ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

tests/torture_bind_config: Use allowed algorithms in FIPS mode

Просмотр исходного кода 
Use only allowed algorithms if in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Anderson Toshiyuki Sasaki 2019-06-05 15:16:35 +02:00 коммит произвёл Andreas Schneider
родитель 92a0d23eac
Коммит af031d8df6
1 изменённых файлов: 194 добавлений и 52 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

246
tests/unittests/torture_bind_config.c
Просмотреть файл

@ -47,10 +47,10 @@ extern LIBSSH_THREAD int ssh_log_level;
#define CIPHERS2 "aes256-ctr"
#define HOSTKEYALGORITHMS "ssh-ed25519,ecdsa-sha2-nistp521,ssh-rsa"
#define HOSTKEYALGORITHMS_UNKNOWN "ssh-ed25519,ecdsa-sha2-nistp521,unknown,ssh-rsa"
#define HOSTKEYALGORITHMS2 "ssh-rsa"
#define HOSTKEYALGORITHMS2 "rsa-sha2-256"
#define PUBKEYACCEPTEDTYPES "rsa-sha2-512,ssh-rsa,ecdsa-sha2-nistp521"
#define PUBKEYACCEPTEDTYPES_UNKNOWN "rsa-sha2-512,ssh-rsa,unknown,ecdsa-sha2-nistp521"
#define PUBKEYACCEPTEDTYPES2 "ssh-rsa"
#define PUBKEYACCEPTEDTYPES2 "rsa-sha2-256,ssh-rsa"
#define MACS "hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com"
#define MACS2 "hmac-sha1"
@ -190,14 +190,14 @@ static int setup_config_files(void **state)
"Include "LIBSSH_TEST_BIND_CONFIG_PORT2"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY,
"HostKey "LIBSSH_ED25519_TESTKEY"\n");
"HostKey "LIBSSH_ECDSA_521_TESTKEY"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY2,
"HostKey "LIBSSH_RSA_TESTKEY"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE,
"HostKey "LIBSSH_ED25519_TESTKEY"\n"
"HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"
"HostKey "LIBSSH_RSA_TESTKEY"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC,
"HostKey "LIBSSH_ED25519_TESTKEY"\n"
"HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"
"Include "LIBSSH_TEST_BIND_CONFIG_HOSTKEY2"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL,
@ -247,7 +247,7 @@ static int setup_config_files(void **state)
torture_write_file(LIBSSH_TEST_BIND_CONFIG_FULL,
"ListenAddress "LISTEN_ADDRESS"\n"
"Port 123\n"
"HostKey "LIBSSH_ED25519_TESTKEY"\n"
"HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"
"LogLevel "LOGLEVEL"\n"
"Ciphers "CIPHERS"\n"
"MACs "MACS"\n"
@ -271,7 +271,7 @@ static int setup_config_files(void **state)
"# comment line\n"
" # comment line not starting with hash\n"
"UnknownConfigurationOption yes\n"
"Ciphers "CIPHERS"\n");
"Ciphers "CIPHERS2"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_ALL,
"Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n"
@ -487,14 +487,14 @@ static void torture_bind_config_hostkey(void **state)
rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY);
assert_int_equal(rc, 0);
assert_non_null(bind->ed25519key);
assert_string_equal(bind->ed25519key, LIBSSH_ED25519_TESTKEY);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE);
assert_int_equal(rc, 0);
assert_non_null(bind->ed25519key);
assert_string_equal(bind->ed25519key, LIBSSH_ED25519_TESTKEY);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
assert_non_null(bind->rsakey);
assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
}
@ -514,8 +514,8 @@ static void torture_bind_config_hostkey_twice_rec(void **state)
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC);
assert_int_equal(rc, 0);
assert_non_null(bind->ed25519key);
assert_string_equal(bind->ed25519key, LIBSSH_ED25519_TESTKEY);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
assert_non_null(bind->rsakey);
assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
}
@ -534,15 +534,15 @@ static void torture_bind_config_hostkey_separately(void **state)
rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY);
assert_int_equal(rc, 0);
assert_non_null(bind->ed25519key);
assert_string_equal(bind->ed25519key, LIBSSH_ED25519_TESTKEY);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY2);
assert_int_equal(rc, 0);
assert_non_null(bind->rsakey);
assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
assert_non_null(bind->ed25519key);
assert_string_equal(bind->ed25519key, LIBSSH_ED25519_TESTKEY);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
}
static void torture_bind_config_loglevel(void **state)
@ -595,6 +595,8 @@ static void torture_bind_config_ciphers(void **state)
struct bind_st *test_state;
ssh_bind bind;
int rc;
char *fips_ciphers = NULL;
char *fips_ciphers2 = NULL;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@ -602,44 +604,67 @@ static void torture_bind_config_ciphers(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
if (ssh_fips_mode()) {
fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
assert_non_null(fips_ciphers);
fips_ciphers2 = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS2);
assert_non_null(fips_ciphers2);
}
rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
} else {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
} else {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
} else {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
}
rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS2);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS2);
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS2);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers2);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers2);
} else {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS2);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS2);
}
SAFE_FREE(fips_ciphers);
SAFE_FREE(fips_ciphers2);
}
static void torture_bind_config_macs(void **state)
@ -697,8 +722,17 @@ static void torture_bind_config_kexalgorithms(void **state)
{
struct bind_st *test_state;
ssh_bind bind;
char *fips_kex = NULL;
char *fips_kex2 = NULL;
int rc;
if (ssh_fips_mode()) {
fips_kex = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS);
assert_non_null(fips_kex);
fips_kex2 = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS2);
