Backport upstream commit to test incremental hmac-sha256 computation

2018-11-26 11:34:49 +01:00 · 2018-11-26 11:34:49 +01:00 · 097643ad58
commit 097643ad58
parent da2ba20d5b
2 changed files with 46 additions and 0 deletions
--- a/libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch
+++ b/libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch
@ -0,0 +1,44 @@
+From 580a15e118ee86676ddc1b4456ae6a3f14d86296 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 22 Nov 2018 22:20:57 +0100
+Subject: [PATCH] Test hmac-sha256 incremental computation, too.
+
+The main purpose of this additional test is for coverage.
+---
+ test-alg-pbkdf-hmac-sha256.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/test-alg-pbkdf-hmac-sha256.c b/test-alg-pbkdf-hmac-sha256.c
+index 21c90a5..df22979 100644
+--- a/test-alg-pbkdf-hmac-sha256.c
+++ b/test-alg-pbkdf-hmac-sha256.c
+@@ -179,7 +179,9 @@ static int
+ test_hmac_sha256 (void)
+ {
+   uint8_t output[32];
+  HMAC_SHA256_CTX ctx;
+   int status = 0;
+  size_t j;
+   for (size_t i = 0; i < ARRAY_SIZE (hmac_sha256_tests); i++)
+     {
+       const struct hmac_sha256_test *t = &hmac_sha256_tests[i];
+@@ -188,7 +190,18 @@ test_hmac_sha256 (void)
+                        output);
+       if (memcmp (output, t->digest, 32))
+         {
+-          report_failure ("HMAC-SHA256", i, 32, t->digest, output);
+          report_failure ("HMAC-SHA256 (one shot)",
+                          i, 32, t->digest, output);
+          status = 1;
+        }
+      HMAC_SHA256_Init(&ctx, t->key, strlen (t->key));
+      for (j = 0; t->message[j] != '\0'; j++)
+        HMAC_SHA256_Update(&ctx, &t->message[j], 1);
+      HMAC_SHA256_Final(output, &ctx);
+      if (memcmp (output, t->digest, 32))
+        {
+          report_failure ("HMAC-SHA256 (incremental)",
+                          i, 32, t->digest, output);
+           status = 1;
+         }
+     }
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@ -103,6 +103,7 @@ Patch0:         %{url}/commit/a60130b2211c6666bee69051b2b76413af2d679f.patch#/%{
 Patch1:         %{url}/commit/664bfda5a51dbaa75904b29a7cd3c51888db6bd9.patch#/%{name}-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
 Patch2:         %{url}/commit/fdeddd908b6c659b281bbef7e535f9060b5b6186.patch#/%{name}-4.4.0-use_base64_output_gensalt_nt_rn.patch
 Patch3:         %{url}/commit/f6fe5e6faf4a681984e5bb9d830c8006bba8dab7.patch#/%{name}-4.4.0-set_minimum_rbytes_for_NT_to_2.patch
+Patch4:         %{url}/commit/580a15e118ee86676ddc1b4456ae6a3f14d86296.patch#/%{name}-4.4.0-test_hmac-sha256_incremental_computation.patch

 # Patch 3000 - 5999: Backported patches from pull requests.

@ -334,6 +335,7 @@ done
 - Backport upstream commit to use a safer strcpy for the NT method
 - Backport upstream generating base64 encoded output for NT gensalt
 - Backport upstream commit to require less rbytes for NT gensalt
+- Backport upstream commit to test incremental hmac-sha256 computation

 * Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1
 - New upstream release