t/op/crypt.t: Perform SHA-256 algorithm if default one is disabled

The crypt(3) call may return NULL. This is the case on FIPS-enabled
platforms. Then "salt makes a difference" test would fail.

This fixes RT#121591.

Signed-off-by: Petr Písař <ppisar@redhat.com>

1 files changed, 16 insertions, 5 deletions

diff --git a/t/op/crypt.t b/t/op/crypt.t
index 424a24ff6e..f6caf85288 100644
--- a/t/op/crypt.t
+++ b/t/op/crypt.t
@@ -27,20 +27,31 @@ BEGIN {
 # eight characters mattered, but those are probably no more safe
 # bets, given alternative encryption/hashing schemes like MD5,
 # C2 (or higher) security schemes, and non-UNIX platforms.
+#
+# On platforms implementing FIPS mode, using a weak algorithm (including
+# the default triple-DES algorithm) causes crypt(3) to return a null
+# pointer, which Perl converts into undef. We assume for now that all
+# such platforms support glibc-style selection of a different hashing
+# algorithm.
+my $alg = '';       # Use default algorithm
+if ( !defined(crypt("ab", "cd")) ) {
+    $alg = '$5$';   # Use SHA-256
+}
 
 SKIP: {
-	skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos');
-	ok(substr(crypt("ab", "cd"), 2) ne substr(crypt("ab", "ce"), 2), "salt makes a difference");
+    skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos');
+    ok(substr(crypt("ab", $alg."cd"), 2) ne substr(crypt("ab", $alg."ce"), 2),
+       "salt makes a difference");
 }
 
 $a = "a\xFF\x{100}";
 
-eval {$b = crypt($a, "cd")};
+eval {$b = crypt($a, $alg."cd")};
 like($@, qr/Wide character in crypt/, "wide characters ungood");
 
 chop $a; # throw away the wide character
 
-eval {$b = crypt($a, "cd")};
+eval {$b = crypt($a, $alg."cd")};
 is($@, '',                   "downgrade to eight bit characters");
-is($b, crypt("a\xFF", "cd"), "downgrade results agree");
+is($b, crypt("a\xFF", $alg."cd"), "downgrade results agree");