commit a61e72d761a78f7e3f17f66c4f240654edf77b98
Author: Petr Písař <ppi...@redhat.com>
Date: Fri Aug 8 09:15:50 2014 +0200
Use stronger algorithm needed for FIPS in t/op/crypt.t
...t-Perform-SHA-256-algorithm-if-default-on.patch | 54 ++++++++++++++++++++
perl.spec | 7 +++
2 files changed, 61 insertions(+), 0 deletions(-)
---
diff --git
a/perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch
b/perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch
new file mode 100644
index 0000000..c6480ee
--- /dev/null
+++ b/perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch
@@ -0,0 +1,54 @@
+From 8de0fd45cde4826951842f80b6ce109988d47f4f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
+Date: Mon, 7 Apr 2014 12:31:28 +0200
+Subject: [PATCH] t/op/crypt.t: Perform SHA-256 algorithm if default one is
+ disabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The crypt(3) call may return NULL. This is the case of FIPS-enabled
+platforms. Then "salt makes a difference" test would fail.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ t/op/crypt.t | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/t/op/crypt.t b/t/op/crypt.t
+index 27c878f..6c43992 100644
+--- a/t/op/crypt.t
++++ b/t/op/crypt.t
+@@ -28,19 +28,25 @@ BEGIN {
+ # bets, given alternative encryption/hashing schemes like MD5,
+ # C2 (or higher) security schemes, and non-UNIX platforms.
+
++# Platforms implementing FIPS mode return undef on weak crypto algorithms.
++my $alg = ''; # Use default algorithm
++if ( !defined(crypt("ab", "cd")) ) {
++ $alg = '$5$'; # Use SHA-256
++}
++
+ SKIP: {
+ skip ("VOS crypt ignores salt.", 1) if ($^O eq 'vos');
+- ok(substr(crypt("ab", "cd"), 2) ne substr(crypt("ab", "ce"), 2), "salt
makes a difference");
++ ok(substr(crypt("ab", $alg . "cd"), 2) ne substr(crypt("ab", $alg.
"ce"), 2), "salt makes a difference");
+ }
+
+ $a = "a\xFF\x{100}";
+
+-eval {$b = crypt($a, "cd")};
++eval {$b = crypt($a, $alg . "cd")};
+ like($@, qr/Wide character in crypt/, "wide characters ungood");
+
+ chop $a; # throw away the wide character
+
+-eval {$b = crypt($a, "cd")};
++eval {$b = crypt($a, $alg . "cd")};
+ is($@, '', "downgrade to eight bit characters");
+-is($b, crypt("a\xFF", "cd"), "downgrade results agree");
++is($b, crypt("a\xFF", $alg . "cd"), "downgrade results agree");
+
+--
+1.9.0
+
diff --git a/perl.spec b/perl.spec
index d62fc75..53d24a3 100644
--- a/perl.spec
+++ b/perl.spec
@@ -126,6 +126,10 @@ Patch23:
perl-5.18.2-Make-t-comp-parser.t-get-the-correct-libraries.patch
# in upstream after 5.19.10
Patch24: perl-5.18.2-Pass-fwrapv-to-stricter-GCC-4.9.patch
+# Use stronger algorithm needed for FIPS in t/op/crypt.t, bug #1128032,
+# RT#121591
+Patch25:
perl-5.18.2-t-op-crypt.t-Perform-SHA-256-algorithm-if-default-on.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200:
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -1984,6 +1988,7 @@ tarball from perl.org.
%patch22 -p1
%patch23 -p1
%patch24 -p1
+%patch25 -p1
%patch200 -p1
%patch201 -p1
@@ -2012,6 +2017,7 @@ perl -x patchlevel.h \
'Fedora Patch22: Document Math::BigInt::CalcEmu requires Math::BigInt
(CPAN RT#85015)' \
'Fedora Patch23: Fix t/comp/parser.t not to load system modules
(RT#121579)' \
'Fedora Patch24: Pass -fwrapv to stricter GCC 4.9 (RT#121505)' \
+ 'Fedora Patch25: Use stronger algorithm needed for FIPS in t/op/crypt.t
(RT#121591)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on
Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -3736,6 +3742,7 @@ sed \
%changelog
* Fri Aug 08 2014 Petr Pisar <ppi...@redhat.com> - 4:5.18.2-303
- Declare dependencies for cpan tool (bug #1122498)
+- Use stronger algorithm needed for FIPS in t/op/crypt.t (bug #1128032)
* Tue Jul 29 2014 Jitka Plesnikova <jples...@redhat.com> - 4:5.18.2-302
- Sub-package perl-Term-ANSIColor and remove it (bug #1121924)
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
