From ee456104f16b29d5fe0245e6e2ba026450db0fe8 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Wed, 22 May 2019 15:13:51 +0200
Subject: [PATCH] session: Do not use MD5 in FIPS mode

Do not use MD5 when generating fingerprints in FIPS mode.  The call will
fail in such case.  The test suite was updated with a negative test for
this case.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/session.c                    | 23 +++++++++++++++++++++--
 tests/unittests/torture_hashes.c | 17 +++++++++++------
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/src/session.c b/src/session.c
index d4600861..d692b32e 100644
--- a/src/session.c
+++ b/src/session.c
@@ -964,6 +964,17 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
     if (session == NULL || hash == NULL) {
         return SSH_ERROR;
     }
+
+    /* In FIPS mode, we cannot use MD5 */
+    if (ssh_fips_mode()) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "In FIPS mode MD5 is not allowed."
+                      "Try ssh_get_publickey_hash() with"
+                      "SSH_PUBLICKEY_HASH_SHA256");
+        return SSH_ERROR;
+    }
+
     *hash = NULL;
     if (session->current_crypto == NULL ||
         session->current_crypto->server_pubkey == NULL) {
@@ -1064,7 +1075,7 @@ int ssh_get_publickey(ssh_session session, ssh_key *key)
  *
  * This function allows you to get a hash of the public key. You can then
  * print this hash in a human-readable form to the user so that he is able to
- * verify it. Use ssh_get_hexa() or ssh_print_hexa() to display it.
+ * verify it. Use ssh_get_hexa() or ssh_print_hash() to display it.
  *
  * @param[in]  key      The public key to create the hash for.
  *
@@ -1084,7 +1095,7 @@ int ssh_get_publickey(ssh_session session, ssh_key *key)
  *
  * @see ssh_session_update_known_hosts()
  * @see ssh_get_hexa()
- * @see ssh_print_hexa()
+ * @see ssh_print_hash()
  * @see ssh_clean_pubkey_hash()
  */
 int ssh_get_publickey_hash(const ssh_key key,
@@ -1152,6 +1163,14 @@ int ssh_get_publickey_hash(const ssh_key key,
         {
             MD5CTX ctx;
 
+            /* In FIPS mode, we cannot use MD5 */
+            if (ssh_fips_mode()) {
+                SSH_LOG(SSH_LOG_WARN, "In FIPS mode MD5 is not allowed."
+                                      "Try using SSH_PUBLICKEY_HASH_SHA256");
+                rc = SSH_ERROR;
+                goto out;
+            }
+
             h = calloc(1, MD5_DIGEST_LEN);
             if (h == NULL) {
                 rc = -1;
diff --git a/tests/unittests/torture_hashes.c b/tests/unittests/torture_hashes.c
index 8bd97442..5c700ee0 100644
--- a/tests/unittests/torture_hashes.c
+++ b/tests/unittests/torture_hashes.c
@@ -59,14 +59,19 @@ static void torture_md5_hash(void **state)
 
     rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5,
                                 (unsigned char **)&hash, &hlen);
-    assert_true(rc == 0);
+    if (ssh_fips_mode()) {
+        /* When in FIPS mode, expect the call to fail */
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
+        assert_int_equal(rc, SSH_OK);
 
-    hexa = ssh_get_hexa((unsigned char *)hash, hlen);
-    SSH_STRING_FREE_CHAR(hash);
-    assert_string_equal(hexa,
-                        "50:15:a0:9b:92:bf:33:1c:01:c5:8c:fe:18:fa:ce:78");
+        hexa = ssh_get_hexa((unsigned char *)hash, hlen);
+        SSH_STRING_FREE_CHAR(hash);
+        assert_string_equal(hexa,
+                            "50:15:a0:9b:92:bf:33:1c:01:c5:8c:fe:18:fa:ce:78");
 
-    SSH_STRING_FREE_CHAR(hexa);
+        SSH_STRING_FREE_CHAR(hexa);
+    }
 }
 
 static void torture_sha1_hash(void **state)