rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Allow short salt for KDF

Browse Source 
Resolves: rhbz#2114870
This commit is contained in:
Jakub Jelen 2022-08-16 11:46:59 +02:00
parent 58504a6c0b
commit c59f3d1447
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
libgcrypt-1.10.0-allow-short-salt.patch Normal file
View File

@ -0,0 +1,51 @@
From 58c92098d053aae7c78cc42bdd7c80c13efc89bb Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 24 Jun 2022 08:59:31 +0900
Subject: [PATCH] hmac,hkdf: Allow use of shorter salt for HKDF.
* cipher/md.c (prepare_macpads): Move the check to...
* src/visibility.c (gcry_mac_setkey): ... here.
* tests/t-kdf.c (check_hkdf): No failure is expected.
--
GnuPG-bug-id: 6039
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
cipher/md.c | 3 ---
src/visibility.c | 3 +++
tests/t-kdf.c | 12 +-----------
3 files changed, 4 insertions(+), 14 deletions(-)
diff --git a/cipher/md.c b/cipher/md.c
index 4f4fc9bf..34336b5c 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -903,9 +903,6 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
{
GcryDigestEntry *r;
- if (fips_mode () && keylen < 14)
- return GPG_ERR_INV_VALUE;
-
if (!a->ctx->list)
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
diff --git a/src/visibility.c b/src/visibility.c
index c98247d8..aee5bffb 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -946,6 +946,9 @@ gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
if (!fips_is_operational ())
return gpg_error (fips_not_operational ());
+ if (fips_mode () && keylen < 14)
+ return GPG_ERR_INV_VALUE;
+
return gpg_error (_gcry_mac_setkey (hd, key, keylen));
}
--
2.37.1

2
libgcrypt.spec
View File

@ -25,6 +25,7 @@ Patch1: libgcrypt-1.10.0-disable-brainpool.patch
Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch
Patch3: libgcrypt-1.10.0-ppc-hwf.patch Patch3: libgcrypt-1.10.0-ppc-hwf.patch
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
%global gcrylibdir %{_libdir} %global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20 %global gcrysoname libgcrypt.so.20
@ -64,6 +65,7 @@ applications using libgcrypt.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
# This package has a configure test which uses ASMs, but does not link the # This package has a configure test which uses ASMs, but does not link the