ gnutls-3.7.5/lib/crypto-selftests.c
@@ -3123,6 +3123,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh
"\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f"
"\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"),
},
+ /* Test vector extracted from https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
+ {
+ STR(key, key_size, "passwordPASSWORDpassword"),
+ STR(salt, salt_size, "saltSALTsaltSALTsaltSALTsaltSALTsalt"),
+ .iter_count = 4096,
+ STR(output, output_size,
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e"
+ "\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f"
+ "\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"),
+ },
};
static int test_pbkdf2(gnutls_mac_algorithm_t mac,
View Git Blame Copy Permalink