Skip to content

Fix FIPS integrity self tests

Anderson Sasaki requested to merge ansasaki/gnutls:fix_fips_lib_name into master

Add a description of the new feature/bug fix. Reference any relevant bugs.

This is a fix for a bug originally reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1665061

There were 2 issues:

  • The libraries names in libs/fips.c have not been updated when the sonames were bumped:
  libgnutls.so.28 -> libgnutls.so.30
  libnettle.so.4  -> libnettle.so.6
  libhogweed.so.2 -> libhogweed.so.4
  • The decoding of the HMAC fails when there is a '\n' at the end of the file. The newline makes the file to hold 65 bytes instead of the expected 64 bytes. At the end of the processing (lib/extras/hex.c:39) it checks if all input bytes were processed, but the last remaining byte makes the check to fail. This is not exactly a bug, but allowing newlines at the end of the file makes the format of the accepted files more flexible, and the integrity check more robust.

Checklist

  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated / NEWS entry present (for non-trivial changes)

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code
Edited by Anderson Sasaki

Merge request reports