tests/torture_pki: Skip some tests if in FIPS mode

Skip tests requiring algorithms not allowed in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-05 15:30:00 +02:00 · 2019-06-05 15:30:00 +02:00 · 9ef0b0b029
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@ -273,6 +273,16 @@ static void torture_pki_verify_mismatch(void **state)
             hash <= SSH_DIGEST_SHA512;
             hash++)
        {
+            if (ssh_fips_mode()) {
+                if (sig_type == SSH_KEYTYPE_DSS ||
+                    sig_type == SSH_KEYTYPE_ED25519 ||
+                    hash == SSH_DIGEST_SHA1)
+                {
+                    /* In FIPS mode, skip unsupported algorithms */
+                    continue;
+                }
+            }
+
            skey_attrs = key_attrs_list[sig_type][hash];

            if (!skey_attrs.sign) {
@ -332,6 +342,15 @@ static void torture_pki_verify_mismatch(void **state)
                 key_type <= SSH_KEYTYPE_ED25519_CERT01;
                 key_type++)
            {
+                if (ssh_fips_mode()) {
+                    if (key_type == SSH_KEYTYPE_DSS ||
+                        key_type == SSH_KEYTYPE_ED25519)
+                    {
+                        /* In FIPS mode, skip unsupported algorithms */
+                        continue;
+                    }
+                }
+
                vkey_attrs = key_attrs_list[key_type][hash];
                if (!vkey_attrs.verify) {
                    continue;