CVE-2023-6918: tests: Code coverage for ssh_get_pubkey_hash()

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 12:20:42 +09:00 · 2023-12-15 15:39:12 +01:00
parent 59c00c66c4
commit b3de3a3335
1 changed files with 35 additions and 0 deletions
--- a/tests/client/torture_session.c
+++ b/tests/client/torture_session.c
@@ -478,6 +478,38 @@ torture_channel_read_stderr(void **state)
    ssh_channel_free(channel);
 }

+static void torture_pubkey_hash(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char *hash = NULL;
+    char *hexa = NULL;
+    int rc = 0;
+
+    /* bad arguments */
+    rc = ssh_get_pubkey_hash(session, NULL);
+    assert_int_equal(rc, SSH_ERROR);
+
+    rc = ssh_get_pubkey_hash(NULL, (unsigned char **)&hash);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* deprecated, but should be covered by tests! */
+    rc = ssh_get_pubkey_hash(session, (unsigned char **)&hash);
+    if (ssh_fips_mode()) {
+        /* When in FIPS mode, expect the call to fail */
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
+        assert_int_equal(rc, MD5_DIGEST_LEN);
+
+        hexa = ssh_get_hexa((unsigned char *)hash, rc);
+        SSH_STRING_FREE_CHAR(hash);
+        assert_string_equal(hexa,
+                            "ee:80:7f:61:f9:d5:be:f1:96:86:cc:96:7a:db:7a:7b");
+
+        SSH_STRING_FREE_CHAR(hexa);
+    }
+}
+
 int torture_run_tests(void) {
    int rc;
    struct CMUnitTest tests[] = {
@@ -514,6 +546,9 @@ int torture_run_tests(void) {
        cmocka_unit_test_setup_teardown(torture_channel_read_stderr,
                                        session_setup,
                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_pubkey_hash,
+                                        session_setup,
+                                        session_teardown),
    };

    ssh_init();