shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests/torture_pki_rsa: Avoid using SHA1 in FIPS mode

Browse Source 
Do not use SHA1 in signatures in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-06-05 18:44:00 +02:00
committed by Andreas Schneider
parent b6aef1fdd5
commit bb36cc30ee
1 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/unittests/torture_pki_rsa.c
View File

@@ -543,14 +543,16 @@ static void torture_pki_rsa_sha2(void **state)
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey); assert_non_null(pubkey);
/* Sign using old SHA1 digest */ if (!ssh_fips_mode()) {
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1); /* Sign using old SHA1 digest */
assert_non_null(sign); sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT)); assert_non_null(sign);
assert_ssh_return_code(session, rc); rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT)); assert_ssh_return_code(session, rc);
assert_ssh_return_code(session, rc); rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
ssh_signature_free(sign); assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
}
/* Sign using new SHA256 digest */ /* Sign using new SHA256 digest */
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256); sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
@@ -625,9 +627,11 @@ static void torture_pki_sign_data_rsa(void **state)
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(key); assert_non_null(key);
/* Test using SHA1 */ if (!ssh_fips_mode()) {
rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT)); /* Test using SHA1 */
assert_int_equal(rc, SSH_OK); rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT));
assert_int_equal(rc, SSH_OK);
}
/* Test using SHA256 */ /* Test using SHA256 */
rc = test_sign_verify_data(key, SSH_DIGEST_SHA256, INPUT, sizeof(INPUT)); rc = test_sign_verify_data(key, SSH_DIGEST_SHA256, INPUT, sizeof(INPUT));
@@ -661,7 +665,7 @@ static void torture_pki_fail_sign_with_incompatible_hash(void **state)
assert_non_null(pubkey); assert_non_null(pubkey);
/* Sign the buffer */ /* Sign the buffer */
sig = pki_sign_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT)); sig = pki_sign_data(key, SSH_DIGEST_SHA256, INPUT, sizeof(INPUT));
assert_non_null(sig); assert_non_null(sig);
/* Verify signature */ /* Verify signature */