summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2023-08-31 01:10:20 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2023-08-31 01:10:20 +0000
commitaa01c3ce09735d685275eda954fe6403efa25ba0 (patch)
treef313cccba01a1bcd15add82d2cadcf7f26e2bda2
parent473cdcc2d2c8dd3e1196fced1e8d02bd09f718e3 (diff)
parent71188350dbb0ebf2e47759d40b18166b9f61673c (diff)
downloadboringssl-android14-d2-release.tar.gz
Snap for 10740565 from 71188350dbb0ebf2e47759d40b18166b9f61673c to udc-d2-releaseandroid-14.0.0_r45android-14.0.0_r44android-14.0.0_r43android-14.0.0_r42android-14.0.0_r41android-14.0.0_r40android-14.0.0_r39android-14.0.0_r38android14-d2-s5-releaseandroid14-d2-s4-releaseandroid14-d2-s3-releaseandroid14-d2-s2-releaseandroid14-d2-s1-releaseandroid14-d2-release
Change-Id: I318ce43061ec56359e029761631c7c7afc81bdcc
Diffstat
-rw-r--r--src/crypto/fipsmodule/service_indicator/service_indicator.c11
-rw-r--r--src/crypto/fipsmodule/service_indicator/service_indicator_test.cc18
2 files changed, 6 insertions, 23 deletions
diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator.c b/src/crypto/fipsmodule/service_indicator/service_indicator.c
index b1ea28e8..64325bea 100644
--- a/src/crypto/fipsmodule/service_indicator/service_indicator.c
+++ b/src/crypto/fipsmodule/service_indicator/service_indicator.c
@@ -303,14 +303,11 @@ void HMAC_verify_service_indicator(const EVP_MD *evp_md) {
}
void TLSKDF_verify_service_indicator(const EVP_MD *md) {
- // HMAC-MD5, HMAC-SHA1, and HMAC-MD5/HMAC-SHA1 (both used concurrently) are
- // approved for use in the KDF in TLS 1.0/1.1.
- // HMAC-SHA{256, 384, 512} are approved for use in the KDF in TLS 1.2.
- // These Key Derivation functions are to be used in the context of the TLS
- // protocol.
+ // HMAC-MD5/HMAC-SHA1 (both used concurrently) is approved for use in the KDF
+ // in TLS 1.0/1.1. HMAC-SHA{256, 384, 512} are approved for use in the KDF in
+ // TLS 1.2. These Key Derivation functions are to be used in the context of
+ // the TLS protocol.
switch (EVP_MD_type(md)) {
- case NID_md5:
- case NID_sha1:
case NID_md5_sha1:
case NID_sha256:
case NID_sha384:
diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc
index 4389b981..41f263db 100644
--- a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc
+++ b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -422,24 +422,12 @@ static const uint8_t kTLSSeed2[16] = {
0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
};
-static const uint8_t kTLSOutput_mdsha1[32] = {
+static const uint8_t kTLSOutput_md5_sha1[32] = {
0x36, 0xa9, 0x31, 0xb0, 0x43, 0xe3, 0x64, 0x72, 0xb9, 0x47, 0x54,
0x0d, 0x8a, 0xfc, 0xe3, 0x5c, 0x1c, 0x15, 0x67, 0x7e, 0xa3, 0x5d,
0xf2, 0x3a, 0x57, 0xfd, 0x50, 0x16, 0xe1, 0xa4, 0xa6, 0x37,
};
-static const uint8_t kTLSOutput_md[32] = {
- 0x79, 0xef, 0x46, 0xc4, 0x35, 0xbc, 0xe5, 0xda, 0xd3, 0x66, 0x91,
- 0xdc, 0x86, 0x09, 0x41, 0x66, 0xf2, 0x0c, 0xeb, 0xe6, 0xab, 0x5c,
- 0x58, 0xf4, 0x65, 0xce, 0x2f, 0x5f, 0x4b, 0x34, 0x1e, 0xa1,
-};
-
-static const uint8_t kTLSOutput_sha1[32] = {
- 0xbb, 0x0a, 0x73, 0x52, 0xf8, 0x85, 0xd7, 0xbd, 0x12, 0x34, 0x78,
- 0x3b, 0x54, 0x4c, 0x75, 0xfe, 0xd7, 0x23, 0x6e, 0x22, 0x3f, 0x42,
- 0x34, 0x99, 0x57, 0x6b, 0x14, 0xc4, 0xc8, 0xae, 0x9f, 0x4c,
-};
-
static const uint8_t kTLSOutput_sha224[32] = {
0xdd, 0xaf, 0x6f, 0xaa, 0xd9, 0x2b, 0x3d, 0xb9, 0x46, 0x4c, 0x55,
0x8a, 0xf7, 0xa6, 0x9b, 0x0b, 0x35, 0xcc, 0x07, 0xa7, 0x55, 0x5b,
@@ -1783,9 +1771,7 @@ static const struct KDFTestVector {
const uint8_t *expected_output;
const FIPSStatus expect_approved;
} kKDFTestVectors[] = {
- {EVP_md5, kTLSOutput_md, FIPSStatus::APPROVED},
- {EVP_sha1, kTLSOutput_sha1, FIPSStatus::APPROVED},
- {EVP_md5_sha1, kTLSOutput_mdsha1, FIPSStatus::APPROVED},
+ {EVP_md5_sha1, kTLSOutput_md5_sha1, FIPSStatus::APPROVED},
{EVP_sha224, kTLSOutput_sha224, FIPSStatus::NOT_APPROVED},
{EVP_sha256, kTLSOutput_sha256, FIPSStatus::APPROVED},
{EVP_sha384, kTLSOutput_sha384, FIPSStatus::APPROVED},
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 09:36:02 +0000