From 5984f005f7a08feca52509658cff1c56d768e057 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Mon, 1 Dec 2014 15:28:36 +0100 Subject: [PATCH] t/op/taint.t: Perform SHA-256 algorithm by crypt() if default one is disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The crypt(3) call may return NULL. This is the case on FIPS-enabled platforms. Then "tainted crypt" test would fail. See RT#121591 for similar fix in t/op/crypt.t. Signed-off-by: Petr Písař Petr Pisar: Ported to 5.16.3. Signed-off-by: Petr Písař --- t/op/taint.t | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/t/op/taint.t b/t/op/taint.t index 9cea740..478e574 100644 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -1868,7 +1868,19 @@ foreach my $ord (78, 163, 256) { { # 59998 - sub cr { my $x = crypt($_[0], $_[1]); $x } + sub cr { + # On platforms implementing FIPS mode, using a weak algorithm + # (including the default triple-DES algorithm) causes crypt(3) to + # return a null pointer, which Perl converts into undef. We assume + # for now that all such platforms support glibc-style selection of + # a different hashing algorithm. + my $alg = ''; # Use default algorithm + if ( !defined(crypt("ab", "cd")) ) { + $alg = '$5$'; # Use SHA-256 + } + my $x = crypt($_[0], $alg . $_[1]); + $x + } sub co { my $x = ~$_[0]; $x } my ($a, $b); $a = cr('hello', 'foo' . $TAINT); -- 1.9.3