Disable SHA-1 GHmac tests

They pass at build time, but fail during gating, presumably because crypto policy is different and blocks SHA-1. Let's just not run these tests, same as we already do for MD-5. There is plenty of test coverage for the other HMAC algorithms. Related: RHEL-44610
2024-06-26 15:06:38 -05:00 · 2024-06-26 15:06:38 -05:00 · 9fa8445723
commit 9fa8445723
parent 18620381b6
1 changed files with 25 additions and 14 deletions
--- a/gnutls-hmac.patch
+++ b/gnutls-hmac.patch
@ -954,10 +954,10 @@ index 61ad30b97..25beac81a 100644
 2.44.0
-From 588b92a69e81a8c744c4b2cb00edef94a4db7d6a Mon Sep 17 00:00:00 2001
+From 820417a079f19179201d0ad2378ed3398139339b Mon Sep 17 00:00:00 2001
 From: Michael Catanzaro <mcatanzaro@redhat.com>
 Date: Wed, 16 Jun 2021 20:46:24 -0500
-Subject: [PATCH 4/4] Add test for GHmac in FIPS mode
+Subject: [PATCH] Add test for GHmac in FIPS mode
 This will test a few problems that we hit recently:
@ -970,11 +970,11 @@ Crash when passing -1 length to g_hmac_update() (discovered in #1971533)
 We'll also test to ensure MD5 fails, and stop compiling the other MD5
 tests.
 ---
- glib/tests/hmac.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
+ glib/tests/hmac.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 46 insertions(+)
+ 1 file changed, 48 insertions(+)
 diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
-index 3ac3206df..352d18a09 100644
+index 3ac3206df..264d4fb84 100644
 --- a/glib/tests/hmac.c
 +++ b/glib/tests/hmac.c
@@ -1,7 +1,10 @@
@ -1004,15 +1004,15 @@ index 3ac3206df..352d18a09 100644
 HmacCase hmac_md5_tests[] = {
   { G_CHECKSUM_MD5, key_md5_test1, 16, "Hi There", 8, result_md5_test1 },
   { G_CHECKSUM_MD5, "Jefe", 4, "what do ya want for nothing?", 28,
-@@ -317,6 +322,7 @@ HmacCase hmac_md5_tests[] = {
+@@ -336,6 +341,7 @@ HmacCase hmac_sha1_tests[] = {
-       73, result_md5_test7 },
+                " Than One Block-Size Data", 73, result_sha1_test7, },
   { -1, NULL, 0, NULL, 0, NULL },
 };
 +#endif
- HmacCase hmac_sha1_tests[] = {
+ HmacCase hmac_sha256_tests[] = {
-   { G_CHECKSUM_SHA1, key_sha_test1, 20, "Hi There", 8, result_sha1_test1 },
+   { G_CHECKSUM_SHA256, key_sha_test1, 20, "Hi There", 8, result_sha256_test1 },
-@@ -493,11 +499,45 @@ test_hmac_for_bytes (void)
+@@ -493,13 +499,48 @@ test_hmac_for_bytes (void)
   g_bytes_unref (data);
 }
@ -1057,8 +1057,19 @@ index 3ac3206df..352d18a09 100644
 +
   g_test_init (&argc, &argv, NULL);
 +#ifndef USE_GNUTLS
   for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++)
-@@ -532,6 +572,7 @@ main (int argc,
+     {
       gchar *name = g_strdup_printf ("/hmac/sha1-%d", i + 1);
@@ -507,6 +548,7 @@ main (int argc,
         (void (*)(const void *)) test_hmac);
       g_free (name);
     }
 +#endif
   for (i = 0 ; hmac_sha256_tests[i].key_len > 0 ; i++)
     {
@@ -532,6 +574,7 @@ main (int argc,
       g_free (name);
     }
@ -1066,7 +1077,7 @@ index 3ac3206df..352d18a09 100644
   for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++)
     {
       gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1);
-@@ -539,6 +580,7 @@ main (int argc,
+@@ -539,6 +582,7 @@ main (int argc,
         (void (*)(const void *)) test_hmac);
       g_free (name);
     }
@ -1074,7 +1085,7 @@ index 3ac3206df..352d18a09 100644
   g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref);
   g_test_add_func ("/hmac/copy", test_hmac_copy);
-@@ -546,5 +588,9 @@ main (int argc,
+@@ -546,5 +590,9 @@ main (int argc,
   g_test_add_func ("/hmac/for-string", test_hmac_for_string);
   g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes);
@ -1085,5 +1096,5 @@ index 3ac3206df..352d18a09 100644
   return g_test_run ();
 }
 -- 
-2.44.0
+2.45.2