From a61e72d761a78f7e3f17f66c4f240654edf77b98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Fri, 8 Aug 2014 09:15:50 +0200 Subject: [PATCH] Use stronger algorithm needed for FIPS in t/op/crypt.t --- ...form-SHA-256-algorithm-if-default-on.patch | 54 +++++++++++++++++++ perl.spec | 7 +++ 2 files changed, 61 insertions(+) create mode 100644 perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch diff --git a/perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch b/perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch new file mode 100644 index 0000000..c6480ee --- /dev/null +++ b/perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch @@ -0,0 +1,54 @@ +From 8de0fd45cde4826951842f80b6ce109988d47f4f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 7 Apr 2014 12:31:28 +0200 +Subject: [PATCH] t/op/crypt.t: Perform SHA-256 algorithm if default one is + disabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The crypt(3) call may return NULL. This is the case of FIPS-enabled +platforms. Then "salt makes a difference" test would fail. + +Signed-off-by: Petr Písař +--- + t/op/crypt.t | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/t/op/crypt.t b/t/op/crypt.t +index 27c878f..6c43992 100644 +--- a/t/op/crypt.t ++++ b/t/op/crypt.t +@@ -28,19 +28,25 @@ BEGIN { + # bets, given alternative encryption/hashing schemes like MD5, + # C2 (or higher) security schemes, and non-UNIX platforms. + ++# Platforms implementing FIPS mode return undef on weak crypto algorithms. ++my $alg = ''; # Use default algorithm ++if ( !defined(crypt("ab", "cd")) ) { ++ $alg = '$5$'; # Use SHA-256 ++} ++ + SKIP: { + skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos'); +- ok(substr(crypt("ab", "cd"), 2) ne substr(crypt("ab", "ce"), 2), "salt makes a difference"); ++ ok(substr(crypt("ab", $alg . "cd"), 2) ne substr(crypt("ab", $alg. "ce"), 2), "salt makes a difference"); + } + + $a = "a\xFF\x{100}"; + +-eval {$b = crypt($a, "cd")}; ++eval {$b = crypt($a, $alg . "cd")}; + like($@, qr/Wide character in crypt/, "wide characters ungood"); + + chop $a; # throw away the wide character + +-eval {$b = crypt($a, "cd")}; ++eval {$b = crypt($a, $alg . "cd")}; + is($@, '', "downgrade to eight bit characters"); +-is($b, crypt("a\xFF", "cd"), "downgrade results agree"); ++is($b, crypt("a\xFF", $alg . "cd"), "downgrade results agree"); + +-- +1.9.0 + diff --git a/perl.spec b/perl.spec index d62fc75..53d24a3 100644 --- a/perl.spec +++ b/perl.spec @@ -126,6 +126,10 @@ Patch23: perl-5.18.2-Make-t-comp-parser.t-get-the-correct-libraries.patch # in upstream after 5.19.10 Patch24: perl-5.18.2-Pass-fwrapv-to-stricter-GCC-4.9.patch +# Use stronger algorithm needed for FIPS in t/op/crypt.t, bug #1128032, +# RT#121591 +Patch25: perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -1984,6 +1988,7 @@ tarball from perl.org. %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch25 -p1 %patch200 -p1 %patch201 -p1 @@ -2012,6 +2017,7 @@ perl -x patchlevel.h \ 'Fedora Patch22: Document Math::BigInt::CalcEmu requires Math::BigInt (CPAN RT#85015)' \ 'Fedora Patch23: Fix t/comp/parser.t not to load system modules (RT#121579)' \ 'Fedora Patch24: Pass -fwrapv to stricter GCC 4.9 (RT#121505)' \ + 'Fedora Patch25: Use stronger algorithm needed for FIPS in t/op/crypt.t (RT#121591)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -3736,6 +3742,7 @@ sed \ %changelog * Fri Aug 08 2014 Petr Pisar - 4:5.18.2-303 - Declare dependencies for cpan tool (bug #1122498) +- Use stronger algorithm needed for FIPS in t/op/crypt.t (bug #1128032) * Tue Jul 29 2014 Jitka Plesnikova - 4:5.18.2-302 - Sub-package perl-Term-ANSIColor and remove it (bug #1121924)