assert_non_null(fips_kex2);
}
assert_non_null(state);
test_state = *((struct bind_st **)state);
assert_non_null(test_state);
@ -709,26 +743,44 @@ static void torture_bind_config_kexalgorithms(void **state)
LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_KEX]);
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
} else {
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_KEX]);
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
} else {
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_KEX]);
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
} else {
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_KEX]);
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS2);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex2);
} else {
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS2);
}
SAFE_FREE(fips_kex);
SAFE_FREE(fips_kex2);
}
static void torture_bind_config_pubkey_accepted(void **state)
@ -736,6 +788,15 @@ static void torture_bind_config_pubkey_accepted(void **state)
struct bind_st *test_state;
ssh_bind bind;
int rc;
char *fips_pubkeys = NULL;
char *fips_pubkeys2 = NULL;
if (ssh_fips_mode()) {
fips_pubkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES);
assert_non_null(fips_pubkeys);
fips_pubkeys2 = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES2);
assert_non_null(fips_pubkeys2);
}
assert_non_null(state);
test_state = *((struct bind_st **)state);
@ -747,31 +808,54 @@ static void torture_bind_config_pubkey_accepted(void **state)
LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED);
assert_int_equal(rc, 0);
assert_non_null(bind->pubkey_accepted_key_types);
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
if (ssh_fips_mode()) {
assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys);
} else {
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2);
assert_int_equal(rc, 0);
assert_non_null(bind->pubkey_accepted_key_types);
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2);
if (ssh_fips_mode()) {
assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys2);
} else {
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE);
assert_int_equal(rc, 0);
assert_non_null(bind->pubkey_accepted_key_types);
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
if (ssh_fips_mode()) {
assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys);
} else {
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC);
assert_int_equal(rc, 0);
assert_non_null(bind->pubkey_accepted_key_types);
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2);
if (ssh_fips_mode()) {
assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys2);
} else {
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN);
assert_int_equal(rc, 0);
assert_non_null(bind->pubkey_accepted_key_types);
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
if (ssh_fips_mode()) {
assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys);
} else {
assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
}
SAFE_FREE(fips_pubkeys);
SAFE_FREE(fips_pubkeys2);
}
static void torture_bind_config_hostkey_algorithms(void **state)
@ -780,6 +864,16 @@ static void torture_bind_config_hostkey_algorithms(void **state)
ssh_bind bind;
int rc;
char *fips_hostkeys = NULL;
char *fips_hostkeys2 = NULL;
if (ssh_fips_mode()) {
fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS);
assert_non_null(fips_hostkeys);
fips_hostkeys2 = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS2);
assert_non_null(fips_hostkeys2);
}
assert_non_null(state);
test_state = *((struct bind_st **)state);
assert_non_null(test_state);
@ -790,31 +884,54 @@ static void torture_bind_config_hostkey_algorithms(void **state)
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
} else {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys2);
} else {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
} else {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys2);
} else {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2);
}
rc = ssh_bind_config_parse_file(bind,
LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN);
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
} else {
assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
}
SAFE_FREE(fips_hostkeys);
SAFE_FREE(fips_hostkeys2);
}
static int assert_full_bind_config(void **state)
@ -823,6 +940,16 @@ static int assert_full_bind_config(void **state)
ssh_bind bind;
int new_level;
char *fips_ciphers = NULL;
char *fips_kex = NULL;
if (ssh_fips_mode()) {
fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
assert_non_null(fips_ciphers);
fips_kex = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS);
assert_non_null(fips_kex);
}
assert_non_null(state);
test_state = *((struct bind_st **)state);
assert_non_null(test_state);
@ -837,14 +964,22 @@ static int assert_full_bind_config(void **state)
assert_int_equal(bind->bindport, 123);
assert_non_null(bind->ed25519key);
assert_string_equal(bind->ed25519key, LIBSSH_ED25519_TESTKEY);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
} else {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
}
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
} else {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
}
assert_non_null(bind->wanted_methods[SSH_MAC_S_C]);
assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS);
@ -853,7 +988,14 @@ static int assert_full_bind_config(void **state)
assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS);
assert_non_null(bind->wanted_methods[SSH_KEX]);
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
} else {
assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
}
SAFE_FREE(fips_ciphers);
SAFE_FREE(fips_kex);
return 0;
}
@ -954,10 +1096,10 @@ static void torture_bind_config_corner_cases(void **state)
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS2);
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS2);
}
static void torture_bind_config_match_all(void **state)