From bf2ed2ca929e5e12279f85c930f8fbb452ada888 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 30 Jul 2019 18:22:30 +0200
Subject: [PATCH] tests: Skip testing 1024 bits key generation in FIPS mode
In torture_threads_pki_rsa, skip the test which generates 1024 bits RSA
key pair when in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
tests/unittests/torture_threads_pki_rsa.c | 28 ++++++++++++-----------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c
index 5a841ee9..03d526cd 100644
--- a/tests/unittests/torture_threads_pki_rsa.c
+++ b/tests/unittests/torture_threads_pki_rsa.c
@@ -571,23 +571,25 @@ static void *thread_pki_rsa_generate_key(void *threadid)
session = ssh_new();
assert_non_null(session);
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
- assert_ssh_return_code(session, rc);
- assert_non_null(key);
+ if (!ssh_fips_mode()) {
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
+ assert_ssh_return_code(session, rc);
+ assert_non_null(key);
- rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
- assert_int_equal(rc, SSH_OK);
- assert_non_null(pubkey);
+ rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
+ assert_int_equal(rc, SSH_OK);
+ assert_non_null(pubkey);
- sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
- assert_non_null(sign);
+ sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
+ assert_non_null(sign);
- rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
- assert_ssh_return_code(session, rc);
+ rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
+ assert_ssh_return_code(session, rc);
- ssh_signature_free(sign);
- SSH_KEY_FREE(key);
- SSH_KEY_FREE(pubkey);
+ ssh_signature_free(sign);
+ SSH_KEY_FREE(key);
+ SSH_KEY_FREE(pubkey);
+ }
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
assert_ssh_return_code(session, rc);
--
2.21.0