import glib2-2.56.4-156.el8

This commit is contained in:
CentOS Sources 2021-07-07 04:08:38 +00:00 committed by Andrew Lukoshko
parent 5e62502673
commit ac6698da0f
2 changed files with 19 additions and 161 deletions

View File

@ -1,4 +1,4 @@
From 7ab93b8205093b4d176e63947039981515af1932 Mon Sep 17 00:00:00 2001
From c5cc0bb6f2d6e468c7402915a0a4e6799f0febdf Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 7 Jun 2019 18:44:43 +0000
Subject: [PATCH 1/3] ghmac: Split off wrapper functions into ghmac-utils.c
@ -311,7 +311,7 @@ index c81e99f9c..306a67f13 100644
--
2.31.1
From 1cc432d6e9080621e1f2822a14589b258f1f813c Mon Sep 17 00:00:00 2001
From 3befcf1eb31e0fa7a988b22a9c24240218cd4744 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 7 Jun 2019 19:36:54 +0000
Subject: [PATCH 2/3] Add a gnutls backend for GHmac
@ -774,10 +774,10 @@ index 4504c6858..d18c42a36 100644
--
2.31.1
From 20e550351e9914e78a73b4ca0e9866f1a39dca51 Mon Sep 17 00:00:00 2001
From 87280b23902290dcf843a42d06cedeef571a673f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 16 Jun 2021 20:46:24 -0500
Subject: [PATCH 3/3] Add test for GHmac in FIPS mode
Date: Thu, 1 Jul 2021 15:51:26 -0500
Subject: [PATCH 3/3] Add more tests for GHmac
This will test a few problems that we hit recently:
@ -786,153 +786,29 @@ g_hmac_copy() is broken, https://bugzilla.redhat.com/show_bug.cgi?id=1786538
Crash in g_hmac_update() in FIPS mode, https://bugzilla.redhat.com/show_bug.cgi?id=1971533
Crash when passing -1 length to g_hmac_update() (discovered in #1971533)
We'll also test to ensure MD5 fails, and stop compiling the other MD5
tests.
---
glib/tests/hmac.c | 139 +++++++++++-----------------------------------
1 file changed, 32 insertions(+), 107 deletions(-)
glib/tests/hmac.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
index 3ac3206df..31a1c77d3 100644
index 3ac3206df..16b2fac9c 100644
--- a/glib/tests/hmac.c
+++ b/glib/tests/hmac.c
@@ -1,87 +1,9 @@
+#include "config.h"
+
#include <glib.h>
#include <string.h>
#include <stdlib.h>
-/* HMAC-MD5 test vectors as per RFC 2202 */
-
-/* Test 1 */
-guint8 key_md5_test1[] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
-guint8 result_md5_test1[] = {
- 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, 0x13, 0xf4,
- 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d };
-
-/* Test 2 */
-guint8 result_md5_test2[] = {
- 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, 0xea, 0xa8,
- 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 };
-
-/* Test 3 */
-guint8 key_md5_test3[] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
-guint8 data_md5_test3[] = {
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd };
-guint8 result_md5_test3[] = {
- 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, 0xdb, 0xb8,
- 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 };
-
-/* Test 4 */
-guint8 key_md5_test4[] = {
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
- 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19 };
-guint8 data_md5_test4[] = {
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd };
-guint8 result_md5_test4[] = {
- 0x69, 0x7e, 0xaf, 0x0a, 0xca, 0x3a, 0x3a, 0xea, 0x3a, 0x75,
- 0x16, 0x47, 0x46, 0xff, 0xaa, 0x79 };
-
-/* Test 5 */
-guint8 key_md5_test5[] = {
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c};
-guint8 result_md5_test5[] = {
- 0x56, 0x46, 0x1e, 0xf2, 0x34, 0x2e, 0xdc, 0x00, 0xf9, 0xba,
- 0xb9, 0x95, 0x69, 0x0e, 0xfd, 0x4c };
-
-/* Test 6 */
-guint8 key_md5_test6[] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
-guint8 result_md5_test6[] = {
- 0x6b, 0x1a, 0xb7, 0xfe, 0x4b, 0xd7, 0xbf, 0x8f, 0x0b, 0x62,
- 0xe6, 0xce, 0x61, 0xb9, 0xd0, 0xcd };
-
-/* Test 6 */
