From 097643ad5837638148b8c81661ce6cbb77f24825 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Mon, 26 Nov 2018 11:34:49 +0100
Subject: [PATCH] Backport upstream commit to test incremental hmac-sha256
 computation

---
 ..._hmac-sha256_incremental_computation.patch | 44 +++++++++++++++++++
 libxcrypt.spec                                |  2 +
 2 files changed, 46 insertions(+)
 create mode 100644 libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch

diff --git a/libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch b/libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch
new file mode 100644
index 0000000..ac6e89f
--- /dev/null
+++ b/libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch
@@ -0,0 +1,44 @@
+From 580a15e118ee86676ddc1b4456ae6a3f14d86296 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 22 Nov 2018 22:20:57 +0100
+Subject: [PATCH] Test hmac-sha256 incremental computation, too.
+
+The main purpose of this additional test is for coverage.
+---
+ test-alg-pbkdf-hmac-sha256.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/test-alg-pbkdf-hmac-sha256.c b/test-alg-pbkdf-hmac-sha256.c
+index 21c90a5..df22979 100644
+--- a/test-alg-pbkdf-hmac-sha256.c
++++ b/test-alg-pbkdf-hmac-sha256.c
+@@ -179,7 +179,9 @@ static int
+ test_hmac_sha256 (void)
+ {
+   uint8_t output[32];
++  HMAC_SHA256_CTX ctx;
+   int status = 0;
++  size_t j;
+   for (size_t i = 0; i < ARRAY_SIZE (hmac_sha256_tests); i++)
+     {
+       const struct hmac_sha256_test *t = &hmac_sha256_tests[i];
+@@ -188,7 +190,18 @@ test_hmac_sha256 (void)
+                        output);
+       if (memcmp (output, t->digest, 32))
+         {
+-          report_failure ("HMAC-SHA256", i, 32, t->digest, output);
++          report_failure ("HMAC-SHA256 (one shot)",
++                          i, 32, t->digest, output);
++          status = 1;
++        }
++      HMAC_SHA256_Init(&ctx, t->key, strlen (t->key));
++      for (j = 0; t->message[j] != '\0'; j++)
++        HMAC_SHA256_Update(&ctx, &t->message[j], 1);
++      HMAC_SHA256_Final(output, &ctx);
++      if (memcmp (output, t->digest, 32))
++        {
++          report_failure ("HMAC-SHA256 (incremental)",
++                          i, 32, t->digest, output);
+           status = 1;
+         }
+     }
diff --git a/libxcrypt.spec b/libxcrypt.spec
index 03febfa..7c4c7b6 100644
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@@ -103,6 +103,7 @@ Patch0:         %{url}/commit/a60130b2211c6666bee69051b2b76413af2d679f.patch#/%{
 Patch1:         %{url}/commit/664bfda5a51dbaa75904b29a7cd3c51888db6bd9.patch#/%{name}-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
 Patch2:         %{url}/commit/fdeddd908b6c659b281bbef7e535f9060b5b6186.patch#/%{name}-4.4.0-use_base64_output_gensalt_nt_rn.patch
 Patch3:         %{url}/commit/f6fe5e6faf4a681984e5bb9d830c8006bba8dab7.patch#/%{name}-4.4.0-set_minimum_rbytes_for_NT_to_2.patch
+Patch4:         %{url}/commit/580a15e118ee86676ddc1b4456ae6a3f14d86296.patch#/%{name}-4.4.0-test_hmac-sha256_incremental_computation.patch
 
 # Patch 3000 - 5999: Backported patches from pull requests.
 
@@ -334,6 +335,7 @@ done
 - Backport upstream commit to use a safer strcpy for the NT method
 - Backport upstream generating base64 encoded output for NT gensalt
 - Backport upstream commit to require less rbytes for NT gensalt
+- Backport upstream commit to test incremental hmac-sha256 computation
 
 * Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1
 - New upstream release