Drop unneeded passphrase length check for PBKDF2

Resolves: rhbz#2130275
2022-10-20 16:03:01 +02:00 · 2022-10-20 16:03:01 +02:00 · 2786fa2515
commit 2786fa2515
parent 6abf6e0a54
1 changed files with 3 additions and 36 deletions
--- a/libgcrypt-1.10.0-fips-kdf.patch
+++ b/libgcrypt-1.10.0-fips-kdf.patch
@ -1,36 +1,3 @@
-From 857e6f467d0fc9fd858a73d84122695425970075 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 27 Sep 2022 13:26:16 +0900
-Subject: [PATCH] kdf:pkdf2: Require longer input when FIPS mode.
-
-* cipher/kdf.c (_gcry_kdf_pkdf2): Add length check.
-
--
-
-GnuPG-bug-id: 6039
-Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
- cipher/kdf.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/cipher/kdf.c b/cipher/kdf.c
-index 3e51e115..81523320 100644
--- a/cipher/kdf.c
-+++ b/cipher/kdf.c
-@@ -160,6 +160,9 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
-     return GPG_ERR_INV_VALUE;
- #endif
- 
-+  /* HMAC requires longer input for approved use case.  */
-+  if (fips_mode () && passphraselen < 14)
-+    return GPG_ERR_INV_VALUE;
- 
-   /* Step 2 */
-   l = ((dklen - 1)/ hlen) + 1;
-- 
-2.37.3
-
 From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001
 From: Tobias Heider <tobias.heider@canonical.com>
 Date: Tue, 27 Sep 2022 13:31:05 +0900
@ -58,9 +25,9 @@ index 81523320..67c60df8 100644
 +  if (fips_mode () && dklen < 14)
 +    return GPG_ERR_INV_VALUE;
 +
-   /* HMAC requires longer input for approved use case.  */
-   if (fips_mode () && passphraselen < 14)
-     return GPG_ERR_INV_VALUE;
+ 
+   /* Step 2 */
+   l = ((dklen - 1)/ hlen) + 1;
 -- 
 2.37.3
 From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001