lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-31 00:03:07 +03:00
Code Activity

tests/pkd: Use only allowed algorithms if in FIPS mode

Browse Source 
Use only allowed algorithms in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-06-06 18:15:51 +02:00
committed by Andreas Schneider
parent bb36cc30ee
commit bd32fb020b
3 changed files with 236 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
tests/pkd/pkd_keyutil.c
View File

@ -4,6 +4,8 @@
* (c) 2014 Jon Simons
*/
#include "config.h"
#include <setjmp.h> // for cmocka
#include <stdarg.h> // for cmocka
#include <unistd.h> // for cmocka
@ -14,6 +16,8 @@
#include <string.h>
#include <unistd.h>
#include "torture.h" // for ssh_fips_mode()
#include "pkd_client.h"
#include "pkd_keyutil.h"
#include "pkd_util.h"
@ -96,20 +100,6 @@ void setup_openssh_client_keys() {
}
assert_int_equal(rc, 0);
#ifdef HAVE_DSA
if (access(OPENSSH_DSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
OPENSSH_DSA_TESTKEY);
}
assert_int_equal(rc, 0);
if (access(OPENSSH_DSA_TESTKEY "-cert.pub", F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY
" " OPENSSH_DSA_TESTKEY ".pub 2>/dev/null");
}
assert_int_equal(rc, 0);
#endif
if (access(OPENSSH_RSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f "
OPENSSH_RSA_TESTKEY);
@ -158,29 +148,47 @@ void setup_openssh_client_keys() {
}
assert_int_equal(rc, 0);
if (access(OPENSSH_ED25519_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
OPENSSH_ED25519_TESTKEY);
}
assert_int_equal(rc, 0);
if (!ssh_fips_mode()) {
#ifdef HAVE_DSA
if (access(OPENSSH_DSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
OPENSSH_DSA_TESTKEY);
}
assert_int_equal(rc, 0);
if (access(OPENSSH_ED25519_TESTKEY "-cert.pub", F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
OPENSSH_ED25519_TESTKEY ".pub 2>/dev/null");
if (access(OPENSSH_DSA_TESTKEY "-cert.pub", F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY
" " OPENSSH_DSA_TESTKEY ".pub 2>/dev/null");
}
assert_int_equal(rc, 0);
#endif
if (access(OPENSSH_ED25519_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
OPENSSH_ED25519_TESTKEY);
}
assert_int_equal(rc, 0);
if (access(OPENSSH_ED25519_TESTKEY "-cert.pub", F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
OPENSSH_ED25519_TESTKEY ".pub 2>/dev/null");
}
assert_int_equal(rc, 0);
}
assert_int_equal(rc, 0);
}
void cleanup_openssh_client_keys() {
cleanup_key(OPENSSH_CA_TESTKEY);
#ifdef HAVE_DSA
cleanup_key(OPENSSH_DSA_TESTKEY);
#endif
cleanup_key(OPENSSH_RSA_TESTKEY);
cleanup_key(OPENSSH_ECDSA256_TESTKEY);
cleanup_key(OPENSSH_ECDSA384_TESTKEY);
cleanup_key(OPENSSH_ECDSA521_TESTKEY);
cleanup_key(OPENSSH_ED25519_TESTKEY);
if (!ssh_fips_mode()) {
cleanup_key(OPENSSH_ED25519_TESTKEY);
#ifdef HAVE_DSA
cleanup_key(OPENSSH_DSA_TESTKEY);
#endif
}
}
void setup_dropbear_client_rsa_key() {