From ea075e3f2e7cdd8c53fc4883b2132828672fe723 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Thu, 1 Sep 2022 16:56:39 +0200
Subject: [PATCH] tests: Fix rekey test so it passes on build systems

The test failed on Fedora Koji and openSUSE Build Service on i686 only. Probably
the rekey on the server needs longer here to collect enough entropy. So we need
to try harder before we stop :-)

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b3b3fbfa1dc297bb333aeff7130ece358b247c4c)

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 tests/client/torture_rekey.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c
index 46a015db..4bedb810 100644
--- a/tests/client/torture_rekey.c
+++ b/tests/client/torture_rekey.c
@@ -38,6 +38,8 @@
 #include <fcntl.h>
 #include <pwd.h>
 
+#define KEX_RETRY 32
+
 static uint64_t bytes = 2048; /* 2KB (more than the authentication phase) */
 
 static int sshd_setup(void **state)
@@ -496,9 +498,15 @@ static void torture_rekey_different_kex(void **state)
      * to make sure the rekey it completes with all different ciphers (paddings */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);
-    for (i = 0; i < 20; i++) {
+    for (i = 0; i < KEX_RETRY; i++) {
         ssh_send_ignore(s->ssh.session, data);
-        ssh_handle_packets(s->ssh.session, 50);
+        ssh_handle_packets(s->ssh.session, 100);
+
+        c = s->ssh.session->current_crypto;
+        /* SHA256 len */
+        if (c->digest_len != 32) {
+            break;
+        }
     }
 
     /* The rekey limit was restored in the new crypto to the same value */
@@ -568,9 +576,15 @@ static void torture_rekey_server_different_kex(void **state)
      * to make sure the rekey it completes with all different ciphers (paddings */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);
-    for (i = 0; i < 25; i++) {
+    for (i = 0; i < KEX_RETRY; i++) {
         ssh_send_ignore(s->ssh.session, data);
-        ssh_handle_packets(s->ssh.session, 50);
+        ssh_handle_packets(s->ssh.session, 100);
+
+        c = s->ssh.session->current_crypto;
+        /* SHA256 len */
+        if (c->digest_len != 32) {
+            break;
+        }
     }
 
     /* Check that the secret hash is different than initially */