gnutls/gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch

Index: gnutls-3.7.7/lib/crypto-api.c
===================================================================
--- gnutls-3.7.7.orig/lib/crypto-api.c
+++ gnutls-3.7.7/lib/crypto-api.c
@@ -2228,7 +2228,12 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac
 	if (!is_mac_algo_allowed(mac)) {
 		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
-	} else if (!is_mac_algo_approved_in_fips(mac)) {
+	} else if (!is_mac_algo_approved_for_pbkdf2_in_fips(mac)) {
+		not_approved = true;
+	}
+
+	/* Key lengthes less than 112 bits are not approved */
+	if (length < 14 || key->size < 14) {
 		not_approved = true;
 	}
 
Index: gnutls-3.7.7/lib/fips.h
===================================================================
--- gnutls-3.7.7.orig/lib/fips.h
+++ gnutls-3.7.7/lib/fips.h
@@ -100,6 +100,25 @@ is_mac_algo_approved_in_fips(gnutls_mac_
 }
 
 inline static bool
+is_mac_algo_approved_for_pbkdf2_in_fips(gnutls_mac_algorithm_t algo)
+{
+	switch (algo) {
+	case GNUTLS_MAC_SHA1:
+	case GNUTLS_MAC_SHA256:
+	case GNUTLS_MAC_SHA384:
+	case GNUTLS_MAC_SHA512:
+	case GNUTLS_MAC_SHA224:
+	case GNUTLS_MAC_SHA3_224:
+	case GNUTLS_MAC_SHA3_256:
+	case GNUTLS_MAC_SHA3_384:
+	case GNUTLS_MAC_SHA3_512:
+		return true;
+	default:
+		return false;
+	}
+}
+
+inline static bool
 is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo)
 {
 	return is_mac_algo_approved_in_fips(algo);
Index: gnutls-3.7.7/lib/crypto-selftests.c
===================================================================
--- gnutls-3.7.7.orig/lib/crypto-selftests.c
+++ gnutls-3.7.7/lib/crypto-selftests.c
@@ -3090,30 +3090,6 @@ struct pbkdf2_vectors_st {
 };
 
 const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
-	/* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
-	{
-		STR(key, key_size, "passwd"),
-		STR(salt, salt_size, "salt"),
-		.iter_count = 1,
-		STR(output, output_size,
-		    "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
-		    "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
-		    "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
-		    "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
-		    "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
-	},
-	/* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
-	{
-		STR(key, key_size, "Password"),
-		STR(salt, salt_size, "NaCl"),
-		.iter_count = 80000,
-		STR(output, output_size,
-		    "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
-		    "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
-		    "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
-		    "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
-		    "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
-	},
 	/* Test vector extracted from:
 	 * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
 	{
Index: gnutls-3.7.7/tests/kdf-api.c
===================================================================
--- gnutls-3.7.7.orig/tests/kdf-api.c
+++ gnutls-3.7.7/tests/kdf-api.c
@@ -192,14 +192,19 @@ doit(void)
 		  "2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
 		  "34007208d5b887185865");
 
-	/* Test vector from RFC 6070.  More thorough testing is done
-	 * in nettle. */
-	test_pbkdf2(GNUTLS_MAC_SHA1,
-		    "70617373776f7264", /* "password" */
-		    "73616c74",		/* "salt" */
+	/* Test vector extracted from:
+	 * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
+	test_pbkdf2(GNUTLS_MAC_SHA256,
+		    "70617373776f726450415353"
+		    "574f524470617373776f7264", /* "passwordPASSWORDpassword" */
+		    "73616c7453414c5473616c74"
+		    "53414c5473616c7453414c54"
+		    "73616c7453414c5473616c74", /* "saltSALTsaltSALTsaltSALTsaltSALTsalt" */
 		    4096,
-		    20,
-		    "4b007901b765489abead49d926f721d065a429c1");
+		    40,
+		    "348c89dbcbd32b2f32d814b8"
+		    "116e84cf2b17347ebc180018"
+		    "1c4e2a1fb8dd53e1c635518c7dac47e9");
 
 	gnutls_fips140_context_deinit(fips_context);
 }