session: Do not use MD5 in FIPS mode

Do not use MD5 when generating fingerprints in FIPS mode. The call will fail in such case. The test suite was updated with a negative test for this case. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-08-05 20:55:46 +03:00 · 2019-05-22 15:13:51 +02:00
parent 0fb7d9831a
commit ee456104f1
2 changed files with 32 additions and 8 deletions
--- a/src/session.c
+++ b/src/session.c
@@ -964,6 +964,17 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
    if (session == NULL || hash == NULL) {
        return SSH_ERROR;
    }
+
+    /* In FIPS mode, we cannot use MD5 */
+    if (ssh_fips_mode()) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "In FIPS mode MD5 is not allowed."
+                      "Try ssh_get_publickey_hash() with"
+                      "SSH_PUBLICKEY_HASH_SHA256");
+        return SSH_ERROR;
+    }
+
    *hash = NULL;
    if (session->current_crypto == NULL ||
        session->current_crypto->server_pubkey == NULL) {
@@ -1064,7 +1075,7 @@ int ssh_get_publickey(ssh_session session, ssh_key *key)
 *
 * This function allows you to get a hash of the public key. You can then
 * print this hash in a human-readable form to the user so that he is able to
- * verify it. Use ssh_get_hexa() or ssh_print_hexa() to display it.
+ * verify it. Use ssh_get_hexa() or ssh_print_hash() to display it.
 *
 * @param[in]  key      The public key to create the hash for.
 *
@@ -1084,7 +1095,7 @@ int ssh_get_publickey(ssh_session session, ssh_key *key)
 *
 * @see ssh_session_update_known_hosts()
 * @see ssh_get_hexa()
- * @see ssh_print_hexa()
+ * @see ssh_print_hash()
 * @see ssh_clean_pubkey_hash()
 */
 int ssh_get_publickey_hash(const ssh_key key,
@@ -1152,6 +1163,14 @@ int ssh_get_publickey_hash(const ssh_key key,
        {
            MD5CTX ctx;

+            /* In FIPS mode, we cannot use MD5 */
+            if (ssh_fips_mode()) {
+                SSH_LOG(SSH_LOG_WARN, "In FIPS mode MD5 is not allowed."
+                                      "Try using SSH_PUBLICKEY_HASH_SHA256");
+                rc = SSH_ERROR;
+                goto out;
+            }
+
            h = calloc(1, MD5_DIGEST_LEN);
            if (h == NULL) {
                rc = -1;
--- a/tests/unittests/torture_hashes.c
+++ b/tests/unittests/torture_hashes.c
@@ -59,7 +59,11 @@ static void torture_md5_hash(void **state)

    rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5,
                                (unsigned char **)&hash, &hlen);
-    assert_true(rc == 0);
+    if (ssh_fips_mode()) {
+        /* When in FIPS mode, expect the call to fail */
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
+        assert_int_equal(rc, SSH_OK);

        hexa = ssh_get_hexa((unsigned char *)hash, hlen);
        SSH_STRING_FREE_CHAR(hash);
@@ -68,6 +72,7 @@ static void torture_md5_hash(void **state)

        SSH_STRING_FREE_CHAR(hexa);
    }
+}

 static void torture_sha1_hash(void **state)
 {