From d3e5298acc122505a6c2f00efdf1d69d37b194fb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20P=C3=ADsa=C5=99?= Date: Mon, 7 Apr 2014 12:31:28 +0200 Subject: [PATCH] t/op/crypt.t: Perform SHA-256 algorithm if default one is disabled MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The crypt(3) call may return NULL. This is the case on FIPS-enabled platforms. Then "salt makes a difference" test would fail. This fixes RT#121591. Signed-off-by: Petr Písař --- t/op/crypt.t | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/t/op/crypt.t b/t/op/crypt.t index 424a24f..f6caf85 100644 --- a/t/op/crypt.t +++ b/t/op/crypt.t @@ -27,20 +27,31 @@ BEGIN { # eight characters mattered, but those are probably no more safe # bets, given alternative encryption/hashing schemes like MD5, # C2 (or higher) security schemes, and non-UNIX platforms. +# +# On platforms implementing FIPS mode, using a weak algorithm (including +# the default triple-DES algorithm) causes crypt(3) to return a null +# pointer, which Perl converts into undef. We assume for now that all +# such platforms support glibc-style selection of a different hashing +# algorithm. +my $alg = ''; # Use default algorithm +if ( !defined(crypt("ab", "cd")) ) { + $alg = '$5$'; # Use SHA-256 +} SKIP: { - skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos'); - ok(substr(crypt("ab", "cd"), 2) ne substr(crypt("ab", "ce"), 2), "salt makes a difference"); + skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos'); + ok(substr(crypt("ab", $alg."cd"), 2) ne substr(crypt("ab", $alg."ce"), 2), + "salt makes a difference"); } $a = "a\xFF\x{100}"; -eval {$b = crypt($a, "cd")}; +eval {$b = crypt($a, $alg."cd")}; like($@, qr/Wide character in crypt/, "wide characters ungood"); chop $a; # throw away the wide character -eval {$b = crypt($a, "cd")}; +eval {$b = crypt($a, $alg."cd")}; is($@, '', "downgrade to eight bit characters"); -is($b, crypt("a\xFF", "cd"), "downgrade results agree"); +is($b, crypt("a\xFF", $alg."cd"), "downgrade results agree"); -- 1.8.3.1