Remove FIPS mode test
FIPS mode is currently broken in both Fedora rawhide and RHEL 10. This test is no longer useful because it's now testing whether GnuTLS works rather than whether GLib works. Related: RHEL-44610
This commit is contained in:
Michael Catanzaro
parent
9fa8445723
commit
19168d2368
@ -41,6 +41,7 @@ BuildRequires: /usr/bin/update-desktop-database
|
|||||||
# For gnutls-hmac.patch. We now dlopen libgnutls.so.30 so that we can build a
|
# For gnutls-hmac.patch. We now dlopen libgnutls.so.30 so that we can build a
|
||||||
# static glib2 without depending on a static build of GnuTLS as well. This will
|
# static glib2 without depending on a static build of GnuTLS as well. This will
|
||||||
# ensure we notice if the GnuTLS soname bumps, so that we can update our patch.
|
# ensure we notice if the GnuTLS soname bumps, so that we can update our patch.
|
||||||
|
BuildRequires: gnutls
|
||||||
%if 0%{?__isa_bits} == 64
|
%if 0%{?__isa_bits} == 64
|
||||||
Requires: libgnutls.so.30()(64bit)
|
Requires: libgnutls.so.30()(64bit)
|
||||||
%else
|
%else
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
From d6208fb067695ebf9e1f06b690e82c2b78994e8b Mon Sep 17 00:00:00 2001
|
From 79c6d81cad24e488c8c17fb5043f29fef11a245e Mon Sep 17 00:00:00 2001
|
||||||
From: Colin Walters <walters@verbum.org>
|
From: Colin Walters <walters@verbum.org>
|
||||||
Date: Fri, 7 Jun 2019 18:44:43 +0000
|
Date: Fri, 7 Jun 2019 18:44:43 +0000
|
||||||
Subject: [PATCH 1/4] ghmac: Split off wrapper functions into ghmac-utils.c
|
Subject: [PATCH 1/4] ghmac: Split off wrapper functions into ghmac-utils.c
|
||||||
@ -296,10 +296,10 @@ index d2efebadc..d261dde5a 100644
|
|||||||
'ghostutils.c',
|
'ghostutils.c',
|
||||||
'giochannel.c',
|
'giochannel.c',
|
||||||
--
|
--
|
||||||
2.44.0
|
2.45.2
|
||||||
|
|
||||||
|
|
||||||
From a9e3f0c8cc8b06c97958ea1e99e61d9f8200dab7 Mon Sep 17 00:00:00 2001
|
From 6be9a415a7af65a2cee5518e87a3f313068a2e0e Mon Sep 17 00:00:00 2001
|
||||||
From: Colin Walters <walters@verbum.org>
|
From: Colin Walters <walters@verbum.org>
|
||||||
Date: Fri, 7 Jun 2019 19:36:54 +0000
|
Date: Fri, 7 Jun 2019 19:36:54 +0000
|
||||||
Subject: [PATCH 2/4] Add a gnutls backend for GHmac
|
Subject: [PATCH 2/4] Add a gnutls backend for GHmac
|
||||||
@ -702,7 +702,7 @@ index d261dde5a..b3663f184 100644
|
|||||||
libintl_deps,
|
libintl_deps,
|
||||||
libm,
|
libm,
|
||||||
diff --git a/meson.build b/meson.build
|
diff --git a/meson.build b/meson.build
|
||||||
index 753454209..61ad30b97 100644
|
index 85e24aa69..34d14f90a 100644
|
||||||
--- a/meson.build
|
--- a/meson.build
|
||||||
+++ b/meson.build
|
+++ b/meson.build
|
||||||
@@ -2286,6 +2286,13 @@ if host_system == 'linux'
|
@@ -2286,6 +2286,13 @@ if host_system == 'linux'
|
||||||
@ -736,10 +736,10 @@ index 69a2135bc..e8599abaa 100644
|
|||||||
type : 'boolean',
|
type : 'boolean',
|
||||||
value : false,
|
value : false,
|
||||||
--
|
--
|
||||||
2.44.0
|
2.45.2
|
||||||
|
|
||||||
|
|
||||||
From 4e84c697544b099c6e8faea6439d8e03883488be Mon Sep 17 00:00:00 2001
|
From 678df1ffadcd7fa326d4c5234dd4dbf561f3d09c Mon Sep 17 00:00:00 2001
|
||||||
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
||||||
Date: Wed, 16 Jun 2021 20:35:00 -0500
|
Date: Wed, 16 Jun 2021 20:35:00 -0500
|
||||||
Subject: [PATCH 3/4] dlopen GnuTLS instead of linking directly
