SHA256
1
0
forked from pool/gnutls
gnutls/gnutls-FIPS-TLS_KDF_selftest.patch
Pedro Monreal Gonzalez 3796933089 Accepting request 991873 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.7:
  * libgnutls: Fixed double free during verification of pkcs7
    signatures. CVE-2022-2509
  * libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument
    less than or equal to 255 times hash digest size, to comply with
    RFC 5869 2.3.
  * libgnutls: Length limit for TLS PSK usernames has been increased
    from 128 to 65535 characters
  * libgnutls: AES-GCM encryption function now limits plaintext
    length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
  * libgnutls: New block cipher functions have been added to
    transparently handle padding. gnutls_cipher_encrypt3 and
    gnutls_cipher_decrypt3 can be used in combination of
    GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove
    padding if the length of the original plaintext is not a multiple
    of the block size.
  * libgnutls: New function for manual FIPS self-testing.
  * API and ABI modifications:
    - gnutls_fips140_run_self_tests: New function
    - gnutls_cipher_encrypt3: New function
    - gnutls_cipher_decrypt3: New function
    - gnutls_cipher_padding_flags_t: New enum
  * guile: Guile 1.8 is no longer supported
  * guile: Session record port treats premature termination as EOF Previously,
    a 'gnutls-error' exception with the 'error/premature-termination' value
    would be thrown while reading from a session record port when the
    underlying session was terminated prematurely. This was inconvenient
    since users of the port may not be prepared to handle such an exception.
    Reading from the session record port now returns the end-of-file object
    instead of throwing an exception, just like it would for a proper

OBS-URL: https://build.opensuse.org/request/show/991873
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=69
2022-08-01 08:36:39 +00:00

32 lines
1.1 KiB
Diff

Index: gnutls-3.7.7/lib/fips.c
===================================================================
--- gnutls-3.7.7.orig/lib/fips.c
+++ gnutls-3.7.7/lib/fips.c
@@ -517,6 +517,26 @@ int _gnutls_fips_perform_self_checks2(vo
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
}
+ /* KDF */
+
+ char derived[512];
+
+ gnutls_datum_t secret = { (void *)"\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8\x6f\x4a", 16 };
+ gnutls_datum_t seed = { (void *)"\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60\x1d\x8b", 16 };
+ gnutls_datum_t label = { (void *)"test label", 10 };
+ gnutls_datum_t expected = { (void *)"\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97\x9e\x1d", 16 };
+
+ ret = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data,
+ label.size, (char*)label.data, seed.size, seed.data, expected.size, derived);
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
+ ret = memcmp(derived, expected.data, expected.size);
+ if (ret != 0) {
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
+ }
+
/* PK */
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
if (ret < 0) {