diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-22 15:13:51 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-12 10:27:40 +0200 |
commit | ee456104f16b29d5fe0245e6e2ba026450db0fe8 (patch) | |
tree | 734ab05304d6a48d434f4f9a4a495ca8eda7ba85 /tests | |
parent | 0fb7d9831a9d2b22c9d19cc239c9fa007243ba69 (diff) | |
download | libssh-ee456104f16b29d5fe0245e6e2ba026450db0fe8.tar.gz libssh-ee456104f16b29d5fe0245e6e2ba026450db0fe8.tar.xz libssh-ee456104f16b29d5fe0245e6e2ba026450db0fe8.zip |
session: Do not use MD5 in FIPS mode
Do not use MD5 when generating fingerprints in FIPS mode. The call will
fail in such case. The test suite was updated with a negative test for
this case.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unittests/torture_hashes.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/tests/unittests/torture_hashes.c b/tests/unittests/torture_hashes.c index 8bd97442..5c700ee0 100644 --- a/tests/unittests/torture_hashes.c +++ b/tests/unittests/torture_hashes.c @@ -59,14 +59,19 @@ static void torture_md5_hash(void **state) rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, (unsigned char **)&hash, &hlen); - assert_true(rc == 0); - - hexa = ssh_get_hexa((unsigned char *)hash, hlen); - SSH_STRING_FREE_CHAR(hash); - assert_string_equal(hexa, - "50:15:a0:9b:92:bf:33:1c:01:c5:8c:fe:18:fa:ce:78"); - - SSH_STRING_FREE_CHAR(hexa); + if (ssh_fips_mode()) { + /* When in FIPS mode, expect the call to fail */ + assert_int_equal(rc, SSH_ERROR); + } else { + assert_int_equal(rc, SSH_OK); + + hexa = ssh_get_hexa((unsigned char *)hash, hlen); + SSH_STRING_FREE_CHAR(hash); + assert_string_equal(hexa, + "50:15:a0:9b:92:bf:33:1c:01:c5:8c:fe:18:fa:ce:78"); + + SSH_STRING_FREE_CHAR(hexa); + } } static void torture_sha1_hash(void **state) |