diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-06-05 15:11:50 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-13 16:28:25 +0200 |
commit | 1a6ac291a7858e5e6df54911f48f2216d5383b69 (patch) | |
tree | e6970426cf53fa915695e064fae7565ede568cab /tests/client | |
parent | bdb2ef4dcc6f958436e527da1c30fedfb8ac0bda (diff) | |
download | libssh-1a6ac291a7858e5e6df54911f48f2216d5383b69.tar.gz libssh-1a6ac291a7858e5e6df54911f48f2216d5383b69.tar.xz libssh-1a6ac291a7858e5e6df54911f48f2216d5383b69.zip |
tests/torture_client_config: Adjust lists in FIPS mode
Use only allowed algorithms if in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/client')
-rw-r--r-- | tests/client/torture_client_config.c | 47 |
1 files changed, 42 insertions, 5 deletions
diff --git a/tests/client/torture_client_config.c b/tests/client/torture_client_config.c index 66645983..c413619a 100644 --- a/tests/client/torture_client_config.c +++ b/tests/client/torture_client_config.c @@ -92,6 +92,13 @@ static void torture_client_config_system(void **state) struct torture_state *s = *state; int ret = 0; + char *fips_ciphers = NULL; + + if (ssh_fips_mode()) { + fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS); + assert_non_null(fips_ciphers); + } + /* The first tests assumes there is system-wide configuration file * setting Ciphers to some non-default value. We do not have any control * of that in this test case. @@ -99,11 +106,24 @@ static void torture_client_config_system(void **state) ret = ssh_options_parse_config(s->ssh.session, NULL); assert_ssh_return_code(s->ssh.session, ret); - assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], CIPHERS); - assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], CIPHERS); + assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S]); + assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C]); + if (ssh_fips_mode()) { + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], + fips_ciphers); + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], + fips_ciphers); + } else { + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], + CIPHERS); + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], + CIPHERS); + } /* Make sure the configuration was processed and user modified */ assert_string_equal(s->ssh.session->opts.username, TORTURE_CONFIG_USER); + + SAFE_FREE(fips_ciphers); } /* This tests makes sure that parsing both system-wide and per-user @@ -119,6 +139,13 @@ static void torture_client_config_emulate(void **state) char *filename = NULL; int ret = 0; + char *fips_ciphers = NULL; + + if (ssh_fips_mode()) { + fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS); + assert_non_null(fips_ciphers); + } + /* The first tests assumes there is system-wide configuration file * setting Ciphers to some non-default value. We do not have any control * of that in this test case @@ -132,12 +159,22 @@ static void torture_client_config_emulate(void **state) assert_ssh_return_code(s->ssh.session, ret); assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S]); - assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], CIPHERS); assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C]); - assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], CIPHERS); - + if (ssh_fips_mode()) { + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], + fips_ciphers); + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], + fips_ciphers); + } else { + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], + CIPHERS); + assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], + CIPHERS); + } /* Make sure the configuration was processed and user modified */ assert_string_equal(s->ssh.session->opts.username, TORTURE_CONFIG_USER); + + SAFE_FREE(fips_ciphers); } /* This verifies that configuration files are parsed by default. |