From 0d52be0f5bd69802ab88c98664acb8f6b06c6350 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Fri, 30 Sep 2022 13:18:07 +0200
Subject: [PATCH] torture_packet.c: Add fips check for deprecated cipher

FIPS 140-3 puts big limitations on using TDEA and it is
already disabled in rhel9.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 76d375064ba0a74373180c126d38575319e3fcb0)
---
 tests/unittests/torture_packet.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/tests/unittests/torture_packet.c b/tests/unittests/torture_packet.c
index 9f07f394..faf78116 100644
--- a/tests/unittests/torture_packet.c
+++ b/tests/unittests/torture_packet.c
@@ -272,10 +272,15 @@ static void torture_packet_aes256_cbc_etm(UNUSED_PARAM(void **state))
     }
 }
 
-static void torture_packet_3des_cbc(void **state)
+static void torture_packet_3des_cbc(UNUSED_PARAM(void **state))
 {
     int i;
-    (void)state; /* unused */
+
+    /* 3des is not completely FIPS-allowed cipher since 140-3 */
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
     for (i=1;i<256;++i){
         torture_packet("3des-cbc", "hmac-sha1", "none", i);
     }
@@ -284,6 +289,12 @@ static void torture_packet_3des_cbc(void **state)
 static void torture_packet_3des_cbc_etm(UNUSED_PARAM(void **state))
 {
     int i;
+
+    /* 3des is not completely FIPS-allowed cipher since 140-3 */
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
     for (i = 1; i < 256; ++i) {
         torture_packet("3des-cbc", "hmac-sha1-etm@openssh.com", "none", i);
     }