diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-31 01:10:20 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-31 01:10:20 +0000 |
commit | aa01c3ce09735d685275eda954fe6403efa25ba0 (patch) | |
tree | f313cccba01a1bcd15add82d2cadcf7f26e2bda2 | |
parent | 473cdcc2d2c8dd3e1196fced1e8d02bd09f718e3 (diff) | |
parent | 71188350dbb0ebf2e47759d40b18166b9f61673c (diff) | |
download | boringssl-android14-d2-release.tar.gz |
Snap for 10740565 from 71188350dbb0ebf2e47759d40b18166b9f61673c to udc-d2-releaseandroid-14.0.0_r45android-14.0.0_r44android-14.0.0_r43android-14.0.0_r42android-14.0.0_r41android-14.0.0_r40android-14.0.0_r39android-14.0.0_r38android14-d2-s5-releaseandroid14-d2-s4-releaseandroid14-d2-s3-releaseandroid14-d2-s2-releaseandroid14-d2-s1-releaseandroid14-d2-release
Change-Id: I318ce43061ec56359e029761631c7c7afc81bdcc
-rw-r--r-- | src/crypto/fipsmodule/service_indicator/service_indicator.c | 11 | ||||
-rw-r--r-- | src/crypto/fipsmodule/service_indicator/service_indicator_test.cc | 18 |
2 files changed, 6 insertions, 23 deletions
diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator.c b/src/crypto/fipsmodule/service_indicator/service_indicator.c index b1ea28e8..64325bea 100644 --- a/src/crypto/fipsmodule/service_indicator/service_indicator.c +++ b/src/crypto/fipsmodule/service_indicator/service_indicator.c @@ -303,14 +303,11 @@ void HMAC_verify_service_indicator(const EVP_MD *evp_md) { } void TLSKDF_verify_service_indicator(const EVP_MD *md) { - // HMAC-MD5, HMAC-SHA1, and HMAC-MD5/HMAC-SHA1 (both used concurrently) are - // approved for use in the KDF in TLS 1.0/1.1. - // HMAC-SHA{256, 384, 512} are approved for use in the KDF in TLS 1.2. - // These Key Derivation functions are to be used in the context of the TLS - // protocol. + // HMAC-MD5/HMAC-SHA1 (both used concurrently) is approved for use in the KDF + // in TLS 1.0/1.1. HMAC-SHA{256, 384, 512} are approved for use in the KDF in + // TLS 1.2. These Key Derivation functions are to be used in the context of + // the TLS protocol. switch (EVP_MD_type(md)) { - case NID_md5: - case NID_sha1: case NID_md5_sha1: case NID_sha256: case NID_sha384: diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc index 4389b981..41f263db 100644 --- a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc @@ -422,24 +422,12 @@ static const uint8_t kTLSSeed2[16] = { 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, }; -static const uint8_t kTLSOutput_mdsha1[32] = { +static const uint8_t kTLSOutput_md5_sha1[32] = { 0x36, 0xa9, 0x31, 0xb0, 0x43, 0xe3, 0x64, 0x72, 0xb9, 0x47, 0x54, 0x0d, 0x8a, 0xfc, 0xe3, 0x5c, 0x1c, 0x15, 0x67, 0x7e, 0xa3, 0x5d, 0xf2, 0x3a, 0x57, 0xfd, 0x50, 0x16, 0xe1, 0xa4, 0xa6, 0x37, }; -static const uint8_t kTLSOutput_md[32] = { - 0x79, 0xef, 0x46, 0xc4, 0x35, 0xbc, 0xe5, 0xda, 0xd3, 0x66, 0x91, - 0xdc, 0x86, 0x09, 0x41, 0x66, 0xf2, 0x0c, 0xeb, 0xe6, 0xab, 0x5c, - 0x58, 0xf4, 0x65, 0xce, 0x2f, 0x5f, 0x4b, 0x34, 0x1e, 0xa1, -}; - -static const uint8_t kTLSOutput_sha1[32] = { - 0xbb, 0x0a, 0x73, 0x52, 0xf8, 0x85, 0xd7, 0xbd, 0x12, 0x34, 0x78, - 0x3b, 0x54, 0x4c, 0x75, 0xfe, 0xd7, 0x23, 0x6e, 0x22, 0x3f, 0x42, - 0x34, 0x99, 0x57, 0x6b, 0x14, 0xc4, 0xc8, 0xae, 0x9f, 0x4c, -}; - static const uint8_t kTLSOutput_sha224[32] = { 0xdd, 0xaf, 0x6f, 0xaa, 0xd9, 0x2b, 0x3d, 0xb9, 0x46, 0x4c, 0x55, 0x8a, 0xf7, 0xa6, 0x9b, 0x0b, 0x35, 0xcc, 0x07, 0xa7, 0x55, 0x5b, @@ -1783,9 +1771,7 @@ static const struct KDFTestVector { const uint8_t *expected_output; const FIPSStatus expect_approved; } kKDFTestVectors[] = { - {EVP_md5, kTLSOutput_md, FIPSStatus::APPROVED}, - {EVP_sha1, kTLSOutput_sha1, FIPSStatus::APPROVED}, - {EVP_md5_sha1, kTLSOutput_mdsha1, FIPSStatus::APPROVED}, + {EVP_md5_sha1, kTLSOutput_md5_sha1, FIPSStatus::APPROVED}, {EVP_sha224, kTLSOutput_sha224, FIPSStatus::NOT_APPROVED}, {EVP_sha256, kTLSOutput_sha256, FIPSStatus::APPROVED}, {EVP_sha384, kTLSOutput_sha384, FIPSStatus::APPROVED}, |