|
Subject: [PATCH 3/4] dlopen GnuTLS instead of linking directly
|
||||||
@ -933,7 +933,7 @@ index b3663f184..2340d12b2 100644
|
|||||||
libintl_deps,
|
libintl_deps,
|
||||||
libm,
|
libm,
|
||||||
diff --git a/meson.build b/meson.build
|
diff --git a/meson.build b/meson.build
|
||||||
index 61ad30b97..25beac81a 100644
|
index 34d14f90a..1e6e14554 100644
|
||||||
--- a/meson.build
|
--- a/meson.build
|
||||||
+++ b/meson.build
|
+++ b/meson.build
|
||||||
@@ -2286,11 +2286,9 @@ if host_system == 'linux'
|
@@ -2286,11 +2286,9 @@ if host_system == 'linux'
|
||||||
@ -951,30 +951,22 @@ index 61ad30b97..25beac81a 100644
|
|||||||
|
|
||||||
if host_system == 'windows'
|
if host_system == 'windows'
|
||||||
--
|
--
|
||||||
2.44.0
|
2.45.2
|
||||||
|
|
||||||
|
|
||||||
From 820417a079f19179201d0ad2378ed3398139339b Mon Sep 17 00:00:00 2001
|
From c76bfa6e30ee14bcfb19666ec3e1f3bd379143bd Mon Sep 17 00:00:00 2001
|
||||||
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
||||||
Date: Wed, 16 Jun 2021 20:46:24 -0500
|
Date: Wed, 16 Jun 2021 20:46:24 -0500
|
||||||
Subject: [PATCH] Add test for GHmac in FIPS mode
|
Subject: [PATCH 4/4] Disable MD5 and SHA-1 HMac tests
|
||||||
|
|
||||||
This will test a few problems that we hit recently:
|
These are expected to be broken, depending on system crypto policy,
|
||||||
|
which may disable the algorithms.
|
||||||
g_hmac_copy() is broken, https://bugzilla.redhat.com/show_bug.cgi?id=1786538
|
|
||||||
|
|
||||||
Crash in g_hmac_update() in FIPS mode, https://bugzilla.redhat.com/show_bug.cgi?id=1971533
|
|
||||||
|
|
||||||
Crash when passing -1 length to g_hmac_update() (discovered in #1971533)
|
|
||||||
|
|
||||||
We'll also test to ensure MD5 fails, and stop compiling the other MD5
|
|
||||||
tests.
|
|
||||||
---
|
---
|
||||||
glib/tests/hmac.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
|
glib/tests/hmac.c | 11 +++++++++++
|
||||||
1 file changed, 48 insertions(+)
|
1 file changed, 11 insertions(+)
|
||||||
|
|
||||||
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
|
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
|
||||||
index 3ac3206df..264d4fb84 100644
|
index 3ac3206df..e7f3fdf08 100644
|
||||||
--- a/glib/tests/hmac.c
|
--- a/glib/tests/hmac.c
|
||||||
+++ b/glib/tests/hmac.c
|
+++ b/glib/tests/hmac.c
|
||||||
@@ -1,7 +1,10 @@
|
@@ -1,7 +1,10 @@
|
||||||
@ -1012,48 +1004,10 @@ index 3ac3206df..264d4fb84 100644
|
|||||||
|
|
||||||
HmacCase hmac_sha256_tests[] = {
|
HmacCase hmac_sha256_tests[] = {
|
||||||
{ G_CHECKSUM_SHA256, key_sha_test1, 20, "Hi There", 8, result_sha256_test1 },
|
{ G_CHECKSUM_SHA256, key_sha_test1, 20, "Hi There", 8, result_sha256_test1 },
|
||||||
@@ -493,13 +499,48 @@ test_hmac_for_bytes (void)
|
@@ -498,8 +504,10 @@ main (int argc,
|
||||||
g_bytes_unref (data);
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef USE_GNUTLS
|
|
||||||
+static void
|
|
||||||
+test_gnutls_fips_mode (void)
|
|
||||||
+{
|
|
||||||
+ GHmac *hmac;
|
|
||||||
+ GHmac *copy;
|
|
||||||
+
|
|
||||||
+ /* No MD5 in FIPS mode. */
|
|
||||||
+ hmac = g_hmac_new (G_CHECKSUM_MD5, (guchar*)"abc123", sizeof ("abc123"));
|
|
||||||
+ g_assert_null (hmac);
|
|
||||||
+
|
|
||||||
+ /* SHA-256 should be good. */
|
|
||||||
+ hmac = g_hmac_new (G_CHECKSUM_SHA256, (guchar*)"abc123", sizeof ("abc123"));
