Update KDF selftest to run allowed cases
Resolves: rhbz#2176145
This commit is contained in:
Jakub Jelen
parent
65342ad3f8
commit
12a13f840d
@ -127,3 +127,61 @@ index d22584da..823c744e 100644
|
|||||||
--
|
--
|
||||||
2.39.0
|
2.39.0
|
||||||
|
|
||||||
|
From f5fe94810f3099c9ccc2ca3a5891502922ab0576 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 28 Feb 2023 12:53:28 +0100
|
||||||
|
Subject: [PATCH] kdf: Update tests in regards to the allowed parameters in
|
||||||
|
FIPS mode.
|
||||||
|
|
||||||
|
* cipher/kdf.c (check_one): run selftests for more approved parameters
|
||||||
|
and check that wrong parameters correctly fail in FIPS mode.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
Fixes-commit: 535a4d345872aa2cd2ab3a5f9c4411d0a0313328
|
||||||
|
GnuPG-bug-id: 5512
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
cipher/kdf.c | 22 +++++++++++++++-------
|
||||||
|
1 file changed, 15 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/kdf.c b/cipher/kdf.c
|
||||||
|
index 823c744e..12beec56 100644
|
||||||
|
--- a/cipher/kdf.c
|
||||||
|
+++ b/cipher/kdf.c
|
||||||
|
@@ -2059,17 +2059,25 @@ check_one (int algo, int hash_algo,
|
||||||
|
{
|
||||||
|
unsigned char key[512]; /* hardcoded to avoid allocation */
|
||||||
|
size_t keysize = expectlen;
|
||||||
|
-
|
||||||
|
- /* Skip test with shoter passphrase in FIPS mode. */
|
||||||
|
- if (fips_mode () && passphraselen < 14)
|
||||||
|
- return NULL;
|
||||||
|
+ int rv;
|
||||||
|
|
||||||
|
if (keysize > sizeof(key))
|
||||||
|
return "invalid tests data";
|
||||||
|
|
||||||
|
- if (_gcry_kdf_derive (passphrase, passphraselen, algo,
|
||||||
|
- hash_algo, salt, saltlen, iterations,
|
||||||
|
- keysize, key))
|
||||||
|
+ rv = _gcry_kdf_derive (passphrase, passphraselen, algo,
|
||||||
|
+ hash_algo, salt, saltlen, iterations,
|
||||||
|
+ keysize, key);
|
||||||
|
+ /* In fips mode we have special requirements for the input and
|
||||||
|
+ * output parameters */
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ {
|
||||||
|
+ if (rv && (passphraselen < 8 || saltlen < 16 ||
|
||||||
|
+ iterations < 1000 || expectlen < 14))
|
||||||
|
+ return NULL;
|
||||||
|
+ else if (rv)
|
||||||
|
+ return "gcry_kdf_derive unexpectedly failed in FIPS Mode";
|
||||||
|
+ }
|
||||||
|
+ else if (rv)
|
||||||
|
return "gcry_kdf_derive failed";
|
||||||
|
|
||||||
|
if (memcmp (key, expect, expectlen))
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user