lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-31 00:03:07 +03:00
Code Activity

torture_packet.c: Add fips check for deprecated cipher

Browse Source 
FIPS 140-3 puts big limitations on using TDEA and it is
already disabled in rhel9.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 76d375064b)
This commit is contained in:
Norbert Pocs
2022-09-30 13:18:07 +02:00
committed by Andreas Schneider
parent fc66be08a1
commit 0d52be0f5b
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tests/unittests/torture_packet.c
View File

@ -272,10 +272,15 @@ static void torture_packet_aes256_cbc_etm(UNUSED_PARAM(void **state))
}
}
static void torture_packet_3des_cbc(void **state)
static void torture_packet_3des_cbc(UNUSED_PARAM(void **state))
{
int i;
(void)state; /* unused */
/* 3des is not completely FIPS-allowed cipher since 140-3 */
if (ssh_fips_mode()) {
skip();
}
for (i=1;i<256;++i){
torture_packet("3des-cbc", "hmac-sha1", "none", i);
}
@ -284,6 +289,12 @@ static void torture_packet_3des_cbc(void **state)
static void torture_packet_3des_cbc_etm(UNUSED_PARAM(void **state))
{
int i;
/* 3des is not completely FIPS-allowed cipher since 140-3 */
if (ssh_fips_mode()) {
skip();
}
for (i = 1; i < 256; ++i) {
torture_packet("3des-cbc", "hmac-sha1-etm@openssh.com", "none", i);
}