-guint8 key_md5_test7[] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
-guint8 result_md5_test7[] = {
- 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd, 0xa0, 0xee, 0x1f, 0xb1,
- 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e };
-
/* HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512 test vectors
* as per RFCs 2202 and 4868.
*
@@ -299,25 +221,6 @@ typedef struct {
gconstpointer result;
} HmacCase;
-HmacCase hmac_md5_tests[] = {
- { G_CHECKSUM_MD5, key_md5_test1, 16, "Hi There", 8, result_md5_test1 },
- { G_CHECKSUM_MD5, "Jefe", 4, "what do ya want for nothing?", 28,
- result_md5_test2 },
- { G_CHECKSUM_MD5, key_md5_test3, 16, data_md5_test3, 50,
- result_md5_test3 },
- { G_CHECKSUM_MD5, key_md5_test4, 25, data_md5_test4, 50,
- result_md5_test4 },
- { G_CHECKSUM_MD5, key_md5_test5, 16, "Test With Truncation", 20,
- result_md5_test5 },
- { G_CHECKSUM_MD5, key_md5_test6, 80,
- "Test Using Larger Than Block-Size Key - Hash Key First", 54,
- result_md5_test6 },
- { G_CHECKSUM_MD5, key_md5_test7, 80,
- "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
- 73, result_md5_test7 },
- { -1, NULL, 0, NULL, 0, NULL },
-};
-
HmacCase hmac_sha1_tests[] = {
{ G_CHECKSUM_SHA1, key_sha_test1, 20, "Hi There", 8, result_sha1_test1 },
{ G_CHECKSUM_SHA1, "Jefe", 4, "what do ya want for nothing?", 28,
@@ -493,11 +396,40 @@ test_hmac_for_bytes (void)
@@ -493,6 +493,27 @@ test_hmac_for_bytes (void)
g_bytes_unref (data);
}
+static void
+test_gnutls_fips_mode (void)
+test_ghmac_gnutls_regressions (void)
+{
+ GHmac *hmac;
+ GHmac *copy;
+
+ /* No MD5 in FIPS mode. */
+ hmac = g_hmac_new (G_CHECKSUM_MD5, "abc123", sizeof ("abc123"));
+ g_assert_null (hmac);
+
+ /* SHA-256 should be good. */
+ hmac = g_hmac_new (G_CHECKSUM_SHA256, "abc123", sizeof ("abc123"));
+ hmac = g_hmac_new (G_CHECKSUM_SHA256, (const guchar *)"abc123", sizeof ("abc123"));
+ g_assert_nonnull (hmac);
+
+ /* Ensure g_hmac_update() does not crash when called with -1. */
+ g_hmac_update (hmac, "You win again, gravity!", -1);
+ g_hmac_update (hmac, (const guchar *)"You win again, gravity!", -1);
+
+ /* Ensure g_hmac_copy() does not crash. */
+ copy = g_hmac_copy (hmac);
@ -946,35 +822,13 @@ index 3ac3206df..31a1c77d3 100644
int
main (int argc,
char **argv)
{
int i;
+
+ g_setenv ("GNUTLS_FORCE_FIPS_MODE", "1", FALSE);
+
g_test_init (&argc, &argv, NULL);
for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++)
@@ -532,19 +464,12 @@ main (int argc,
g_free (name);
}
- for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++)
- {
- gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1);
- g_test_add_data_func (name, hmac_md5_tests + i,
- (void (*)(const void *)) test_hmac);
- g_free (name);
- }
-
g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref);
g_test_add_func ("/hmac/copy", test_hmac_copy);
@@ -545,6 +566,7 @@ main (int argc,
g_test_add_func ("/hmac/for-data", test_hmac_for_data);
g_test_add_func ("/hmac/for-string", test_hmac_for_string);
g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes);
+ g_test_add_func ("/hmac/gnutls-fips-mode", test_gnutls_fips_mode);
+ g_test_add_func ("/hmac/ghmac-gnutls-regressions", test_ghmac_gnutls_regressions);
return g_test_run ();
}
--
2.31.1

View File

@ -5,7 +5,7 @@
Name: glib2
Version: 2.56.4
Release: 14%{?dist}
Release: 156%{?dist}
Summary: A library of handy utility functions
License: LGPLv2+
@ -300,6 +300,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/installed-tests
%changelog
* Thu Jul 01 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-15
- Fix test failure introduced in previous update
- Related: #1971533
* Wed Jun 23 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-14
- Refresh GHmac patchset
- Resolves: #1971533