mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Disable failing MD5 unit tests in FIPS mode

Browse Source 
With FIPS mode enabled 'isc_hmac_init_test' and 'isc_hmac_md5_test'
tests of hmac_test and 'isc_md_init_test' and 'isc_md_md5_test' test
of md_test fail.

This is due to leveraging MD5, which is disabled in FIPS mode.
This commit is contained in:
Michal Nowak 2020-10-20 12:15:23 +02:00 committed by Mark Andrews
parent 6e8de4bcdc
commit 4d094f6b51
2 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tests/isc/hmac_test.c
View File

@ -24,6 +24,7 @@
#include <cmocka.h>
#include <isc/buffer.h>
#include <isc/fips.h>
#include <isc/hex.h>
#include <isc/hmac.h>
#include <isc/region.h>
@ -120,15 +121,18 @@ ISC_RUN_TEST_IMPL(isc_hmac_init) {
isc_hmac_t *hmac = *state;
assert_non_null(hmac);
expect_assert_failure(isc_hmac_init(NULL, "", 0, ISC_MD_MD5));
assert_int_equal(isc_hmac_init(hmac, "", 0, NULL),
ISC_R_NOTIMPLEMENTED);
expect_assert_failure(isc_hmac_init(hmac, NULL, 0, ISC_MD_MD5));
if (!isc_fips_mode()) {
expect_assert_failure(isc_hmac_init(NULL, "", 0, ISC_MD_MD5));
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_MD5), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
expect_assert_failure(isc_hmac_init(hmac, NULL, 0, ISC_MD_MD5));
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_MD5),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
}
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA1),
ISC_R_SUCCESS);
@ -212,6 +216,11 @@ ISC_RUN_TEST_IMPL(isc_hmac_final) {
ISC_RUN_TEST_IMPL(isc_hmac_md5) {
isc_hmac_t *hmac = *state;
if (isc_fips_mode()) {
skip();
return;
}
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_MD5, TEST_INPUT(""),
"74E6F7298A9C2D168935F58C001BAD88", 1);

15
tests/isc/md_test.c
View File

@ -17,13 +17,14 @@
#include <stddef.h>
#include <string.h>
/* For FIPS_mode() */
/* Needs to be included before <cmocka.h> */
#include <openssl/crypto.h>
#define UNIT_TESTING
#include <cmocka.h>
#include <isc/buffer.h>
#include <isc/fips.h>
#include <isc/hex.h>
#include <isc/md.h>
#include <isc/region.h>
@ -117,8 +118,10 @@ ISC_RUN_TEST_IMPL(isc_md_init) {
assert_int_equal(isc_md_init(md, NULL), ISC_R_NOTIMPLEMENTED);
assert_int_equal(isc_md_init(md, ISC_MD_MD5), ISC_R_SUCCESS);
assert_int_equal(isc_md_reset(md), ISC_R_SUCCESS);
if (!isc_fips_mode()) {
assert_int_equal(isc_md_init(md, ISC_MD_MD5), ISC_R_SUCCESS);
assert_int_equal(isc_md_reset(md), ISC_R_SUCCESS);
}
assert_int_equal(isc_md_init(md, ISC_MD_SHA1), ISC_R_SUCCESS);
assert_int_equal(isc_md_reset(md), ISC_R_SUCCESS);
@ -193,6 +196,12 @@ ISC_RUN_TEST_IMPL(isc_md_final) {
ISC_RUN_TEST_IMPL(isc_md_md5) {
isc_md_t *md = *state;
if (isc_fips_mode()) {
skip();
return;
}
isc_md_test(md, ISC_MD_MD5, NULL, 0, NULL, 0);
isc_md_test(md, ISC_MD_MD5, TEST_INPUT(""),
"D41D8CD98F00B204E9800998ECF8427E", 1);