From 9ef0b0b029859073b45ad33c8f1a7c9393053453 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Wed, 5 Jun 2019 15:30:00 +0200
Subject: [PATCH] tests/torture_pki: Skip some tests if in FIPS mode

Skip tests requiring algorithms not allowed in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 tests/unittests/torture_pki.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c
index 97b08c7f..0e4ea1af 100644
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -273,6 +273,16 @@ static void torture_pki_verify_mismatch(void **state)
              hash <= SSH_DIGEST_SHA512;
              hash++)
         {
+            if (ssh_fips_mode()) {
+                if (sig_type == SSH_KEYTYPE_DSS ||
+                    sig_type == SSH_KEYTYPE_ED25519 ||
+                    hash == SSH_DIGEST_SHA1)
+                {
+                    /* In FIPS mode, skip unsupported algorithms */
+                    continue;
+                }
+            }
+
             skey_attrs = key_attrs_list[sig_type][hash];
 
             if (!skey_attrs.sign) {
@@ -332,6 +342,15 @@ static void torture_pki_verify_mismatch(void **state)
                  key_type <= SSH_KEYTYPE_ED25519_CERT01;
                  key_type++)
             {
+                if (ssh_fips_mode()) {
+                    if (key_type == SSH_KEYTYPE_DSS ||
+                        key_type == SSH_KEYTYPE_ED25519)
+                    {
+                        /* In FIPS mode, skip unsupported algorithms */
+                        continue;
+                    }
+                }
+
                 vkey_attrs = key_attrs_list[key_type][hash];
                 if (!vkey_attrs.verify) {
                     continue;