|
|
||||||
+ g_assert_nonnull (hmac);
|
|
||||||
+
|
|
||||||
+ /* Ensure g_hmac_update() does not crash when called with -1. */
|
|
||||||
+ g_hmac_update (hmac, (guchar*)"You win again, gravity!", -1);
|
|
||||||
+
|
|
||||||
+ /* Ensure g_hmac_copy() does not crash. */
|
|
||||||
+ copy = g_hmac_copy (hmac);
|
|
||||||
+ g_assert_nonnull (hmac);
|
|
||||||
+ g_hmac_unref (hmac);
|
|
||||||
+
|
|
||||||
+ g_assert_cmpstr (g_hmac_get_string (copy), ==, "795ba6900bcb22e8ce65c2ec02db4e85697da921deb960ee3143bf88a4a60f83");
|
|
||||||
+ g_hmac_unref (copy);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
int
|
|
||||||
main (int argc,
|
|
||||||
char **argv)
|
char **argv)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
+
|
|
||||||
+#ifdef USE_GNUTLS
|
|
||||||
+ /* This has to happen before GnuTLS is dlopened. */
|
|
||||||
+ g_setenv ("GNUTLS_FORCE_FIPS_MODE", "1", FALSE);
|
|
||||||
+#endif
|
|
||||||
+
|
+
|
||||||
g_test_init (&argc, &argv, NULL);
|
g_test_init (&argc, &argv, NULL);
|
||||||
|
|
||||||
@ -1061,7 +1015,7 @@ index 3ac3206df..264d4fb84 100644
|
|||||||
for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++)
|
for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++)
|
||||||
{
|
{
|
||||||
gchar *name = g_strdup_printf ("/hmac/sha1-%d", i + 1);
|
gchar *name = g_strdup_printf ("/hmac/sha1-%d", i + 1);
|
||||||
@@ -507,6 +548,7 @@ main (int argc,
|
@@ -507,6 +515,7 @@ main (int argc,
|
||||||
(void (*)(const void *)) test_hmac);
|
(void (*)(const void *)) test_hmac);
|
||||||
g_free (name);
|
g_free (name);
|
||||||
}
|
}
|
||||||
@ -1069,7 +1023,7 @@ index 3ac3206df..264d4fb84 100644
|
|||||||
|
|
||||||
for (i = 0 ; hmac_sha256_tests[i].key_len > 0 ; i++)
|
for (i = 0 ; hmac_sha256_tests[i].key_len > 0 ; i++)
|
||||||
{
|
{
|
||||||
@@ -532,6 +574,7 @@ main (int argc,
|
@@ -532,6 +541,7 @@ main (int argc,
|
||||||
g_free (name);
|
g_free (name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1077,7 +1031,7 @@ index 3ac3206df..264d4fb84 100644
|
|||||||
for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++)
|
for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++)
|
||||||
{
|
{
|
||||||
gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1);
|
gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1);
|
||||||
@@ -539,6 +582,7 @@ main (int argc,
|
@@ -539,6 +549,7 @@ main (int argc,
|
||||||
(void (*)(const void *)) test_hmac);
|
(void (*)(const void *)) test_hmac);
|
||||||
g_free (name);
|
g_free (name);
|
||||||
}
|
}
|
||||||
@ -1085,16 +1039,6 @@ index 3ac3206df..264d4fb84 100644
|
|||||||
|
|
||||||
g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref);
|
g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref);
|
||||||
g_test_add_func ("/hmac/copy", test_hmac_copy);
|
g_test_add_func ("/hmac/copy", test_hmac_copy);
|
||||||
@@ -546,5 +590,9 @@ main (int argc,
|
|
||||||
g_test_add_func ("/hmac/for-string", test_hmac_for_string);
|
|
||||||
g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes);
|
|
||||||
|
|
||||||
+#ifdef USE_GNUTLS
|
|
||||||
+ g_test_add_func ("/hmac/gnutls-fips-mode", test_gnutls_fips_mode);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
return g_test_run ();
|
|
||||||
}
|
|
||||||
--
|
--
|
||||||
2.45.2
|
2.45.2
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user