diff options
author | Petr Písař <ppisar@redhat.com> | 2014-04-07 12:31:28 +0200 |
---|---|---|
committer | Aaron Crane <arc@cpan.org> | 2014-10-09 15:50:52 +0100 |
commit | d3e5298acc122505a6c2f00efdf1d69d37b194fb (patch) | |
tree | 8f7594a3230b183786ff7a3a784e59bf940f1d3c /t | |
parent | 1b4c715071f75b04911b022445c8ef42c14038ec (diff) | |
download | perl-d3e5298acc122505a6c2f00efdf1d69d37b194fb.tar.gz |
t/op/crypt.t: Perform SHA-256 algorithm if default one is disabled
The crypt(3) call may return NULL. This is the case on FIPS-enabled
platforms. Then "salt makes a difference" test would fail.
This fixes RT#121591.
Signed-off-by: Petr Písař <ppisar@redhat.com>
Diffstat (limited to 't')
-rw-r--r-- | t/op/crypt.t | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/t/op/crypt.t b/t/op/crypt.t index 424a24ff6e..f6caf85288 100644 --- a/t/op/crypt.t +++ b/t/op/crypt.t @@ -27,20 +27,31 @@ BEGIN { # eight characters mattered, but those are probably no more safe # bets, given alternative encryption/hashing schemes like MD5, # C2 (or higher) security schemes, and non-UNIX platforms. +# +# On platforms implementing FIPS mode, using a weak algorithm (including +# the default triple-DES algorithm) causes crypt(3) to return a null +# pointer, which Perl converts into undef. We assume for now that all +# such platforms support glibc-style selection of a different hashing +# algorithm. +my $alg = ''; # Use default algorithm +if ( !defined(crypt("ab", "cd")) ) { + $alg = '$5$'; # Use SHA-256 +} SKIP: { - skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos'); - ok(substr(crypt("ab", "cd"), 2) ne substr(crypt("ab", "ce"), 2), "salt makes a difference"); + skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos'); + ok(substr(crypt("ab", $alg."cd"), 2) ne substr(crypt("ab", $alg."ce"), 2), + "salt makes a difference"); } $a = "a\xFF\x{100}"; -eval {$b = crypt($a, "cd")}; +eval {$b = crypt($a, $alg."cd")}; like($@, qr/Wide character in crypt/, "wide characters ungood"); chop $a; # throw away the wide character -eval {$b = crypt($a, "cd")}; +eval {$b = crypt($a, $alg."cd")}; is($@, '', "downgrade to eight bit characters"); -is($b, crypt("a\xFF", "cd"), "downgrade results agree"); +is($b, crypt("a\xFF", $alg."cd"), "downgrade results agree"); |