From 9fa8445723296ab8c56d35334a06bb39688f932d Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Wed, 26 Jun 2024 15:06:38 -0500 Subject: [PATCH] Disable SHA-1 GHmac tests They pass at build time, but fail during gating, presumably because crypto policy is different and blocks SHA-1. Let's just not run these tests, same as we already do for MD-5. There is plenty of test coverage for the other HMAC algorithms. Related: RHEL-44610 --- gnutls-hmac.patch | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/gnutls-hmac.patch b/gnutls-hmac.patch index 284e703..52681f2 100644 --- a/gnutls-hmac.patch +++ b/gnutls-hmac.patch @@ -954,10 +954,10 @@ index 61ad30b97..25beac81a 100644 2.44.0 -From 588b92a69e81a8c744c4b2cb00edef94a4db7d6a Mon Sep 17 00:00:00 2001 +From 820417a079f19179201d0ad2378ed3398139339b Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Wed, 16 Jun 2021 20:46:24 -0500 -Subject: [PATCH 4/4] Add test for GHmac in FIPS mode +Subject: [PATCH] Add test for GHmac in FIPS mode This will test a few problems that we hit recently: @@ -970,11 +970,11 @@ Crash when passing -1 length to g_hmac_update() (discovered in #1971533) We'll also test to ensure MD5 fails, and stop compiling the other MD5 tests. --- - glib/tests/hmac.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 46 insertions(+) + glib/tests/hmac.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 48 insertions(+) diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c -index 3ac3206df..352d18a09 100644 +index 3ac3206df..264d4fb84 100644 --- a/glib/tests/hmac.c +++ b/glib/tests/hmac.c @@ -1,7 +1,10 @@ @@ -1004,15 +1004,15 @@ index 3ac3206df..352d18a09 100644 HmacCase hmac_md5_tests[] = { { G_CHECKSUM_MD5, key_md5_test1, 16, "Hi There", 8, result_md5_test1 }, { G_CHECKSUM_MD5, "Jefe", 4, "what do ya want for nothing?", 28, -@@ -317,6 +322,7 @@ HmacCase hmac_md5_tests[] = { - 73, result_md5_test7 }, +@@ -336,6 +341,7 @@ HmacCase hmac_sha1_tests[] = { + " Than One Block-Size Data", 73, result_sha1_test7, }, { -1, NULL, 0, NULL, 0, NULL }, }; +#endif - HmacCase hmac_sha1_tests[] = { - { G_CHECKSUM_SHA1, key_sha_test1, 20, "Hi There", 8, result_sha1_test1 }, -@@ -493,11 +499,45 @@ test_hmac_for_bytes (void) + HmacCase hmac_sha256_tests[] = { + { G_CHECKSUM_SHA256, key_sha_test1, 20, "Hi There", 8, result_sha256_test1 }, +@@ -493,13 +499,48 @@ test_hmac_for_bytes (void) g_bytes_unref (data); } @@ -1057,8 +1057,19 @@ index 3ac3206df..352d18a09 100644 + g_test_init (&argc, &argv, NULL); ++#ifndef USE_GNUTLS for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++) -@@ -532,6 +572,7 @@ main (int argc, + { + gchar *name = g_strdup_printf ("/hmac/sha1-%d", i + 1); +@@ -507,6 +548,7 @@ main (int argc, + (void (*)(const void *)) test_hmac); + g_free (name); + } ++#endif + + for (i = 0 ; hmac_sha256_tests[i].key_len > 0 ; i++) + { +@@ -532,6 +574,7 @@ main (int argc, g_free (name); } @@ -1066,7 +1077,7 @@ index 3ac3206df..352d18a09 100644 for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++) { gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1); -@@ -539,6 +580,7 @@ main (int argc, +@@ -539,6 +582,7 @@ main (int argc, (void (*)(const void *)) test_hmac); g_free (name); } @@ -1074,7 +1085,7 @@ index 3ac3206df..352d18a09 100644 g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref); g_test_add_func ("/hmac/copy", test_hmac_copy); -@@ -546,5 +588,9 @@ main (int argc, +@@ -546,5 +590,9 @@ main (int argc, g_test_add_func ("/hmac/for-string", test_hmac_for_string); g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes); @@ -1085,5 +1096,5 @@ index 3ac3206df..352d18a09 100644 return g_test_run (); } -- -2.44.0 +2.45.2