From 5984f005f7a08feca52509658cff1c56d768e057 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>

Date: Mon, 1 Dec 2014 15:28:36 +0100

Subject: [PATCH] t/op/taint.t: Perform SHA-256 algorithm by crypt() if default

 one is disabled

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

The crypt(3) call may return NULL. This is the case on FIPS-enabled

platforms. Then "tainted crypt" test would fail.

See RT#121591 for similar fix in t/op/crypt.t.

Signed-off-by: Petr Písař <ppisar@redhat.com>

Petr Pisar: Ported to 5.16.3.

Signed-off-by: Petr Písař <ppisar@redhat.com>

---

 t/op/taint.t | 14 +++++++++++++-

 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/t/op/taint.t b/t/op/taint.t

index 9cea740..478e574 100644

--- a/t/op/taint.t

+++ b/t/op/taint.t

@@ -1868,7 +1868,19 @@ foreach my $ord (78, 163, 256) {

 {

     # 59998

-    sub cr { my $x = crypt($_[0], $_[1]); $x }

+    sub cr {

+        # On platforms implementing FIPS mode, using a weak algorithm

+        # (including the default triple-DES algorithm) causes crypt(3) to

+        # return a null pointer, which Perl converts into undef. We assume

+        # for now that all such platforms support glibc-style selection of

+        # a different hashing algorithm.

+        my $alg = '';       # Use default algorithm

+        if ( !defined(crypt("ab", "cd")) ) {

+            $alg = '$5$';   # Use SHA-256

+        }

+        my $x = crypt($_[0], $alg . $_[1]);

+        $x

+    }

     sub co { my $x = ~$_[0]; $x }

     my ($a, $b);

     $a = cr('hello', 'foo' . $TAINT);

-- 

1.9.3