tests/torture_client_config: Adjust lists in FIPS mode

Use only allowed algorithms if in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-11-30 13:01:23 +03:00 · 2019-06-05 15:11:50 +02:00
parent bdb2ef4dcc
commit 1a6ac291a7
1 changed files with 42 additions and 5 deletions
--- a/tests/client/torture_client_config.c
+++ b/tests/client/torture_client_config.c
@@ -92,6 +92,13 @@ static void torture_client_config_system(void **state)
    struct torture_state *s = *state;
    int ret = 0;

+    char *fips_ciphers = NULL;
+
+    if (ssh_fips_mode()) {
+        fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
+        assert_non_null(fips_ciphers);
+    }
+
    /* The first tests assumes there is system-wide configuration file
     * setting Ciphers to some non-default value. We do not have any control
     * of that in this test case.
@@ -99,11 +106,24 @@ static void torture_client_config_system(void **state)
    ret = ssh_options_parse_config(s->ssh.session, NULL);
    assert_ssh_return_code(s->ssh.session, ret);

-    assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], CIPHERS);
-    assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], CIPHERS);
+    assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S]);
+    assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C]);
+    if (ssh_fips_mode()) {
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+                            fips_ciphers);
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+                            fips_ciphers);
+    } else {
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+                            CIPHERS);
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+                            CIPHERS);
+    }

    /* Make sure the configuration was processed and user modified */
    assert_string_equal(s->ssh.session->opts.username, TORTURE_CONFIG_USER);
+
+    SAFE_FREE(fips_ciphers);
 }

 /* This tests makes sure that parsing both system-wide and per-user
@@ -119,6 +139,13 @@ static void torture_client_config_emulate(void **state)
    char *filename = NULL;
    int ret = 0;

+    char *fips_ciphers = NULL;
+
+    if (ssh_fips_mode()) {
+        fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
+        assert_non_null(fips_ciphers);
+    }
+
    /* The first tests assumes there is system-wide configuration file
     * setting Ciphers to some non-default value. We do not have any control
     * of that in this test case
@@ -132,12 +159,22 @@ static void torture_client_config_emulate(void **state)
    assert_ssh_return_code(s->ssh.session, ret);

    assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S]);
-    assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S], CIPHERS);
    assert_non_null(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C]);
-    assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C], CIPHERS);
-
+    if (ssh_fips_mode()) {
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+                            fips_ciphers);
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+                            fips_ciphers);
+    } else {
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_C_S],
+                            CIPHERS);
+        assert_string_equal(s->ssh.session->opts.wanted_methods[SSH_CRYPT_S_C],
+                            CIPHERS);
+    }
    /* Make sure the configuration was processed and user modified */
    assert_string_equal(s->ssh.session->opts.username, TORTURE_CONFIG_USER);
+
+    SAFE_FREE(fips_ciphers);
 }

 /* This verifies that configuration files are parsed by default.