Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
libica.16467
libica-sles15sp2-FIPS-provide-output-iv-as-requ...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch of Package libica.16467
From b687f1514b3d371cdc44b5b3b02d5ddd9ac4eb54 Mon Sep 17 00:00:00 2001 From: Joerg Schmidbauer <jschmidb@de.ibm.com> Date: Wed, 25 Mar 2020 10:07:10 +0100 Subject: [PATCH] FIPS: provide output iv as required by FIPS tests This fix is introduced to satisfy FIPS tests. They require the output iv to be the iv resulting from decrypting the last block with a zero iv as input. But note that this is not described in the NIST standard for CBC-CS. According to the standard, the output iv is simply undefined. Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com> --- src/include/s390_cbccs.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/include/s390_cbccs.h b/src/include/s390_cbccs.h index aa29bff..f6626dc 100644 --- a/src/include/s390_cbccs.h +++ b/src/include/s390_cbccs.h @@ -287,6 +287,17 @@ s390_aes_cbccs_dec(unsigned int fc, const unsigned char *in_data, block_xor(out_data + tmp_data_length + AES_BLOCK_SIZE, tmp_in_data, tmp_out_data, rest_data_length); + /* + * This fix was introduced to satisfy FIPS tests. They require the + * output iv to be the iv resulting from decrypting the last block + * with a zero iv as input, which is tmp_iv here. But note that this + * is not described in the NIST standard for CBC-CS. According to the + * standard, the output iv is simply undefined. + */ +#ifdef ICA_FIPS + memcpy(iv, tmp_iv, AES_BLOCK_SIZE); +#endif /* ICA_FIPS */ + return 0; } -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor