File gnutls-FIPS-TLS_KDF_selftest.patch of Package gnutls.18748
Index: gnutls-3.6.7/lib/fips.c
===================================================================
--- gnutls-3.6.7.orig/lib/fips.c 2020-09-15 09:15:32.886124297 +0200
+++ gnutls-3.6.7/lib/fips.c 2020-09-17 13:58:47.296445329 +0200
@@ -374,6 +374,28 @@ int _gnutls_fips_perform_self_checks2(vo
goto error;
}
+ /* KDF */
+
+ char derived[512];
+
+ gnutls_datum_t secret = { (void *)"\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8\x6f\x4a", 16 };
+ gnutls_datum_t seed = { (void *)"\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60\x1d\x8b", 16 };
+ gnutls_datum_t label = { (void *)"test label", 10 };
+ gnutls_datum_t expected = { (void *)"\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97\x9e\x1d", 16 };
+
+ ret = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data,
+ label.size, (char*)label.data, seed.size, seed.data, expected.size, derived);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = memcmp(derived, expected.data, expected.size);
+ if (ret != 0) {
+ gnutls_assert();
+ goto error;
+ }
+
/* PK */
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
if (ret < 0) {