aboutsummaryrefslogtreecommitdiff
path: root/tests/client
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-06-05 15:11:50 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-06-13 16:28:25 +0200
commit1a6ac291a7858e5e6df54911f48f2216d5383b69 (patch)
treee6970426cf53fa915695e064fae7565ede568cab /tests/client
parentbdb2ef4dcc6f958436e527da1c30fedfb8ac0bda (diff)
downloadlibssh-1a6ac291a7858e5e6df54911f48f2216d5383b69.tar.gz
libssh-1a6ac291a7858e5e6df54911f48f2216d5383b69.tar.xz
libssh-1a6ac291a7858e5e6df54911f48f2216d5383b69.zip
tests/torture_client_config: Adjust lists in FIPS mode
Use only allowed algorithms if in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/client')
-rw-r--r--tests/client/torture_client_config.c47
1 files changed, 42 insertions, 5 deletions
diff --git a/tests/client/torture_client_config.c b/tests/client/torture_client_config.c
index 66645983..c413619a 100644
--- a/tests/client/torture_client_config.c
+++ b/tests/client/torture_client_config.c
@@ -92,6 +92,13 @@ static void torture_client_config_system(void **state)
struct torture_state *s = *state;
int ret = 0;
+ char *fips_ciphers = NULL;
+
+ if (ssh_fips_mode()) {
+ fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
+ assert_non_null(fips_ciphers);
+ }
+
/* The first tests assumes there is system-wide configuration file
* setting Ciphers to some non-default value. We do not have any control
* of that in this test case.
@@ -99,11 +106,24 @@ static void torture_client_config_system(void **state)
ret = ssh_options_parse_config(s->ssh.session, NULL);
assert_ssh_return_code(s->ssh.session, ret);
- assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], CIPHERS);
- assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], CIPHERS);
+ assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S]);
+ assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C]);
+ if (ssh_fips_mode()) {
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+ fips_ciphers);
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+ fips_ciphers);
+ } else {
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+ CIPHERS);
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+ CIPHERS);
+ }
/* Make sure the configuration was processed and user modified */
assert_string_equal(s->ssh.session->opts.username, TORTURE_CONFIG_USER);
+
+ SAFE_FREE(fips_ciphers);
}
/* This tests makes sure that parsing both system-wide and per-user
@@ -119,6 +139,13 @@ static void torture_client_config_emulate(void **state)
char *filename = NULL;
int ret = 0;
+ char *fips_ciphers = NULL;
+
+ if (ssh_fips_mode()) {
+ fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
+ assert_non_null(fips_ciphers);
+ }
+
/* The first tests assumes there is system-wide configuration file
* setting Ciphers to some non-default value. We do not have any control
* of that in this test case
@@ -132,12 +159,22 @@ static void torture_client_config_emulate(void **state)
assert_ssh_return_code(s->ssh.session, ret);
assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S]);
- assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C]);
- assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], CIPHERS);
-
+ if (ssh_fips_mode()) {
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+ fips_ciphers);
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+ fips_ciphers);
+ } else {
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+ CIPHERS);
+ assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+ CIPHERS);
+ }
/* Make sure the configuration was processed and user modified */
assert_string_equal(s->ssh.session->opts.username, TORTURE_CONFIG_USER);
+
+ SAFE_FREE(fips_ciphers);
}
/* This verifies that configuration files are parsed by default.