diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-10-04 12:44:54 +0200 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-10-06 14:09:00 +0900 |
commit | efdc87b305ff326f37acd3a9c2606de24a706cce (patch) | |
tree | debf0bae1827be5b1e7d11637e059b16521ab866 /tests | |
parent | 6e832840a8b7cdd30f77e66685ad0de863d7e84d (diff) | |
download | libgcrypt-efdc87b305ff326f37acd3a9c2606de24a706cce.tar.gz |
tests: Reproducer for short dklen in FIPS mode
* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
verify it fails in FIPS mode
--
GnuPG-bug-id: 6219
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/t-kdf.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c index c0192d7b..716fb53e 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -913,6 +913,14 @@ check_pbkdf2 (void) "password", 8, "salt", 4, GCRY_MD_SHA1, + 1, + 10, /* too short dklen for FIPS */ + "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" + }, + { + "password", 8, + "salt", 4, + GCRY_MD_SHA1, 2, 20, "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e" @@ -1109,7 +1117,7 @@ check_pbkdf2 (void) GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, tv[tvidx].salt, tv[tvidx].saltlen, tv[tvidx].c, tv[tvidx].dklen, outbuf); - if (in_fips_mode && tvidx > 6) + if (in_fips_mode && tvidx > 7) { if (!err) fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n", @@ -1118,7 +1126,7 @@ check_pbkdf2 (void) } if (err) { - if (in_fips_mode && tv[tvidx].plen < 14) + if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14)) { if (verbose) fprintf (stderr, |